Re: MS Server 2008 - Windows Server backup fails due to incorrect active volume

2008-12-31 Thread Shazad Anwar

Hi,

I've not seen this article but I'm not getting any errors relating to 
Microsoft Exchange Replication Service.


Whenever I try to run full backup I get the following warnings/errors:

Warning - Volume Shadow Copy Service warning: ASR writer Error 
0x80070001.  hr = 0x. (Event ID:12290)
Error - Shadow copy creation failed because of error reported by ASR 
Writer.  More info: Incorrect function. (0x80070001). (Event ID:16387)


The only useful information I've found is in this TechNet thread:

http://social.technet.microsoft.com/Forums/en-US/winserverfiles/thread/9cf42e8a-2a33-47c5-a797-269330e9ba1a/

From this thread it says system partition must be set as active.

Shazad

On 30/12/2008 23:09, Christopher Bodnar wrote:


Have you seen this:

http://technet.microsoft.com/en-us/library/bb218863.aspx

Chris Bodnar, MCSE
Sr. Systems Engineer
Distributed Systems Service Delivery - Intel Services
Guardian Life Insurance Company of America
Email: christopher_bod...@glic.com mailto:christopher_bod...@glic.com
Phone: 610-807-6459
Fax: 610-807-6003



*From:* Shazad Anwar [mailto:sha...@fastmail.co.uk]
*Sent:* Tuesday, December 30, 2008 4:28 PM
*To:* NT System Admin Issues
*Subject:* MS Server 2008 - Windows Server backup fails due to 
incorrect active volume


Hi,

I'm currently running Exchange 2007 SP1 on Server 2008 (Dell Poweredge 
2970).


I currently use Backup Exec 12.5 to backup System State and Exchange 
databases.


I'm trying to use Windows Server Backup to create a full backup of the 
server but it keeps failing wikth this error:


Backup started at '27/12/2008 19:18:44' failed as Volume Shadow copy 
operation failed for backup volumes with following error code 
'2155348129'. Please rerun backup once issue is resolved.


From looking up this error on google it seems C: drive should be 
active partition for Shadow Copy to work but on my server a small Dell 
partition has been set active.


Has anyone encountered this problem and know of a fix?

Thanks,

Shazad

  

  



*This message, and any attachments to it, may contain information that 
is privileged, confidential, and exempt from disclosure under 
applicable law. If the reader of this message is not the intended 
recipient, you are notified that any use, dissemination, distribution, 
copying, or communication of this message is strictly prohibited. If 
you have received this message in error, please notify the sender 
immediately by return e-mail and delete the message and any 
attachments. Thank you. *





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


Re: AHCI Sata and sysprep

2008-12-31 Thread johonn2 _
Alright,

I was wrong i do have CC_0106 included but looking at the sysprep def.
turned a light bulb on.  The drivers dell has for downloads do NOT work.
You have to get them from Intel.  Yes i was stuck on that too which is why i
commented it in the sysprep file..

I am using this version for the E6400

; **Filename:  iaStor.INF
; **Revision:  Version 8.6.0.1007
; **Date:  09/12/2008
; **Abstract:  Windows* INF File for Intel(R) Matrix Storage Manager
Driver

; **Filename:  iaAHCI.INF
; **Revision:  Version 8.6.0.1007
; **Date:  09/12/2008
; **Abstract:  Windows* INF File for Intel(R) Matrix Storage Manager
Driver
-

Sysprep file

;Dell E6400
;Get drivers from Intel not Dell
*PNP0600.DeviceDesc=C:\Drivers\storage\E6400\iaAHCI.inf
PCI\VEN_8086DEV_2681CC_0106=C:\Drivers\storage\E6400\iaAHCI.inf
PCI\VEN_8086DEV_27C1CC_0106=C:\Drivers\storage\E6400\iaAHCI.inf
PCI\VEN_8086DEV_27C5CC_0106=C:\Drivers\storage\E6400\iaAHCI.inf
PCI\VEN_8086DEV_2821CC_0106=C:\Drivers\storage\E6400\iaAHCI.inf
PCI\VEN_8086DEV_2829CC_0106=C:\Drivers\storage\E6400\iaAHCI.inf
PCI\VEN_8086DEV_2922CC_0106=C:\Drivers\storage\E6400\iaAHCI.inf
PCI\VEN_8086DEV_2929CC_0106=C:\Drivers\storage\E6400\iaAHCI.inf
PCI\VEN_8086DEV_3A02CC_0106=C:\Drivers\storage\E6400\iaAHCI.inf
PCI\VEN_8086DEV_3A22CC_0106=C:\Drivers\storage\E6400\iaAHCI.inf
PCI\VEN_8086DEV_2682CC_0104=C:\Drivers\storage\E6400\iaStor.inf
PCI\VEN_8086DEV_27C3CC_0104=C:\Drivers\storage\E6400\iaStor.inf
PCI\VEN_8086DEV_27C6CC_0104=C:\Drivers\storage\E6400\iaStor.inf
PCI\VEN_8086DEV_2822CC_0104=C:\Drivers\storage\E6400\iaStor.inf
PCI\VEN_8086DEV_282ACC_0104=C:\Drivers\storage\E6400\iaStor.inf
;END Dell E6400


FYI...

XP SP3 changes the way it handles the account being sysprep under.  If you
are like us and use the admin account and expect that to be copyied over to
your default profile during sysprep then you have to add
UpdateServerProfiledirectory=1 into the [Unattended] section.



Bob


On Tue, Dec 30, 2008 at 4:29 PM, Phil Brutsche p...@optimumdata.com wrote:

 On my machines the non-AHCI SATA would not work if I didn't put in the
 CC_0106 at the end of the PCI ID.

 To be on the safe side I ALWAYS put the device IDs in sysprep.inf
 EXACTLY the way they were in the driver .inf.

 I see I'm not the only one to suspect that putting
 BuildMassStorageSection = YES in there will override your custom
 SysprepMassStorage section ;)

 Johonn2 wrote:
  I finished my sysprep for both the E6400 AHCI and IRRT and the Dell
  OP760 series late last month.  I believe you need to drop the CC_0106
  on it but I would have to look at mine to know for sure.  I am not in
  the office today so if someone else does not help out by then, then I
  will post it tomorrow.  Also I may be wrong again but
  BuildMassStorageSection = YES I believe will overwrite your custom
  [SysprepMassStorage].

 --

 Phil Brutsche
 p...@optimumdata.com


 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

OT Cisco MDS 9124 switch

2008-12-31 Thread John Cook
Anyone know what the default PW is for one of these? We had an outside vendor 
set it up and there's no sign of a password in any of their documentation.


CONFIDENTIALITY STATEMENT: The information transmitted, or contained or 
attached to or with this Notice is intended only for the person or entity to 
which it is addressed and may contain Protected Health Information (PHI), 
confidential and/or privileged material. Any review, transmission, 
dissemination, or other use of, and taking any action in reliance upon this 
information by persons or entities other than the intended recipient without 
the express written consent of the sender are prohibited. This information may 
be protected by the Health Insurance Portability and Accountability Act of 1996 
(HIPAA), and other Federal and Florida laws. Improper or unauthorized use or 
disclosure of this information could result in civil and/or criminal penalties.
Consider the environment. Please don't print this e-mail unless you really need 
to.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

Re: Win 2k8 Enterprise 240-day Eval Terminal Serivces licenses for 25 users.

2008-12-31 Thread Klint Price - ArizonaITPro
as follow up, with the free trial from MS, will windows allow for 25 
simultaneous users during the grace period?

Klint

Webster wrote:

 *From:* Klint Price - ArizonaITPro [mailto:kpr...@arizonaitpro.com]
 *Subject:* Win 2k8 Enterprise 240-day Eval  Terminal Serivces 
 licenses for 25 users.

  

 I need to throw together a test server with 25 terminal services users.

 Does the 60 day eval (which can be increased to 240 days), allow for 
 25 simultaneous users via terminal services

 In either per-user or per-device mode the TS will issue temporary 
 120-day licenses.  If the TS is in workgroup mode then per-user 
 licenses are not tracked.  [Windows Server 2008 TS Resource Kit pages 
 121 and 122]

 Webster


  

  


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

RE: Win 2k8 Enterprise 240-day Eval Terminal Serivces licenses for 25 users.

2008-12-31 Thread Damien Solodow
Should. In my experience the trial versions are complete and full
function, just time-bombed.

 

From: Klint Price - ArizonaITPro [mailto:kpr...@arizonaitpro.com] 
Sent: Wednesday, December 31, 2008 10:23 AM
To: NT System Admin Issues
Subject: Re: Win 2k8 Enterprise 240-day Eval  Terminal Serivces
licenses for 25 users.

 

as follow up, with the free trial from MS, will windows allow for 25
simultaneous users during the grace period?

Klint

Webster wrote: 

From: Klint Price - ArizonaITPro [mailto:kpr...@arizonaitpro.com] 
Subject: Win 2k8 Enterprise 240-day Eval  Terminal Serivces licenses
for 25 users.

 

I need to throw together a test server with 25 terminal services users.

Does the 60 day eval (which can be increased to 240 days), allow for 25
simultaneous users via terminal services




In either per-user or per-device mode the TS will issue temporary
120-day licenses.  If the TS is in workgroup mode then per-user licenses
are not tracked.  [Windows Server 2008 TS Resource Kit pages 121 and
122]

Webster

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

Re: Win 2k8 Enterprise 240-day Eval Terminal Serivces licenses for 25 users.

2008-12-31 Thread Klint Price - ArizonaITPro
Backing up a little bit

This is going to be utilized in a Windows 2003 domain environment.  I 
have plenty of 2003 CALS, but no 2008 CALs.  During the test time frame, 
do I not have to worry about 2008 CALs?  Does 2008 ignore the fact they 
are missing until the trial period ends?

Thanks, I think I am getting close.

Klint



and Enterprise comes with 25, and not just 5?  I can't find it on the MS 
site, and have never dealt wi

Damien Solodow wrote:

 Should. In my experience the trial versions are complete and full 
 function, just time-bombed.

  

 *From:* Klint Price - ArizonaITPro [mailto:kpr...@arizonaitpro.com]
 *Sent:* Wednesday, December 31, 2008 10:23 AM
 *To:* NT System Admin Issues
 *Subject:* Re: Win 2k8 Enterprise 240-day Eval  Terminal Serivces 
 licenses for 25 users.

  

 as follow up, with the free trial from MS, will windows allow for 25 
 simultaneous users during the grace period?

 Klint

 Webster wrote:

 *From:* Klint Price - ArizonaITPro [mailto:kpr...@arizonaitpro.com]
 *Subject:* Win 2k8 Enterprise 240-day Eval  Terminal Serivces 
 licenses for 25 users.

  

 I need to throw together a test server with 25 terminal services users.

 Does the 60 day eval (which can be increased to 240 days), allow for 
 25 simultaneous users via terminal services


 In either per-user or per-device mode the TS will issue temporary 
 120-day licenses.  If the TS is in workgroup mode then per-user 
 licenses are not tracked.  [Windows Server 2008 TS Resource Kit pages 
 121 and 122]

 Webster

  

  

  

  

  

  

  

  


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

RE: Win 2k8 Enterprise 240-day Eval Terminal Serivces licenses for 25 users.

2008-12-31 Thread Damien Solodow
I think so. It wouldn't make sense for a trial version to require you to
buy things..

 

From: Klint Price - ArizonaITPro [mailto:kpr...@arizonaitpro.com] 
Sent: Wednesday, December 31, 2008 10:38 AM
To: NT System Admin Issues
Subject: Re: Win 2k8 Enterprise 240-day Eval  Terminal Serivces
licenses for 25 users.

 

Backing up a little bit

This is going to be utilized in a Windows 2003 domain environment.  I
have plenty of 2003 CALS, but no 2008 CALs.  During the test time frame,
do I not have to worry about 2008 CALs?  Does 2008 ignore the fact they
are missing until the trial period ends?

Thanks, I think I am getting close.

Klint



and Enterprise comes with 25, and not just 5?  I can't find it on the MS
site, and have never dealt wi

Damien Solodow wrote: 

Should. In my experience the trial versions are complete and full
function, just time-bombed.

 

From: Klint Price - ArizonaITPro [mailto:kpr...@arizonaitpro.com] 
Sent: Wednesday, December 31, 2008 10:23 AM
To: NT System Admin Issues
Subject: Re: Win 2k8 Enterprise 240-day Eval  Terminal Serivces
licenses for 25 users.

 

as follow up, with the free trial from MS, will windows allow for 25
simultaneous users during the grace period?

Klint

Webster wrote: 

From: Klint Price - ArizonaITPro [mailto:kpr...@arizonaitpro.com] 
Subject: Win 2k8 Enterprise 240-day Eval  Terminal Serivces licenses
for 25 users.

 

I need to throw together a test server with 25 terminal services users.

Does the 60 day eval (which can be increased to 240 days), allow for 25
simultaneous users via terminal services





In either per-user or per-device mode the TS will issue temporary
120-day licenses.  If the TS is in workgroup mode then per-user licenses
are not tracked.  [Windows Server 2008 TS Resource Kit pages 121 and
122]

Webster

 

 

 

 

 

 

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

Hackers create rogue CA certificate using MD5 collisions

2008-12-31 Thread Sam Cayze
This doesn't sound too good...
 
http://blogs.zdnet.com/security/?p=2339
 
 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

RE: Hackers create rogue CA certificate using MD5 collisions

2008-12-31 Thread David Lum
Microsoft released a bulletin on it yesterday
http://www.microsoft.com/technet/security/advisory/961509.mspx

Of note:
Mitigating Factors:

* Microsoft is not aware of specific attacks against MD5, so previously issued 
certificates that were signed using MD5 are not affected and do not need to be 
revoked. This issue only affects certificates being signed using MD5 after the 
publication of the attack method.

