Windows Audit logging and reporting

2009-01-07 Thread Oliver Marshall
Hi chaps,

I have a client that's dealing with an increasing number of blue chip firms and 
they are being asked, almost daily, to complete IT surveys about how they 
handle and do certain things internally. The main thing that has come up from 
this is that they really need to be able to show that they are able to log, and 
report on, various 'things';  mainly windows security audit logs, file access, 
permission changes, this kind of thing.

Can anyone recommend an SME friendly package that will both allow them to store 
the mass of logs that will inevitably be created when they turn on full 
security auditing, as well as report on this data. I guess something that has 
an easy to use reporting/graphing tool inbuilt which can query it's own mass of 
data. The ability to also store/report on other kinds of log data may also be 
good.

That will give something for my client to actually put in to the audit 
reporting section of these reports rather than just e :)

Thanks

Olly

--
G2 Support
Online Backups

Email:  oliver.marsh...@g2support.commailto:oliver.marsh...@g2support.com
Web:http://www.g2support.com




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

RE: P2V SBS aka two DC's

2009-01-07 Thread David Lum
Thanks guys. A brainstorm I had tonight was to demote the non SBS DC so I am 
effectively P2V-ing a one DC environment, and if all looks good then re-DCPROMO 
the former DC back to it's former glory. if P2V blows up I have the physical 
SBS machine still.

I hate not having a solid back-out plan. Option C would be to power off the non 
SBS DC during the *entire* event, that way I maintain a DC if the P2V goes 
amazingly hayware and both new and old SBS burst into flames.

I view backups as a latch ditch plan Z, I like to have a non-backup/restore 
as plan B. I do realize I might be over cautious here since - as stated - my 
P2V test with the target new server  OS went fine, the only thing different 
for production is the box getting converted is different hardware than my test, 
which should hardly matter. The test environment P2V'd a white box ASUS 
system, the real system is a Dell PowerEdge so I think it should actually be 
more compatible.

My VM setup is Server 2008 w/ Hyper-V and using System Center Virtual Machine 
Manager handling the P2V itself. Like VMWare, P2V-ing is crazy-easy, but I'd 
like to keep ol' Murphy at bay regardless

Dave


From: Benjamin Zachary - Lists [li...@levelfive.us]
Sent: Tuesday, January 06, 2009 6:22 PM
To: NT System Admin Issues
Subject: RE: P2V SBS aka two DC's

I have had such good success with vmware convertor 3 (not 4 beta) I just get a 
good backup, convert it and run it. In all of the multiDC environments I have 
done this the only problem I ever run into is the time being off by too much.


From: David Lum [mailto:david@nwea.org]
Sent: Tuesday, January 06, 2009 17:25
To: NT System Admin Issues
Subject: P2V SBS aka two DC's

Has anyone here P2V’d a couple of DC’s? I P2V’d an SBS server in test and it 
went fine – my concern is how to handle it in production when there’s a SBS 
server AND a 2nd DC involved. At some point I need to make the 2nd DC think 
that the first DC was just powered off for a bit. Would it work if I:


1)  Do an offline P2V (read: the system (ServerA) P2V does a PXE boot into 
the host Hyper-V machine to get VM’d),

2)  Leave physical ServerA off once it’s P2V’d

3)  Bring up the VM of ServerA?

My thinking here is each DC would just think ServerA was powered off for a few 
hours, does this sound correct?

Question 2: If I need to roll back to physical ServerA….ServerB (the 2nd DC) 
will now have thought it’s talked to ServerA since the P2V outage, but 
effectively ServerA will have suffered a time warp by several hours, right?
David Lum // SYSTEMS ENGINEER
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764












~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

RE: P2V SBS aka two DC's

2009-01-07 Thread Oliver Marshall
We did that here with our SBS 2003 setup and a few old boxes that were actually 
as GC's etc. The SBS box was creaking along and blue screening so we P2V'd that 
and then went nuts and did the other old boxes.

We just P2V'd it in the same way you described, leaving the SBS physical box 
off after the p2v process. The only difference was that we did it via a 3rd 
party tool (shadowprotect) in to a blank VM as we were worried the sheer age of 
the SBS hardware would cause issues when we fired up the VM.

Olly


--
G2 Support
Online Backups

Email:  oliver.marsh...@g2support.commailto:oliver.marsh...@g2support.com
Web:http://www.g2support.com




From: David Lum [mailto:david@nwea.org]
Sent: 07 January 2009 08:47
To: NT System Admin Issues
Subject: RE: P2V SBS aka two DC's

Thanks guys. A brainstorm I had tonight was to demote the non SBS DC so I am 
effectively P2V-ing a one DC environment, and if all looks good then re-DCPROMO 
the former DC back to it's former glory. if P2V blows up I have the physical 
SBS machine still.

I hate not having a solid back-out plan. Option C would be to power off the non 
SBS DC during the *entire* event, that way I maintain a DC if the P2V goes 
amazingly hayware and both new and old SBS burst into flames.

I view backups as a latch ditch plan Z, I like to have a non-backup/restore 
as plan B. I do realize I might be over cautious here since - as stated - my 
P2V test with the target new server  OS went fine, the only thing different 
for production is the box getting converted is different hardware than my test, 
which should hardly matter. The test environment P2V'd a white box ASUS 
system, the real system is a Dell PowerEdge so I think it should actually be 
more compatible.

My VM setup is Server 2008 w/ Hyper-V and using System Center Virtual Machine 
Manager handling the P2V itself. Like VMWare, P2V-ing is crazy-easy, but I'd 
like to keep ol' Murphy at bay regardless

Dave


From: Benjamin Zachary - Lists [li...@levelfive.us]
Sent: Tuesday, January 06, 2009 6:22 PM
To: NT System Admin Issues
Subject: RE: P2V SBS aka two DC's
I have had such good success with vmware convertor 3 (not 4 beta) I just get a 
good backup, convert it and run it. In all of the multiDC environments I have 
done this the only problem I ever run into is the time being off by too much.


From: David Lum [mailto:david@nwea.org]
Sent: Tuesday, January 06, 2009 17:25
To: NT System Admin Issues
Subject: P2V SBS aka two DC's

Has anyone here P2V'd a couple of DC's? I P2V'd an SBS server in test and it 
went fine - my concern is how to handle it in production when there's a SBS 
server AND a 2nd DC involved. At some point I need to make the 2nd DC think 
that the first DC was just powered off for a bit. Would it work if I:


1)  Do an offline P2V (read: the system (ServerA) P2V does a PXE boot into 
the host Hyper-V machine to get VM'd),

2)  Leave physical ServerA off once it's P2V'd

3)  Bring up the VM of ServerA?

My thinking here is each DC would just think ServerA was powered off for a few 
hours, does this sound correct?

Question 2: If I need to roll back to physical ServerAServerB (the 2nd DC) 
will now have thought it's talked to ServerA since the P2V outage, but 
effectively ServerA will have suffered a time warp by several hours, right?
David Lum // SYSTEMS ENGINEER
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764

















~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

RE: Windows Audit logging and reporting

2009-01-07 Thread Eldridge, Dave
Have you checked the kiwi site. Although I got an email yesterday from
SolarWinds that they have bought Kiwi and all of their products.

dave

 

From: Oliver Marshall [mailto:oliver.marsh...@g2support.com] 
Sent: Wednesday, January 07, 2009 1:30 AM
To: NT System Admin Issues
Subject: Windows Audit logging and reporting

 

Hi chaps,

 

I have a client that's dealing with an increasing number of blue chip
firms and they are being asked, almost daily, to complete IT surveys
about how they handle and do certain things internally. The main thing
that has come up from this is that they really need to be able to show
that they are able to log, and report on, various 'things';  mainly
windows security audit logs, file access, permission changes, this kind
of thing. 

 

Can anyone recommend an SME friendly package that will both allow them
to store the mass of logs that will inevitably be created when they turn
on full security auditing, as well as report on this data. I guess
something that has an easy to use reporting/graphing tool inbuilt which
can query it's own mass of data. The ability to also store/report on
other kinds of log data may also be good. 

 

That will give something for my client to actually put in to the audit
reporting section of these reports rather than just e J

 

Thanks

 

Olly

 

--

G2 Support

Online Backups 

 

Email:  oliver.marsh...@g2support.com

Web:http://www.g2support.com

 

 

 

 

 

 



This message contains confidential information and is intended only for the 
intended recipient(s). If you are not the named recipient you should not read, 
distribute or copy this e-mail. Please notify the sender immediately via e-mail 
if you have received this e-mail by mistake; then, delete this e-mail from your 
system.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

Active Directory attribute query

2009-01-07 Thread James Rankin
Hi all, Happy New Year, etc.

For some reason the default printer for our users is set via an Active
Directory attribute (don't ask why, before my time). I was wondering if
there is any easy way to be able to change this, preferably through ADUC? At
the minute I can only do it via Adsiedit.msc, which is not really what I
want to be teaching my two newly-supplied first-line minions to utilise, as
I can envisage one of them changing the wrong attribute and making an arse
out of it.

All suggestions welcome, Windows 2003 native AD.

TIA,




JRR

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

RE: Active Directory attribute query

2009-01-07 Thread Michael B. Smith
Dsquery/dsmod; perhaps in an HTA wrapper - or a CMD/BAT wrapper would be
easier.

 

Similar idea for adfind/admod.

 

Regards,

 

Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP

My blog: http://TheEssentialExchange.com/blogs/michael

I'll be at TEC'2009! http://www.tec2009.com/vegas/index.php

 

From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: Wednesday, January 07, 2009 6:42 AM
To: NT System Admin Issues
Subject: Active Directory attribute query

 

Hi all, Happy New Year, etc.

For some reason the default printer for our users is set via an Active
Directory attribute (don't ask why, before my time). I was wondering if
there is any easy way to be able to change this, preferably through ADUC? At
the minute I can only do it via Adsiedit.msc, which is not really what I
want to be teaching my two newly-supplied first-line minions to utilise, as
I can envisage one of them changing the wrong attribute and making an arse
out of it.

All suggestions welcome, Windows 2003 native AD.

TIA,




JRR

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

Re: Active Directory attribute query

2009-01-07 Thread James Rankin
Hmmm, yeah, I could probably dust off my old batch skills and come up with
something along those lines.

I will have a look-see

Cheers,

2009/1/7 Michael B. Smith mich...@theessentialexchange.com

  Dsquery/dsmod; perhaps in an HTA wrapper – or a CMD/BAT wrapper would be
 easier.



 Similar idea for adfind/admod.



 Regards,



 Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP

 My blog: http://TheEssentialExchange.com/blogs/michael

 I'll be at TEC'2009! http://www.tec2009.com/vegas/index.php



 *From:* James Rankin [mailto:kz2...@googlemail.com]
 *Sent:* Wednesday, January 07, 2009 6:42 AM
 *To:* NT System Admin Issues
 *Subject:* Active Directory attribute query



 Hi all, Happy New Year, etc.

 For some reason the default printer for our users is set via an Active
 Directory attribute (don't ask why, before my time). I was wondering if
 there is any easy way to be able to change this, preferably through ADUC? At
 the minute I can only do it via Adsiedit.msc, which is not really what I
 want to be teaching my two newly-supplied first-line minions to utilise, as
 I can envisage one of them changing the wrong attribute and making an arse
 out of it.

 All suggestions welcome, Windows 2003 native AD.

 TIA,




 JRR












~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

Re: OT : Anti-Phishing training game

2009-01-07 Thread vbs
I tried this link and can't seem to get to any sites at cups.cs.cmu.edu.  Is
this site no longer functional.

I even googled for it and the links show up but still I only get page not
found.

On Tue, Jan 6, 2009 at 4:09 PM, Erik Goldoff egold...@gmail.com wrote:

  Cute, if slow, game for teaching regular folks how to spot Phishing scams
 in browser URLs ...

 http://cups.cs.cmu.edu/antiphishing_phil/new/index.html

  Erik Goldoff

 *IT  Consultant*

 *Systems, Networks,  Security *









-- 
Thanks
Dave Vantine

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

Re: A little OT: Cisco VPN Concentrator

2009-01-07 Thread Jon Harris
I am doing one now (during my free time).  Pretty painless but I did notice
changes to the the VPN setup when I enabled our new security license
extending out VPN options to allow for clientless and more clients to
connect.  I am stuck at the moment trying to make sure the settings I need
are correct with the license changes in place.  You may want to get the
Smartnet contract as well as the last Java update is suppose to kill the GUI
interface that shipped with my ASA.

Jon

On Tue, Jan 6, 2009 at 3:38 PM, Bob Fronk b...@btrfronk.com wrote:

 Anyone with PIX to ASA conversion experience care to weigh in?  Sticking
 with Cisco due to current Cisco VOIP project and remote sites.

 -Original Message-
 From: Bob Fronk [mailto:b...@btrfronk.com]
 Sent: Tuesday, January 06, 2009 3:12 PM
 To: NT System Admin Issues
  Subject: RE: A little OT: Cisco VPN Concentrator

 Ok... time to shop for an ASA.



 -Original Message-
 From: Micheal Espinola Jr [mailto:michealespin...@gmail.com]
 Sent: Tuesday, January 06, 2009 3:06 PM
 To: NT System Admin Issues
 Subject: Re: A little OT: Cisco VPN Concentrator

 I skimmed the tech docs, faqs, and vvarious other sheets too.  4mbps
 max throughput is the number I saw.  I read about limiting issues when
 using compression, and another vague reference to the amount of
 simultaneous connections.  All vague, with no substance.

 --
 ME2



 On Tue, Jan 6, 2009 at 2:59 PM, Brian Prentiss bprent...@gmail.com
 wrote:
  Data Sheet
 
 http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5743/ps5749/ps2284/
 product_data_sheet09186a00801d3b56.html
 
  On Tue, Jan 6, 2009 at 12:58 PM, Brian Prentiss bprent...@gmail.com
 wrote:
 
 
 
 http://supportwiki.cisco.com/ViewWiki/index.php/Cisco_VPN_3005_Concentra
 tor
 
 
 
  This doc states max as 4Mbps.  Apparently it is software only, and is
  discontinued at this point.   I think the suggested replacement is an
 ASA
  (sized depending on what kind of throughput the requirements are).
 
  I couldn't find a data sheet.
 
  I hope that helps,
  Brian
 
  On Tue, Jan 6, 2009 at 12:22 PM, Bob Fronk b...@btrfronk.com wrote:
 
  I am using a Cisco VPN Concentrator 3005 as an endpoint for mobile
 users
  and small remote sites.  Lately I have found that remote sites can
 only pull
  down 2.8mpbs over the VPN.  We have a DS3, so I would expect the
 remote
  clients to be able to pull down their full bandwidth, depending on
  connection (DSL / Cable).
 
 
 
  I have tested this at two sites, each with over 10mbs available to
 them
  for download.  When off VPN, they get the full 10mbps, when VPN is
 connected
  (which forces all traffic across the VPN) the download speed drops
 back to
  2.8mbps.
 
 
 
  I can't seem to locate the bottle neck producing setting inside the
 VPN
  concentrator.
 
 
 
  Appreciate any suggestions.
 
 
 
  Thanks.
 
 
 
 
 
  Bob
 
 
 
 
 
 
 
 
 
 
 
 

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

Server OS Reinstall

2009-01-07 Thread John Hornbuckle
I've got a server (Server 2003 R2) that conked out on me over the Christmas 
holidays. I'm not quite sure what went wrong--the hardware seems to be okay. 
But there was some sort of corruption in the RAID array and the OS gives a stop 
0x0024 every time it goes to boot.

A fresh OS install won't be too painful, because this server was only a 
DC/DHCP/DNS server.

But my question is this... When I reinstall, should I give the server the same 
name it had before? Or will that confuse Active Directory? And if I give it a 
different name, how do I remove all references to the old server name from AD?

Just wondering what best practices are. Amazingly, I've never had to do this 
before in my years as a sysadmin. Just lucky, I guess!



John Hornbuckle
MIS Department
Taylor County School District
318 North Clark Street
Perry, FL 32347

www.taylor.k12.fl.us


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


Windows 2008 Terminal Server, Citrix, or both?

2009-01-07 Thread Tom Miller
Hi Folks,
 
I currently have a Citrix Presentation Server (or whatever it's called this 
week) for all remote users, and some internal users.  I also use the Citrix 
Access Gateway appliance for external users, which I really like.
 
I am going to stand up a new Terminal Server/Citrix farm in the next few months 
to specifically dedicated to a particular application.  I am wondering if I can 
just use Windows 2008 Terminal Server and forgo the Citrix part?  I do like 
Citrix but it would add over $100k to licensing costs, and that does not 
include Citrix Access Gateway licenses.  I will also need to provide some sort 
of secure remote access, if I use Terminal Server only, similar to the Citrix 
Access Gateway.  
 
I am currently on Terminal Server 2003 and I understand 2008 is much better.  
 
Suggestions and comments appreciated.
 
 

Confidentiality Notice:  This e-mail message, including attachments, is for the 
sole use of the intended recipient(s) and may contain confidential and 
privileged information.  Any unauthorized review, use, disclosure, or 
distribution is prohibited.  If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

RE: Server OS Reinstall

2009-01-07 Thread Kennedy, Jim

I never reuse a DC name, even if I removed it gracefully. That may be a bit 
overkill, but I would strongly advise against reusing a name on a failed DC.

You can clean it out of AD, and you will need to but I still wouldn't reuse the 
name. I have always done a manual removal with the info in this article:

http://www.petri.co.il/delete_failed_dcs_from_ad.htm



 -Original Message-
 From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
 Sent: Wednesday, January 07, 2009 9:18 AM
 To: NT System Admin Issues
 Subject: Server OS Reinstall
 
 I've got a server (Server 2003 R2) that conked out on me over the
 Christmas holidays. I'm not quite sure what went wrong--the hardware
 seems to be okay. But there was some sort of corruption in the RAID
 array and the OS gives a stop 0x0024 every time it goes to boot.
 
 A fresh OS install won't be too painful, because this server was only a
 DC/DHCP/DNS server.
 
 But my question is this... When I reinstall, should I give the server
 the same name it had before? Or will that confuse Active Directory? And
 if I give it a different name, how do I remove all references to the
 old server name from AD?
 
 Just wondering what best practices are. Amazingly, I've never had to do
 this before in my years as a sysadmin. Just lucky, I guess!
 