* Most public Certificate Authority roots no longer use MD5 to sign 
certificates, but have upgraded to the more secure SHA-1 algorithm. Customers 
should contact their issuing Certificate Authority for guidance.

* When visited, Web sites that use Extended Validation (EV) certificates show a 
green address bar in most modern browsers. These certificates are always signed 
using SHA-1 and as such are not affected by this newly reported research
David Lum // SYSTEMS ENGINEER
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764

From: Sam Cayze [mailto:sam.ca...@rollouts.com]
Sent: Wednesday, December 31, 2008 7:56 AM
To: NT System Admin Issues
Subject: Hackers create rogue CA certificate using MD5 collisions

This doesn't sound too good...

http://blogs.zdnet.com/security/?p=2339








~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

RE: Hackers create rogue CA certificate using MD5 collisions

2008-12-31 Thread David Mazzaccaro
I believe MD5 has been hacked long ago...
I think a lot of people will mis-interrupt this, thinking that SSL is
also hacked.
 
Related article here:
http://hackaday.com/2008/12/30/25c3-hackers-completely-break-ssl-using-2
00-ps3s/
 
 



From: Sam Cayze [mailto:sam.ca...@rollouts.com] 
Sent: Wednesday, December 31, 2008 10:56 AM
To: NT System Admin Issues
Subject: Hackers create rogue CA certificate using MD5 collisions


This doesn't sound too good...
 
http://blogs.zdnet.com/security/?p=2339
 
 


 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

R: MS Server 2008 - Windows Server backup fails due to incorrect active volume

2008-12-31 Thread HELP_PC
Se MS KB 955687 and ask for relative hotfix (It will be included in SP2) 


GuidoElia
HELPPC

-Messaggio originale-
Da: Shazad Anwar [mailto:sha...@fastmail.co.uk] 
Inviato: mercoledì 31 dicembre 2008 11.57
A: NT System Admin Issues
Oggetto: Re: MS Server 2008 - Windows Server backup fails due to incorrect 
active volume

Hi,

I've not seen this article but I'm not getting any errors relating to Microsoft 
Exchange Replication Service.

Whenever I try to run full backup I get the following warnings/errors:

Warning - Volume Shadow Copy Service warning: ASR writer Error 0x80070001.  hr 
= 0x. (Event ID:12290) Error - Shadow copy creation failed because of 
error reported by ASR Writer.  More info: Incorrect function. (0x80070001). 
(Event ID:16387)

The only useful information I've found is in this TechNet thread:

http://social.technet.microsoft.com/Forums/en-US/winserverfiles/thread/9cf42e8a-2a33-47c5-a797-269330e9ba1a/

 From this thread it says system partition must be set as active.

Shazad

On 30/12/2008 23:09, Christopher Bodnar wrote:

 Have you seen this:

 http://technet.microsoft.com/en-us/library/bb218863.aspx

 Chris Bodnar, MCSE
 Sr. Systems Engineer
 Distributed Systems Service Delivery - Intel Services Guardian Life 
 Insurance Company of America
 Email: christopher_bod...@glic.com 
 mailto:christopher_bod...@glic.com
 Phone: 610-807-6459
 Fax: 610-807-6003

 --
 --

 *From:* Shazad Anwar [mailto:sha...@fastmail.co.uk]
 *Sent:* Tuesday, December 30, 2008 4:28 PM
 *To:* NT System Admin Issues
 *Subject:* MS Server 2008 - Windows Server backup fails due to 
 incorrect active volume

 Hi,

 I'm currently running Exchange 2007 SP1 on Server 2008 (Dell Poweredge 
 2970).

 I currently use Backup Exec 12.5 to backup System State and Exchange 
 databases.

 I'm trying to use Windows Server Backup to create a full backup of the 
 server but it keeps failing wikth this error:

 Backup started at '27/12/2008 19:18:44' failed as Volume Shadow copy 
 operation failed for backup volumes with following error code 
 '2155348129'. Please rerun backup once issue is resolved.

 From looking up this error on google it seems C: drive should be 
 active partition for Shadow Copy to work but on my server a small Dell 
 partition has been set active.

 Has anyone encountered this problem and know of a fix?

 Thanks,

 Shazad

   

   
 --
 --

 *This message, and any attachments to it, may contain information that 
 is privileged, confidential, and exempt from disclosure under 
 applicable law. If the reader of this message is not the intended 
 recipient, you are notified that any use, dissemination, distribution, 
 copying, or communication of this message is strictly prohibited. If 
 you have received this message in error, please notify the sender 
 immediately by return e-mail and delete the message and any 
 attachments. Thank you. *



~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


RE: Win 2k8 Enterprise 240-day Eval Terminal Serivces licenses for 25 users.

2008-12-31 Thread Troy Meyer
Yes, the 2008 box will completely ignore CALS/licensing during the trial 
period.  You get that familiar you have X days to configure a TS licensing 
server  down in the task bar. During install our 2008 TS test setup detected 
our 2003 licensing server and said it didn't have any compatible licenses, but 
that didn't stop us from continuing the install and testing some of the sweet 
dt application serving and TS gateway functionality.

-troy


-Original Message-
From: Klint Price - ArizonaITPro [mailto:kpr...@arizonaitpro.com] 
Sent: Wednesday, December 31, 2008 7:38 AM
To: NT System Admin Issues
Subject: Re: Win 2k8 Enterprise 240-day Eval  Terminal Serivces licenses for 
25 users.

Backing up a little bit

This is going to be utilized in a Windows 2003 domain environment.  I have 
plenty of 2003 CALS, but no 2008 CALs.  During the test time frame, do I not 
have to worry about 2008 CALs?  Does 2008 ignore the fact they are missing 
until the trial period ends?


Thanks, I think I am getting close.

Klint



and Enterprise comes with 25, and not just 5?  I can't find it on the MS site, 
and have never dealt wi

Damien Solodow wrote: 

Should. In my experience the trial versions are complete and full 
function, just time-bombed.

 

From: Klint Price - ArizonaITPro [mailto:kpr...@arizonaitpro.com] 
Sent: Wednesday, December 31, 2008 10:23 AM
To: NT System Admin Issues
Subject: Re: Win 2k8 Enterprise 240-day Eval  Terminal Serivces 
licenses for 25 users.

 

as follow up, with the free trial from MS, will windows allow for 25 
simultaneous users during the grace period?

Klint

Webster wrote: 

From: Klint Price - ArizonaITPro [mailto:kpr...@arizonaitpro.com] 
Subject: Win 2k8 Enterprise 240-day Eval  Terminal Serivces licenses 
for 25 users.

 

I need to throw together a test server with 25 terminal services users.

Does the 60 day eval (which can be increased to 240 days), allow for 25 
simultaneous users via terminal services




In either per-user or per-device mode the TS will issue temporary 
120-day licenses.  If the TS is in workgroup mode then per-user licenses are 
not tracked.  [Windows Server 2008 TS Resource Kit pages 121 and 122]

Webster

 

 

 

 

 

 


 



 



 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


RE: Net framework 2.0 SP1

2008-12-31 Thread Kelsey, John
Google is your friend.
 
http://www.microsoft.com/downloads/details.aspx?familyid=0c1b0a88-59e2-4
eba-a70e-4cd851c5fcc4displaylang=en
 
 
***
John C. Kelsey
DuBois Regional Medical Center
(:  814.375.3073  
*:   jckel...@drmc.org mailto:jckel...@drmc.org  
***

-Original Message-
From: Craig Gauss [mailto:gau...@rhahealthcare.org] 
Sent: Wednesday, December 31, 2008 11:41
To: NT System Admin Issues
Subject: Net framework 2.0 SP1


Does anyone know if this SP is available anywhere as an MSI?




 


 




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

RE: Net framework 2.0 SP1

2008-12-31 Thread Craig Gauss
Saw that one but it is only for Windows mobile
 

Craig Gauss,  Technical Supervisor/Security Officer
Riverview Hospital Association
Phone: 715-423-6060 ext. 8572


 



From: Kelsey, John [mailto:jckel...@drmc.org] 
Sent: Wednesday, December 31, 2008 10:44 AM
To: NT System Admin Issues
Subject: RE: Net framework 2.0 SP1


Google is your friend.
 
http://www.microsoft.com/downloads/details.aspx?familyid=0c1b0a88-59e2-4
eba-a70e-4cd851c5fcc4displaylang=en
 
 
***
John C. Kelsey
DuBois Regional Medical Center
(:  814.375.3073  
*:   jckel...@drmc.org mailto:jckel...@drmc.org  
***

-Original Message-
From: Craig Gauss [mailto:gau...@rhahealthcare.org] 
Sent: Wednesday, December 31, 2008 11:41
To: NT System Admin Issues
Subject: Net framework 2.0 SP1


Does anyone know if this SP is available anywhere as an MSI?




 


 




 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

RE: Net framework 2.0 SP1

2008-12-31 Thread Kelsey, John
Alrighty, how about this one?
 
http://www.microsoft.com/Downloads/details.aspx?familyid=79BC3B77-E02C-4
AD3-AACF-A7633F706BA5displaylang=en
 
 
***
John C. Kelsey
DuBois Regional Medical Center
(:  814.375.3073  
*:   jckel...@drmc.org mailto:jckel...@drmc.org  
***

-Original Message-
From: Craig Gauss [mailto:gau...@rhahealthcare.org] 
Sent: Wednesday, December 31, 2008 11:46
To: NT System Admin Issues
Subject: RE: Net framework 2.0 SP1


Saw that one but it is only for Windows mobile
 

Craig Gauss,  Technical Supervisor/Security Officer
Riverview Hospital Association
Phone: 715-423-6060 ext. 8572


 



From: Kelsey, John [mailto:jckel...@drmc.org] 
Sent: Wednesday, December 31, 2008 10:44 AM
To: NT System Admin Issues
Subject: RE: Net framework 2.0 SP1


Google is your friend.
 

http://www.microsoft.com/downloads/details.aspx?familyid=0c1b0a88-59e2-4
eba-a70e-4cd851c5fcc4displaylang=en
 
 
***
John C. Kelsey
DuBois Regional Medical Center
(:  814.375.3073  
*:   jckel...@drmc.org mailto:jckel...@drmc.org  
***

-Original Message-
From: Craig Gauss [mailto:gau...@rhahealthcare.org] 
Sent: Wednesday, December 31, 2008 11:41
To: NT System Admin Issues
Subject: Net framework 2.0 SP1


Does anyone know if this SP is available anywhere as an
MSI?




 


 




 


 




 


 




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

RE: Net framework 2.0 SP1

2008-12-31 Thread Kelsey, John
nevermind..you said MSI and thats the .exe
 
 
***
John C. Kelsey
DuBois Regional Medical Center
(:  814.375.3073  
*:   jckel...@drmc.org mailto:jckel...@drmc.org  
***

-Original Message-
From: Kelsey, John [mailto:jckel...@drmc.org] 
Sent: Wednesday, December 31, 2008 11:47
To: NT System Admin Issues
Subject: RE: Net framework 2.0 SP1


Alrighty, how about this one?
 

http://www.microsoft.com/Downloads/details.aspx?familyid=79BC3B77-E02C-4
AD3-AACF-A7633F706BA5displaylang=en
 
 
***
John C. Kelsey
DuBois Regional Medical Center
(:  814.375.3073  
*:   jckel...@drmc.org mailto:jckel...@drmc.org  
***

-Original Message-
From: Craig Gauss [mailto:gau...@rhahealthcare.org] 
Sent: Wednesday, December 31, 2008 11:46
To: NT System Admin Issues
Subject: RE: Net framework 2.0 SP1


Saw that one but it is only for Windows mobile
 

Craig Gauss,  Technical Supervisor/Security Officer
Riverview Hospital Association
Phone: 715-423-6060 ext. 8572


 



From: Kelsey, John [mailto:jckel...@drmc.org] 
Sent: Wednesday, December 31, 2008 10:44 AM
To: NT System Admin Issues
Subject: RE: Net framework 2.0 SP1


Google is your friend.
 

http://www.microsoft.com/downloads/details.aspx?familyid=0c1b0a88-59e2-4
eba-a70e-4cd851c5fcc4displaylang=en
 
 
***
John C. Kelsey
DuBois Regional Medical Center
(:  814.375.3073  
*:   jckel...@drmc.org mailto:jckel...@drmc.org  
***

-Original Message-
From: Craig Gauss
[mailto:gau...@rhahealthcare.org] 
Sent: Wednesday, December 31, 2008 11:41
To: NT System Admin Issues
Subject: Net framework 2.0 SP1


Does anyone know if this SP is available
anywhere as an MSI?




 


 




 


 




 


 




 


 




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

RE: Net framework 2.0 SP1

2008-12-31 Thread Don Guyer
http://www.microsoft.com/downloads/details.aspx?familyid=0c1b0a88-59e2-4
eba-a70e-4cd851c5fcc4displaylang=en

 

Don Guyer

Systems Engineer

Information Services

Prudential Fox Roach/ Trident

431 W. Lancaster Avenue

Devon, PA 19333

Ph: (610) 993-3299

Fax: (610) 650-5306

www.prufoxroach.com blocked::blocked::http://www.prufoxroach.com/ 

don.gu...@prufoxroach.com

 

From: Craig Gauss [mailto:gau...@rhahealthcare.org] 
Sent: Wednesday, December 31, 2008 11:41 AM
To: NT System Admin Issues
Subject: Net framework 2.0 SP1

 

Does anyone know if this SP is available anywhere as an MSI?

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

Re: Top 10 PowerShell scripts that VMware administrators should use

2008-12-31 Thread Steven Peck
On that subject, I just did an intro presentation on PowerShell for my
co-workers
http://www.blkmtn.org/introduction-to-powershell-slides


On Tue, Dec 30, 2008 at 10:13 PM, Sam Cayze sam.ca...@rollouts.com wrote:
 Since we are praising powershell, I just came across this.  Handy list!

 http://www.virtual-strategy.com/Eric-Siebert-s-Top-10/Top-10-PowerShell-scripts-that-VMware-administrators-should-use.html

 Sam





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


RE: Net framework 2.0 SP1

2008-12-31 Thread Don Guyer
Oh yeah, my apologies.

 

You could always take the EXE and package it up into an MSI. I'm
guessing you want to push this through a GPO?

 

Don Guyer

Systems Engineer

Information Services

Prudential Fox Roach/ Trident

431 W. Lancaster Avenue

Devon, PA 19333

Ph: (610) 993-3299

Fax: (610) 650-5306

www.prufoxroach.com blocked::blocked::http://www.prufoxroach.com/ 

don.gu...@prufoxroach.com

 

From: Craig Gauss [mailto:gau...@rhahealthcare.org] 
Sent: Wednesday, December 31, 2008 12:01 PM
To: NT System Admin Issues
Subject: RE: Net framework 2.0 SP1

 

That is only for Windows mobile

 

Craig Gauss,  Technical Supervisor/Security Officer
Riverview Hospital Association
Phone: 715-423-6060 ext. 8572

 

 



From: Don Guyer [mailto:don.gu...@prufoxroach.com] 
Sent: Wednesday, December 31, 2008 10:45 AM
To: NT System Admin Issues
Subject: RE: Net framework 2.0 SP1

http://www.microsoft.com/downloads/details.aspx?familyid=0c1b0a88-59e2-4
eba-a70e-4cd851c5fcc4displaylang=en

 

Don Guyer

Systems Engineer

Information Services

Prudential Fox Roach/ Trident

431 W. Lancaster Avenue

Devon, PA 19333

Ph: (610) 993-3299

Fax: (610) 650-5306

www.prufoxroach.com

don.gu...@prufoxroach.com

 

From: Craig Gauss [mailto:gau...@rhahealthcare.org] 
Sent: Wednesday, December 31, 2008 11:41 AM
To: NT System Admin Issues
Subject: Net framework 2.0 SP1

 

Does anyone know if this SP is available anywhere as an MSI?

 

 

 

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

Re: Net framework 2.0 SP1

2008-12-31 Thread Phil Brutsche
The EXE is a self extracting executable you can open with WinZip. The
.msi is inside. I think you need to perform an administrative install
(aka msiexec /a) before you can deploy it via GPO.

The same goes for .NET Framework versions 3.0 and 3.5.

Don Guyer wrote:
 Oh yeah, my apologies.
 
 You could always take the EXE and package it up into an MSI. I’m
 guessing you want to push this through a GPO?

-- 

Phil Brutsche
p...@optimumdata.com

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


RE: Net framework 2.0 SP1

2008-12-31 Thread Craig Gauss
Thanks to everyone for looking.  I think I found a satisfactory
solution.   We use ScriptLogic's desktop authority and I am using the
Application Launcher elements to launch the install silently and
asynchronously on login with the norestart switch.  Has worked on the
test machines I have tried it on. 


Craig Gauss,  Technical Supervisor/Security Officer
Riverview Hospital Association
Phone: 715-423-6060 ext. 8572



-Original Message-
From: Phil Brutsche [mailto:p...@optimumdata.com] 
Sent: Wednesday, December 31, 2008 11:12 AM
To: NT System Admin Issues
Subject: Re: Net framework 2.0 SP1

The EXE is a self extracting executable you can open with WinZip. The
.msi is inside. I think you need to perform an administrative install
(aka msiexec /a) before you can deploy it via GPO.

The same goes for .NET Framework versions 3.0 and 3.5.

Don Guyer wrote:
 Oh yeah, my apologies.
 
 You could always take the EXE and package it up into an MSI. I'm 
 guessing you want to push this through a GPO?

-- 

Phil Brutsche
p...@optimumdata.com

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


Strange Word template issue

2008-12-31 Thread Joe Heaton
Template was originally created in Word 2k3.  

 

The template can be opened in Word 2k3.

 

I can't open it in Word 2k7.

 

If it's changed to a document instead of a template, I can open it in
Word 2k7.

 

There's nothing odd about the template, it's just a memo template, with
a company logo embedded, which is the only recent change to it.

 

 

 

Joe Heaton

AISA

Employment Training Panel

1100 J Street, 4th Floor

Sacramento, CA  95814

(916) 327-5276

jhea...@etp.ca.gov

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

RE: Strange Word template issue

2008-12-31 Thread Martin Blackstone
Take it one step further.

Change to template to doc.

Open in 2007

Save As Template

 

 

From: Joe Heaton [mailto:jhea...@etp.ca.gov] 
Sent: Wednesday, December 31, 2008 10:17 AM
To: NT System Admin Issues
Subject: Strange Word template issue

 

Template was originally created in Word 2k3.  

 

The template can be opened in Word 2k3.

 

I can't open it in Word 2k7.

 

If it's changed to a document instead of a template, I can open it in Word
2k7.

 

There's nothing odd about the template, it's just a memo template, with a
company logo embedded, which is the only recent change to it.

 

 

 

Joe Heaton

AISA

Employment Training Panel

1100 J Street, 4th Floor

Sacramento, CA  95814

(916) 327-5276

jhea...@etp.ca.gov

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

RE: Net framework 2.0 SP1

2008-12-31 Thread Don Guyer
Thank you both. This is good info as we also use DA here.

Happy New Year!

Don Guyer
Systems Engineer
Information Services
Prudential Fox Roach/ Trident
431 W. Lancaster Avenue
Devon, PA 19333
Ph: (610) 993-3299
Fax: (610) 650-5306
www.prufoxroach.com
don.gu...@prufoxroach.com


-Original Message-
From: Craig Gauss [mailto:gau...@rhahealthcare.org] 
Sent: Wednesday, December 31, 2008 12:27 PM
To: NT System Admin Issues
Subject: RE: Net framework 2.0 SP1

Thanks to everyone for looking.  I think I found a satisfactory
solution.   We use ScriptLogic's desktop authority and I am using the
Application Launcher elements to launch the install silently and
asynchronously on login with the norestart switch.  Has worked on the
test machines I have tried it on. 


Craig Gauss,  Technical Supervisor/Security Officer
Riverview Hospital Association
Phone: 715-423-6060 ext. 8572



-Original Message-
From: Phil Brutsche [mailto:p...@optimumdata.com] 
Sent: Wednesday, December 31, 2008 11:12 AM
To: NT System Admin Issues
Subject: Re: Net framework 2.0 SP1

The EXE is a self extracting executable you can open with WinZip. The
.msi is inside. I think you need to perform an administrative install
(aka msiexec /a) before you can deploy it via GPO.

The same goes for .NET Framework versions 3.0 and 3.5.

Don Guyer wrote:
 Oh yeah, my apologies.
 
 You could always take the EXE and package it up into an MSI. I'm 
 guessing you want to push this through a GPO?

-- 

Phil Brutsche
p...@optimumdata.com

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


LCD monitor vs LCD HDTV?

2008-12-31 Thread jesse-r...@wi.rr.com
I was looking to replace my aging 14 tube monitor with an LCD monitor. 
However, it seems like, for the price of a 22 LCD flatpanel monitor, I can
get a 22 LCD HDTV which includes a tv tuner.   So is there any reason
to buy a LCD flatpanel monitor?  The prices are about the same for a LCD
monitor vs LCD HDTV.  Thoughts?

Feel free to msg off-list if this is considered OT.

JR



mail2web.com – Enhanced email for the mobile individual based on Microsoft®
Exchange - http://link.mail2web.com/Personal/EnhancedEmail



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


Re: LCD monitor vs LCD HDTV?

2008-12-31 Thread Phil Brutsche
I would double check the resolution the LCD is capable of. Beyond that,
no reason not to.

Not all LCD TVs support the resolution a same-size LCD flatpanel monitor
will.

jesse-r...@wi.rr.com wrote:
 I was looking to replace my aging 14 tube monitor with an LCD monitor. 
 However, it seems like, for the price of a 22 LCD flatpanel monitor, I can
 get a 22 LCD HDTV which includes a tv tuner.   So is there any reason
 to buy a LCD flatpanel monitor?  The prices are about the same for a LCD
 monitor vs LCD HDTV.  Thoughts?
 
 Feel free to msg off-list if this is considered OT.

-- 

Phil Brutsche
p...@optimumdata.com

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


RE: LCD monitor vs LCD HDTV?

2008-12-31 Thread Terry Dickson
Well I just got an email a little while ago about LCD 22 under $150, I don't 
think you can get a LCD HDTV for that, as a matter of fact I think they are 
almost twice that price.  

-Original Message-
From: jesse-r...@wi.rr.com [mailto:jesse-r...@wi.rr.com] 
Sent: Wednesday, December 31, 2008 12:58 PM
To: NT System Admin Issues
Subject: LCD monitor vs LCD HDTV?

I was looking to replace my aging 14 tube monitor with an LCD monitor. 
However, it seems like, for the price of a 22 LCD flatpanel monitor, I can
get a 22 LCD HDTV which includes a tv tuner.   So is there any reason
to buy a LCD flatpanel monitor?  The prices are about the same for a LCD
monitor vs LCD HDTV.  Thoughts?

Feel free to msg off-list if this is considered OT.

JR



mail2web.com - Enhanced email for the mobile individual based on Microsoft(r)
Exchange - http://link.mail2web.com/Personal/EnhancedEmail



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


RE: LCD monitor vs LCD HDTV?

2008-12-31 Thread David Lum
I could be wrong, but a 1080p HDTV is basically like a 1920x1080 monitor or a 
720p is 1280x720 that you can't change the resolution on. I infer It from this:
http://www.cnet.com/hdtv-resolution/

True A-V geeks will likely chime in here.

The p vs i discussions remind me of the early SVGA days where some monitors 
were interlaced and other non-interlaced (non-interlaced being the better 
choice), nowadays we hear progressive instead of non-interlaced.

David Lum // SYSTEMS ENGINEER
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764




-Original Message-
From: jesse-r...@wi.rr.com [mailto:jesse-r...@wi.rr.com]
Sent: Wednesday, December 31, 2008 10:58 AM
To: NT System Admin Issues
Subject: LCD monitor vs LCD HDTV?

I was looking to replace my aging 14 tube monitor with an LCD monitor.
However, it seems like, for the price of a 22 LCD flatpanel monitor, I can
get a 22 LCD HDTV which includes a tv tuner.   So is there any reason
to buy a LCD flatpanel monitor?  The prices are about the same for a LCD
monitor vs LCD HDTV.  Thoughts?

Feel free to msg off-list if this is considered OT.

JR



mail2web.com - Enhanced email for the mobile individual based on Microsoft(r)
Exchange - http://link.mail2web.com/Personal/EnhancedEmail



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


RE: LCD monitor vs LCD HDTV?

2008-12-31 Thread Don Guyer
Funny you say this. I just bought a 22 LCD HDTV for my Daughter's room
and was thinking that if/when she gets a computer in her room, the TV
will double as a monitor. I have not hooked a computer up to it yet so I
cannot comment on the quality yet.


Don Guyer
Systems Engineer
Information Services
Prudential Fox Roach/ Trident
431 W. Lancaster Avenue
Devon, PA 19333
Ph: (610) 993-3299
Fax: (610) 650-5306
www.prufoxroach.com
don.gu...@prufoxroach.com


-Original Message-
From: jesse-r...@wi.rr.com [mailto:jesse-r...@wi.rr.com] 
Sent: Wednesday, December 31, 2008 1:58 PM
To: NT System Admin Issues
Subject: LCD monitor vs LCD HDTV?

I was looking to replace my aging 14 tube monitor with an LCD monitor. 
However, it seems like, for the price of a 22 LCD flatpanel monitor, I
can
get a 22 LCD HDTV which includes a tv tuner.   So is there any
reason
to buy a LCD flatpanel monitor?  The prices are about the same for a LCD
monitor vs LCD HDTV.  Thoughts?

Feel free to msg off-list if this is considered OT.

JR



mail2web.com - Enhanced email for the mobile individual based on
Microsoft(r)
Exchange - http://link.mail2web.com/Personal/EnhancedEmail



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


RE: LCD monitor vs LCD HDTV?

2008-12-31 Thread David James
HDTV will support HDCP as well, which you'll want to get all the features of
HD TV.  A lot of the LCD monitors have HDMI in now, but won't give you the
full benefits HDCP does.

-Original Message-
From: Phil Brutsche [mailto:p...@optimumdata.com] 
Sent: Wednesday, December 31, 2008 1:02 PM
To: NT System Admin Issues
Subject: Re: LCD monitor vs LCD HDTV?

I would double check the resolution the LCD is capable of. Beyond that,
no reason not to.