 
 
 John Hornbuckle
 MIS Department
 Taylor County School District
 318 North Clark Street
 Perry, FL 32347
 
 www.taylor.k12.fl.us
 
 
 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


RE: Server OS Reinstall

2009-01-07 Thread Jake Gardner
I believe you can use the Network ID instead of Join Domain after your
install and select/choose the old name from AD 


Thanks,
 
Jake Gardner
TTC Network Administrator
Ext. 246

-Original Message-
From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Wednesday, January 07, 2009 9:18 AM
To: NT System Admin Issues
Subject: Server OS Reinstall

I've got a server (Server 2003 R2) that conked out on me over the
Christmas holidays. I'm not quite sure what went wrong--the hardware
seems to be okay. But there was some sort of corruption in the RAID
array and the OS gives a stop 0x0024 every time it goes to boot.

A fresh OS install won't be too painful, because this server was only a
DC/DHCP/DNS server.

But my question is this... When I reinstall, should I give the server
the same name it had before? Or will that confuse Active Directory? And
if I give it a different name, how do I remove all references to the old
server name from AD?

Just wondering what best practices are. Amazingly, I've never had to do
this before in my years as a sysadmin. Just lucky, I guess!



John Hornbuckle
MIS Department
Taylor County School District
318 North Clark Street
Perry, FL 32347

www.taylor.k12.fl.us


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

***Teletronics Technology Corporation*** 
This e-mail is confidential and may also be privileged.  If you are not the 
addressee or authorized by the addressee to receive this e-mail, you may not 
disclose, copy, distribute, or use this e-mail. If you have received this 
e-mail in error, please notify the sender immediately by reply e-mail or by 
telephone at 267-352-2020 and destroy this message and any copies.  Thank you.

***



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


RE: OT : Anti-Phishing training game

2009-01-07 Thread Erik Goldoff
still comes up functional for me 
 
  Erik Goldoff

IT  Consultant

Systems, Networks,  Security 

 

  _  

From: vbs [mailto:dvant...@gmail.com] 
Sent: Wednesday, January 07, 2009 8:13 AM
To: NT System Admin Issues
Subject: Re: OT : Anti-Phishing training game


I tried this link and can't seem to get to any sites at cups.cs.cmu.edu.  Is
this site no longer functional.
 
I even googled for it and the links show up but still I only get page not
found. 


On Tue, Jan 6, 2009 at 4:09 PM, Erik Goldoff egold...@gmail.com wrote:


Cute, if slow, game for teaching regular folks how to spot Phishing scams in
browser URLs ...
 
http://cups.cs.cmu.edu/antiphishing_phil/new/index.html
 


Erik Goldoff


IT  Consultant

Systems, Networks,  Security 

 


 



 








-- 
Thanks
Dave Vantine


 


 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

RE: Server OS Reinstall

2009-01-07 Thread Christopher Bodnar
I have done this many times with no ill affects. 

Here is the MS documentation on the process:

http://support.microsoft.com/kb/216498

I personally have never had an issue with using this procedure and using
the same name. 

YMMV



Chris Bodnar, MCSE
Sr. Systems Engineer
Distributed Systems Service Delivery - Intel Services
Guardian Life Insurance Company of America
Email: christopher_bod...@glic.com
Phone: 610-807-6459
Fax: 610-807-6003


-Original Message-
From: john.hornbuc...@taylor.k12.fl.us
[mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Wednesday, January 07, 2009 9:18 AM
To: NT System Admin Issues
Subject: Server OS Reinstall

I've got a server (Server 2003 R2) that conked out on me over the
Christmas holidays. I'm not quite sure what went wrong--the hardware seems
to be okay. But there was some sort of corruption in the RAID array and
the OS gives a stop 0x0024 every time it goes to boot.

A fresh OS install won't be too painful, because this server was only a
DC/DHCP/DNS server.

But my question is this... When I reinstall, should I give the server the
same name it had before? Or will that confuse Active Directory? And if I
give it a different name, how do I remove all references to the old server
name from AD?

Just wondering what best practices are. Amazingly, I've never had to do
this before in my years as a sysadmin. Just lucky, I guess!



John Hornbuckle
MIS Department
Taylor County School District
318 North Clark Street
Perry, FL 32347

www.taylor.k12.fl.us


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


Re: OT : Anti-Phishing training game

2009-01-07 Thread Micheal Espinola Jr
You could try and use it at the publisher's web site, here:

   http://wombatsecurity.com/antiphishing_phil/index.html

--
ME2



On Wed, Jan 7, 2009 at 9:39 AM, Erik Goldoff egold...@gmail.com wrote:
 still comes up functional for me

   Erik Goldoff

 IT  Consultant

 Systems, Networks,  Security


 
 From: vbs [mailto:dvant...@gmail.com]
 Sent: Wednesday, January 07, 2009 8:13 AM
 To: NT System Admin Issues
 Subject: Re: OT : Anti-Phishing training game

 I tried this link and can't seem to get to any sites at cups.cs.cmu.edu.  Is
 this site no longer functional.

 I even googled for it and the links show up but still I only get page not
 found.

 On Tue, Jan 6, 2009 at 4:09 PM, Erik Goldoff egold...@gmail.com wrote:

 Cute, if slow, game for teaching regular folks how to spot Phishing scams
 in browser URLs ...

 http://cups.cs.cmu.edu/antiphishing_phil/new/index.html


 Erik Goldoff

 IT  Consultant

 Systems, Networks,  Security








 --
 Thanks
 Dave Vantine









~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


RE: Server OS Reinstall

2009-01-07 Thread Ziots, Edward
Usually the C24 Stop error is registry corruption, I have seen this a
few times, if you have a backup of your Software Hive you can problem
boot to a new partition and replace the old one, with the backup and
point back to affected system and boot successful. If you don't want to
go through that pain. Do a standard build, don't add to domain and then
restore from tape accordingly.

Z

Edward E. Ziots
Network Engineer
Lifespan Organization
Email: ezi...@lifespan.org
Phone: 401-639-3505
MCSE, MCP+I, ME, CCA, Security +, Network +

-Original Message-
From: Christopher Bodnar [mailto:christopher_bod...@glic.com] 
Sent: Wednesday, January 07, 2009 9:43 AM
To: NT System Admin Issues
Subject: RE: Server OS Reinstall

I have done this many times with no ill affects. 

Here is the MS documentation on the process:

http://support.microsoft.com/kb/216498

I personally have never had an issue with using this procedure and using
the same name. 

YMMV



Chris Bodnar, MCSE
Sr. Systems Engineer
Distributed Systems Service Delivery - Intel Services
Guardian Life Insurance Company of America
Email: christopher_bod...@glic.com
Phone: 610-807-6459
Fax: 610-807-6003


-Original Message-
From: john.hornbuc...@taylor.k12.fl.us
[mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Wednesday, January 07, 2009 9:18 AM
To: NT System Admin Issues
Subject: Server OS Reinstall

I've got a server (Server 2003 R2) that conked out on me over the
Christmas holidays. I'm not quite sure what went wrong--the hardware
seems
to be okay. But there was some sort of corruption in the RAID array and
the OS gives a stop 0x0024 every time it goes to boot.

A fresh OS install won't be too painful, because this server was only a
DC/DHCP/DNS server.

But my question is this... When I reinstall, should I give the server
the
same name it had before? Or will that confuse Active Directory? And if I
give it a different name, how do I remove all references to the old
server
name from AD?

Just wondering what best practices are. Amazingly, I've never had to do
this before in my years as a sysadmin. Just lucky, I guess!



John Hornbuckle
MIS Department
Taylor County School District
318 North Clark Street
Perry, FL 32347

www.taylor.k12.fl.us


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


RE: Server OS Reinstall

2009-01-07 Thread John Hornbuckle
This looks promising. Although I'm worried about the warning:

The administrator must also make sure that replication has occurred since the 
demotion before manually removing the NTDS Settings object for any server. 
Using the Ntdsutil utility incorrectly may result in partial or complete loss 
of Active Directory functionality. 

There was no demotion, though, since the server went down unexpectedly. Does 
that matter?

You just do the 20 steps listed under ntdsutil?




-Original Message-
From: Christopher Bodnar [mailto:christopher_bod...@glic.com] 
Sent: Wednesday, January 07, 2009 9:43 AM
To: NT System Admin Issues
Subject: RE: Server OS Reinstall

I have done this many times with no ill affects. 

Here is the MS documentation on the process:

http://support.microsoft.com/kb/216498

I personally have never had an issue with using this procedure and using
the same name. 

YMMV



Chris Bodnar, MCSE
Sr. Systems Engineer
Distributed Systems Service Delivery - Intel Services
Guardian Life Insurance Company of America
Email: christopher_bod...@glic.com
Phone: 610-807-6459
Fax: 610-807-6003


-Original Message-
From: john.hornbuc...@taylor.k12.fl.us
[mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Wednesday, January 07, 2009 9:18 AM
To: NT System Admin Issues
Subject: Server OS Reinstall

I've got a server (Server 2003 R2) that conked out on me over the
Christmas holidays. I'm not quite sure what went wrong--the hardware seems
to be okay. But there was some sort of corruption in the RAID array and
the OS gives a stop 0x0024 every time it goes to boot.

A fresh OS install won't be too painful, because this server was only a
DC/DHCP/DNS server.

But my question is this... When I reinstall, should I give the server the
same name it had before? Or will that confuse Active Directory? And if I
give it a different name, how do I remove all references to the old server
name from AD?

Just wondering what best practices are. Amazingly, I've never had to do
this before in my years as a sysadmin. Just lucky, I guess!



John Hornbuckle
MIS Department
Taylor County School District
318 North Clark Street
Perry, FL 32347

www.taylor.k12.fl.us


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


RE: Server OS Reinstall

2009-01-07 Thread John Hornbuckle
This sounds easiest. But can anyone confirm if it actually works?



-Original Message-
From: Jake Gardner [mailto:jgard...@ttcdas.com] 
Sent: Wednesday, January 07, 2009 9:37 AM
To: NT System Admin Issues
Subject: RE: Server OS Reinstall

I believe you can use the Network ID instead of Join Domain after your
install and select/choose the old name from AD 


Thanks,
 
Jake Gardner
TTC Network Administrator
Ext. 246

-Original Message-
From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Wednesday, January 07, 2009 9:18 AM
To: NT System Admin Issues
Subject: Server OS Reinstall

I've got a server (Server 2003 R2) that conked out on me over the
Christmas holidays. I'm not quite sure what went wrong--the hardware
seems to be okay. But there was some sort of corruption in the RAID
array and the OS gives a stop 0x0024 every time it goes to boot.

A fresh OS install won't be too painful, because this server was only a
DC/DHCP/DNS server.

But my question is this... When I reinstall, should I give the server
the same name it had before? Or will that confuse Active Directory? And
if I give it a different name, how do I remove all references to the old
server name from AD?

Just wondering what best practices are. Amazingly, I've never had to do
this before in my years as a sysadmin. Just lucky, I guess!



John Hornbuckle
MIS Department
Taylor County School District
318 North Clark Street
Perry, FL 32347

www.taylor.k12.fl.us


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

***Teletronics Technology Corporation*** 
This e-mail is confidential and may also be privileged.  If you are not the 
addressee or authorized by the addressee to receive this e-mail, you may not 
disclose, copy, distribute, or use this e-mail. If you have received this 
e-mail in error, please notify the sender immediately by reply e-mail or by 
telephone at 267-352-2020 and destroy this message and any copies.  Thank you.

***



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


RE: Server OS Reinstall

2009-01-07 Thread John Hornbuckle
It's weird... I had tried booting from a Windows CD to do a repair, but setup 
said it couldn't recognize the C: partition and wanted to format it. This is 
strange for two reasons:

1. Setup could recognize the D: partition just fine (and both C: and D: are 
partitions in the same hardware RAID 5 array).
2. The C: partition can't be totally FUBAR, because the system will boot off of 
it and Windows will load about 75% before getting the blue screen.



-Original Message-
From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Wednesday, January 07, 2009 9:52 AM
To: NT System Admin Issues
Subject: RE: Server OS Reinstall

Usually the C24 Stop error is registry corruption, I have seen this a
few times, if you have a backup of your Software Hive you can problem
boot to a new partition and replace the old one, with the backup and
point back to affected system and boot successful. If you don't want to
go through that pain. Do a standard build, don't add to domain and then
restore from tape accordingly.

Z

Edward E. Ziots
Network Engineer
Lifespan Organization
Email: ezi...@lifespan.org
Phone: 401-639-3505
MCSE, MCP+I, ME, CCA, Security +, Network +

-Original Message-
From: Christopher Bodnar [mailto:christopher_bod...@glic.com] 
Sent: Wednesday, January 07, 2009 9:43 AM
To: NT System Admin Issues
Subject: RE: Server OS Reinstall

I have done this many times with no ill affects. 

Here is the MS documentation on the process:

http://support.microsoft.com/kb/216498

I personally have never had an issue with using this procedure and using
the same name. 

YMMV



Chris Bodnar, MCSE
Sr. Systems Engineer
Distributed Systems Service Delivery - Intel Services
Guardian Life Insurance Company of America
Email: christopher_bod...@glic.com
Phone: 610-807-6459
Fax: 610-807-6003


-Original Message-
From: john.hornbuc...@taylor.k12.fl.us
[mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Wednesday, January 07, 2009 9:18 AM
To: NT System Admin Issues
Subject: Server OS Reinstall

I've got a server (Server 2003 R2) that conked out on me over the
Christmas holidays. I'm not quite sure what went wrong--the hardware
seems
to be okay. But there was some sort of corruption in the RAID array and
the OS gives a stop 0x0024 every time it goes to boot.

A fresh OS install won't be too painful, because this server was only a
DC/DHCP/DNS server.

But my question is this... When I reinstall, should I give the server
the
same name it had before? Or will that confuse Active Directory? And if I
give it a different name, how do I remove all references to the old
server
name from AD?

Just wondering what best practices are. Amazingly, I've never had to do
this before in my years as a sysadmin. Just lucky, I guess!



John Hornbuckle
MIS Department
Taylor County School District
318 North Clark Street
Perry, FL 32347

www.taylor.k12.fl.us


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


Re: OT : Anti-Phishing training game

2009-01-07 Thread Micheal Espinola Jr
I meant to add, I also can't get to the CUPS site.

--
ME2



On Wed, Jan 7, 2009 at 9:50 AM, Micheal Espinola Jr
michealespin...@gmail.com wrote:
 You could try and use it at the publisher's web site, here:

   http://wombatsecurity.com/antiphishing_phil/index.html

 --
 ME2



 On Wed, Jan 7, 2009 at 9:39 AM, Erik Goldoff egold...@gmail.com wrote:
 still comes up functional for me

   Erik Goldoff

 IT  Consultant

 Systems, Networks,  Security


 
 From: vbs [mailto:dvant...@gmail.com]
 Sent: Wednesday, January 07, 2009 8:13 AM
 To: NT System Admin Issues
 Subject: Re: OT : Anti-Phishing training game

 I tried this link and can't seem to get to any sites at cups.cs.cmu.edu.  Is
 this site no longer functional.

 I even googled for it and the links show up but still I only get page not
 found.

 On Tue, Jan 6, 2009 at 4:09 PM, Erik Goldoff egold...@gmail.com wrote:

 Cute, if slow, game for teaching regular folks how to spot Phishing scams
 in browser URLs ...

 http://cups.cs.cmu.edu/antiphishing_phil/new/index.html


 Erik Goldoff

 IT  Consultant

 Systems, Networks,  Security








 --
 Thanks
 Dave Vantine









 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


Re: OT : Anti-Phishing training game

2009-01-07 Thread vbs
This works ok...

I checked my firewall for the other domain and for some reason packets are
being dropped.

Thanks
On Wed, Jan 7, 2009 at 9:50 AM, Micheal Espinola Jr 
michealespin...@gmail.com wrote:

 You could try and use it at the publisher's web site, here:

   http://wombatsecurity.com/antiphishing_phil/index.html

 --
 ME2



 On Wed, Jan 7, 2009 at 9:39 AM, Erik Goldoff egold...@gmail.com wrote:
  still comes up functional for me
 
Erik Goldoff
 
  IT  Consultant
 
  Systems, Networks,  Security
 
 
  
  From: vbs [mailto:dvant...@gmail.com]
  Sent: Wednesday, January 07, 2009 8:13 AM
  To: NT System Admin Issues
  Subject: Re: OT : Anti-Phishing training game
 
  I tried this link and can't seem to get to any sites at cups.cs.cmu.edu.
  Is
  this site no longer functional.
 
  I even googled for it and the links show up but still I only get page not
  found.
 
  On Tue, Jan 6, 2009 at 4:09 PM, Erik Goldoff egold...@gmail.com wrote:
 
  Cute, if slow, game for teaching regular folks how to spot Phishing
 scams
  in browser URLs ...
 
  http://cups.cs.cmu.edu/antiphishing_phil/new/index.html
 
 
  Erik Goldoff
 
  IT  Consultant
 
  Systems, Networks,  Security
 
 
 
 
 
 
 
 
  --
  Thanks
  Dave Vantine
 
 
 
 
 
 
 
 

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~




-- 
Thanks
Dave Vantine

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

RE: Server OS Reinstall

2009-01-07 Thread Jake Gardner
Sorry, I wasn't paying attention.  I would only do this for member
servers and workstations.  Messing with a DC is a whole 'nuther ball
game.

I'd go with Chris's suggestion and follow the MS article. 


Thanks,
 
Jake Gardner
TTC Network Administrator
Ext. 246

-Original Message-
From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Wednesday, January 07, 2009 9:56 AM
To: NT System Admin Issues
Subject: RE: Server OS Reinstall

This sounds easiest. But can anyone confirm if it actually works?



-Original Message-
From: Jake Gardner [mailto:jgard...@ttcdas.com]
Sent: Wednesday, January 07, 2009 9:37 AM
To: NT System Admin Issues
Subject: RE: Server OS Reinstall

I believe you can use the Network ID instead of Join Domain after your
install and select/choose the old name from AD 


Thanks,
 
Jake Gardner
TTC Network Administrator
Ext. 246

-Original Message-
From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Wednesday, January 07, 2009 9:18 AM
To: NT System Admin Issues
Subject: Server OS Reinstall

I've got a server (Server 2003 R2) that conked out on me over the
Christmas holidays. I'm not quite sure what went wrong--the hardware
seems to be okay. But there was some sort of corruption in the RAID
array and the OS gives a stop 0x0024 every time it goes to boot.

A fresh OS install won't be too painful, because this server was only a
DC/DHCP/DNS server.

But my question is this... When I reinstall, should I give the server
the same name it had before? Or will that confuse Active Directory? And
if I give it a different name, how do I remove all references to the old
server name from AD?

Just wondering what best practices are. Amazingly, I've never had to do
this before in my years as a sysadmin. Just lucky, I guess!



John Hornbuckle
MIS Department
Taylor County School District
318 North Clark Street
Perry, FL 32347

www.taylor.k12.fl.us


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

***Teletronics Technology Corporation*** This e-mail is confidential and
may also be privileged.  If you are not the addressee or authorized by
the addressee to receive this e-mail, you may not disclose, copy,
distribute, or use this e-mail. If you have received this e-mail in
error, please notify the sender immediately by reply e-mail or by
telephone at 267-352-2020 and destroy this message and any copies.
Thank you.

***



~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


Opinion wanted: W2K8 network items

2009-01-07 Thread Christopher Bodnar
 

Working on a standard Windows Server 2008 build. Anyone though abut
disabling the following:

 

IPv6

Link-Layer Topology Discovery Mapper I/O Driver

Link-Layer Topology Discovery Responder

 

Looking for any things I might run into if I disable them. 

 


Thanks,

 

 

 

 

Chris Bodnar, MCSE
Sr. Systems Engineer
Distributed Systems Service Delivery - Intel Services
Guardian Life Insurance Company of America
Email: christopher_bod...@glic.com
Phone: 610-807-6459
Fax: 610-807-6003

 




-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

Re: Opinion wanted: W2K8 network items

2009-01-07 Thread Jon Harris
I know you will need to get the IPv6 turned off before you use WSUS to get
reliable communication with Windows 2008 servers.  Either that or make sure
your Default web site is set to use IPv4 first.  Once it is in you can't
make changes and not see WSUS work.  Personally I left it on and just had my
2008 DC do IPv6 DNS.  I just need to finish up learing how to do manual
assigning of IP's in v6 and I can finish this up.

Jon

On Wed, Jan 7, 2009 at 10:15 AM, Christopher Bodnar 
christopher_bod...@glic.com wrote:



 Working on a standard Windows Server 2008 build. Anyone though abut
 disabling the following:



 IPv6

 Link-Layer Topology Discovery Mapper I/O Driver

 Link-Layer Topology Discovery Responder



 Looking for any things I might run into if I disable them.




 Thanks,









 Chris Bodnar, MCSE
 Sr. Systems Engineer
 Distributed Systems Service Delivery - Intel Services
 Guardian Life Insurance Company of America
 Email: christopher_bod...@glic.com
 Phone: 610-807-6459
 Fax: 610-807-6003







  --

 *This message, and any attachments to it, may contain information that is
 privileged, confidential, and exempt from disclosure under applicable law.
 If the reader of this message is not the intended recipient, you are
 notified that any use, dissemination, distribution, copying, or
 communication of this message is strictly prohibited. If you have received
 this message in error, please notify the sender immediately by return e-mail
 and delete the message and any attachments. Thank you. *


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

RE: Server OS Reinstall

2009-01-07 Thread Tim Vander Kooi
Hey Z what is this tape thing you speak of???
TVK

-Original Message-
From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Wednesday, January 07, 2009 8:52 AM
To: NT System Admin Issues
Subject: RE: Server OS Reinstall

Usually the C24 Stop error is registry corruption, I have seen this a
few times, if you have a backup of your Software Hive you can problem
boot to a new partition and replace the old one, with the backup and
point back to affected system and boot successful. If you don't want to
go through that pain. Do a standard build, don't add to domain and then
restore from tape accordingly.

Z

Edward E. Ziots
Network Engineer
Lifespan Organization
Email: ezi...@lifespan.org
Phone: 401-639-3505
MCSE, MCP+I, ME, CCA, Security +, Network +

-Original Message-
From: Christopher Bodnar [mailto:christopher_bod...@glic.com] 
Sent: Wednesday, January 07, 2009 9:43 AM
To: NT System Admin Issues
Subject: RE: Server OS Reinstall

I have done this many times with no ill affects. 

Here is the MS documentation on the process:

http://support.microsoft.com/kb/216498

I personally have never had an issue with using this procedure and using
the same name. 

YMMV



Chris Bodnar, MCSE
Sr. Systems Engineer
Distributed Systems Service Delivery - Intel Services
Guardian Life Insurance Company of America
Email: christopher_bod...@glic.com
Phone: 610-807-6459
Fax: 610-807-6003


-Original Message-
From: john.hornbuc...@taylor.k12.fl.us
[mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Wednesday, January 07, 2009 9:18 AM
To: NT System Admin Issues
Subject: Server OS Reinstall

I've got a server (Server 2003 R2) that conked out on me over the
Christmas holidays. I'm not quite sure what went wrong--the hardware
seems
to be okay. But there was some sort of corruption in the RAID array and
the OS gives a stop 0x0024 every time it goes to boot.

A fresh OS install won't be too painful, because this server was only a
DC/DHCP/DNS server.

But my question is this... When I reinstall, should I give the server
the
same name it had before? Or will that confuse Active Directory? And if I
give it a different name, how do I remove all references to the old
server
name from AD?

Just wondering what best practices are. Amazingly, I've never had to do
this before in my years as a sysadmin. Just lucky, I guess!



John Hornbuckle
MIS Department
Taylor County School District
318 North Clark Street
Perry, FL 32347

www.taylor.k12.fl.us


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


Auditing Everything

2009-01-07 Thread Alex Carroll
I have a request from my CEO to audit everything that happens on our
network.  When users open files, when they change files, delete files,
use any programs, go to any websites (we use ie7, firefox), etc etc etc.
Do any of you have a good solution you can recommend for that?  I can
google all I want, but I won't know the real world experience by doing
that.  We are a smaller company - 16 users.  Right now we have 3 servers
(1 SBS 03, 2 that are 2003) in production.  We use XP and Vista.

 

Thanks in advance!

 

Alex Carroll

Software Support

Crabtree Companies, Inc.

651-688-2727

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

Re: Windows 2008 Terminal Server, Citrix, or both?

2009-01-07 Thread Steve Ens
I'm using the published apps with TS08 and it works really well.  Easy to
use, the end users love it.

On Wed, Jan 7, 2009 at 8:19 AM, Tom Miller tmil...@hnncsb.org wrote:

  Hi Folks,

 I currently have a Citrix Presentation Server (or whatever it's called this
 week) for all remote users, and some internal users.  I also use the Citrix
 Access Gateway appliance for external users, which I really like.

 I am going to stand up a new Terminal Server/Citrix farm in the next few
 months to specifically dedicated to a particular application.  I am
 wondering if I can just use Windows 2008 Terminal Server and forgo the
 Citrix part?  I do like Citrix but it would add over $100k to licensing
 costs, and that does not include Citrix Access Gateway licenses.  I will
 also need to provide some sort of secure remote access, if I use Terminal
 Server only, similar to the Citrix Access Gateway.

 I am currently on Terminal Server 2003 and I understand 2008 is much
 better.

 Suggestions and comments appreciated.



  Confidentiality Notice: This e-mail message, including attachments, is
 for the sole use of the intended recipient(s) and may contain confidential
 and privileged information. Any unauthorized review, use, disclosure, or
 distribution is prohibited. If you are not the intended recipient, please
 contact the sender by reply e-mail and destroy all copies of the original
 message.







~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

Re: Auditing Everything

2009-01-07 Thread James Rankin
I hope you have enormous event log files and a ton of disk space overhead,
if you want to do this using Event Viewer. Turning on file and folder
auditing for all files is a bit bonkers in my opinion though. In the past I
have done event log collection and parsing using dumpel and a bit of batch
scripting, although there are loads of other products out there that others
will doubtless reel off for you.

I use WebSense for internet monitoring, and find it a fantastic product.
Maybe a bit pricey for a shop your size though. Same goes for SCOM which I
use for event log monitoring, although System Center Essentials might be
suitable for your needs, and includes WSUS and a version of
the-application-formerly-known-as-SMS if I remember rightly.

2009/1/7 Alex Carroll acarr...@crabco.net

  I have a request from my CEO to audit everything that happens on our
 network.  When users open files, when they change files, delete files, use
 any programs, go to any websites (we use ie7, firefox), etc etc etc.  Do any
 of you have a good solution you can recommend for that?  I can google all I
 want, but I won't know the real world experience by doing that.  We are a
 smaller company – 16 users.  Right now we have 3 servers (1 SBS 03, 2 that
 are 2003) in production.  We use XP and Vista.



 Thanks in advance!



 Alex Carroll

 Software Support

 Crabtree Companies, Inc.

 651-688-2727









~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

RE: Auditing Everything

2009-01-07 Thread Jake Gardner
Turn on the auditing you want on the server(s) and use Logparser and
elsave to grab your event logs and clean them up then dump them since
they will get HUGE.  SBS I believe comes with ISA which you can use to
monitor web traffic regardless of browser.  Just point the pc's default
gateways to ISA and not your router, then set the proxy in the browser.

 
Thanks,
 
Jake Gardner
TTC Network Administrator
Ext. 246
 



From: Alex Carroll [mailto:acarr...@crabco.net] 
Sent: Wednesday, January 07, 2009 10:25 AM
To: NT System Admin Issues
Subject: Auditing Everything



I have a request from my CEO to audit everything that happens on our
network.  When users open files, when they change files, delete files,
use any programs, go to any websites (we use ie7, firefox), etc etc etc.
Do any of you have a good solution you can recommend for that?  I can
google all I want, but I won't know the real world experience by doing
that.  We are a smaller company - 16 users.  Right now we have 3 servers
(1 SBS 03, 2 that are 2003) in production.  We use XP and Vista.

 

Thanks in advance!

 

Alex Carroll

Software Support

Crabtree Companies, Inc.

651-688-2727

 


 

 


***Teletronics Technology Corporation*** 
This e-mail is confidential and may also be privileged.  If you are not the 
addressee or authorized by the addressee to receive this e-mail, you may not 
disclose, copy, distribute, or use this e-mail. If you have received this 
e-mail in error, please notify the sender immediately by reply e-mail or by 
telephone at 267-352-2020 and destroy this message and any copies.  Thank you.

***



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

Re: Windows 2008 Terminal Server, Citrix, or both?

2009-01-07 Thread James Rankin
I have Citrix MPS 4.5 but 2008 Terminal Services seems to be (finally) a
viable alternative to this. However it will depend entirely on the speed to
my remote sites, and how well it fits in with my future projects (VDI)
whether I take the plunge and bin Citrix altogether.

I do have to say though that in the (limited) testing I have done so far
that 2008 TS does look quite a good product.

2009/1/7 Tom Miller tmil...@hnncsb.org

  Hi Folks,

 I currently have a Citrix Presentation Server (or whatever it's called this
 week) for all remote users, and some internal users.  I also use the Citrix
 Access Gateway appliance for external users, which I really like.

 I am going to stand up a new Terminal Server/Citrix farm in the next few
 months to specifically dedicated to a particular application.  I am
 wondering if I can just use Windows 2008 Terminal Server and forgo the
 Citrix part?  I do like Citrix but it would add over $100k to licensing
 costs, and that does not include Citrix Access Gateway licenses.  I will
 also need to provide some sort of secure remote access, if I use Terminal
 Server only, similar to the Citrix Access Gateway.

 I am currently on Terminal Server 2003 and I understand 2008 is much
 better.

 Suggestions and comments appreciated.



  Confidentiality Notice: This e-mail message, including attachments, is
 for the sole use of the intended recipient(s) and may contain confidential
 and privileged information. Any unauthorized review, use, disclosure, or
 distribution is prohibited. If you are not the intended recipient, please
 contact the sender by reply e-mail and destroy all copies of the original
 message.







~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

Re: Auditing Everything

2009-01-07 Thread Durf
GFI EventSentry.

On Wed, Jan 7, 2009 at 10:25 AM, Alex Carroll acarr...@crabco.net wrote:

  I have a request from my CEO to audit everything that happens on our
 network.  When users open files, when they change files, delete files, use
 any programs, go to any websites (we use ie7, firefox), etc etc etc.  Do any
 of you have a good solution you can recommend for that?  I can google all I
 want, but I won't know the real world experience by doing that.  We are a
 smaller company – 16 users.  Right now we have 3 servers (1 SBS 03, 2 that
 are 2003) in production.  We use XP and Vista.



 Thanks in advance!



 Alex Carroll

 Software Support

 Crabtree Companies, Inc.

 651-688-2727










-- 
--
Give a man a fish, and he'll eat for a day.
Give a fish a man, and he'll eat for weeks!

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

Re: Auditing Everything

2009-01-07 Thread Kurt Buff
On Wed, Jan 7, 2009 at 7:25 AM, Alex Carroll acarr...@crabco.net wrote:
 I have a request from my CEO to audit everything that happens on our
 network.  When users open files, when they change files, delete files, use
 any programs, go to any websites (we use ie7, firefox), etc etc etc.  Do any
 of you have a good solution you can recommend for that?  I can google all I
 want, but I won't know the real world experience by doing that.  We are a
 smaller company – 16 users.  Right now we have 3 servers (1 SBS 03, 2 that
 are 2003) in production.  We use XP and Vista.

 Thanks in advance!

 Alex Carroll

 Software Support

 Crabtree Companies, Inc.

 651-688-2727

There is almost certainly no single package that will do what your CEO
wants. The tasks are too diverse.

And, given the size of your company, not only will it cost a lot of
money to implement. That's because, even if you use all free software,
which isn't very likely, it will take a lot of time to figure the
software out. Ask your CEO if he's willing to hire at least one, and
possibly two or even more people to sort through the data and act on
it.

Kurt

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


Upgrading DCs to 64 bit

2009-01-07 Thread Webb, Brian (Corp)
Has anyone upgraded their 2003 domain from 32 bit DCs to 64 bit DCs?
Our security team wants to move to 64 bit to take advantage of the
larger event logs - anyone done it?  Were there any issues running some
DCs 32 bit and some 64 bit?  Anyone run a mixed environment long term?
I'm planning on doing some testing, but wanted some advance scouting if
available.
 
Brian Webb - MCSE
TDS Corporate IS, Windows Server Platform Team
Senior Systems Administrator

When stuck on a problem as often can be, try to remember G.B.T.T.D. (Go
Back To The Definition). - Dave Seybold

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

RE: Opinion wanted: W2K8 network items

2009-01-07 Thread Jacob
I disable these in some 2008 web servers running IIS and ColdFusion.

 

I have no issue.  Does disabling them gain some performance.. I do not know

 

From: Christopher Bodnar [mailto:christopher_bod...@glic.com] 
Sent: Wednesday, January 07, 2009 7:16 AM
To: NT System Admin Issues
Subject: Opinion wanted: W2K8 network items

 

 

Working on a standard Windows Server 2008 build. Anyone though abut
disabling the following:

 

IPv6

Link-Layer Topology Discovery Mapper I/O Driver

Link-Layer Topology Discovery Responder

 

Looking for any things I might run into if I disable them. 

 


Thanks,

 

 

 

 

Chris Bodnar, MCSE
Sr. Systems Engineer
Distributed Systems Service Delivery - Intel Services
Guardian Life Insurance Company of America
Email: christopher_bod...@glic.com
Phone: 610-807-6459
Fax: 610-807-6003

 

 

 

 
  _  


This message, and any attachments to it, may contain information that is
privileged, confidential, and exempt from disclosure under applicable law.
If the reader of this message is not the intended recipient, you are
notified that any use, dissemination, distribution, copying, or
communication of this message is strictly prohibited. If you have received
this message in error, please notify the sender immediately by return e-mail
and delete the message and any attachments. Thank you. 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

RE: Server OS Reinstall

2009-01-07 Thread Free, Bob
I reuse DC names every time I do HW refresh and have renamed  newly
promoted DC's back to the name of the one that was removed when I had to
run a site in parallel during HW refresh. 

The thing you need to insure is that the metadata is cleaned up no
matter and said cleanup is replicated whether you are doing it
forcefully or gracefully, KB216498 explains the process in detail. You
also need to take into consideration other services that may have been
running on the failed DC, FSMO roles etc.

 http://support.microsoft.com/kb/216498/ 

-Original Message-
From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] 
Sent: Wednesday, January 07, 2009 6:31 AM
To: NT System Admin Issues
Subject: RE: Server OS Reinstall


I never reuse a DC name, even if I removed it gracefully. That may be a
bit overkill, but I would strongly advise against reusing a name on a
failed DC.

You can clean it out of AD, and you will need to but I still wouldn't
reuse the name. I have always done a manual removal with the info in
this article:

http://www.petri.co.il/delete_failed_dcs_from_ad.htm



 -Original Message-
 From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
 Sent: Wednesday, January 07, 2009 9:18 AM
 To: NT System Admin Issues
 Subject: Server OS Reinstall
 
 I've got a server (Server 2003 R2) that conked out on me over the
 Christmas holidays. I'm not quite sure what went wrong--the hardware
 seems to be okay. But there was some sort of corruption in the RAID
 array and the OS gives a stop 0x0024 every time it goes to boot.
 
 A fresh OS install won't be too painful, because this server was only
a
 DC/DHCP/DNS server.
 
 But my question is this... When I reinstall, should I give the server
 the same name it had before? Or will that confuse Active Directory?
And
 if I give it a different name, how do I remove all references to the
 old server name from AD?
 
 Just wondering what best practices are. Amazingly, I've never had to
do
 this before in my years as a sysadmin. Just lucky, I guess!
 
 
 
 John Hornbuckle
 MIS Department
 Taylor County School District
 318 North Clark Street
 Perry, FL 32347
 
 www.taylor.k12.fl.us
 
 
 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


RE: Auditing Everything

2009-01-07 Thread Tim Vander Kooi
I would look at the suite of products from ScriptLogic/Quest. I am fairly 
certain that you will find 1 or 2 products there that can be used to achieve 
the desired results.
TVK

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Wednesday, January 07, 2009 9:36 AM
To: NT System Admin Issues
Subject: Re: Auditing Everything

On Wed, Jan 7, 2009 at 7:25 AM, Alex Carroll acarr...@crabco.net wrote:
 I have a request from my CEO to audit everything that happens on our
 network.  When users open files, when they change files, delete files, use
 any programs, go to any websites (we use ie7, firefox), etc etc etc.  Do any
 of you have a good solution you can recommend for that?  I can google all I
 want, but I won't know the real world experience by doing that.  We are a
 smaller company - 16 users.  Right now we have 3 servers (1 SBS 03, 2 that
 are 2003) in production.  We use XP and Vista.

 Thanks in advance!

 Alex Carroll

 Software Support

 Crabtree Companies, Inc.

 651-688-2727

There is almost certainly no single package that will do what your CEO
wants. The tasks are too diverse.