Not all LCD TVs support the resolution a same-size LCD flatpanel monitor
will.

jesse-r...@wi.rr.com wrote:
 I was looking to replace my aging 14 tube monitor with an LCD monitor. 
 However, it seems like, for the price of a 22 LCD flatpanel monitor, I
can
 get a 22 LCD HDTV which includes a tv tuner.   So is there any reason
 to buy a LCD flatpanel monitor?  The prices are about the same for a LCD
 monitor vs LCD HDTV.  Thoughts?
 
 Feel free to msg off-list if this is considered OT.

-- 

Phil Brutsche
p...@optimumdata.com

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


RE: Net framework 2.0 SP1

2008-12-31 Thread Craig Gauss
How are you liking it?  I think we have been using it for about 1 1/2
years and Im not sure I could work without it :) 


Craig Gauss,  Technical Supervisor/Security Officer
Riverview Hospital Association
Phone: 715-423-6060 ext. 8572



-Original Message-
From: Don Guyer [mailto:don.gu...@prufoxroach.com] 
Sent: Wednesday, December 31, 2008 12:20 PM
To: NT System Admin Issues
Subject: RE: Net framework 2.0 SP1

Thank you both. This is good info as we also use DA here.

Happy New Year!

Don Guyer
Systems Engineer
Information Services
Prudential Fox Roach/ Trident
431 W. Lancaster Avenue
Devon, PA 19333
Ph: (610) 993-3299
Fax: (610) 650-5306
www.prufoxroach.com
don.gu...@prufoxroach.com


-Original Message-
From: Craig Gauss [mailto:gau...@rhahealthcare.org]
Sent: Wednesday, December 31, 2008 12:27 PM
To: NT System Admin Issues
Subject: RE: Net framework 2.0 SP1

Thanks to everyone for looking.  I think I found a satisfactory
solution.   We use ScriptLogic's desktop authority and I am using the
Application Launcher elements to launch the install silently and
asynchronously on login with the norestart switch.  Has worked on the
test machines I have tried it on. 


Craig Gauss,  Technical Supervisor/Security Officer Riverview Hospital
Association
Phone: 715-423-6060 ext. 8572



-Original Message-
From: Phil Brutsche [mailto:p...@optimumdata.com]
Sent: Wednesday, December 31, 2008 11:12 AM
To: NT System Admin Issues
Subject: Re: Net framework 2.0 SP1

The EXE is a self extracting executable you can open with WinZip. The
.msi is inside. I think you need to perform an administrative install
(aka msiexec /a) before you can deploy it via GPO.

The same goes for .NET Framework versions 3.0 and 3.5.

Don Guyer wrote:
 Oh yeah, my apologies.
 
 You could always take the EXE and package it up into an MSI. I'm 
 guessing you want to push this through a GPO?

-- 

Phil Brutsche
p...@optimumdata.com

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


RE: LCD monitor vs LCD HDTV?

2008-12-31 Thread Sam Cayze
Yeah everyone is right here...  Resolution on the monitors is MUCH
better.  Night and day difference.

Dell just had their 22 wide on sale for $140.

-Original Message-
From: David James [mailto:bigdadd...@gmail.com] 
Sent: Wednesday, December 31, 2008 1:14 PM
To: NT System Admin Issues
Subject: RE: LCD monitor vs LCD HDTV?

HDTV will support HDCP as well, which you'll want to get all the
features of
HD TV.  A lot of the LCD monitors have HDMI in now, but won't give you
the
full benefits HDCP does.

-Original Message-
From: Phil Brutsche [mailto:p...@optimumdata.com] 
Sent: Wednesday, December 31, 2008 1:02 PM
To: NT System Admin Issues
Subject: Re: LCD monitor vs LCD HDTV?

I would double check the resolution the LCD is capable of. Beyond that,
no reason not to.

Not all LCD TVs support the resolution a same-size LCD flatpanel monitor
will.

jesse-r...@wi.rr.com wrote:
 I was looking to replace my aging 14 tube monitor with an LCD
monitor. 
 However, it seems like, for the price of a 22 LCD flatpanel monitor,
I
can
 get a 22 LCD HDTV which includes a tv tuner.   So is there any
reason
 to buy a LCD flatpanel monitor?  The prices are about the same for a
LCD
 monitor vs LCD HDTV.  Thoughts?
 
 Feel free to msg off-list if this is considered OT.

-- 

Phil Brutsche
p...@optimumdata.com

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


RE: Strange Word template issue

2008-12-31 Thread Joe Heaton
That worked fine.  So now we're having the person doing the changes to
save the .doc that worked, as a template, then send that to us, to see
if we can open it.  The editor is using 2k3.

 

Joe Heaton

Employment Training Panel

 

From: Martin Blackstone [mailto:mblackst...@gmail.com] 
Sent: Wednesday, December 31, 2008 10:21 AM
To: NT System Admin Issues
Subject: RE: Strange Word template issue

 

Take it one step further.

Change to template to doc.

Open in 2007

Save As Template

 

 

From: Joe Heaton [mailto:jhea...@etp.ca.gov] 
Sent: Wednesday, December 31, 2008 10:17 AM
To: NT System Admin Issues
Subject: Strange Word template issue

 

Template was originally created in Word 2k3.  

 

The template can be opened in Word 2k3.

 

I can't open it in Word 2k7.

 

If it's changed to a document instead of a template, I can open it in
Word 2k7.

 

There's nothing odd about the template, it's just a memo template, with
a company logo embedded, which is the only recent change to it.

 

 

 

Joe Heaton

AISA

Employment Training Panel

1100 J Street, 4th Floor

Sacramento, CA  95814

(916) 327-5276

jhea...@etp.ca.gov

 

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

RE: Net framework 2.0 SP1

2008-12-31 Thread Don Guyer
I just started using it earlier this year, when I started this job, so I
haven't gotten my hands real dirty with it yet. Right now I'm only using
it to pass settings for IE, desktop, etc.

Don Guyer
Systems Engineer
Information Services
Prudential Fox Roach/ Trident
431 W. Lancaster Avenue
Devon, PA 19333
Ph: (610) 993-3299
Fax: (610) 650-5306
www.prufoxroach.com
don.gu...@prufoxroach.com


-Original Message-
From: Craig Gauss [mailto:gau...@rhahealthcare.org] 
Sent: Wednesday, December 31, 2008 2:24 PM
To: NT System Admin Issues
Subject: RE: Net framework 2.0 SP1

How are you liking it?  I think we have been using it for about 1 1/2
years and Im not sure I could work without it :) 


Craig Gauss,  Technical Supervisor/Security Officer
Riverview Hospital Association
Phone: 715-423-6060 ext. 8572



-Original Message-
From: Don Guyer [mailto:don.gu...@prufoxroach.com] 
Sent: Wednesday, December 31, 2008 12:20 PM
To: NT System Admin Issues
Subject: RE: Net framework 2.0 SP1

Thank you both. This is good info as we also use DA here.

Happy New Year!

Don Guyer
Systems Engineer
Information Services
Prudential Fox Roach/ Trident
431 W. Lancaster Avenue
Devon, PA 19333
Ph: (610) 993-3299
Fax: (610) 650-5306
www.prufoxroach.com
don.gu...@prufoxroach.com


-Original Message-
From: Craig Gauss [mailto:gau...@rhahealthcare.org]
Sent: Wednesday, December 31, 2008 12:27 PM
To: NT System Admin Issues
Subject: RE: Net framework 2.0 SP1

Thanks to everyone for looking.  I think I found a satisfactory
solution.   We use ScriptLogic's desktop authority and I am using the
Application Launcher elements to launch the install silently and
asynchronously on login with the norestart switch.  Has worked on the
test machines I have tried it on. 


Craig Gauss,  Technical Supervisor/Security Officer Riverview Hospital
Association
Phone: 715-423-6060 ext. 8572



-Original Message-
From: Phil Brutsche [mailto:p...@optimumdata.com]
Sent: Wednesday, December 31, 2008 11:12 AM
To: NT System Admin Issues
Subject: Re: Net framework 2.0 SP1

The EXE is a self extracting executable you can open with WinZip. The
.msi is inside. I think you need to perform an administrative install
(aka msiexec /a) before you can deploy it via GPO.

The same goes for .NET Framework versions 3.0 and 3.5.

Don Guyer wrote:
 Oh yeah, my apologies.
 
 You could always take the EXE and package it up into an MSI. I'm 
 guessing you want to push this through a GPO?

-- 

Phil Brutsche
p...@optimumdata.com

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


RE: LCD monitor vs LCD HDTV?

2008-12-31 Thread David James
I can run my ps3 1080p over the HDMI input, but when I hook up the PC over
HDCMI it only goes to 1366 x 768.  computer resolution and HD resolutions
are different somehow, I've never quite understood why a 1080p tv won't do
1920 x 1080.  Maybe someone else has done that and can tell me how, I'd love
to put my 32 HDTV on my desk, I just can't take the lower resolution.  
-Original Message-
From: David Lum [mailto:david@nwea.org] 
Sent: Wednesday, December 31, 2008 1:06 PM
To: NT System Admin Issues
Subject: RE: LCD monitor vs LCD HDTV?

I could be wrong, but a 1080p HDTV is basically like a 1920x1080 monitor or
a 720p is 1280x720 that you can't change the resolution on. I infer It from
this:
http://www.cnet.com/hdtv-resolution/

True A-V geeks will likely chime in here.

The p vs i discussions remind me of the early SVGA days where some
monitors were interlaced and other non-interlaced (non-interlaced being the
better choice), nowadays we hear progressive instead of non-interlaced.

David Lum // SYSTEMS ENGINEER
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764




-Original Message-
From: jesse-r...@wi.rr.com [mailto:jesse-r...@wi.rr.com]
Sent: Wednesday, December 31, 2008 10:58 AM
To: NT System Admin Issues
Subject: LCD monitor vs LCD HDTV?

I was looking to replace my aging 14 tube monitor with an LCD monitor.
However, it seems like, for the price of a 22 LCD flatpanel monitor, I can
get a 22 LCD HDTV which includes a tv tuner.   So is there any reason
to buy a LCD flatpanel monitor?  The prices are about the same for a LCD
monitor vs LCD HDTV.  Thoughts?

Feel free to msg off-list if this is considered OT.

JR



mail2web.com - Enhanced email for the mobile individual based on
Microsoft(r)
Exchange - http://link.mail2web.com/Personal/EnhancedEmail



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


RE: LCD monitor vs LCD HDTV?

2008-12-31 Thread jesse-r...@wi.rr.com
The Insignia LCD-HDTV I'm looking at (22 720p) says it does 1650x1050. 
Any reason this wouldn't be as good as a regular old LCD panel that does
1650x1050?

Original Message:
-
From: David James bigdadd...@gmail.com
Date: Wed, 31 Dec 2008 13:55:28 -0600
To: ntsysadmin@lyris.sunbelt-software.com
Subject: RE: LCD monitor vs LCD HDTV?


I can run my ps3 1080p over the HDMI input, but when I hook up the PC over
HDCMI it only goes to 1366 x 768.  computer resolution and HD resolutions
are different somehow, I've never quite understood why a 1080p tv won't do
1920 x 1080.  Maybe someone else has done that and can tell me how, I'd love
to put my 32 HDTV on my desk, I just can't take the lower resolution.  
-Original Message-
From: David Lum [mailto:david@nwea.org] 
Sent: Wednesday, December 31, 2008 1:06 PM
To: NT System Admin Issues
Subject: RE: LCD monitor vs LCD HDTV?

I could be wrong, but a 1080p HDTV is basically like a 1920x1080 monitor or
a 720p is 1280x720 that you can't change the resolution on. I infer It from
this:
http://www.cnet.com/hdtv-resolution/

True A-V geeks will likely chime in here.

The p vs i discussions remind me of the early SVGA days where some
monitors were interlaced and other non-interlaced (non-interlaced being the
better choice), nowadays we hear progressive instead of non-interlaced.

David Lum // SYSTEMS ENGINEER
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764




-Original Message-
From: jesse-r...@wi.rr.com [mailto:jesse-r...@wi.rr.com]
Sent: Wednesday, December 31, 2008 10:58 AM
To: NT System Admin Issues
Subject: LCD monitor vs LCD HDTV?

I was looking to replace my aging 14 tube monitor with an LCD monitor.
However, it seems like, for the price of a 22 LCD flatpanel monitor, I can
get a 22 LCD HDTV which includes a tv tuner.   So is there any reason
to buy a LCD flatpanel monitor?  The prices are about the same for a LCD
monitor vs LCD HDTV.  Thoughts?

Feel free to msg off-list if this is considered OT.

JR



mail2web.com - Enhanced email for the mobile individual based on
Microsoft(r)
Exchange - http://link.mail2web.com/Personal/EnhancedEmail



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


mail2web.com - Microsoft® Exchange solutions from a leading provider -
http://link.mail2web.com/Business/Exchange



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


gpupdate/GPO

2008-12-31 Thread Jason Gauthier
All,

 

   I have one, or many, GPOs that are not apparently being applied on
workstations.   Through some testing, I have specifically found that IE
settings are not really taking effect.  That is, until, I manually run a
gpupdate /force, and the reboot or logoff.

 

Obviously, this is not really desired.  Does anyone know why this would
be happening, and how I can solve it?

A GPO should be applied appropriately, without me mandating a forced
update and reboot.

 

Thanks,

 

Jason


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

Re: LCD monitor vs LCD HDTV?