And, given the size of your company, not only will it cost a lot of
money to implement. That's because, even if you use all free software,
which isn't very likely, it will take a lot of time to figure the
software out. Ask your CEO if he's willing to hire at least one, and
possibly two or even more people to sort through the data and act on
it.

Kurt

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


RE: Auditing Everything

2009-01-07 Thread Kennedy, Jim
I think what the CEO is asking for will cost as much, if not more as they have 
invested already in IT, based upon your size.

You need a proxy server for web surfing to log websites, so ISA for example.

Servers need all the auditing logging turned up and then that will generate 
massive log files, so you need to export them to a storage server or log 
management system such as GFI EventsManager. And you will need that on your 
servers and your workstations since he wants 'any programs'.

Go back and ask him/her what they are trying to accomplish and what they really 
need to monitor, perhaps he tossed out a list that is much bigger than they 
need.

And perhaps point out that if this is a productivity issue that maybe this is 
an HR issue. If people are not doing their jobs then address that specifically 
don't try and prove they are using computers wrong. Just prove they are not 
doing their jobs.



From: Alex Carroll [mailto:acarr...@crabco.net]
Sent: Wednesday, January 07, 2009 10:25 AM
To: NT System Admin Issues
Subject: Auditing Everything

I have a request from my CEO to audit everything that happens on our network.  
When users open files, when they change files, delete files, use any programs, 
go to any websites (we use ie7, firefox), etc etc etc.  Do any of you have a 
good solution you can recommend for that?  I can google all I want, but I won't 
know the real world experience by doing that.  We are a smaller company - 16 
users.  Right now we have 3 servers (1 SBS 03, 2 that are 2003) in production.  
We use XP and Vista.

Thanks in advance!


Alex Carroll

Software Support

Crabtree Companies, Inc.

651-688-2727







~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

RE: Upgrading DCs to 64 bit

2009-01-07 Thread John Hornbuckle
I have a mix of 64-bit Server 2008 DCs and 32-bit Server 2003 DCs. No problems 
here.



John Hornbuckle
MIS Department
Taylor County School District
318 North Clark Street
Perry, FL 32347

www.taylor.k12.fl.ushttp://www.taylor.k12.fl.us




From: Webb, Brian (Corp) [mailto:brian.w...@teldta.com]
Sent: Wednesday, January 07, 2009 10:37 AM
To: NT System Admin Issues
Subject: Upgrading DCs to 64 bit

Has anyone upgraded their 2003 domain from 32 bit DCs to 64 bit DCs?  Our 
security team wants to move to 64 bit to take advantage of the larger event 
logs - anyone done it?  Were there any issues running some DCs 32 bit and some 
64 bit?  Anyone run a mixed environment long term?  I'm planning on doing some 
testing, but wanted some advance scouting if available.

Brian Webb - MCSE
TDS Corporate IS, Windows Server Platform Team
Senior Systems Administrator

When stuck on a problem as often can be, try to remember G.B.T.T.D. (Go Back 
To The Definition). - Dave Seybold







~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

RE: Upgrading DCs to 64 bit

2009-01-07 Thread Tim Vander Kooi
I have been running a mix of 32 and 64-bit DCs for over a year with no ill 
effects at all. I prefer the performance gains I receive from running 64-bit, 
but not all MS management tools (GPMC in particular) would run on 64-bit prior 
to Server 2008's release, so I had to keep at least 1 32-bit server around for 
that purpose.
TVK


From: Webb, Brian (Corp) [mailto:brian.w...@teldta.com]
Sent: Wednesday, January 07, 2009 9:37 AM
To: NT System Admin Issues
Subject: Upgrading DCs to 64 bit

Has anyone upgraded their 2003 domain from 32 bit DCs to 64 bit DCs?  Our 
security team wants to move to 64 bit to take advantage of the larger event 
logs - anyone done it?  Were there any issues running some DCs 32 bit and some 
64 bit?  Anyone run a mixed environment long term?  I'm planning on doing some 
testing, but wanted some advance scouting if available.

Brian Webb - MCSE
TDS Corporate IS, Windows Server Platform Team
Senior Systems Administrator

When stuck on a problem as often can be, try to remember G.B.T.T.D. (Go Back 
To The Definition). - Dave Seybold







~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

RE: Auditing Everything

2009-01-07 Thread Roger Wright
And how many people does he plan to hire to review and report on all
this data?  You'll probably need to add storage and another server to
accommodate it.

 

Take a look at Adventnet's Eventlog Analyzer... 

http://manageengine.adventnet.com/products/eventlog/index.html

 

 

 

   

 

Roger Wright

Network Administrator

Evatone, Inc.

727.572.7076  x388

_  

 

From: Alex Carroll [mailto:acarr...@crabco.net] 
Sent: Wednesday, January 07, 2009 10:25 AM
To: NT System Admin Issues
Subject: Auditing Everything

 

I have a request from my CEO to audit everything that happens on our
network.  When users open files, when they change files, delete files,
use any programs, go to any websites (we use ie7, firefox), etc etc etc.
Do any of you have a good solution you can recommend for that?  I can
google all I want, but I won't know the real world experience by doing
that.  We are a smaller company - 16 users.  Right now we have 3 servers
(1 SBS 03, 2 that are 2003) in production.  We use XP and Vista.

 

Thanks in advance!

 

Alex Carroll

Software Support

Crabtree Companies, Inc.

651-688-2727

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

Re: Windows 2008 Terminal Server, Citrix, or both?

2009-01-07 Thread Tom Miller
How do you provide secure remote access?
 
 
I'm using the published apps with TS08 and it works really well.  Easy to use, 
the end users love it.  

On Wed, Jan 7, 2009 at 8:19 AM, Tom Miller tmil...@hnncsb.org wrote:


Hi Folks,
 
I currently have a Citrix Presentation Server (or whatever it's called this 
week) for all remote users, and some internal users.  I also use the Citrix 
Access Gateway appliance for external users, which I really like.
 
I am going to stand up a new Terminal Server/Citrix farm in the next few months 
to specifically dedicated to a particular application.  I am wondering if I can 
just use Windows 2008 Terminal Server and forgo the Citrix part?  I do like 
Citrix but it would add over $100k to licensing costs, and that does not 
include Citrix Access Gateway licenses.  I will also need to provide some sort 
of secure remote access, if I use Terminal Server only, similar to the Citrix 
Access Gateway.  
 
I am currently on Terminal Server 2003 and I understand 2008 is much better.  
 
Suggestions and comments appreciated.
 
 


Confidentiality Notice: This e-mail message, including attachments, is for the 
sole use of the intended recipient(s) and may contain confidential and 
privileged information. Any unauthorized review, use, disclosure, or 
distribution is prohibited. If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message. 

 
 




 Steve Ens stevey...@gmail.com 1/7/2009 10:28 AM 

 
 

Confidentiality Notice:  This e-mail message, including attachments, is for the 
sole use of the intended recipient(s) and may contain confidential and 
privileged information.  Any unauthorized review, use, disclosure, or 
distribution is prohibited.  If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

RE: Auditing Everything

2009-01-07 Thread Jacob
Make sure you email the CEO the logs every night.

 

By Friday, he will ask you to turn off auditing.

 

From: Alex Carroll [mailto:acarr...@crabco.net] 
Sent: Wednesday, January 07, 2009 7:25 AM
To: NT System Admin Issues
Subject: Auditing Everything

 

I have a request from my CEO to audit everything that happens on our
network.  When users open files, when they change files, delete files, use
any programs, go to any websites (we use ie7, firefox), etc etc etc.  Do any
of you have a good solution you can recommend for that?  I can google all I
want, but I won't know the real world experience by doing that.  We are a
smaller company - 16 users.  Right now we have 3 servers (1 SBS 03, 2 that
are 2003) in production.  We use XP and Vista.

 

Thanks in advance!

 

Alex Carroll

Software Support

Crabtree Companies, Inc.

651-688-2727

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

Re: Auditing Everything

2009-01-07 Thread Durf
Christ you all.  It doesn't have to be this hard.
If they have a Sonicwall, buy the Viewpoint module.  If they don't have a
Sonicwall, then get them one.  There are equivalent products for Cisco and
Watchguard.

For AD, just turn on appropriate auditing and use GFI EventSentry to gather
and report on events.

That's it, you're done.  Aside from literal keystroke logging on the
workstations, these two items will handle everything else on the network
that is appropriate.

Whether they *should* do it or not is a whole different question, and not
what the OP asked.

-- Durf


On Wed, Jan 7, 2009 at 10:44 AM, Roger Wright rwri...@evatone.com wrote:

  And how many people does he plan to hire to review and report on all this
 data?  You'll probably need to add storage and another server to accommodate
 it.



 Take a look at Adventnet's Eventlog Analyzer…

 http://manageengine.adventnet.com/products/eventlog/index.html











 Roger Wright

 Network Administrator

 Evatone, Inc.

 727.572.7076  x388

 _



 *From:* Alex Carroll [mailto:acarr...@crabco.net]
 *Sent:* Wednesday, January 07, 2009 10:25 AM
 *To:* NT System Admin Issues
 *Subject:* Auditing Everything



 I have a request from my CEO to audit everything that happens on our
 network.  When users open files, when they change files, delete files, use
 any programs, go to any websites (we use ie7, firefox), etc etc etc.  Do any
 of you have a good solution you can recommend for that?  I can google all I
 want, but I won't know the real world experience by doing that.  We are a
 smaller company – 16 users.  Right now we have 3 servers (1 SBS 03, 2 that
 are 2003) in production.  We use XP and Vista.



 Thanks in advance!



 Alex Carroll

 Software Support

 Crabtree Companies, Inc.

 651-688-2727

















-- 
--
Give a man a fish, and he'll eat for a day.
Give a fish a man, and he'll eat for weeks!

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

Re: Windows 2008 Terminal Server, Citrix, or both?

2009-01-07 Thread Steve Ens
VPN for now...

On Wed, Jan 7, 2009 at 9:42 AM, Tom Miller tmil...@hnncsb.org wrote:

  How do you provide secure remote access?


 I'm using the published apps with TS08 and it works really well.  Easy to
 use, the end users love it.

 On Wed, Jan 7, 2009 at 8:19 AM, Tom Miller tmil...@hnncsb.org wrote:

  Hi Folks,

 I currently have a Citrix Presentation Server (or whatever it's called
 this week) for all remote users, and some internal users.  I also use the
 Citrix Access Gateway appliance for external users, which I really like.

 I am going to stand up a new Terminal Server/Citrix farm in the next few
 months to specifically dedicated to a particular application.  I am
 wondering if I can just use Windows 2008 Terminal Server and forgo the
 Citrix part?  I do like Citrix but it would add over $100k to licensing
 costs, and that does not include Citrix Access Gateway licenses.  I will
 also need to provide some sort of secure remote access, if I use Terminal
 Server only, similar to the Citrix Access Gateway.

 I am currently on Terminal Server 2003 and I understand 2008 is much
 better.

 Suggestions and comments appreciated.



 Confidentiality Notice: This e-mail message, including attachments, is for
 the sole use of the intended recipient(s) and may contain confidential and
 privileged information. Any unauthorized review, use, disclosure, or
 distribution is prohibited. If you are not the intended recipient, please
 contact the sender by reply e-mail and destroy all copies of the original
 message.








  Steve Ens stevey...@gmail.com 1/7/2009 10:28 AM 






  Confidentiality Notice: This e-mail message, including attachments, is
 for the sole use of the intended recipient(s) and may contain confidential
 and privileged information. Any unauthorized review, use, disclosure, or
 distribution is prohibited. If you are not the intended recipient, please
 contact the sender by reply e-mail and destroy all copies of the original
 message.







~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

RE: Upgrading DCs to 64 bit

2009-01-07 Thread Free, Bob
We added a 64 bit DC to our existing domain with no issues whatsoever
early last year to add some horsepower to a site allegedly being
hammered by Exchange and to test all our processes, documentation, 3rd
party agents, services etc in preparation for the next HW refresh. We
did it in the lab as well so we have had 2 forests running that way the
better part of a year if you consider that long term 

 

Test your 3rd party SW, AV, prepare your patching mechanism etc. By now
it should be a non-issue but you never know.

 

From: Webb, Brian (Corp) [mailto:brian.w...@teldta.com] 
Sent: Wednesday, January 07, 2009 7:37 AM
To: NT System Admin Issues
Subject: Upgrading DCs to 64 bit

 

Has anyone upgraded their 2003 domain from 32 bit DCs to 64 bit DCs?
Our security team wants to move to 64 bit to take advantage of the
larger event logs - anyone done it?  Were there any issues running some
DCs 32 bit and some 64 bit?  Anyone run a mixed environment long term?
I'm planning on doing some testing, but wanted some advance scouting if
available.

 

Brian Webb - MCSE
TDS Corporate IS, Windows Server Platform Team
Senior Systems Administrator

When stuck on a problem as often can be, try to remember G.B.T.T.D. (Go
Back To The Definition). - Dave Seybold

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

RE: Auditing Everything

2009-01-07 Thread David Mazzaccaro
For internet auditing I like St Bernard iPrism.
Hardware appliance (1U rack mount form factor) that sits between your
users and your internet connection.
Setup is typically less than 1 hour.
 
As for file monitoring... that sounds very unrealistic given your size.
 
 



From: Alex Carroll [mailto:acarr...@crabco.net] 
Sent: Wednesday, January 07, 2009 10:25 AM
To: NT System Admin Issues
Subject: Auditing Everything



I have a request from my CEO to audit everything that happens on our
network.  When users open files, when they change files, delete files,
use any programs, go to any websites (we use ie7, firefox), etc etc etc.
Do any of you have a good solution you can recommend for that?  I can
google all I want, but I won't know the real world experience by doing
that.  We are a smaller company - 16 users.  Right now we have 3 servers
(1 SBS 03, 2 that are 2003) in production.  We use XP and Vista.

 

Thanks in advance!

 

Alex Carroll

Software Support

Crabtree Companies, Inc.

651-688-2727

 


 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

RE: Upgrading DCs to 64 bit

2009-01-07 Thread Terry Dickson
We have been using 64 bit 2003 servers and 32 bit servers for a few years now 
on 2003, last year we moved most of our DC's to 64 bit servers and we are 
having zero problems with it.



-Original Message-
From: Free, Bob [mailto:r...@pge.com] 
Sent: Wednesday, January 07, 2009 9:56 AM
To: NT System Admin Issues
Subject: RE: Upgrading DCs to 64 bit

We added a 64 bit DC to our existing domain with no issues whatsoever early 
last year to add some horsepower to a site allegedly being hammered by Exchange 
and to test all our processes, documentation, 3rd party agents, services etc in 
preparation for the next HW refresh. We did it in the lab as well so we have 
had 2 forests running that way the better part of a year if you consider that 
long term 

 

Test your 3rd party SW, AV, prepare your patching mechanism etc. By now it 
should be a non-issue but you never know.

 

From: Webb, Brian (Corp) [mailto:brian.w...@teldta.com] 
Sent: Wednesday, January 07, 2009 7:37 AM
To: NT System Admin Issues
Subject: Upgrading DCs to 64 bit

 

Has anyone upgraded their 2003 domain from 32 bit DCs to 64 bit DCs?  Our 
security team wants to move to 64 bit to take advantage of the larger event 
logs - anyone done it?  Were there any issues running some DCs 32 bit and some 
64 bit?  Anyone run a mixed environment long term?  I'm planning on doing some 
testing, but wanted some advance scouting if available.

 

Brian Webb - MCSE
TDS Corporate IS, Windows Server Platform Team
Senior Systems Administrator

When stuck on a problem as often can be, try to remember G.B.T.T.D. (Go Back 
To The Definition). - Dave Seybold

 

 

 

 


 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


RE: Windows 2008 Terminal Server, Citrix, or both?

2009-01-07 Thread Webster
From: Tom Miller [mailto:tmil...@hnncsb.org] 
Subject: Re: Windows 2008 Terminal Server, Citrix, or both?

 

How do you provide secure remote access?

 

You would use the TS Gateway Role Service.  I would highly recommend the TS
2008 Resource Kit.  Excellent book with a lot of the info you are looking
for.

 

Webster


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

SecurID and TS Gateway.

2009-01-07 Thread Terry Dickson
Has anyone setup the TS Gateway to use SecurID?  We are trying to set that up 
in a test Lab and so far we find it is not supported on Server 2008?  If you 
have done it, do you have any Sites or documentation you can point me to for 
help?  So far from our scouring of the RSA site we cannot find anything that 
covers it.


TIA

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


RE: Auditing Everything

2009-01-07 Thread David Lum
There will be a performance hit. I would ask what he's trying to 
accomplish...what are his goals? Licensing? Misuse? Malware protection? 
Information theft? He's suggested a solution to an unknown problem. It's the 
CEO's job to tell the IT guy what he needs, it's the IT guys job to figure out 
how to accomplish it.

My FIRST comment to the CEO would be I can do this for you, what are you 
looking to accomplish? It will help me get your end result for the lowest 
cost...
David Lum // SYSTEMS ENGINEER
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764
From: Durf [mailto:stygm...@gmail.com]
Sent: Wednesday, January 07, 2009 7:49 AM
To: NT System Admin Issues
Subject: Re: Auditing Everything

Christ you all.  It doesn't have to be this hard.

If they have a Sonicwall, buy the Viewpoint module.  If they don't have a 
Sonicwall, then get them one.  There are equivalent products for Cisco and 
Watchguard.

For AD, just turn on appropriate auditing and use GFI EventSentry to gather and 
report on events.

That's it, you're done.  Aside from literal keystroke logging on the 
workstations, these two items will handle everything else on the network that 
is appropriate.

Whether they *should* do it or not is a whole different question, and not what 
the OP asked.

-- Durf

On Wed, Jan 7, 2009 at 10:44 AM, Roger Wright 
rwri...@evatone.commailto:rwri...@evatone.com wrote:

And how many people does he plan to hire to review and report on all this data? 
 You'll probably need to add storage and another server to accommodate it.



Take a look at Adventnet's Eventlog Analyzer...

http://manageengine.adventnet.com/products/eventlog/index.html











Roger Wright

Network Administrator

Evatone, Inc.

727.572.7076  x388

_



From: Alex Carroll [mailto:acarr...@crabco.netmailto:acarr...@crabco.net]
Sent: Wednesday, January 07, 2009 10:25 AM

To: NT System Admin Issues
Subject: Auditing Everything



I have a request from my CEO to audit everything that happens on our network.  
When users open files, when they change files, delete files, use any programs, 
go to any websites (we use ie7, firefox), etc etc etc.  Do any of you have a 
good solution you can recommend for that?  I can google all I want, but I won't 
know the real world experience by doing that.  We are a smaller company - 16 
users.  Right now we have 3 servers (1 SBS 03, 2 that are 2003) in production.  
We use XP and Vista.



Thanks in advance!



Alex Carroll

Software Support

Crabtree Companies, Inc.

651-688-2727
















--
--
Give a man a fish, and he'll eat for a day.
Give a fish a man, and he'll eat for weeks!





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

RE: Server OS Reinstall

2009-01-07 Thread John Hornbuckle
Good point... This server was also a GC. Not sure if that affects the cleanup 
process in any way...



-Original Message-
From: Free, Bob [mailto:r...@pge.com] 
Sent: Wednesday, January 07, 2009 10:40 AM
To: NT System Admin Issues
Subject: RE: Server OS Reinstall

I reuse DC names every time I do HW refresh and have renamed  newly
promoted DC's back to the name of the one that was removed when I had to
run a site in parallel during HW refresh. 

The thing you need to insure is that the metadata is cleaned up no
matter and said cleanup is replicated whether you are doing it
forcefully or gracefully, KB216498 explains the process in detail. You
also need to take into consideration other services that may have been
running on the failed DC, FSMO roles etc.

 http://support.microsoft.com/kb/216498/ 

-Original Message-
From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] 
Sent: Wednesday, January 07, 2009 6:31 AM
To: NT System Admin Issues
Subject: RE: Server OS Reinstall


I never reuse a DC name, even if I removed it gracefully. That may be a
bit overkill, but I would strongly advise against reusing a name on a
failed DC.

You can clean it out of AD, and you will need to but I still wouldn't
reuse the name. I have always done a manual removal with the info in
this article:

http://www.petri.co.il/delete_failed_dcs_from_ad.htm



 -Original Message-
 From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
 Sent: Wednesday, January 07, 2009 9:18 AM
 To: NT System Admin Issues
 Subject: Server OS Reinstall
 
 I've got a server (Server 2003 R2) that conked out on me over the
 Christmas holidays. I'm not quite sure what went wrong--the hardware
 seems to be okay. But there was some sort of corruption in the RAID
 array and the OS gives a stop 0x0024 every time it goes to boot.
 
 A fresh OS install won't be too painful, because this server was only
a
 DC/DHCP/DNS server.
 
 But my question is this... When I reinstall, should I give the server
 the same name it had before? Or will that confuse Active Directory?
And
 if I give it a different name, how do I remove all references to the
 old server name from AD?
 
 Just wondering what best practices are. Amazingly, I've never had to
do
 this before in my years as a sysadmin. Just lucky, I guess!
 
 
 
 John Hornbuckle
 MIS Department
 Taylor County School District
 318 North Clark Street
 Perry, FL 32347
 
 www.taylor.k12.fl.us
 
 
 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


Re: Auditing Everything

2009-01-07 Thread Durf
The performance hit is minor for a network of that size and not worth
worrying about.
And, for any and all of those solutions, the Audit log is the solution.
 What is the problem that would NOT involve gathering and reporting on Audit
logs?  That's just standard practice.

-- Durf

On Wed, Jan 7, 2009 at 11:22 AM, David Lum david@nwea.org wrote:

  There will be a performance hit. I would ask what he's trying to
 accomplish…what are his goals? Licensing? Misuse? Malware protection?
 Information theft? He's suggested a solution to an unknown problem. It's the
 CEO's job to tell the IT guy what he needs, it's the IT guys job to figure
 out how to accomplish it.



 My FIRST comment to the CEO would be I can do this for you, what are you
 looking to accomplish? It will help me get your end result for the lowest
 cost…

 *David Lum** **// *SYSTEMS ENGINEER
 NORTHWEST EVALUATION ASSOCIATION
 (Desk) 971.222.1025 *// *(Cell) 503.267.9764

 *From:* Durf [mailto:stygm...@gmail.com]
 *Sent:* Wednesday, January 07, 2009 7:49 AM
 *To:* NT System Admin Issues
 *Subject:* Re: Auditing Everything



 Christ you all.  It doesn't have to be this hard.



 If they have a Sonicwall, buy the Viewpoint module.  If they don't have a
 Sonicwall, then get them one.  There are equivalent products for Cisco and
 Watchguard.



 For AD, just turn on appropriate auditing and use GFI EventSentry to gather
 and report on events.



 That's it, you're done.  Aside from literal keystroke logging on the
 workstations, these two items will handle everything else on the network
 that is appropriate.



 Whether they *should* do it or not is a whole different question, and not
 what the OP asked.



 -- Durf



 On Wed, Jan 7, 2009 at 10:44 AM, Roger Wright rwri...@evatone.com wrote:

 And how many people does he plan to hire to review and report on all this
 data?  You'll probably need to add storage and another server to accommodate
 it.



 Take a look at Adventnet's Eventlog Analyzer…

 http://manageengine.adventnet.com/products/eventlog/index.html











 Roger Wright

 Network Administrator

 Evatone, Inc.

 727.572.7076  x388

 _



 *From:* Alex Carroll [mailto:acarr...@crabco.net]
 *Sent:* Wednesday, January 07, 2009 10:25 AM


 *To:* NT System Admin Issues

 *Subject:* Auditing Everything



 I have a request from my CEO to audit everything that happens on our
 network.  When users open files, when they change files, delete files, use
 any programs, go to any websites (we use ie7, firefox), etc etc etc.  Do any
 of you have a good solution you can recommend for that?  I can google all I
 want, but I won't know the real world experience by doing that.  We are a
 smaller company – 16 users.  Right now we have 3 servers (1 SBS 03, 2 that
 are 2003) in production.  We use XP and Vista.



 Thanks in advance!



 Alex Carroll

 Software Support

 Crabtree Companies, Inc.

 651-688-2727


















 --
 --
 Give a man a fish, and he'll eat for a day.
 Give a fish a man, and he'll eat for weeks!













-- 
--
Give a man a fish, and he'll eat for a day.
Give a fish a man, and he'll eat for weeks!

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

Re: File name is too long

2009-01-07 Thread Steven Peck
Don't worry, I am sure that someday soon, you too will be part of the
Vista OS.  Maybe in a future service pack release?

On Tue, Jan 6, 2009 at 3:52 PM, Kurt Buff kurt.b...@gmail.com wrote:
 Yeah, unlike me...

 Heh.

 On Tue, Jan 6, 2009 at 2:51 PM, Michael B. Smith
 mich...@theessentialexchange.com wrote:
 It's part of the OS with Vista and Server 2008. Finally - respectability!
 :-)

 Regards,

 Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP
 My blog: http://TheEssentialExchange.com/blogs/michael
 I'll be at TEC'2009! http://www.tec2009.com/vegas/index.php


 -Original Message-
 From: Kurt Buff [mailto:kurt.b...@gmail.com]
 Sent: Tuesday, January 06, 2009 5:42 PM
 To: NT System Admin Issues
 Subject: Re: File name is too long

 I've been using robocopy since it came out - I think with the NT3.51
 RK. It's a very good and dear friend. Treat it well.

 Kurt

 On Tue, Jan 6, 2009 at 2:18 PM, Eric Brouwer er...@forestpost.com wrote:
 Wow.  First experience with robocopy.  Great little tool!

 Thanks, guys.

 On Jan 6, 2009, at 1:00 PM, Kennedy, Jim wrote:


 And it is WAY faster. Robocopy FTW.


 -Original Message-
 From: Kurt Buff [mailto:kurt.b...@gmail.com]
 Sent: Tuesday, January 06, 2009 12:59 PM
 To: NT System Admin Issues
 Subject: Re: File name is too long

 While, as others suggest, 'subst' might help, your real help here is
 two-fold:

 1) robocopy - get it from the MSFT resource kits. I can handle
 file/path specifications greater than 254 characters, as it uses a
 different API than win32

 2) shorten the path.

 Kurt

 On Tue, Jan 6, 2009 at 8:55 AM, Eric Brouwer er...@forestpost.com
 wrote:

 Good afternoon,

 I'm trying to copy files from an NT server to a Windows 2003 server.

 I am

 running into the problem of file/path name limitations.  I am trying

 to do

 this from Windows Explorer, and I keep getting the file name is too

 long

 error.  Is there another utility I can use to accomplish the copy?

 Thanks,

 Eric Brouwer
 IT Manager
 www.forestpost.com
 er...@forestpost.com
 248.855.4333





 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


 Eric Brouwer
 IT Manager
 www.forestpost.com
 er...@forestpost.com
 248.855.4333





 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


RE: Auditing Everything

2009-01-07 Thread Roger Wright
True, it may not be too difficult to capture all the information, but it
could be very resource-intensive to actually make use of it.  The secret
is to capture only what you need, not everything that happens, so it's
easier discern what's really going on.

 

For a small office environment there are several useful and low-cost
systems that could be implemented to help in this regard.  OpenDNS is
one, and the tools from Adventnet can also assist in making sense of it
all.

   

 

Roger Wright

Network Administrator

Evatone, Inc.

727.572.7076  x388

_  

 

From: Durf [mailto:stygm...@gmail.com] 
Sent: Wednesday, January 07, 2009 10:49 AM
To: NT System Admin Issues
Subject: Re: Auditing Everything

 

Christ you all.  It doesn't have to be this hard.

 

If they have a Sonicwall, buy the Viewpoint module.  If they don't have
a Sonicwall, then get them one.  There are equivalent products for Cisco
and Watchguard.

 

For AD, just turn on appropriate auditing and use GFI EventSentry to
gather and report on events.

 

That's it, you're done.  Aside from literal keystroke logging on the
workstations, these two items will handle everything else on the network
that is appropriate.

 

Whether they *should* do it or not is a whole different question, and
not what the OP asked.

 

-- Durf

 

On Wed, Jan 7, 2009 at 10:44 AM, Roger Wright rwri...@evatone.com
wrote:

And how many people does he plan to hire to review and report on all
this data?  You'll probably need to add storage and another server to
accommodate it.

 

Take a look at Adventnet's Eventlog Analyzer... 

http://manageengine.adventnet.com/products/eventlog/index.html

 

 

 

   

 

Roger Wright

Network Administrator

Evatone, Inc.

727.572.7076  x388

_  

 

From: Alex Carroll [mailto:acarr...@crabco.net] 
Sent: Wednesday, January 07, 2009 10:25 AM


To: NT System Admin Issues

Subject: Auditing Everything

 

I have a request from my CEO to audit everything that happens on our
network.  When users open files, when they change files, delete files,
use any programs, go to any websites (we use ie7, firefox), etc etc etc.
Do any of you have a good solution you can recommend for that?  I can
google all I want, but I won't know the real world experience by doing
that.  We are a smaller company - 16 users.  Right now we have 3 servers
(1 SBS 03, 2 that are 2003) in production.  We use XP and Vista.

 

Thanks in advance!

 

Alex Carroll

Software Support

Crabtree Companies, Inc.

651-688-2727

 

 

 

 

 

 

 




-- 
--
Give a man a fish, and he'll eat for a day. 
Give a fish a man, and he'll eat for weeks!

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

Re: Auditing Everything

2009-01-07 Thread Devin Meade
Watch out setting the server's event log bigger than 300MB.  CHeck this out:

http://www.windowsnetworking.com/kbase/WindowsTips/Windows2003/AdminTips/Admin/MaximumsizeforEventlogs.html

You are gonna have to use something other than windoze file auditing
due to this limit.  Something designed for $$ this $$ need $$.  Like I
see in other posts, you will need multiple tools.  We use MS ISA's
logging for web surfing history - it works well if setup right.

Something tells me he wants it at no cost.

hth,Devin

On Wed, Jan 7, 2009 at 9:31 AM, Michael B. Smith
mich...@theessentialexchange.com wrote:
 Is he a control freak, or what?



 ISA can give you web auditing. For the rest, you'll need a third party
 application. (And you can also go third-party for web auditing – WebSense is
 probably the most popular.)



 Personally, I'm fond of NetPro's ChangeAuditor (they were recently acquired
 by Quest). NetWrix also has a suite of tools for this that is installed at
 one of my clients.



 To audit EVERYTHING, you may find it necessary to add a server that does
 nothing but process audit records. The volume is quite large, even in a
 small network.



 Regards,



 Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP

 My blog: http://TheEssentialExchange.com/blogs/michael

 I'll be at TEC'2009! http://www.tec2009.com/vegas/index.php



 From: Alex Carroll [mailto:acarr...@crabco.net]
 Sent: Wednesday, January 07, 2009 10:25 AM
 To: NT System Admin Issues
 Subject: Auditing Everything



 I have a request from my CEO to audit everything that happens on our
 network.  When users open files, when they change files, delete files, use
 any programs, go to any websites (we use ie7, firefox), etc etc etc.  Do any
 of you have a good solution you can recommend for that?  I can google all I
 want, but I won't know the real world experience by doing that.  We are a
 smaller company – 16 users.  Right now we have 3 servers (1 SBS 03, 2 that
 are 2003) in production.  We use XP and Vista.



 Thanks in advance!



 Alex Carroll

 Software Support

 Crabtree Companies, Inc.

 651-688-2727















-- 
Devin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


Re: Auditing Everything

2009-01-07 Thread Durf
No, you really just need a couple of tools.  Why are you making this more
complicated than it has to be?  Have you implemented this before?
Audit Logging settings for the top four events, and GFI EventSentry.  What
else, specifically, are you saying they need?  Please be specific.

-- Durf

On Wed, Jan 7, 2009 at 11:32 AM, Devin Meade devin.me...@gmail.com wrote:

 Watch out setting the server's event log bigger than 300MB.  CHeck this
 out:


 http://www.windowsnetworking.com/kbase/WindowsTips/Windows2003/AdminTips/Admin/MaximumsizeforEventlogs.html

 You are gonna have to use something other than windoze file auditing
 due to this limit.  Something designed for $$ this $$ need $$.  Like I
 see in other posts, you will need multiple tools.  We use MS ISA's
 logging for web surfing history - it works well if setup right.

 Something tells me he wants it at no cost.

 hth,Devin

 On Wed, Jan 7, 2009 at 9:31 AM, Michael B. Smith
 mich...@theessentialexchange.com wrote:
  Is he a control freak, or what?
 
 
 
  ISA can give you web auditing. For the rest, you'll need a third party
  application. (And you can also go third-party for web auditing – WebSense
 is
  probably the most popular.)
 
 
 
  Personally, I'm fond of NetPro's ChangeAuditor (they were recently
 acquired
  by Quest). NetWrix also has a suite of tools for this that is installed
 at
  one of my clients.
 
 
 
  To audit EVERYTHING, you may find it necessary to add a server that does
  nothing but process audit records. The volume is quite large, even in a
  small network.
 
 
 
  Regards,
 
 
 
  Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP
 
  My blog: http://TheEssentialExchange.com/blogs/michael
 
  I'll be at TEC'2009! http://www.tec2009.com/vegas/index.php
 
 
 
  From: Alex Carroll [mailto:acarr...@crabco.net]
  Sent: Wednesday, January 07, 2009 10:25 AM
  To: NT System Admin Issues
  Subject: Auditing Everything
 
 
 
  I have a request from my CEO to audit everything that happens on our
  network.  When users open files, when they change files, delete files,
 use
  any programs, go to any websites (we use ie7, firefox), etc etc etc.  Do
 any
  of you have a good solution you can recommend for that?  I can google all
 I
  want, but I won't know the real world experience by doing that.  We are a
  smaller company – 16 users.  Right now we have 3 servers (1 SBS 03, 2
 that
  are 2003) in production.  We use XP and Vista.
 
 
 
  Thanks in advance!
 
 
 
  Alex Carroll
 
  Software Support
 
  Crabtree Companies, Inc.
 
  651-688-2727
 
 
 
 
 
 
 
 
 
 
 
 



 --
 Devin

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~




-- 
--
Give a man a fish, and he'll eat for a day.
Give a fish a man, and he'll eat for weeks!

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

Re: Auditing Everything

2009-01-07 Thread Durf
No, not really.
GFI EventSentry's whole purpose is to handle this.  You run reports out of
it and set alert conditions.  The *entire idea* is to use that software to
handle the complexity for you.

Do you have another recommendation?

-- Durf

On Wed, Jan 7, 2009 at 11:27 AM, Roger Wright rwri...@evatone.com wrote:

  True, it may not be too difficult to capture all the information, but it
 could be very resource-intensive to actually make use of it.  The secret is
 to capture only what you need, not everything that happens, so it's easier
 discern what's really going on.



 For a small office environment there are several useful and low-cost
 systems that could be implemented to help in this regard.  OpenDNS is one,
 and the tools from Adventnet can also assist in making sense of it all.





 Roger Wright

 Network Administrator

 Evatone, Inc.

 727.572.7076  x388

 _



 *From:* Durf [mailto:stygm...@gmail.com]
 *Sent:* Wednesday, January 07, 2009 10:49 AM

 *To:* NT System Admin Issues
 *Subject:* Re: Auditing Everything



 Christ you all.  It doesn't have to be this hard.



 If they have a Sonicwall, buy the Viewpoint module.  If they don't have a
 Sonicwall, then get them one.  There are equivalent products for Cisco and
 Watchguard.



 For AD, just turn on appropriate auditing and use GFI EventSentry to gather
 and report on events.



 That's it, you're done.  Aside from literal keystroke logging on the
 workstations, these two items will handle everything else on the network
 that is appropriate.



 Whether they *should* do it or not is a whole different question, and not
 what the OP asked.



 -- Durf



 On Wed, Jan 7, 2009 at 10:44 AM, Roger Wright rwri...@evatone.com wrote:

 And how many people does he plan to hire to review and report on all this
 data?  You'll probably need to add storage and another server to accommodate
 it.



 Take a look at Adventnet's Eventlog Analyzer…

 http://manageengine.adventnet.com/products/eventlog/index.html











 Roger Wright

 Network Administrator

 Evatone, Inc.

 727.572.7076  x388

 _



 *From:* Alex Carroll [mailto:acarr...@crabco.net]
 *Sent:* Wednesday, January 07, 2009 10:25 AM


 *To:* NT System Admin Issues

 *Subject:* Auditing Everything



 I have a request from my CEO to audit everything that happens on our
 network.  When users open files, when they change files, delete files, use
 any programs, go to any websites (we use ie7, firefox), etc etc etc.  Do any
 of you have a good solution you can recommend for that?  I can google all I
 want, but I won't know the real world experience by doing that.  We are a
 smaller company – 16 users.  Right now we have 3 servers (1 SBS 03, 2 that
 are 2003) in production.  We use XP and Vista.



 Thanks in advance!



 Alex Carroll

 Software Support

 Crabtree Companies, Inc.