2008-12-31 Thread Bryan Garmon
My Samsung 46 LCD does 1920X1080P just fine with my laptop hooked up to the
back of it using a DVI connection. Perhaps your tv isn't what the marketing
genius' now call True HD. True HD televisions support 1920X1080P
resolution over either DVI or HDMI. If you're using a VGA cable good luck -
I've had nothing but bad experiencing trying to go above 1024X768 using a
VGA connection.

For a living room, 1920X1080P works great for a PC screen resolution -
but if you're talking about putting it on your desk, I agree that one is
better off with a LCD monitor.

On Wed, Dec 31, 2008 at 2:55 PM, David James bigdadd...@gmail.com wrote:

 I can run my ps3 1080p over the HDMI input, but when I hook up the PC over
 HDCMI it only goes to 1366 x 768.  computer resolution and HD resolutions
 are different somehow, I've never quite understood why a 1080p tv won't do
 1920 x 1080.  Maybe someone else has done that and can tell me how, I'd
 love
 to put my 32 HDTV on my desk, I just can't take the lower resolution.
 -Original Message-
 From: David Lum [mailto:david@nwea.org]
 Sent: Wednesday, December 31, 2008 1:06 PM
 To: NT System Admin Issues
 Subject: RE: LCD monitor vs LCD HDTV?

 I could be wrong, but a 1080p HDTV is basically like a 1920x1080 monitor or
 a 720p is 1280x720 that you can't change the resolution on. I infer It from
 this:
 http://www.cnet.com/hdtv-resolution/

 True A-V geeks will likely chime in here.

 The p vs i discussions remind me of the early SVGA days where some
 monitors were interlaced and other non-interlaced (non-interlaced being the
 better choice), nowadays we hear progressive instead of non-interlaced.

 David Lum // SYSTEMS ENGINEER
 NORTHWEST EVALUATION ASSOCIATION
 (Desk) 971.222.1025 // (Cell) 503.267.9764




 -Original Message-
 From: jesse-r...@wi.rr.com [mailto:jesse-r...@wi.rr.com]
 Sent: Wednesday, December 31, 2008 10:58 AM
 To: NT System Admin Issues
 Subject: LCD monitor vs LCD HDTV?

 I was looking to replace my aging 14 tube monitor with an LCD monitor.
 However, it seems like, for the price of a 22 LCD flatpanel monitor, I can
 get a 22 LCD HDTV which includes a tv tuner.   So is there any reason
 to buy a LCD flatpanel monitor?  The prices are about the same for a LCD
 monitor vs LCD HDTV.  Thoughts?

 Feel free to msg off-list if this is considered OT.

 JR


 
 mail2web.com - Enhanced email for the mobile individual based on
 Microsoft(r)
 Exchange - http://link.mail2web.com/Personal/EnhancedEmail



  ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~



 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

RE: gpupdate/GPO

2008-12-31 Thread gsweers
On occasion it takes 2 reboot cycles for GPO's to be applied.  You can
help mitigate that by making the computer wait for network on startup
under the computer section, System/Group Policy ADM's.

 

Some computers do not get the NIC started before GP settings would be
applied hence requiring a 2nd reboot to get the gp settings to take
effect.

 

From: Jason Gauthier [mailto:jgauth...@lastar.com] 
Sent: Wednesday, December 31, 2008 3:07 PM
To: NT System Admin Issues
Subject: gpupdate/GPO

 

All,

 

   I have one, or many, GPOs that are not apparently being applied on
workstations.   Through some testing, I have specifically found that IE
settings are not really taking effect.  That is, until, I manually run a
gpupdate /force, and the reboot or logoff.

 

Obviously, this is not really desired.  Does anyone know why this would
be happening, and how I can solve it?

A GPO should be applied appropriately, without me mandating a forced
update and reboot.

 

Thanks,

 

Jason

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

RE: gpupdate/GPO

2008-12-31 Thread Jason Gauthier
Wouldn't that group policy not get applied under that theory though? Or
any new GP at all?

Furthermore, the GPO should be reset every 15 minutes, however some
settings are not actually applied until the force+reboot.

 

 

From: gswe...@actsconsulting.net [mailto:gswe...@actsconsulting.net] 
Sent: Wednesday, December 31, 2008 3:16 PM
To: NT System Admin Issues
Subject: RE: gpupdate/GPO

 

On occasion it takes 2 reboot cycles for GPO's to be applied.  You can
help mitigate that by making the computer wait for network on startup
under the computer section, System/Group Policy ADM's.

 

Some computers do not get the NIC started before GP settings would be
applied hence requiring a 2nd reboot to get the gp settings to take
effect.

 

From: Jason Gauthier [mailto:jgauth...@lastar.com] 
Sent: Wednesday, December 31, 2008 3:07 PM
To: NT System Admin Issues
Subject: gpupdate/GPO

 

All,

 

   I have one, or many, GPOs that are not apparently being applied on
workstations.   Through some testing, I have specifically found that IE
settings are not really taking effect.  That is, until, I manually run a
gpupdate /force, and the reboot or logoff.

 

Obviously, this is not really desired.  Does anyone know why this would
be happening, and how I can solve it?

A GPO should be applied appropriately, without me mandating a forced
update and reboot.

 

Thanks,

 

Jason

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

RE: gpupdate/GPO

2008-12-31 Thread gsweers
Not all GPO's are applied in a background refresh.  Many do require a
reboot to take effect, Offline files being one for example.  

The GPO would not apply in the initial reboot because the computer does
not get the update since the NIC has not come active yet.  Then it pulls
down the update and it requires a 2nd reboot to actually make the
changes happen.

 

We pretty much now only require a reboot to make all our GPO's take
effect when enabling the Wait on Network option. 

 

From: Jason Gauthier [mailto:jgauth...@lastar.com] 
Sent: Wednesday, December 31, 2008 3:19 PM
To: NT System Admin Issues
Subject: RE: gpupdate/GPO

 

Wouldn't that group policy not get applied under that theory though? Or
any new GP at all?

Furthermore, the GPO should be reset every 15 minutes, however some
settings are not actually applied until the force+reboot.

 

 

From: gswe...@actsconsulting.net [mailto:gswe...@actsconsulting.net] 
Sent: Wednesday, December 31, 2008 3:16 PM
To: NT System Admin Issues
Subject: RE: gpupdate/GPO

 

On occasion it takes 2 reboot cycles for GPO's to be applied.  You can
help mitigate that by making the computer wait for network on startup
under the computer section, System/Group Policy ADM's.

 

Some computers do not get the NIC started before GP settings would be
applied hence requiring a 2nd reboot to get the gp settings to take
effect.

 

From: Jason Gauthier [mailto:jgauth...@lastar.com] 
Sent: Wednesday, December 31, 2008 3:07 PM
To: NT System Admin Issues
Subject: gpupdate/GPO

 

All,

 

   I have one, or many, GPOs that are not apparently being applied on
workstations.   Through some testing, I have specifically found that IE
settings are not really taking effect.  That is, until, I manually run a
gpupdate /force, and the reboot or logoff.

 

Obviously, this is not really desired.  Does anyone know why this would
be happening, and how I can solve it?

A GPO should be applied appropriately, without me mandating a forced
update and reboot.

 

Thanks,

 

Jason

 

 

 

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

RE: gpupdate/GPO

2008-12-31 Thread Jason Gauthier
When you say the NIC has not come active are you talking about the
PC/drivers, etc.. or are you talking about the time it might take the
switch to bring the link up?  I know some switches take longer than XP
to boot due to STP.

 

If it's the latter, it can be mitigated with switch config changes.  If
it's the prior, then you're right.   I will need to employ some other
trickiness.. which I should have ready to go anyway.

 

Thanks!

 

From: gswe...@actsconsulting.net [mailto:gswe...@actsconsulting.net] 
Sent: Wednesday, December 31, 2008 3:26 PM
To: NT System Admin Issues
Subject: RE: gpupdate/GPO

 

Not all GPO's are applied in a background refresh.  Many do require a
reboot to take effect, Offline files being one for example.  

The GPO would not apply in the initial reboot because the computer does
not get the update since the NIC has not come active yet.  Then it pulls
down the update and it requires a 2nd reboot to actually make the
changes happen.

 

We pretty much now only require a reboot to make all our GPO's take
effect when enabling the Wait on Network option. 

 

From: Jason Gauthier [mailto:jgauth...@lastar.com] 
Sent: Wednesday, December 31, 2008 3:19 PM
To: NT System Admin Issues
Subject: RE: gpupdate/GPO

 

Wouldn't that group policy not get applied under that theory though? Or
any new GP at all?

Furthermore, the GPO should be reset every 15 minutes, however some
settings are not actually applied until the force+reboot.

 

 

From: gswe...@actsconsulting.net [mailto:gswe...@actsconsulting.net] 
Sent: Wednesday, December 31, 2008 3:16 PM
To: NT System Admin Issues
Subject: RE: gpupdate/GPO

 

On occasion it takes 2 reboot cycles for GPO's to be applied.  You can
help mitigate that by making the computer wait for network on startup
under the computer section, System/Group Policy ADM's.

 

Some computers do not get the NIC started before GP settings would be
applied hence requiring a 2nd reboot to get the gp settings to take
effect.

 

From: Jason Gauthier [mailto:jgauth...@lastar.com] 
Sent: Wednesday, December 31, 2008 3:07 PM
To: NT System Admin Issues
Subject: gpupdate/GPO

 

All,

 

   I have one, or many, GPOs that are not apparently being applied on
workstations.   Through some testing, I have specifically found that IE
settings are not really taking effect.  That is, until, I manually run a
gpupdate /force, and the reboot or logoff.

 

Obviously, this is not really desired.  Does anyone know why this would
be happening, and how I can solve it?

A GPO should be applied appropriately, without me mandating a forced
update and reboot.

 

Thanks,

 

Jason

 

 

 

 

 

 

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

Re: Hackers create rogue CA certificate using MD5 collisions

2008-12-31 Thread Ben Scott
On Wed, Dec 31, 2008 at 11:13 AM, David Lum david@nwea.org wrote:
 Microsoft is not aware of specific attacks against MD5, so previously
 issued certificates that were signed using MD5 are not affected and do not
 need to be revoked. This issue only affects certificates being signed using
 MD5 after the publication of the attack method.

  I thought the idea was that an attacker would forge a certificate,
with info matching an existing certificate, but using a private key of
their own, and then set their fleet of PlayStation 3's to work to come
up with an MD5 collision, so they could use the signature from a real
certificate to sign their forgery.  Or something like that.  So not
only does this affect already-issued certificates, it depends on them.
 Or am I misunderstanding?

 Most public Certificate Authority roots no longer use MD5 to sign
 certificates, but have upgraded to the more secure SHA-1 algorithm.

  But as long as browsers still accept the older certificates, they'd
still be vulnerable, right?

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


RE: gpupdate/GPO

2008-12-31 Thread Sam Cayze
I would think IE settings wouldn't need a reboot...  Many programs can
try to adjust IE settings.  AV programs, Spybot, Desktop Search, etc...
could anything be overwriting the settings you are trying to adjust?

 

From: Jason Gauthier [mailto:jgauth...@lastar.com] 
Sent: Wednesday, December 31, 2008 2:29 PM
To: NT System Admin Issues
Subject: RE: gpupdate/GPO

 

When you say the NIC has not come active are you talking about the
PC/drivers, etc.. or are you talking about the time it might take the
switch to bring the link up?  I know some switches take longer than XP
to boot due to STP.

 

If it's the latter, it can be mitigated with switch config changes.  If
it's the prior, then you're right.   I will need to employ some other
trickiness.. which I should have ready to go anyway.

 

Thanks!

 

From: gswe...@actsconsulting.net [mailto:gswe...@actsconsulting.net] 
Sent: Wednesday, December 31, 2008 3:26 PM
To: NT System Admin Issues
Subject: RE: gpupdate/GPO

 

Not all GPO's are applied in a background refresh.  Many do require a
reboot to take effect, Offline files being one for example.  

The GPO would not apply in the initial reboot because the computer does
not get the update since the NIC has not come active yet.  Then it pulls
down the update and it requires a 2nd reboot to actually make the
changes happen.

 

We pretty much now only require a reboot to make all our GPO's take
effect when enabling the Wait on Network option. 

 

From: Jason Gauthier [mailto:jgauth...@lastar.com] 
Sent: Wednesday, December 31, 2008 3:19 PM
To: NT System Admin Issues
Subject: RE: gpupdate/GPO

 

Wouldn't that group policy not get applied under that theory though? Or
any new GP at all?

Furthermore, the GPO should be reset every 15 minutes, however some
settings are not actually applied until the force+reboot.

 

 

From: gswe...@actsconsulting.net [mailto:gswe...@actsconsulting.net] 
Sent: Wednesday, December 31, 2008 3:16 PM
To: NT System Admin Issues
Subject: RE: gpupdate/GPO

 

On occasion it takes 2 reboot cycles for GPO's to be applied.  You can
help mitigate that by making the computer wait for network on startup
under the computer section, System/Group Policy ADM's.

 

Some computers do not get the NIC started before GP settings would be
applied hence requiring a 2nd reboot to get the gp settings to take
effect.

 

From: Jason Gauthier [mailto:jgauth...@lastar.com] 
Sent: Wednesday, December 31, 2008 3:07 PM
To: NT System Admin Issues
Subject: gpupdate/GPO

 

All,

 

   I have one, or many, GPOs that are not apparently being applied on
workstations.   Through some testing, I have specifically found that IE
settings are not really taking effect.  That is, until, I manually run a
gpupdate /force, and the reboot or logoff.