 651-688-2727


















 --
 --
 Give a man a fish, and he'll eat for a day.
 Give a fish a man, and he'll eat for weeks!













-- 
--
Give a man a fish, and he'll eat for a day.
Give a fish a man, and he'll eat for weeks!

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

Re: File name is too long

2009-01-07 Thread Kurt Buff
LOL!

I was speaking more to the respectability part of that remark...

On Wed, Jan 7, 2009 at 8:27 AM, Steven Peck sep...@gmail.com wrote:
 Don't worry, I am sure that someday soon, you too will be part of the
 Vista OS.  Maybe in a future service pack release?

 On Tue, Jan 6, 2009 at 3:52 PM, Kurt Buff kurt.b...@gmail.com wrote:
 Yeah, unlike me...

 Heh.

 On Tue, Jan 6, 2009 at 2:51 PM, Michael B. Smith
 mich...@theessentialexchange.com wrote:
 It's part of the OS with Vista and Server 2008. Finally - respectability!
 :-)

 Regards,

 Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP
 My blog: http://TheEssentialExchange.com/blogs/michael
 I'll be at TEC'2009! http://www.tec2009.com/vegas/index.php

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


RE: Auditing Everything

2009-01-07 Thread David Lum
Log files don't need to be big if you know what you're looking for. It goes 
back to the I *can* audit everything, but what are you looking for? I, for 
example, have monitoring software and I look for application installs on all  
PC's for a 50-user company by simply having it look for Event ID 11707 in the 
Application log of each PC. Log files are set to their normal size (16MB), and 
whatever meets the criteria I get an e-mail about, I don't have to search a log 
for anything.

If you know what you're looking for, you can be proactive an never have to 
manually dig through log files. As Durf says, log files will take care of the 
needs, but knowing what you're looking for saves a LOT of time.

Durf is right, you can accomplish this with auditing settings and an 
application that can read logs.

David Lum // SYSTEMS ENGINEER
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764
-Original Message-
From: Devin Meade [mailto:devin.me...@gmail.com]
Sent: Wednesday, January 07, 2009 8:32 AM
To: NT System Admin Issues
Subject: Re: Auditing Everything

Watch out setting the server's event log bigger than 300MB.  CHeck this out:

http://www.windowsnetworking.com/kbase/WindowsTips/Windows2003/AdminTips/Admin/MaximumsizeforEventlogs.html

You are gonna have to use something other than windoze file auditing
due to this limit.  Something designed for $$ this $$ need $$.  Like I
see in other posts, you will need multiple tools.  We use MS ISA's
logging for web surfing history - it works well if setup right.

Something tells me he wants it at no cost.

hth,Devin

On Wed, Jan 7, 2009 at 9:31 AM, Michael B. Smith
mich...@theessentialexchange.com wrote:
 Is he a control freak, or what?



 ISA can give you web auditing. For the rest, you'll need a third party
 application. (And you can also go third-party for web auditing - WebSense is
 probably the most popular.)



 Personally, I'm fond of NetPro's ChangeAuditor (they were recently acquired
 by Quest). NetWrix also has a suite of tools for this that is installed at
 one of my clients.



 To audit EVERYTHING, you may find it necessary to add a server that does
 nothing but process audit records. The volume is quite large, even in a
 small network.



 Regards,



 Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP

 My blog: http://TheEssentialExchange.com/blogs/michael

 I'll be at TEC'2009! http://www.tec2009.com/vegas/index.php



 From: Alex Carroll [mailto:acarr...@crabco.net]
 Sent: Wednesday, January 07, 2009 10:25 AM
 To: NT System Admin Issues
 Subject: Auditing Everything



 I have a request from my CEO to audit everything that happens on our
 network.  When users open files, when they change files, delete files, use
 any programs, go to any websites (we use ie7, firefox), etc etc etc.  Do any
 of you have a good solution you can recommend for that?  I can google all I
 want, but I won't know the real world experience by doing that.  We are a
 smaller company - 16 users.  Right now we have 3 servers (1 SBS 03, 2 that
 are 2003) in production.  We use XP and Vista.



 Thanks in advance!



 Alex Carroll

 Software Support

 Crabtree Companies, Inc.

 651-688-2727















--
Devin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

Re: Auditing Everything

2009-01-07 Thread Kurt Buff
Not, that's not it, and he won't be done.

Someone still has to review the logs, and understand what's happening.

The order is to audit everything that happens on our network.  When
users open files, when they change files, delete files, use any
programs, go to any websites (we use ie7, firefox), etc etc etc

It's the audit .. change files, delete files, use any programs part
that is going to be hell to fulfill. It ain't going to happen, without
at least a couple of people going over the logs, and that's after they
install the auditing software on all of the machines.

As I said, even if all of the software is free, it's going to cost a
*lot* of money, for the man-hours needed, if nothing else. That
doesn't count the hardware resources necessary to
collect/massage/analyze/report on all of that new data.

The CEO is dreaming.

Kurt

On Wed, Jan 7, 2009 at 7:49 AM, Durf stygm...@gmail.com wrote:
 Christ you all.  It doesn't have to be this hard.
 If they have a Sonicwall, buy the Viewpoint module.  If they don't have a
 Sonicwall, then get them one.  There are equivalent products for Cisco and
 Watchguard.
 For AD, just turn on appropriate auditing and use GFI EventSentry to gather
 and report on events.

 That's it, you're done.  Aside from literal keystroke logging on the
 workstations, these two items will handle everything else on the network
 that is appropriate.
 Whether they *should* do it or not is a whole different question, and not
 what the OP asked.
 -- Durf

 On Wed, Jan 7, 2009 at 10:44 AM, Roger Wright rwri...@evatone.com wrote:

 And how many people does he plan to hire to review and report on all this
 data?  You'll probably need to add storage and another server to accommodate
 it.



 Take a look at Adventnet's Eventlog Analyzer…

 http://manageengine.adventnet.com/products/eventlog/index.html











 Roger Wright

 Network Administrator

 Evatone, Inc.

 727.572.7076  x388

 _



 From: Alex Carroll [mailto:acarr...@crabco.net]
 Sent: Wednesday, January 07, 2009 10:25 AM
 To: NT System Admin Issues
 Subject: Auditing Everything



 I have a request from my CEO to audit everything that happens on our
 network.  When users open files, when they change files, delete files, use
 any programs, go to any websites (we use ie7, firefox), etc etc etc.  Do any
 of you have a good solution you can recommend for that?  I can google all I
 want, but I won't know the real world experience by doing that.  We are a
 smaller company – 16 users.  Right now we have 3 servers (1 SBS 03, 2 that
 are 2003) in production.  We use XP and Vista.



 Thanks in advance!



 Alex Carroll

 Software Support

 Crabtree Companies, Inc.

 651-688-2727














 --
 --
 Give a man a fish, and he'll eat for a day.
 Give a fish a man, and he'll eat for weeks!





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


RE: File name is too long

2009-01-07 Thread Webster
 -Original Message-
 From: Steven Peck [mailto:sep...@gmail.com]
 Subject: Re: File name is too long
 
 Don't worry, I am sure that someday soon, you too will be part of the
 Vista OS.  Maybe in a future service pack release?

That would make for an extremely HHUUGGEE service pack!

Webster


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


Re: Auditing Everything

2009-01-07 Thread Devin Meade
Okay guys I suppose you are partially right.  The need was stated to
carte blanche audit everything.  The built in windows audit *has a
limit*.  It can be overwritten when full.  You can loose events.  That
doesn't fill this need.  The need needs to be clarified -- maybe
audit file changes on X drive over the last Y days.

If you need to audit everything there is a chance that using windows
security log wont meet that need.  That's all I was getting at.  Our
file shares have auditing for file changes and we overwrite events as
needed.  I have used eventcomb to mine our audit entries and it works
for our need.  Again, the need must be defined.  One one box, we do
get only about a weeks worth of audit entries then they are
overwritten.  That meets our need and our owners understand this.

I deal with these off-the-cuff requests all the time.  The request is
made - I deliver the cost.  The request is re-defined.  I answer with
a different cost.  Reminds me of building our house.  Start out at
4500sq ft and then see the cost, then start cutting back.

Devin


On Wed, Jan 7, 2009 at 10:47 AM, David Lum david@nwea.org wrote:
 Log files don't need to be big if you know what you're looking for. It goes
 back to the I *can* audit everything, but what are you looking for? I, for
 example, have monitoring software and I look for application installs on
 all  PC's for a 50-user company by simply having it look for Event ID 11707
 in the Application log of each PC. Log files are set to their normal size
 (16MB), and whatever meets the criteria I get an e-mail about, I don't have
 to search a log for anything.

 If you know what you're looking for, you can be proactive an never have to
 manually dig through log files. As Durf says, log files will take care of
 the needs, but knowing what you're looking for saves a LOT of time.

 Durf is right, you can accomplish this with auditing settings and an
 application that can read logs.
 David Lum // SYSTEMS ENGINEER
 NORTHWEST EVALUATION ASSOCIATION
 (Desk) 971.222.1025 // (Cell) 503.267.9764
 -Original Message-
 From: Devin Meade [mailto:devin.me...@gmail.com]
 Sent: Wednesday, January 07, 2009 8:32 AM
 To: NT System Admin Issues
 Subject: Re: Auditing Everything

 Watch out setting the server's event log bigger than 300MB.  CHeck this out:

 http://www.windowsnetworking.com/kbase/WindowsTips/Windows2003/AdminTips/Admin/MaximumsizeforEventlogs.html

 You are gonna have to use something other than windoze file auditing
 due to this limit.  Something designed for $$ this $$ need $$.  Like I
 see in other posts, you will need multiple tools.  We use MS ISA's
 logging for web surfing history - it works well if setup right.

 Something tells me he wants it at no cost.

 hth,Devin

 On Wed, Jan 7, 2009 at 9:31 AM, Michael B. Smith
 mich...@theessentialexchange.com wrote:
 Is he a control freak, or what?



 ISA can give you web auditing. For the rest, you'll need a third party
 application. (And you can also go third-party for web auditing – WebSense
 is
 probably the most popular.)



 Personally, I'm fond of NetPro's ChangeAuditor (they were recently
 acquired
 by Quest). NetWrix also has a suite of tools for this that is installed at
 one of my clients.



 To audit EVERYTHING, you may find it necessary to add a server that does
 nothing but process audit records. The volume is quite large, even in a
 small network.



 Regards,



 Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP

 My blog: http://TheEssentialExchange.com/blogs/michael

 I'll be at TEC'2009! http://www.tec2009.com/vegas/index.php



 From: Alex Carroll [mailto:acarr...@crabco.net]
 Sent: Wednesday, January 07, 2009 10:25 AM
 To: NT System Admin Issues
 Subject: Auditing Everything



 I have a request from my CEO to audit everything that happens on our
 network.  When users open files, when they change files, delete files, use
 any programs, go to any websites (we use ie7, firefox), etc etc etc.  Do
 any
 of you have a good solution you can recommend for that?  I can google all
 I
 want, but I won't know the real world experience by doing that.  We are a
 smaller company – 16 users.  Right now we have 3 servers (1 SBS 03, 2 that
 are 2003) in production.  We use XP and Vista.



 Thanks in advance!



 Alex Carroll

 Software Support

 Crabtree Companies, Inc.

 651-688-2727















 --
 Devin

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~









-- 
Devin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


Re: Auditing Everything

2009-01-07 Thread Durf
We aren't partially right - we are entirely right.
The whole point of GFI EventSentry is to *gather the events from Windows and
store them in SQL*.  So I can safely disregard your whole first paragraph as
frankly ignorant of the possibilities.

If you have any clients who have compliance needs, such as the recent
Massachussets data privacy regulations, or basically any HIPAA, SARBOX, etc
kind of requirements, this is the product that will accomplish these needs.


Using the Windows Event Log properly and auditing for Security Events, you
can tell who  made any modifications to accounts, password changes, security
priv elevations...and so forth.

There are several products that can accomplish this - I don't want to
evangelize GFI; they are just the product I am familiar with.  I'm not a
reseller or GFI employee.  However, the fact it IT CAN DO WHAT THE OP
REQUESTED, in combination with other products and techniques.

Please, you all, stop saying different unless you have actual knowledge to
the contrary.  There are a lot of reasons why the OP *should* not do such a
thing.  But they *can* if they need to.

-- Durf

-- Durf

On Wed, Jan 7, 2009 at 12:07 PM, Devin Meade devin.me...@gmail.com wrote:

 Okay guys I suppose you are partially right.  The need was stated to
 carte blanche audit everything.  The built in windows audit *has a
 limit*.  It can be overwritten when full.  You can loose events.  That
 doesn't fill this need.  The need needs to be clarified -- maybe
 audit file changes on X drive over the last Y days.

 If you need to audit everything there is a chance that using windows
 security log wont meet that need.  That's all I was getting at.  Our
 file shares have auditing for file changes and we overwrite events as
 needed.  I have used eventcomb to mine our audit entries and it works
 for our need.  Again, the need must be defined.  One one box, we do
 get only about a weeks worth of audit entries then they are
 overwritten.  That meets our need and our owners understand this.

 I deal with these off-the-cuff requests all the time.  The request is
 made - I deliver the cost.  The request is re-defined.  I answer with
 a different cost.  Reminds me of building our house.  Start out at
 4500sq ft and then see the cost, then start cutting back.

 Devin


 On Wed, Jan 7, 2009 at 10:47 AM, David Lum david@nwea.org wrote:
  Log files don't need to be big if you know what you're looking for. It
 goes
  back to the I *can* audit everything, but what are you looking for? I,
 for
  example, have monitoring software and I look for application installs on
  all  PC's for a 50-user company by simply having it look for Event ID
 11707
  in the Application log of each PC. Log files are set to their normal size
  (16MB), and whatever meets the criteria I get an e-mail about, I don't
 have
  to search a log for anything.
 
  If you know what you're looking for, you can be proactive an never have
 to
  manually dig through log files. As Durf says, log files will take care of
  the needs, but knowing what you're looking for saves a LOT of time.
 
  Durf is right, you can accomplish this with auditing settings and an
  application that can read logs.
  David Lum // SYSTEMS ENGINEER
  NORTHWEST EVALUATION ASSOCIATION
  (Desk) 971.222.1025 // (Cell) 503.267.9764
  -Original Message-
  From: Devin Meade [mailto:devin.me...@gmail.com]
  Sent: Wednesday, January 07, 2009 8:32 AM
  To: NT System Admin Issues
  Subject: Re: Auditing Everything
 
  Watch out setting the server's event log bigger than 300MB.  CHeck this
 out:
 
 
 http://www.windowsnetworking.com/kbase/WindowsTips/Windows2003/AdminTips/Admin/MaximumsizeforEventlogs.html
 
  You are gonna have to use something other than windoze file auditing
  due to this limit.  Something designed for $$ this $$ need $$.  Like I
  see in other posts, you will need multiple tools.  We use MS ISA's
  logging for web surfing history - it works well if setup right.
 
  Something tells me he wants it at no cost.
 
  hth,Devin
 
  On Wed, Jan 7, 2009 at 9:31 AM, Michael B. Smith
  mich...@theessentialexchange.com wrote:
  Is he a control freak, or what?
 
 
 
  ISA can give you web auditing. For the rest, you'll need a third party
  application. (And you can also go third-party for web auditing –
 WebSense
  is
  probably the most popular.)
 
 
 
  Personally, I'm fond of NetPro's ChangeAuditor (they were recently
  acquired
  by Quest). NetWrix also has a suite of tools for this that is installed
 at
  one of my clients.
 
 
 
  To audit EVERYTHING, you may find it necessary to add a server that does
  nothing but process audit records. The volume is quite large, even in a
  small network.
 
 
 
  Regards,
 
 
 
  Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP
 
  My blog: http://TheEssentialExchange.com/blogs/michael
 
  I'll be at TEC'2009! http://www.tec2009.com/vegas/index.php
 
 
 
  From: Alex Carroll [mailto:acarr...@crabco.net]
  Sent: Wednesday, January 

Re: File name is too long

2009-01-07 Thread Kurt Buff
On Wed, Jan 7, 2009 at 8:53 AM, Webster carlwebs...@gmail.com wrote:
 -Original Message-
 From: Steven Peck [mailto:sep...@gmail.com]
 Subject: Re: File name is too long

 Don't worry, I am sure that someday soon, you too will be part of the
 Vista OS.  Maybe in a future service pack release?

 That would make for an extremely HHUUGGEE service pack!

 Webster

I don't think the world is ready for any more than one of me...

Heh.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


Re: Auditing Everything

2009-01-07 Thread Devin Meade
Durf:
He needs a better definition of the need.  You say I am wrong and then
go on to speak of defined needs with legistation mentioned.  I totally
agree (didnt I just say that)?  The windows event log alone won't do
it.  If you go over 300MB on a 2003 server you will have perfomance
issues.  You then go on to and mention GFI which is a product designed
to do this.  Okay.

To the OP:
If you do decide to use the built in security log, please make sure
you run down the event log size limitations.  Also understand that
there is a chance of loosing audit data.  If that's important - then
you must offload the audit logging.  Oh dang there is that define the
needs thing again.  By all means use it if it works for you, it does
for us.

More on event log limitation:
http://technet.microsoft.com/en-us/library/cc778402.aspx
http://techrepublic.com.com/5208-7343-0.html?forumID=101threadID=256498
http://redmondmag.com/columns/article.asp?EditorialsID=743

I hope this helps you in your choices, that's what this list is all about.

-Devin

On Wed, Jan 7, 2009 at 11:54 AM, Durf stygm...@gmail.com wrote:
 We aren't partially right - we are entirely right.
 The whole point of GFI EventSentry is to *gather the events from Windows and
 store them in SQL*.  So I can safely disregard your whole first paragraph as
 frankly ignorant of the possibilities.
 If you have any clients who have compliance needs, such as the recent
 Massachussets data privacy regulations, or basically any HIPAA, SARBOX, etc
 kind of requirements, this is the product that will accomplish these needs.

 Using the Windows Event Log properly and auditing for Security Events, you
 can tell who  made any modifications to accounts, password changes, security
 priv elevations...and so forth.
 There are several products that can accomplish this - I don't want to
 evangelize GFI; they are just the product I am familiar with.  I'm not a
 reseller or GFI employee.  However, the fact it IT CAN DO WHAT THE OP
 REQUESTED, in combination with other products and techniques.
 Please, you all, stop saying different unless you have actual knowledge to
 the contrary.  There are a lot of reasons why the OP *should* not do such a
 thing.  But they *can* if they need to.
 -- Durf
 -- Durf
 On Wed, Jan 7, 2009 at 12:07 PM, Devin Meade devin.me...@gmail.com wrote:

 Okay guys I suppose you are partially right.  The need was stated to
 carte blanche audit everything.  The built in windows audit *has a
 limit*.  It can be overwritten when full.  You can loose events.  That
 doesn't fill this need.  The need needs to be clarified -- maybe
 audit file changes on X drive over the last Y days.