 

Obviously, this is not really desired.  Does anyone know why this would
be happening, and how I can solve it?

A GPO should be applied appropriately, without me mandating a forced
update and reboot.

 

Thanks,

 

Jason

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

RE: gpupdate/GPO

2008-12-31 Thread Jason Gauthier
I can't say no.. but I don't know what would.

I can open the registry editor, run a gpupdate /force and the changes
are not there.

So, I base it off that fact alone.

 

This is just proxy/autoconfig settings too.. nothing fancy at all.

 

 

From: Sam Cayze [mailto:sam.ca...@rollouts.com] 
Sent: Wednesday, December 31, 2008 4:13 PM
To: NT System Admin Issues
Subject: RE: gpupdate/GPO

 

I would think IE settings wouldn't need a reboot...  Many programs can
try to adjust IE settings.  AV programs, Spybot, Desktop Search, etc...
could anything be overwriting the settings you are trying to adjust?

 

From: Jason Gauthier [mailto:jgauth...@lastar.com] 
Sent: Wednesday, December 31, 2008 2:29 PM
To: NT System Admin Issues
Subject: RE: gpupdate/GPO

 

When you say the NIC has not come active are you talking about the
PC/drivers, etc.. or are you talking about the time it might take the
switch to bring the link up?  I know some switches take longer than XP
to boot due to STP.

 

If it's the latter, it can be mitigated with switch config changes.  If
it's the prior, then you're right.   I will need to employ some other
trickiness.. which I should have ready to go anyway.

 

Thanks!

 

From: gswe...@actsconsulting.net [mailto:gswe...@actsconsulting.net] 
Sent: Wednesday, December 31, 2008 3:26 PM
To: NT System Admin Issues
Subject: RE: gpupdate/GPO

 

Not all GPO's are applied in a background refresh.  Many do require a
reboot to take effect, Offline files being one for example.  

The GPO would not apply in the initial reboot because the computer does
not get the update since the NIC has not come active yet.  Then it pulls
down the update and it requires a 2nd reboot to actually make the
changes happen.

 

We pretty much now only require a reboot to make all our GPO's take
effect when enabling the Wait on Network option. 

 

From: Jason Gauthier [mailto:jgauth...@lastar.com] 
Sent: Wednesday, December 31, 2008 3:19 PM
To: NT System Admin Issues
Subject: RE: gpupdate/GPO

 

Wouldn't that group policy not get applied under that theory though? Or
any new GP at all?

Furthermore, the GPO should be reset every 15 minutes, however some
settings are not actually applied until the force+reboot.

 

 

From: gswe...@actsconsulting.net [mailto:gswe...@actsconsulting.net] 
Sent: Wednesday, December 31, 2008 3:16 PM
To: NT System Admin Issues
Subject: RE: gpupdate/GPO

 

On occasion it takes 2 reboot cycles for GPO's to be applied.  You can
help mitigate that by making the computer wait for network on startup
under the computer section, System/Group Policy ADM's.

 

Some computers do not get the NIC started before GP settings would be
applied hence requiring a 2nd reboot to get the gp settings to take
effect.

 

From: Jason Gauthier [mailto:jgauth...@lastar.com] 
Sent: Wednesday, December 31, 2008 3:07 PM
To: NT System Admin Issues
Subject: gpupdate/GPO

 

All,

 

   I have one, or many, GPOs that are not apparently being applied on
workstations.   Through some testing, I have specifically found that IE
settings are not really taking effect.  That is, until, I manually run a
gpupdate /force, and the reboot or logoff.

 

Obviously, this is not really desired.  Does anyone know why this would
be happening, and how I can solve it?

A GPO should be applied appropriately, without me mandating a forced
update and reboot.

 

Thanks,

 

Jason

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

Re: gpupdate/GPO

2008-12-31 Thread Ben Scott
On Wed, Dec 31, 2008 at 3:07 PM, Jason Gauthier jgauth...@lastar.com wrote:
 I have one, or many, GPOs that are not apparently being applied on
 workstations.   Through some testing, I have specifically found that IE
 settings are not really taking effect.  That is, until, I manually run a
 gpupdate /force, and the reboot or logoff.

  GPO application can be tricky.

  Some[1] computer settings can only get applied during startup
processing.If a GPO update comes in while the computer is running,
it won't take affect until the next boot, when startup processing runs
again.

  If you make a GPO modification, it will get posted to one DC by
{DSA,GPMC,GPEDIT,.MSC}.  You may then have to wait various amounts of
time for that change to get replicated to all your other DCs.  If a
workstation happens to pick one of those other DCs during its boot,
before replication is finished, the startup processing won't even see
the change until the next reboot.

  Normal startup processing frequently needs multiple passes for a GPO
to work, i.e., two (re)boots.  The first time, it sees the update GPO,
and gets the settings, but can't apply them until the next (re)boot
for some reason.  (Microsoft sure does love 'dem reboots.)

  You can help reduce the need for multiple reboots by setting the
various GPO startup options for synchronous and foreground
policy/script processing.  This serializes everything during the boot
process, instead of the fire-and-forget scenario Windows defaults to.
Makes debugging easier, too.  I suggest this as a best practice.

  There is some GPO stuff which only gets processed the first time a
GPO is applied on a computer.  You have to do a GPUPDATE /FORCE for it
to be re-processed.  For example, we get some service control
permissions in one of our GPOs.  If the service in question doesn't
exist when the GPO is first applied, too bad.  If the service later
gets installed, it won't get the custom control permissions until we
GPUPDATE /FORCE it.

== Footnotes ==
[1] Or maybe it's actually all computer settings.  I forget.  I've
been assuming all for years, since all you need is the one you care
about, and the details were not well-documented when AD came out.
Maybe things have become clearer since then.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


Re: LCD monitor vs LCD HDTV?

2008-12-31 Thread Ben Scott
On Wed, Dec 31, 2008 at 2:55 PM, David James bigdadd...@gmail.com wrote:
 I've never quite understood why a 1080p tv won't do 1920 x 1080.

  From what I've read:

  In theory, a TV is just a display monitor with a built-in tuner.
But in practice, there can be hidden differences in what the tuning
and signal processing electronics can handle.

  In ATSC, there's no definition for 1080p (1920x1080 progressive).
1080i (interlaced) is the highest they go.  So a TV claiming 1080p is
claiming something that isn't defined in the TV standards.  In some
cases, apparently this is a pure marketing gimmick: They're referring
to the fact the actual display panel always draws all lines, so it's
progressive, even though the signal input electronics don't have the
capability of processing a 1080p signal.

  I imagine some TVs actually can accept a 1920x1080 progressive
signal from a computer.  The specs should say exactly what modes it
supports.  If they don't, don't count on them.

  There's also all the other specs that might matter, like brightness,
contrast ratio, pixel refresh speed, pixel pitch, and so on.  I know
it used to be that monitors intended for TV were much inferior to
monitors intended for use with a computer in this regard.  So check
those specs carefully.  Caveat emptor.

(ATSC = Advanced Television Standards Committee, which defined most of
the digital TV and high-def TV stuff for the US.)

(Progressive/interlace: Progressive means drawing every pixel line for
every vertical refresh.  Interlaced draws all the even lines in one
refresh, all the odd lines the next.  In the days of the original NTSC
tube TVs, this meant less bandwidth (you only had to send half the
lines per unit of time), and less expensive electronics, since the
beam sweeping the tube didn't have to move as fast.  With digital flat
panels, there's no beam sweep, so it's always doing *something* for
all pixels.  But if the signal feeding it is interlace, there's no
data for half the lines, so it either uses the last field, or fills in
black, or interpolates, or otherwise makes up data.)

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


RE: LCD monitor vs LCD HDTV?

2008-12-31 Thread Sam Cayze
Good info Ben.

OP: You could get the LCD monitor, and add a $30 dollar TV tuner to your
PC, making it into a TV?!!? 

-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com] 
Sent: Wednesday, December 31, 2008 3:37 PM
To: NT System Admin Issues
Subject: Re: LCD monitor vs LCD HDTV?

On Wed, Dec 31, 2008 at 2:55 PM, David James bigdadd...@gmail.com
wrote:
 I've never quite understood why a 1080p tv won't do 1920 x 1080.

  From what I've read:

  In theory, a TV is just a display monitor with a built-in tuner.
But in practice, there can be hidden differences in what the tuning
and signal processing electronics can handle.

  In ATSC, there's no definition for 1080p (1920x1080 progressive).
1080i (interlaced) is the highest they go.  So a TV claiming 1080p is
claiming something that isn't defined in the TV standards.  In some
cases, apparently this is a pure marketing gimmick: They're referring
to the fact the actual display panel always draws all lines, so it's
progressive, even though the signal input electronics don't have the
capability of processing a 1080p signal.

  I imagine some TVs actually can accept a 1920x1080 progressive
signal from a computer.  The specs should say exactly what modes it
supports.  If they don't, don't count on them.

  There's also all the other specs that might matter, like brightness,
contrast ratio, pixel refresh speed, pixel pitch, and so on.  I know
it used to be that monitors intended for TV were much inferior to
monitors intended for use with a computer in this regard.  So check
those specs carefully.  Caveat emptor.

(ATSC = Advanced Television Standards Committee, which defined most of
the digital TV and high-def TV stuff for the US.)

(Progressive/interlace: Progressive means drawing every pixel line for
every vertical refresh.  Interlaced draws all the even lines in one
refresh, all the odd lines the next.  In the days of the original NTSC
tube TVs, this meant less bandwidth (you only had to send half the
lines per unit of time), and less expensive electronics, since the
beam sweeping the tube didn't have to move as fast.  With digital flat
panels, there's no beam sweep, so it's always doing *something* for
all pixels.  But if the signal feeding it is interlace, there's no
data for half the lines, so it either uses the last field, or fills in
black, or interpolates, or otherwise makes up data.)

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


OT: Selling servers

2008-12-31 Thread Travis Robinson
Hello,

We are looking at migrating to an all blade environment and have some 1yr old 
Dell 1950s with Gold support.

Has anyone sold off old servers that are still under warranty? Any 
recommendations on how to do it; eBay or reseller?

Any suggestions are appreciated

Thanks and Happy New Year

Travis

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

RE: Selling servers

2008-12-31 Thread Bob Fronk
I have sold Dell equipment before an eBay.  There is a warranty transfer
site (see link)

 

http://support.dell.com/support/topics/global.aspx/support/change_order/
en/tag_transfer

 

 

 

From: Travis Robinson [mailto:travis.robin...@octanner.com] 
Sent: Wednesday, December 31, 2008 4:59 PM
To: NT System Admin Issues
Subject: OT: Selling servers

 

Hello,

 

We are looking at migrating to an all blade environment and have some
1yr old Dell 1950s with Gold support. 

 

Has anyone sold off old servers that are still under warranty? Any
recommendations on how to do it; eBay or reseller?

 

Any suggestions are appreciated

 

Thanks and Happy New Year

 

Travis

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

RE: Hackers create rogue CA certificate using MD5 collisions

2008-12-31 Thread Troy Meyer
If the PS3 guys can crack an MD5 encrypted root certificate, they can create 
their own CA that looks like a trusted authority and in turn the CA can issue 
certificates that appear to be from that fake trusted authority.  If a public 
CA has a root cert that is encrypted with SHA1 they aren't susceptible (yet) to 
having their certs faked.

Faked certs could be used to make false websites look secure or genuine, could 
be used to deploy software that appears to be from a trusted vendor, or could 
be used to gain access to services/systems authenticated through public certs.

Hopefully this will be a kick in the rear to CAs using MD5.  If you run a site 
or service that uses certs from CAs like Equifax, Thawte, or GTE (all have at 
least one valid CA with a root cert encrypted with MD5), check your cert and 
the encryption of the signature at the top of the certificate path. If your 
root cert was encrypted with MD5, I would get your CA on the phone and have a 
conversation about possible risks.

-troy


-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com] 
Sent: Wednesday, December 31, 2008 1:06 PM
To: NT System Admin Issues
Subject: Re: Hackers create rogue CA certificate using MD5 collisions

On Wed, Dec 31, 2008 at 11:13 AM, David Lum david@nwea.org wrote:
 Microsoft is not aware of specific attacks against MD5, so previously
 issued certificates that were signed using MD5 are not affected and do not
 need to be revoked. This issue only affects certificates being signed using
 MD5 after the publication of the attack method.

  I thought the idea was that an attacker would forge a certificate,
with info matching an existing certificate, but using a private key of
their own, and then set their fleet of PlayStation 3's to work to come
up with an MD5 collision, so they could use the signature from a real
certificate to sign their forgery.  Or something like that.  So not
only does this affect already-issued certificates, it depends on them.
 Or am I misunderstanding?

 Most public Certificate Authority roots no longer use MD5 to sign
 certificates, but have upgraded to the more secure SHA-1 algorithm.

  But as long as browsers still accept the older certificates, they'd
still be vulnerable, right?

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


RE: Selling servers

2008-12-31 Thread Dallas Burnworth
Unless you can transfer the warranty or ownership on the manufacturer's
site like Bob says below, you probably want to get with a reseller that
can handle lifecycle management in order to address the following:

 

1. Indemnification of improper use and disposal of equipment-if you sell
or donate equipment without legal indemnification you can be liable if
those serial numbers show up in a landfill or are used in committing
some kind of crime. (Once it leaves your hands you just never know.)  A
reseller can provide al of the necessary protective services and handle
brokering your usable equipment to someone else, and you get the money
less the fee. It costs you money instead of time, but all the bases are
covered.