 If you need to audit everything there is a chance that using windows
 security log wont meet that need.  That's all I was getting at.  Our
 file shares have auditing for file changes and we overwrite events as
 needed.  I have used eventcomb to mine our audit entries and it works
 for our need.  Again, the need must be defined.  One one box, we do
 get only about a weeks worth of audit entries then they are
 overwritten.  That meets our need and our owners understand this.

 I deal with these off-the-cuff requests all the time.  The request is
 made - I deliver the cost.  The request is re-defined.  I answer with
 a different cost.  Reminds me of building our house.  Start out at
 4500sq ft and then see the cost, then start cutting back.

 Devin


 On Wed, Jan 7, 2009 at 10:47 AM, David Lum david@nwea.org wrote:
  Log files don't need to be big if you know what you're looking for. It
  goes
  back to the I *can* audit everything, but what are you looking for? I,
  for
  example, have monitoring software and I look for application installs on
  all  PC's for a 50-user company by simply having it look for Event ID
  11707
  in the Application log of each PC. Log files are set to their normal
  size
  (16MB), and whatever meets the criteria I get an e-mail about, I don't
  have
  to search a log for anything.
 
  If you know what you're looking for, you can be proactive an never have
  to
  manually dig through log files. As Durf says, log files will take care
  of
  the needs, but knowing what you're looking for saves a LOT of time.
 
  Durf is right, you can accomplish this with auditing settings and an
  application that can read logs.
  David Lum // SYSTEMS ENGINEER
  NORTHWEST EVALUATION ASSOCIATION
  (Desk) 971.222.1025 // (Cell) 503.267.9764
  -Original Message-
  From: Devin Meade [mailto:devin.me...@gmail.com]
  Sent: Wednesday, January 07, 2009 8:32 AM
  To: NT System Admin Issues
  Subject: Re: Auditing Everything
 
  Watch out setting the server's event log bigger than 300MB.  CHeck this
  out:
 
 
  http://www.windowsnetworking.com/kbase/WindowsTips/Windows2003/AdminTips/Admin/MaximumsizeforEventlogs.html
 
  You are gonna have to use something other than windoze file auditing
  due to this limit.  Something designed for $$ this $$ need $$.  Like I
  see in other posts, 

Re: Auditing Everything

2009-01-07 Thread Kurt Buff
Gathering data is not sufficient - it will not accomplish the stated
goals, by itself, even though, as you say, tools exist that can do
what he wants. That's because the audit function is not mere data
collection.

The task also requires evaluation/interpretation of the gathered data.
That is the real stumbling block, assuming the added hardware and
software and other implementation costs can be overcome, which I doubt
is going to happen in a 16-person office.

While technically, yes, the job can be done, the task is ill-defined,
and will, if carried out literally, reduce profit margins to zero, or
below, unless it's more profitable than company I've ever heard of.

Kurt

On Wed, Jan 7, 2009 at 9:54 AM, Durf stygm...@gmail.com wrote:
 We aren't partially right - we are entirely right.
 The whole point of GFI EventSentry is to *gather the events from Windows and
 store them in SQL*.  So I can safely disregard your whole first paragraph as
 frankly ignorant of the possibilities.
 If you have any clients who have compliance needs, such as the recent
 Massachussets data privacy regulations, or basically any HIPAA, SARBOX, etc
 kind of requirements, this is the product that will accomplish these needs.

 Using the Windows Event Log properly and auditing for Security Events, you
 can tell who  made any modifications to accounts, password changes, security
 priv elevations...and so forth.
 There are several products that can accomplish this - I don't want to
 evangelize GFI; they are just the product I am familiar with.  I'm not a
 reseller or GFI employee.  However, the fact it IT CAN DO WHAT THE OP
 REQUESTED, in combination with other products and techniques.
 Please, you all, stop saying different unless you have actual knowledge to
 the contrary.  There are a lot of reasons why the OP *should* not do such a
 thing.  But they *can* if they need to.
 -- Durf
 -- Durf
 On Wed, Jan 7, 2009 at 12:07 PM, Devin Meade devin.me...@gmail.com wrote:

 Okay guys I suppose you are partially right.  The need was stated to
 carte blanche audit everything.  The built in windows audit *has a
 limit*.  It can be overwritten when full.  You can loose events.  That
 doesn't fill this need.  The need needs to be clarified -- maybe
 audit file changes on X drive over the last Y days.

 If you need to audit everything there is a chance that using windows
 security log wont meet that need.  That's all I was getting at.  Our
 file shares have auditing for file changes and we overwrite events as
 needed.  I have used eventcomb to mine our audit entries and it works
 for our need.  Again, the need must be defined.  One one box, we do
 get only about a weeks worth of audit entries then they are
 overwritten.  That meets our need and our owners understand this.

 I deal with these off-the-cuff requests all the time.  The request is
 made - I deliver the cost.  The request is re-defined.  I answer with
 a different cost.  Reminds me of building our house.  Start out at
 4500sq ft and then see the cost, then start cutting back.

 Devin


 On Wed, Jan 7, 2009 at 10:47 AM, David Lum david@nwea.org wrote:
  Log files don't need to be big if you know what you're looking for. It
  goes
  back to the I *can* audit everything, but what are you looking for? I,
  for
  example, have monitoring software and I look for application installs on
  all  PC's for a 50-user company by simply having it look for Event ID
  11707
  in the Application log of each PC. Log files are set to their normal
  size
  (16MB), and whatever meets the criteria I get an e-mail about, I don't
  have
  to search a log for anything.
 
  If you know what you're looking for, you can be proactive an never have
  to
  manually dig through log files. As Durf says, log files will take care
  of
  the needs, but knowing what you're looking for saves a LOT of time.
 
  Durf is right, you can accomplish this with auditing settings and an
  application that can read logs.
  David Lum // SYSTEMS ENGINEER
  NORTHWEST EVALUATION ASSOCIATION
  (Desk) 971.222.1025 // (Cell) 503.267.9764
  -Original Message-
  From: Devin Meade [mailto:devin.me...@gmail.com]
  Sent: Wednesday, January 07, 2009 8:32 AM
  To: NT System Admin Issues
  Subject: Re: Auditing Everything
 
  Watch out setting the server's event log bigger than 300MB.  CHeck this
  out:
 
 
  http://www.windowsnetworking.com/kbase/WindowsTips/Windows2003/AdminTips/Admin/MaximumsizeforEventlogs.html
 
  You are gonna have to use something other than windoze file auditing
  due to this limit.  Something designed for $$ this $$ need $$.  Like I
  see in other posts, you will need multiple tools.  We use MS ISA's
  logging for web surfing history - it works well if setup right.
 
  Something tells me he wants it at no cost.
 
  hth,Devin
 
  On Wed, Jan 7, 2009 at 9:31 AM, Michael B. Smith
  mich...@theessentialexchange.com wrote:
  Is he a control freak, or what?
 
 
 
  ISA can give you web auditing. For the rest, you'll 

RE: Auditing Everything

2009-01-07 Thread Gene Giannamore
Can you all clarify something? I cannot find GFI EventSentry, I can find GFI 
EventsManager http://www.gfi.com/eventsmanager/  and netikus ltd. EventSentry 
http://www.eventsentry.com/ . So I am just wondering which one is the product 
people are using?




Gene Giannamore
Abide International Inc.
Technical Support
561 1st Street West
Sonoma,Ca.95476
(707) 935-1577Office
(707) 935-9387Fax
(707) 766-4185 Cell
gene.giannam...@abideinternational.com

-Original Message-
From: Durf [mailto:stygm...@gmail.com]
Sent: Wednesday, January 07, 2009 9:55 AM
To: NT System Admin Issues
Subject: Re: Auditing Everything

We aren't partially right - we are entirely right.

The whole point of GFI EventSentry is to *gather the events from Windows and 
store them in SQL*.  So I can safely disregard your whole first paragraph as 
frankly ignorant of the possibilities.

If you have any clients who have compliance needs, such as the recent 
Massachussets data privacy regulations, or basically any HIPAA, SARBOX, etc 
kind of requirements, this is the product that will accomplish these needs.

Using the Windows Event Log properly and auditing for Security Events, you can 
tell who  made any modifications to accounts, password changes, security priv 
elevations...and so forth.

There are several products that can accomplish this - I don't want to 
evangelize GFI; they are just the product I am familiar with.  I'm not a 
reseller or GFI employee.  However, the fact it IT CAN DO WHAT THE OP 
REQUESTED, in combination with other products and techniques.

Please, you all, stop saying different unless you have actual knowledge to the 
contrary.  There are a lot of reasons why the OP *should* not do such a thing.  
But they *can* if they need to.

-- Durf

-- Durf

On Wed, Jan 7, 2009 at 12:07 PM, Devin Meade devin.me...@gmail.com wrote:


Okay guys I suppose you are partially right.  The need was stated to
carte blanche audit everything.  The built in windows audit *has a
limit*.  It can be overwritten when full.  You can loose events.  That
doesn't fill this need.  The need needs to be clarified -- maybe
audit file changes on X drive over the last Y days.

If you need to audit everything there is a chance that using windows
security log wont meet that need.  That's all I was getting at.  Our
file shares have auditing for file changes and we overwrite events as
needed.  I have used eventcomb to mine our audit entries and it works
for our need.  Again, the need must be defined.  One one box, we do
get only about a weeks worth of audit entries then they are
overwritten.  That meets our need and our owners understand this.

I deal with these off-the-cuff requests all the time.  The request is
made - I deliver the cost.  The request is re-defined.  I answer with
a different cost.  Reminds me of building our house.  Start out at
4500sq ft and then see the cost, then start cutting back.

Devin



On Wed, Jan 7, 2009 at 10:47 AM, David Lum david@nwea.org wrote:
 Log files don't need to be big if you know what you're looking for. 
It goes
 back to the I *can* audit everything, but what are you looking for? 
I, for
 example, have monitoring software and I look for application installs 
on
 all  PC's for a 50-user company by simply having it look for Event ID 
11707
 in the Application log of each PC. Log files are set to their normal 
size
 (16MB), and whatever meets the criteria I get an e-mail about, I 
don't have
 to search a log for anything.

 If you know what you're looking for, you can be proactive an never 
have to
 manually dig through log files. As Durf says, log files will take 
care of
 the needs, but knowing what you're looking for saves a LOT of time.

 Durf is right, you can accomplish this with auditing settings and an
 application that can read logs.
 David Lum // SYSTEMS ENGINEER
 NORTHWEST EVALUATION ASSOCIATION
 (Desk) 971.222.1025 // (Cell) 503.267.9764
 -Original Message-
 From: Devin Meade [mailto:devin.me...@gmail.com]

 Sent: Wednesday, January 07, 2009 8:32 AM
 To: NT System Admin Issues

 Subject: Re: Auditing Everything

 Watch out setting the server's event log bigger than 300MB.  CHeck 
this out:

 
http://www.windowsnetworking.com/kbase/WindowsTips/Windows2003/AdminTips/Admin/MaximumsizeforEventlogs.html

 You are gonna have to use something other than windoze file auditing
 due to this limit.  Something designed for $$ this $$ need $$.  Like I
 see in other posts, you will need multiple tools.  We use MS ISA's
 logging for web surfing history - it works well if setup right.

 

OT: Gotta Get Me Some o' Dat!

2009-01-07 Thread Roger Wright
Perfect for the home office:

 

http://www.engadget.com/2007/06/08/jvcs-worlds-largest-tv-110-inches-and
-728-pounds-of-hd/

 

 

 

Roger Wright

Network Administrator

Evatone, Inc.

727.572.7076  x388

  

 

_

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~image002.jpg

Re: OT: Gotta Get Me Some o' Dat!

2009-01-07 Thread Jonathan Link
It's not the size of your TV, it's how you use it.

On Wed, Jan 7, 2009 at 1:51 PM, Roger Wright rwri...@evatone.com wrote:

  Perfect for the home office:




 http://www.engadget.com/2007/06/08/jvcs-worlds-largest-tv-110-inches-and-728-pounds-of-hd/







 Roger Wright

 Network Administrator

 Evatone, Inc.

 727.572.7076  x388



 [image: ET E-mail Signature Logo]

 _









~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~image002.jpg

Re: OT: Gotta Get Me Some o' Dat!

2009-01-07 Thread Micheal Espinola Jr
i bet it looks horrible.

--
ME2



On Wed, Jan 7, 2009 at 1:51 PM, Roger Wright rwri...@evatone.com wrote:
 Perfect for the home office:



 http://www.engadget.com/2007/06/08/jvcs-worlds-largest-tv-110-inches-and-728-pounds-of-hd/







 Roger Wright

 Network Administrator

 Evatone, Inc.

 727.572.7076  x388



 _







~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


RE: OT: Gotta Get Me Some o' Dat!

2009-01-07 Thread David McSpadden
Keep telling yourself that...

 



From: Jonathan Link [mailto:jonathan.l...@gmail.com] 
Sent: Wednesday, January 07, 2009 1:56 PM
To: NT System Admin Issues
Subject: Re: OT: Gotta Get Me Some o' Dat!

 

 

 
This e-mail and any files transmitted with it are property of Indiana Members 
Credit Union, are confidential, and are intended solely for the use of the 
individual or entity to whom this e-mail is addressed. If you are not one of 
the named recipient(s) or otherwise have reason to believe that you have 
received this message in error, please notify the sender and delete this 
message immediately from your computer. Any other use, retention, 
dissemination, forwarding, printing, or copying of this email is strictly 
prohibited.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

RE: Auditing Everything

2009-01-07 Thread Kennedy, Jim
EventManager from GFI is what I wrote and what we have. I think the others 
typo'd or something :)


 -Original Message-
 From: Gene Giannamore [mailto:gene.giannam...@abideinternational.com]
 Sent: Wednesday, January 07, 2009 1:51 PM
 To: NT System Admin Issues
 Subject: RE: Auditing Everything
 
 Can you all clarify something? I cannot find GFI EventSentry, I can
 find GFI EventsManager http://www.gfi.com/eventsmanager/  and
 netikus ltd. EventSentry http://www.eventsentry.com/ . So I am just
 wondering which one is the product people are using?
 
 
 
 
 Gene Giannamore
 Abide International Inc.
 Technical Support
 561 1st Street West
 Sonoma,Ca.95476
 (707) 935-1577Office
 (707) 935-9387Fax
 (707) 766-4185 Cell
 gene.giannam...@abideinternational.com
 
 -Original Message-
 From: Durf [mailto:stygm...@gmail.com]
 Sent: Wednesday, January 07, 2009 9:55 AM
 To: NT System Admin Issues
 Subject: Re: Auditing Everything
 
 We aren't partially right - we are entirely right.
 
 The whole point of GFI EventSentry is to *gather the events from
 Windows and store them in SQL*.  So I can safely disregard your whole
 first paragraph as frankly ignorant of the possibilities.
 
 If you have any clients who have compliance needs, such as the recent
 Massachussets data privacy regulations, or basically any HIPAA, SARBOX,
 etc kind of requirements, this is the product that will accomplish
 these needs.
 
 Using the Windows Event Log properly and auditing for Security Events,
 you can tell who  made any modifications to accounts, password changes,
 security priv elevations...and so forth.
 
 There are several products that can accomplish this - I don't want to
 evangelize GFI; they are just the product I am familiar with.  I'm not
 a reseller or GFI employee.  However, the fact it IT CAN DO WHAT THE OP
 REQUESTED, in combination with other products and techniques.
 
 Please, you all, stop saying different unless you have actual knowledge
 to the contrary.  There are a lot of reasons why the OP *should* not do
 such a thing.  But they *can* if they need to.
 
 -- Durf
 
 -- Durf
 
 On Wed, Jan 7, 2009 at 12:07 PM, Devin Meade devin.me...@gmail.com
 wrote:
 
 
 Okay guys I suppose you are partially right.  The need was
 stated to
 carte blanche audit everything.  The built in windows audit
 *has a
 limit*.  It can be overwritten when full.  You can loose
 events.  That
 doesn't fill this need.  The need needs to be clarified --
 maybe
 audit file changes on X drive over the last Y days.
 
 If you need to audit everything there is a chance that using
 windows
 security log wont meet that need.  That's all I was getting at.
 Our
 file shares have auditing for file changes and we overwrite
 events as
 needed.  I have used eventcomb to mine our audit entries and it
 works
 for our need.  Again, the need must be defined.  One one box,
 we do
 get only about a weeks worth of audit entries then they are
 overwritten.  That meets our need and our owners understand
 this.
 
 I deal with these off-the-cuff requests all the time.  The
 request is
 made - I deliver the cost.  The request is re-defined.  I
 answer with
 a different cost.  Reminds me of building our house.  Start out
 at
 4500sq ft and then see the cost, then start cutting back.
 
 Devin
 
 
 
 On Wed, Jan 7, 2009 at 10:47 AM, David Lum david@nwea.org
 wrote:
  Log files don't need to be big if you know what you're
 looking for. It goes
  back to the I *can* audit everything, but what are you
 looking for? I, for
  example, have monitoring software and I look for application
 installs on
  all  PC's for a 50-user company by simply having it look for
 Event ID 11707
  in the Application log of each PC. Log files are set to their
 normal size
  (16MB), and whatever meets the criteria I get an e-mail
 about, I don't have
  to search a log for anything.
 
  If you know what you're looking for, you can be proactive an
 never have to
  manually dig through log files. As Durf says, log files will
 take care of
  the needs, but knowing what you're looking for saves a LOT of
 time.
 
  Durf is right, you can accomplish this with auditing settings
 and an
  application that can read logs.
  David Lum // SYSTEMS ENGINEER
  NORTHWEST EVALUATION ASSOCIATION
  (Desk) 971.222.1025 // (Cell) 503.267.9764
  -Original Message-
  From: Devin Meade [mailto:devin.me...@gmail.com]
 
  Sent: Wednesday, January 07, 2009 8:32 AM
  To: NT System Admin Issues
 
  Subject: Re: Auditing Everything
 
  Watch out setting the server's event log bigger than 300MB.
 CHeck this out:
 
 
 

Re: OT: Gotta Get Me Some o' Dat!

2009-01-07 Thread Sean Houston
Time to break out the Intellivision!  Imagine over 100 inches of everyone's
favorite 4 bit system.