 

In California the fine for throwing a PC in the landfill is so high you
won't believe me unless you Google it and look it up, but they are the
highest. Sometimes you can even go to jail depending on what regulations
your industry is required to obey. Other states have big fines too, like
MA, MD, ME, NJ, and WA.

 

2. Not destroying the drives by shredding or degaussing and DOD
overwriting-there are lots of ways even damaged drives can have
information taken from them. Protect yourself at all times and know what
the applicable laws are.

 



From: Bob Fronk [mailto:b...@btrfronk.com] 
Sent: Wednesday, December 31, 2008 2:04 PM
To: NT System Admin Issues
Subject: RE: Selling servers

 

I have sold Dell equipment before an eBay.  There is a warranty transfer
site (see link)

 

http://support.dell.com/support/topics/global.aspx/support/change_order/
en/tag_transfer

 

 

 

From: Travis Robinson [mailto:travis.robin...@octanner.com] 
Sent: Wednesday, December 31, 2008 4:59 PM
To: NT System Admin Issues
Subject: OT: Selling servers

 

Hello,

 

We are looking at migrating to an all blade environment and have some
1yr old Dell 1950s with Gold support. 

 

Has anyone sold off old servers that are still under warranty? Any
recommendations on how to do it; eBay or reseller?

 

Any suggestions are appreciated

 

Thanks and Happy New Year

 

Travis

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

RE: Selling servers

2008-12-31 Thread NTSysAdmin
All  that is required is a signed copy of the bill of sale or an invoice. Just 
like any other piece of merchandise.

S

From: Dallas Burnworth [mailto:dallas.burnwo...@zones.com]
Sent: Wednesday, December 31, 2008 6:33 PM
To: NT System Admin Issues
Subject: RE: Selling servers

Unless you can transfer the warranty or ownership on the manufacturer's site 
like Bob says below, you probably want to get with a reseller that can handle 
lifecycle management in order to address the following:

1. Indemnification of improper use and disposal of equipment-if you sell or 
donate equipment without legal indemnification you can be liable if those 
serial numbers show up in a landfill or are used in committing some kind of 
crime. (Once it leaves your hands you just never know.)  A reseller can provide 
al of the necessary protective services and handle brokering your usable 
equipment to someone else, and you get the money less the fee. It costs you 
money instead of time, but all the bases are covered.

In California the fine for throwing a PC in the landfill is so high you won't 
believe me unless you Google it and look it up, but they are the highest. 
Sometimes you can even go to jail depending on what regulations your industry 
is required to obey. Other states have big fines too, like MA, MD, ME, NJ, and 
WA.

2. Not destroying the drives by shredding or degaussing and DOD 
overwriting-there are lots of ways even damaged drives can have information 
taken from them. Protect yourself at all times and know what the applicable 
laws are.


From: Bob Fronk [mailto:b...@btrfronk.com]
Sent: Wednesday, December 31, 2008 2:04 PM
To: NT System Admin Issues
Subject: RE: Selling servers

I have sold Dell equipment before an eBay.  There is a warranty transfer site 
(see link)

http://support.dell.com/support/topics/global.aspx/support/change_order/en/tag_transfer



From: Travis Robinson [mailto:travis.robin...@octanner.com]
Sent: Wednesday, December 31, 2008 4:59 PM
To: NT System Admin Issues
Subject: OT: Selling servers

Hello,

We are looking at migrating to an all blade environment and have some 1yr old 
Dell 1950s with Gold support.

Has anyone sold off old servers that are still under warranty? Any 
recommendations on how to do it; eBay or reseller?

Any suggestions are appreciated

Thanks and Happy New Year

Travis
















~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

Re: Hackers create rogue CA certificate using MD5 collisions

2008-12-31 Thread Kurt Buff
Add GeoTrust aka Equifax Secure Global eBusiness CA-1

On Wed, Dec 31, 2008 at 2:19 PM, David Lum david@nwea.org wrote:
 The report itself (http://www.win.tue.nl/hashclash/rogue-ca/#sec5) listed
 six CA's that issued MD5 certs in 2008:

 RapidSSL
 C=US, O=Equifax Secure Inc., CN=Equifax Secure Global eBusiness CA-1
 FreeSSL (free trial certificates offered by RapidSSL)
 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network,
 OU=http://www.usertrust.com, CN=UTN-USERFirst-Network Applications
 TC TrustCenter AG
 C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks
 GmbH, OU=TC TrustCenter Class 3 CA/emailaddress=certific...@trustcenter.de
 RSA Data Security
 C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
 Thawte
 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification
 Services Division, CN=Thawte Premium Server
 CA/emailaddress=premium-ser...@thawte.com
 verisign.co.jp
 O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign International
 Server CA - Class 3, OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY
 LTD.(c)97 VeriSign

 David Lum // SYSTEMS ENGINEER
 NORTHWEST EVALUATION ASSOCIATION
 (Desk) 971.222.1025 // (Cell) 503.267.9764
 -Original Message-
 From: Troy Meyer [mailto:troy.me...@monacocoach.com]
 Sent: Wednesday, December 31, 2008 2:09 PM
 To: NT System Admin Issues
 Subject: RE: Hackers create rogue CA certificate using MD5 collisions

 If the PS3 guys can crack an MD5 encrypted root certificate, they can create
 their own CA that looks like a trusted authority and in turn the CA can
 issue certificates that appear to be from that fake trusted authority.  If a
 public CA has a root cert that is encrypted with SHA1 they aren't
 susceptible (yet) to having their certs faked.

 Faked certs could be used to make false websites look secure or genuine,
 could be used to deploy software that appears to be from a trusted vendor,
 or could be used to gain access to services/systems authenticated through
 public certs.

 Hopefully this will be a kick in the rear to CAs using MD5.  If you run a
 site or service that uses certs from CAs like Equifax, Thawte, or GTE (all
 have at least one valid CA with a root cert encrypted with MD5), check your
 cert and the encryption of the signature at the top of the certificate path.
 If your root cert was encrypted with MD5, I would get your CA on the phone
 and have a conversation about possible risks.

 -troy


 -Original Message-
 From: Ben Scott [mailto:mailvor...@gmail.com]
 Sent: Wednesday, December 31, 2008 1:06 PM
 To: NT System Admin Issues
 Subject: Re: Hackers create rogue CA certificate using MD5 collisions

 On Wed, Dec 31, 2008 at 11:13 AM, David Lum david@nwea.org wrote:
 Microsoft is not aware of specific attacks against MD5, so previously
 issued certificates that were signed using MD5 are not affected and do not
 need to be revoked. This issue only affects certificates being signed
 using
 MD5 after the publication of the attack method.

   I thought the idea was that an attacker would forge a certificate,
 with info matching an existing certificate, but using a private key of
 their own, and then set their fleet of PlayStation 3's to work to come
 up with an MD5 collision, so they could use the signature from a real
 certificate to sign their forgery.  Or something like that.  So not
 only does this affect already-issued certificates, it depends on them.
 Or am I misunderstanding?

 Most public Certificate Authority roots no longer use MD5 to sign
 certificates, but have upgraded to the more secure SHA-1 algorithm.

   But as long as browsers still accept the older certificates, they'd
 still be vulnerable, right?

 -- Ben

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~







~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


RE: Selling servers

2008-12-31 Thread Mike French
Would that cover indemnification as well? I never really thought about
this until it came up in this thread... We have a mini storage full of
equipment that we are getting rid of.

 



From: NTSysAdmin [mailto:ntsysad...@optimum.bm] 
Sent: Wednesday, December 31, 2008 4:48 PM
To: NT System Admin Issues
Subject: RE: Selling servers

 

All  that is required is a signed copy of the bill of sale or an
invoice. Just like any other piece of merchandise.

 

S

 

From: Dallas Burnworth [mailto:dallas.burnwo...@zones.com] 
Sent: Wednesday, December 31, 2008 6:33 PM
To: NT System Admin Issues
Subject: RE: Selling servers

 

Unless you can transfer the warranty or ownership on the manufacturer's
site like Bob says below, you probably want to get with a reseller that
can handle lifecycle management in order to address the following:

 

1. Indemnification of improper use and disposal of equipment-if you sell
or donate equipment without legal indemnification you can be liable if
those serial numbers show up in a landfill or are used in committing
some kind of crime. (Once it leaves your hands you just never know.)  A
reseller can provide al of the necessary protective services and handle
brokering your usable equipment to someone else, and you get the money
less the fee. It costs you money instead of time, but all the bases are
covered.

 

In California the fine for throwing a PC in the landfill is so high you
won't believe me unless you Google it and look it up, but they are the
highest. Sometimes you can even go to jail depending on what regulations
your industry is required to obey. Other states have big fines too, like
MA, MD, ME, NJ, and WA.

 

2. Not destroying the drives by shredding or degaussing and DOD
overwriting-there are lots of ways even damaged drives can have
information taken from them. Protect yourself at all times and know what
the applicable laws are.

 



From: Bob Fronk [mailto:b...@btrfronk.com] 
Sent: Wednesday, December 31, 2008 2:04 PM
To: NT System Admin Issues
Subject: RE: Selling servers

 

I have sold Dell equipment before an eBay.  There is a warranty transfer
site (see link)

 

http://support.dell.com/support/topics/global.aspx/support/change_order/
en/tag_transfer

 

 

 

From: Travis Robinson [mailto:travis.robin...@octanner.com] 
Sent: Wednesday, December 31, 2008 4:59 PM
To: NT System Admin Issues
Subject: OT: Selling servers

 

Hello,

 

We are looking at migrating to an all blade environment and have some
1yr old Dell 1950s with Gold support. 

 

Has anyone sold off old servers that are still under warranty? Any
recommendations on how to do it; eBay or reseller?

 

Any suggestions are appreciated

 

Thanks and Happy New Year

 

Travis

 

 

 

 

 

 

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

Re: Hackers create rogue CA certificate using MD5 collisions

2008-12-31 Thread Phil Brutsche
Not all GeoTrust certificates are MD5 signed, only those signed using
the below mentioned root CA. The only GeoTrust product using that CA is
the QuickSSL cert.

For the higher-end certificate offerings GeoTrust uses root CAs called
Equifax Security CA and GeoTrust Primary Certificate Authority, both
of use SHA-1 hashes.

Kurt Buff wrote:
 Add GeoTrust aka Equifax Secure Global eBusiness CA-1

-- 

Phil Brutsche
p...@optimumdata.com

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


Re: Selling servers

2008-12-31 Thread Ben Scott
On Wed, Dec 31, 2008 at 7:38 PM, Mike French
mike.fre...@theequitybank.com wrote:
 Would that cover indemnification as well?

  This reminds of Bender on Futurama, when asked for a guarantee that
his merchandise was genuine: I can guarantee you anything you want!

  I'm sure there are companies which will be happy to broker this
stuff for a fee.  But why do you trust them when you don't trust the
scrap dealer?  Either one might do something that gets you in trouble.

  If you're worried, check with your company counsel.  Some
jurisdictions may have laws that say the original purchaser is liable
even if they've sold it, regardless of who you deal with.  Some
jurisdictions may just require a paper trail.  Check with a lawyer who
is working for *you*.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


Re: LCD monitor vs LCD HDTV?

2008-12-31 Thread RM
There are a couple of web pages out there that attempt to
document which units can do the full 1920x1080 over the VGA
port.  Some can and some cannot.


Interestingly, my Vizio claims that if you want full 1080 over
the HDMI port with a PC source, you must have a native HDMI
output on your PC; A DVI-to-HDMI convertor won't work.  As for
the VGA port, 1080 looks awful (it's interlaced and
overscanned).  1366x768 is the top clean resolution.  Be sure to
do your homework.  I wish I had.


RM




On Wed, 31 Dec 2008 15:09:42 -0500, Bryan Garmon bryan.gar...@gmail.co
m said:

My Samsung 46 LCD does 1920X1080P just fine with my laptop
hooked up to the back of it using a DVI connection. Perhaps your
tv isn't what the marketing genius' now call True HD. True HD
televisions support 1920X1080P resolution over either DVI or
HDMI. If you're using a VGA cable good luck - I've had nothing
but bad experiencing trying to go above 1024X768 using a VGA
connection.



For a living room, 1920X1080P works great for a PC screen
resolution - but if you're talking about putting it on your
desk, I agree that one is better off with a LCD monitor.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

USB backup drive for Server 2003?

2008-12-31 Thread RM
I'm supporting a small business that wants to use an external USB
drive for backup (and upgrade to something else later).  All the
regular external drives from WD, Seagate, etc have a backup
package that does not support server OS's.

I know that I can use the built-in Windows backup but it'd be
nice to have something a little more flexible.  It appears that
the Maxtor Small Business Edition did support Server 2003 but
that product is out of production.

Any ideas?  The basic server version of Retrospect is too
expensive for them.

RM

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

Re: Hackers create rogue CA certificate using MD5 collisions

2008-12-31 Thread Kurt Buff
That's interesting, because I ordered direct from GeoTrust.

It seems the relationships between CAs is quite complex.

On Wed, Dec 31, 2008 at 4:48 PM, Phil Brutsche p...@optimumdata.com wrote:
 Not all GeoTrust certificates are MD5 signed, only those signed using
 the below mentioned root CA. The only GeoTrust product using that CA is
 the QuickSSL cert.

 For the higher-end certificate offerings GeoTrust uses root CAs called
 Equifax Security CA and GeoTrust Primary Certificate Authority, both
 of use SHA-1 hashes.

 Kurt Buff wrote:
 Add GeoTrust aka Equifax Secure Global eBusiness CA-1

 --

 Phil Brutsche
 p...@optimumdata.com

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


RE: Hackers create rogue CA certificate using MD5 collisions

2008-12-31 Thread Ken Schaefer
The attack relies on creating two cert requests - one for a legitimate server 
authN cert, and one for an intermediate CA. You get the CA to sign the AuthN 
cert (e.g. for a website), but since the two cert requests that we have 
specially crafted end up with the same MD5 verification hash, we can then use 
the intermediate CA cert to start signing our own, illegitimate, certs.

Finding MD5 collisions for existing certs would probably not be feasible yet. 
This attack relies, at the moment (from my understanding) on generating the two 
cert requests concurrently - the second one (for the CA) using padding data to 
generate the collision. It's easier (apparently) to generate the collision if 
you are creating both at the same time.

 But as long as browsers still accept the older certificates, they'd
 still be vulnerable, right?

It doesn't matter what the rogue cert is signed with (could be SHA1). The issue 
is CAs using MD5 to sign certificates (thus allowing an attacker to come up 
with their own intermediate CA). The rogue intermediate CA could sign certs 
using SHA1.

But yes - if all root CAs that were trusted were using SHA1 only and/or 
refusing to sign intermediate CAs with the same key that they use for end point 
verification, we wouldn't have this current problem.

Cheers
Ken

-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com] 
Sent: Thursday, 1 January 2009 8:06 AM
To: NT System Admin Issues
Subject: Re: Hackers create rogue CA certificate using MD5 collisions

On Wed, Dec 31, 2008 at 11:13 AM, David Lum david@nwea.org wrote:
 Microsoft is not aware of specific attacks against MD5, so previously
 issued certificates that were signed using MD5 are not affected and do not
 need to be revoked. This issue only affects certificates being signed using
 MD5 after the publication of the attack method.

  I thought the idea was that an attacker would forge a certificate,
with info matching an existing certificate, but using a private key of
their own, and then set their fleet of PlayStation 3's to work to come
up with an MD5 collision, so they could use the signature from a real
certificate to sign their forgery.  Or something like that.  So not
only does this affect already-issued certificates, it depends on them.
 Or am I misunderstanding?

 Most public Certificate Authority roots no longer use MD5 to sign
 certificates, but have upgraded to the more secure SHA-1 algorithm.

  But as long as browsers still accept the older certificates, they'd
still be vulnerable, right?

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


RE: Hackers create rogue CA certificate using MD5 collisions

2008-12-31 Thread Ken Schaefer
This isn't the issue at all at the moment.

Root CA certs can be signed in crayon, as long as you trust the integrity of 
the cert, you are OK.

No one is cracking root CA certs. They are generating certificate requests (two 
of them - one for an end point purpose e.g. web server authentication, and one 
for an intermediate CA) that will result in the same signing hash from the CA 
if the CA is using MD5

Cheers
Ken

-Original Message-
From: Troy Meyer [mailto:troy.me...@monacocoach.com] 
Sent: Thursday, 1 January 2009 9:09 AM
To: NT System Admin Issues
Subject: RE: Hackers create rogue CA certificate using MD5 collisions

If the PS3 guys can crack an MD5 encrypted root certificate, they can create 
their own CA that looks like a trusted authority and in turn the CA can issue 
certificates that appear to be from that fake trusted authority.  If a public 
CA has a root cert that is encrypted with SHA1 they aren't susceptible (yet) to 
having their certs faked.

Faked certs could be used to make false websites look secure or genuine, could 
be used to deploy software that appears to be from a trusted vendor, or could 
be used to gain access to services/systems authenticated through public certs.

Hopefully this will be a kick in the rear to CAs using MD5.  If you run a site 
or service that uses certs from CAs like Equifax, Thawte, or GTE (all have at 
least one valid CA with a root cert encrypted with MD5), check your cert and 
the encryption of the signature at the top of the certificate path. If your 
root cert was encrypted with MD5, I would get your CA on the phone and have a 
conversation about possible risks.

-troy


-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com] 
Sent: Wednesday, December 31, 2008 1:06 PM
To: NT System Admin Issues
Subject: Re: Hackers create rogue CA certificate using MD5 collisions

On Wed, Dec 31, 2008 at 11:13 AM, David Lum david@nwea.org wrote:
 Microsoft is not aware of specific attacks against MD5, so previously
 issued certificates that were signed using MD5 are not affected and do not
 need to be revoked. This issue only affects certificates being signed using
 MD5 after the publication of the attack method.

  I thought the idea was that an attacker would forge a certificate,
with info matching an existing certificate, but using a private key of
their own, and then set their fleet of PlayStation 3's to work to come
up with an MD5 collision, so they could use the signature from a real
certificate to sign their forgery.  Or something like that.  So not
only does this affect already-issued certificates, it depends on them.
 Or am I misunderstanding?

 Most public Certificate Authority roots no longer use MD5 to sign
 certificates, but have upgraded to the more secure SHA-1 algorithm.

  But as long as browsers still accept the older certificates, they'd
still be vulnerable, right?


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


Invitation to connect on LinkedIn

2008-12-31 Thread Kamlesh Parmar
LinkedIn




   
NT,

I'd like to add you to my professional network on LinkedIn.

- Kamlesh

Learn more:
https://www.linkedin.com/e/isd/441515905/_vdeiJjK/

--

What is LinkedIn and why should you join?
http://learn.linkedin.com/what-is-linkedin/


 
--
(c) 2008, LinkedIn Corporation


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

RE: USB backup drive for Server 2003?

2008-12-31 Thread John Cook
Honestly, I use NT Backup with external Maxtor USB drives, I've done several 
recoveries from the backups with no issue and the overall cost - (we're a 
non-profit so believe me this is the cheapest way) it just can't be beat. 
Newegg has great prices on NAS devices (Buffalo terrastation for example) that 
can be networked for a little more flexability if you're talking more than one 
server. HTH  Happy New year all!

John W. Cook
Systems Administrator
Partnership For Strong Families
315 SE 2nd Ave
Gainesville, Fl 32601
Office (352) 393-2741 x320
Cell (352) 215-6944
Fax (352) 393-2746
MCSE, MCTS, MCP+I,CompTIA A+, N+

From: RM [mailto:r...@richardmay.net]
Sent: Wednesday, December 31, 2008 9:17 PM
To: NT System Admin Issues
Subject: USB backup drive for Server 2003?


I'm supporting a small business that wants to use an external USB drive for 
backup (and upgrade to something else later).  All the regular external drives 
from WD, Seagate, etc have a backup package that does not support server OS's.

I know that I can use the built-in Windows backup but it'd be nice to have 
something a little more flexible.  It appears that the Maxtor Small Business 
Edition did support Server 2003 but that product is out of production.

Any ideas?  The basic server version of Retrospect is too expensive for them.

RM







CONFIDENTIALITY STATEMENT: The information transmitted, or contained or 
attached to or with this Notice is intended only for the person or entity to 
which it is addressed and may contain Protected Health Information (PHI), 
confidential and/or privileged material. Any review, transmission, 
dissemination, or other use of, and taking any action in reliance upon this 
information by persons or entities other than the intended recipient without 
the express written consent of the sender are prohibited. This information may 
be protected by the Health Insurance Portability and Accountability Act of 1996 
(HIPAA), and other Federal and Florida laws. Improper or unauthorized use or 
disclosure of this information could result in civil and/or criminal penalties.
Consider the environment. Please don't print this e-mail unless you really need 
to.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

RE: Virtualization Questions - More Q's

2008-12-31 Thread Ken Schaefer
Seth,

I think we are in violent agreement here. I'm just saying that virtualising 
your infrastructure means that there is one more team of people who have 
privileged access to your infrastructure, and they need to be built into the 
whole change control/management process.

For a physical DC, you need to worry about your AD team, and whoever your 
hardware team is (i.e. the people who have physical access to the racks that 
your DCs are in, and who probably also have access via DRAC/ILO/etc). If you 
virtualise your DC, you need to worry about the virtualisation team as well, as 
they, like the people who have physical access, now have privileged access to 
the infrastructure that hosts the DC and if the integrity of everything 
underneath the OS can't be guaranteed (physical environment, virtualisation 
software), then neither can the OS.

Cheers
Ken

-Original Message-
From: S Conn. [mailto:sysadminli...@gmail.com] 
Sent: Wednesday, 31 December 2008 7:28 AM
To: NT System Admin Issues
Subject: Re: Virtualization Questions - More Q's

On Tue, Dec 30, 2008 at 10:55 AM, Ken Schaefer k...@adopenstatic.com wrote:
 -Original Message-
 From: S Conn. [mailto:sysadminli...@gmail.com]
 Subject: Re: Virtualization Questions - More Q's

 I don't see a lot of difference here between virtual environment vs physical.

 Physical access can mean control - but you can control physical access. Not 
 to mention detecting network changes and preventing/detecting BIOS changes 
 (via passwords and ILO/DRAC etc)

 In a virtual environment, your virtualisation people control the BIOS, the 
 boot sequence, the virtual networks that are exposed, and even the hard disks 
 of the VMs themselves. And they can do that remotely. In a physical world, 
 your virtualisation people wouldn't have access to the cabinets that store 
 your physical domain controllers or other physical servers. Just the servers 
 that host the VM hosts.

 Additionally, there are occasionally vulnerabilities in virtualisation 
 software (a couple for VMWare and a more for other products). These can be 
 used to gain access to VMs by holding privileges on the host.

 Cheers
 Ken


VMware allows you to password protect the BIOS, just like a physical
machine.  As for network changes, a VMWare administrator can change
only the virtual switches and virtual NICs, they can't affect the
physical switches connecting the rest of the network.

Basically you have to treat the virtual environment the same as a
physical environment and treat the access program (such as
VirtualCenter) just like physical access.  Yes you can access it
remotely, but IP KVMs, Remote PDUs, DRAC/ILO cards, etc provide the
same remote access for physical servers.  Except, with virtual, you
can delegate certain tasks a lot better than just giving a bunch of
folks the key to the door of your server room or maintaining a ton of
remote access products.

You do have a good point with the software vulnerabilities.  However,
I'd have to argue that you have those with just about any other
solution.  I'm sure a clever hacker can figure out a remote PDU or
DRAC card.  Following best practices, such as putting your service
consoles on non-production management networks, setting up isolation,
patching, etc can help with these problems.

Seth

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


RE: Hackers create rogue CA certificate using MD5 collisions

2008-12-31 Thread Tim Evans
So, if I understand things correctly, the way to definitive way to protect 
against this potential attack would be to remove all root certs that use the 
Md5RSA signature algorithm? What are the downsides?

...Tim


 -Original Message-
 From: Ken Schaefer [mailto:k...@adopenstatic.com]
 Sent: Wednesday, December 31, 2008 7:28 PM
 To: NT System Admin Issues
 Subject: RE: Hackers create rogue CA certificate using MD5 collisions
 
 The attack relies on creating two cert requests - one for a legitimate
 server authN cert, and one for an intermediate CA. You get the CA to
 sign the AuthN cert (e.g. for a website), but since the two cert
 requests that we have specially crafted end up with the same MD5
 verification hash, we can then use the intermediate CA cert to start
 signing our own, illegitimate, certs.
 
 Finding MD5 collisions for existing certs would probably not be
 feasible yet. This attack relies, at the moment (from my understanding)
 on generating the two cert requests concurrently - the second one (for
 the CA) using padding data to generate the collision. It's easier
 (apparently) to generate the collision if you are creating both at the
 same time.
 
  But as long as browsers still accept the older certificates, they'd
  still be vulnerable, right?
 
 It doesn't matter what the rogue cert is signed with (could be SHA1).
 The issue is CAs using MD5 to sign certificates (thus allowing an
 attacker to come up with their own intermediate CA). The rogue
 intermediate CA could sign certs using SHA1.
 
 But yes - if all root CAs that were trusted were using SHA1 only
 and/or refusing to sign intermediate CAs with the same key that they
 use for end point verification, we wouldn't have this current problem.
 
 Cheers
 Ken
 
 -Original Message-
 From: Ben Scott [mailto:mailvor...@gmail.com]
 Sent: Thursday, 1 January 2009 8:06 AM
 To: NT System Admin Issues
 Subject: Re: Hackers create rogue CA certificate using MD5 collisions
 
 On Wed, Dec 31, 2008 at 11:13 AM, David Lum david@nwea.org wrote:
  Microsoft is not aware of specific attacks against MD5, so previously
  issued certificates that were signed using MD5 are not affected and
 do not
  need to be revoked. This issue only affects certificates being signed
 using
  MD5 after the publication of the attack method.
 
   I thought the idea was that an attacker would forge a certificate,
 with info matching an existing certificate, but using a private key of
 their own, and then set their fleet of PlayStation 3's to work to come
 up with an MD5 collision, so they could use the signature from a real
 certificate to sign their forgery.  Or something like that.  So not
 only does this affect already-issued certificates, it depends on them.
  Or am I misunderstanding?
 
  Most public Certificate Authority roots no longer use MD5 to sign
  certificates, but have upgraded to the more secure SHA-1 algorithm.
 
   But as long as browsers still accept the older certificates, they'd
 still be vulnerable, right?
 
 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~