On Wed, Jan 7, 2009 at 1:59 PM, Rob Bonfiglio robbonfig...@gmail.comwrote:

 How else would you use it?  Atari baby!


 On Wed, Jan 7, 2009 at 1:55 PM, Jonathan Link jonathan.l...@gmail.comwrote:

 It's not the size of your TV, it's how you use it.


 On Wed, Jan 7, 2009 at 1:51 PM, Roger Wright rwri...@evatone.com wrote:

  Perfect for the home office:




 http://www.engadget.com/2007/06/08/jvcs-worlds-largest-tv-110-inches-and-728-pounds-of-hd/







 Roger Wright

 Network Administrator

 Evatone, Inc.

 727.572.7076  x388



 [image: ET E-mail Signature Logo]

 _



















~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~image002.jpg

RE: OT: Gotta Get Me Some o' Dat!

2009-01-07 Thread Jacob
Pong Parties!

 

From: Rob Bonfiglio [mailto:robbonfig...@gmail.com] 
Sent: Wednesday, January 07, 2009 10:59 AM
To: NT System Admin Issues
Subject: Re: OT: Gotta Get Me Some o' Dat!

 

How else would you use it?  Atari baby!

On Wed, Jan 7, 2009 at 1:55 PM, Jonathan Link jonathan.l...@gmail.com
wrote:

It's not the size of your TV, it's how you use it. 

 

On Wed, Jan 7, 2009 at 1:51 PM, Roger Wright rwri...@evatone.com wrote:

Perfect for the home office:

 

http://www.engadget.com/2007/06/08/jvcs-worlds-largest-tv-110-inches-and-728
-pounds-of-hd/

 

 

 

Roger Wright

Network Administrator

Evatone, Inc.

727.572.7076  x388

  

ET E-mail Signature Logo

_

 

 

 

 

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~image001.jpg

New DL380 G5

2009-01-07 Thread Stefan Jafs
Ok, I'm getting ready for my VMware install, I would like to make sure
my two new servers have the latest firmware before I install anything.

What's the best way? Do I just insert the SmartStart and it will ask me
for the latest ProLiant Support Pack?

I need to install the second processor and apparently it's important to
have the latest ROM update before installing the second processor.

 

__
Stefan Jafs

 




This email and any attached files are confidential and intended solely for the 
intended recipient(s). If you are not the named recipient you should not read, 
distribute, copy or alter this email. Any views or opinions expressed in this 
email are those of the author and do not represent those of the Amico 
Corpoartion company. Warning: Although precautions have been taken to make sure 
no viruses are present in this email, the company cannot accept responsibility 
for any loss or damage that arise from the use of this email or attachments.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

W2K8 SAV 10.2 client not getting updates from Parent server

2009-01-07 Thread Christopher Bodnar
Just installed the 10.2 client on a few test W2K8 32-bit boxes and none of
them are getting the updates from the parent server. I don't see anything
in the logs to indicate why. 

 

I am familiar with the process of setting up this type of configuration
and have dropped the correct GRC.DAT file on the clients as well as making
sure they have the correct certificates.  I am also aware of the issue
with 64-bit clients. 

 

I've done a bunch of Googling on this and so far no luck. I can manually
update them by giving them the .XDB file or doing a LiveUpdate. 

 

Anyone run into this yet and resolve it? 

 

Thanks,

 

Chris Bodnar, MCSE
Sr. Systems Engineer
Distributed Systems Service Delivery - Intel Services
Guardian Life Insurance Company of America
Email: christopher_bod...@glic.com
Phone: 610-807-6459
Fax: 610-807-6003

 




-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

Re: New DL380 G5

2009-01-07 Thread Steve Ens
Yes Smartstart will guide you through a ROM update.  I've never done the
update before installing the second proc though.  Never have heard or read
anything about that.

On Wed, Jan 7, 2009 at 1:13 PM, Stefan Jafs sj...@amico.com wrote:

  Ok, I'm getting ready for my VMware install, I would like to make sure my
 two new servers have the latest firmware before I install anything.

 What's the best way? Do I just insert the SmartStart and it will ask me for
 the latest ProLiant Support Pack?

 I need to install the second processor and apparently it's important to
 have the latest ROM update before installing the second processor.



 *__*
 *Stefan Jafs*



 This email and any attached files are confidential and intended solely for
 the intended recipient(s). If you are not the named recipient you should not
 read, distribute, copy or alter this email. Any views or opinions expressed
 in this email are those of the author and do not represent those of
 the Amico Corporation. Warning: Although precautions have been taken to make
 sure no viruses are present in this email, the company cannot accept
 responsibility for any loss or damage that arise from the use of this email
 or attachments.







~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

feeling quite dumb today - could use some help

2009-01-07 Thread Bryan Garmon
I'm trying to setup a simple lab and something just isn't working. I could
use some help.

Server A - 2003 AD DC with DNS - connects to internet just great using local
DNS server which forwards requests to ISP.

Server B - part of 2003 AD Domain - using DNS Server on Server A and using
gateway that matches Server A's IP address.

Static IPs on both servers.

Server B can't get to the internet.

Is this because I should have the gateway of Server B set to the Gateway of
the internet facing router? Or is this something I've done wrong when
DCPromo ran and installed and configured DNS?

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

RE: feeling quite dumb today - could use some help

2009-01-07 Thread Kim Longenbaugh
Server B should use the same gateway that Server A is using.

 



From: Bryan Garmon [mailto:bryan.gar...@gmail.com] 
Sent: Wednesday, January 07, 2009 1:28 PM
To: NT System Admin Issues
Subject: feeling quite dumb today - could use some help

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

Cisco Catalyst command question

2009-01-07 Thread Joe Heaton
I need to enable SNMP on my Catalyst.  I've found 3 SNMP commands, and
need to know which/how to use them:

 

Snmp-server enable traps - Is this the command to enable SNMP?  How do I
use this generically, to simply turn snmp on so that my network
monitoring tool can identify the box, and monitor the ports?

 

Snmp-server host - Do I need to specify the machine that's going to be
doing snmp queries, or can I just leave it open?  Is it dangerous not to
specify a host?

 

Snmp-server community - self explanatory, to set the community string,
with the access rights.

 

 

From what I'm reading in the Command Reference, it appears that I want
to use the snmp-server host command, specify the specific host, and
leave it at that.  Is that the approved method?

 

Joe Heaton

AISA

Employment Training Panel

1100 J Street, 4th Floor

Sacramento, CA  95814

(916) 327-5276

jhea...@etp.ca.gov

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

Re: feeling quite dumb today - could use some help

2009-01-07 Thread Bryan Garmon
Thank you -that fixed that issue. Second pressing problem - In this simple
setup - from Server B - I type nslookup

and get Can't find server name for address W.X.Y.Z: Non-existent domain.
Default Server: Unknown Address: W.Z.Y.Z.

thoughts?

On Wed, Jan 7, 2009 at 2:35 PM, Kim Longenbaugh k...@colonialsavings.comwrote:

  Server B should use the same gateway that Server A is using.


  --

 *From:* Bryan Garmon [mailto:bryan.gar...@gmail.com]
 *Sent:* Wednesday, January 07, 2009 1:28 PM
 *To:* NT System Admin Issues
 *Subject:* feeling quite dumb today - could use some help














~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

RE: New DL380 G5

2009-01-07 Thread Barsodi.John
Use the latest firmware CD from HP.com, not smartstart.

- John Barsodi
From: Stefan Jafs [mailto:sj...@amico.com]
Sent: Wednesday, January 07, 2009 11:14 AM
To: NT System Admin Issues
Subject: New DL380 G5

Ok, I'm getting ready for my VMware install, I would like to make sure my two 
new servers have the latest firmware before I install anything.
What's the best way? Do I just insert the SmartStart and it will ask me for the 
latest ProLiant Support Pack?
I need to install the second processor and apparently it's important to have 
the latest ROM update before installing the second processor.

__
Stefan Jafs


This email and any attached files are confidential and intended solely for the 
intended recipient(s). If you are not the named recipient you should not read, 
distribute, copy or alter this email. Any views or opinions expressed in this 
email are those of the author and do not represent those of the Amico 
Corporation. Warning: Although precautions have been taken to make sure no 
viruses are present in this email, the company cannot accept responsibility for 
any loss or damage that arise from the use of this email or attachments.






~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

RE: New DL380 G5

2009-01-07 Thread Joseph L. Casale
Don't know how you figure that? If you buy a server at some date when revision 
X of firmware is out, how do you make it dual procced? Next month revision X+1 
is out?
Not logical...

Toss the firmware cd in, or mount the iso via ilo and give'er.

jlc

From: Stefan Jafs [mailto:sj...@amico.com]
Sent: Wednesday, January 07, 2009 12:14 PM
To: NT System Admin Issues
Subject: New DL380 G5

Ok, I'm getting ready for my VMware install, I would like to make sure my two 
new servers have the latest firmware before I install anything.
What's the best way? Do I just insert the SmartStart and it will ask me for the 
latest ProLiant Support Pack?
I need to install the second processor and apparently it's important to have 
the latest ROM update before installing the second processor.

__
Stefan Jafs


This email and any attached files are confidential and intended solely for the 
intended recipient(s). If you are not the named recipient you should not read, 
distribute, copy or alter this email. Any views or opinions expressed in this 
email are those of the author and do not represent those of the Amico 
Corporation. Warning: Although precautions have been taken to make sure no 
viruses are present in this email, the company cannot accept responsibility for 
any loss or damage that arise from the use of this email or attachments.






~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

RE: Gotta Get Me Some o' Dat!

2009-01-07 Thread Jake Gardner
110?  But mine goes to 150!
http://www.switched.com/2007/12/27/worlds-largest-tv-measures-in-at-150-
inches/
 
Thanks,
 
Jake Gardner
TTC Network Administrator
Ext. 246
 



From: Roger Wright [mailto:rwri...@evatone.com] 
Sent: Wednesday, January 07, 2009 1:51 PM
To: NT System Admin Issues
Subject: OT: Gotta Get Me Some o' Dat!



Perfect for the home office:

 

http://www.engadget.com/2007/06/08/jvcs-worlds-largest-tv-110-inches-and
-728-pounds-of-hd/

 

 

 

Roger Wright

Network Administrator

Evatone, Inc.

727.572.7076  x388

  

 

_

 


 

 


***Teletronics Technology Corporation*** 
This e-mail is confidential and may also be privileged.  If you are not the 
addressee or authorized by the addressee to receive this e-mail, you may not 
disclose, copy, distribute, or use this e-mail. If you have received this 
e-mail in error, please notify the sender immediately by reply e-mail or by 
telephone at 267-352-2020 and destroy this message and any copies.  Thank you.

***



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~image002.jpg

RE: New DL380 G5

2009-01-07 Thread Stefan Jafs
Perfect that's what I was looking for, Thanks

 

___

Stefan Jafs

 

From: Barsodi.John [mailto:john.bars...@igt.com] 
Sent: Wednesday, January 07, 2009 2:39 PM
To: NT System Admin Issues
Subject: RE: New DL380 G5

 

Use the latest firmware CD from HP.com, not smartstart.

 

- John Barsodi

From: Stefan Jafs [mailto:sj...@amico.com] 
Sent: Wednesday, January 07, 2009 11:14 AM
To: NT System Admin Issues
Subject: New DL380 G5

 

Ok, I'm getting ready for my VMware install, I would like to make sure
my two new servers have the latest firmware before I install anything.

What's the best way? Do I just insert the SmartStart and it will ask me
for the latest ProLiant Support Pack?

I need to install the second processor and apparently it's important to
have the latest ROM update before installing the second processor.

 

__
Stefan Jafs

 

This email and any attached files are confidential and intended solely
for the intended recipient(s). If you are not the named recipient you
should not read, distribute, copy or alter this email. Any views or
opinions expressed in this email are those of the author and do not
represent those of the Amico Corporation. Warning: Although precautions
have been taken to make sure no viruses are present in this email, the
company cannot accept responsibility for any loss or damage that arise
from the use of this email or attachments.

 

 

 

 

 

 



This email and any attached files are confidential and intended solely for the 
intended recipient(s). If you are not the named recipient you should not read, 
distribute, copy or alter this email. Any views or opinions expressed in this 
email are those of the author and do not represent those of the Amico 
Corpoartion company. Warning: Although precautions have been taken to make sure 
no viruses are present in this email, the company cannot accept responsibility 
for any loss or damage that arise from the use of this email or attachments.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

RE: feeling quite dumb today - could use some help

2009-01-07 Thread Christopher Bodnar
 

Is there a reverse lookup zone setup for the domain? Is there a PTR record
for server A?

 

 

Chris Bodnar, MCSE
Sr. Systems Engineer
Distributed Systems Service Delivery - Intel Services
Guardian Life Insurance Company of America
Email: christopher_bod...@glic.com
Phone: 610-807-6459
Fax: 610-807-6003

  _  

From: Bryan Garmon [mailto:bryan.gar...@gmail.com] 
Sent: Wednesday, January 07, 2009 2:39 PM
To: NT System Admin Issues
Subject: Re: feeling quite dumb today - could use some help

 

 

 Thank you -that fixed that issue. Second pressing problem - In this
simple setup - from Server B - I type nslookup

 

and get Can't find server name for address W.X.Y.Z: Non-existent domain.
Default Server: Unknown Address: W.Z.Y.Z.

 

thoughts? 

On Wed, Jan 7, 2009 at 2:35 PM, Kim Longenbaugh k...@colonialsavings.com
wrote:

Server B should use the same gateway that Server A is using.

 



-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

Re: Gotta Get Me Some o' Dat!

2009-01-07 Thread James Kerr
I'd prefer the cosplay girl next to it thanks.
  - Original Message - 
  From: Jake Gardner 
  To: NT System Admin Issues 
  Sent: Wednesday, January 07, 2009 2:42 PM
  Subject: RE: Gotta Get Me Some o' Dat!


  110?  But mine goes to 150!
  
http://www.switched.com/2007/12/27/worlds-largest-tv-measures-in-at-150-inches/

  Thanks,

  Jake Gardner
  TTC Network Administrator
  Ext. 246




--
  From: Roger Wright [mailto:rwri...@evatone.com] 
  Sent: Wednesday, January 07, 2009 1:51 PM
  To: NT System Admin Issues
  Subject: OT: Gotta Get Me Some o' Dat!


  Perfect for the home office:

   

  
http://www.engadget.com/2007/06/08/jvcs-worlds-largest-tv-110-inches-and-728-pounds-of-hd/

   

   

   

  Roger Wright

  Network Administrator

  Evatone, Inc.

  727.572.7076  x388





  _

   






 





 
  ***Teletronics Technology Corporation*** 
  This e-mail is confidential and may also be privileged.  If you are not the 
addressee or authorized by the addressee to receive this e-mail, you may not 
disclose, copy, distribute, or use this e-mail. If you have received this 
e-mail in error, please notify the sender immediately by reply e-mail or by 
telephone at 267-352-2020 and destroy this message and any copies.  

  Thank you.

  ***

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~image002.jpg

Re: feeling quite dumb today - could use some help

2009-01-07 Thread Bryan Garmon
Yes, I added a reverse lookup zone for the domain.

DNS shows an SOA record, a NS record, and 3 Host (A) records - all of which
point to the 2 servers in question.



On Wed, Jan 7, 2009 at 2:47 PM, Christopher Bodnar 
christopher_bod...@glic.com wrote:



 Is there a reverse lookup zone setup for the domain? Is there a PTR record
 for server A?





 Chris Bodnar, MCSE
 Sr. Systems Engineer
 Distributed Systems Service Delivery - Intel Services
 Guardian Life Insurance Company of America
 Email: christopher_bod...@glic.com
 Phone: 610-807-6459
 Fax: 610-807-6003
  --

 *From:* Bryan Garmon [mailto:bryan.gar...@gmail.com]
 *Sent:* Wednesday, January 07, 2009 2:39 PM
 *To:* NT System Admin Issues
 *Subject:* Re: feeling quite dumb today - could use some help





  Thank you -that fixed that issue. Second pressing problem - In this simple
 setup - from Server B - I type nslookup



 and get Can't find server name for address W.X.Y.Z: Non-existent domain.
 Default Server: Unknown Address: W.Z.Y.Z.



 thoughts?

 On Wed, Jan 7, 2009 at 2:35 PM, Kim Longenbaugh k...@colonialsavings.com
 wrote:

 Server B should use the same gateway that Server A is using.








  --

 *This message, and any attachments to it, may contain information that is
 privileged, confidential, and exempt from disclosure under applicable law.
 If the reader of this message is not the intended recipient, you are
 notified that any use, dissemination, distribution, copying, or
 communication of this message is strictly prohibited. If you have received
 this message in error, please notify the sender immediately by return e-mail
 and delete the message and any attachments. Thank you. *


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

RE: feeling quite dumb today - could use some help

2009-01-07 Thread Christopher Bodnar
But is there a PTR record in the reverse lookup zone?

 

Can you do an nslookup on the IP address of server A? 

 

Nslookup 10.x.x.x

 

 

 

 

Chris Bodnar, MCSE
Sr. Systems Engineer
Distributed Systems Service Delivery - Intel Services
Guardian Life Insurance Company of America
Email: christopher_bod...@glic.com
Phone: 610-807-6459
Fax: 610-807-6003

  _  

From: Bryan Garmon [mailto:bryan.gar...@gmail.com] 
Sent: Wednesday, January 07, 2009 3:04 PM
To: NT System Admin Issues
Subject: Re: feeling quite dumb today - could use some help

 

 

 



-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

RE: Cisco Catalyst command question

2009-01-07 Thread Rohyans, Aaron
snmp-server enable traps just enables the switch/router to begin
sending trap events as they occur to the host that you provided in the
snmp-server host command.  Once you turn it on... issue the show run
command and you'll see that the switch actually enabled a bunch more
automatically for you.  The snmp-server community command is what
needs to be setup to allow an SNMP station to poll it for information
(Read Only), or write information to it (Read Write).  For simple
SNMPv1, I like to use this config:

 

access-list 99 permit 192.168.1.0 0.0.0.255

 

snmp-server community R3aD0n1Y R3adWr1t3 99

snmp-server location 1234 Some Street, Nowhereville, NW

snmp-server contact John Smith - (123) 555-1212

snmp-server chassis-id CATSWITCH01

 

For a more secure implementation, look into v2 or v3 of SNMP as they add
encryption and authentication to messages that traverse the wire.

 

Hope this helps!

 

Aaron T. Rohyans
Senior Network Engineer

CCIE #21945, CCSP, CCNA, CQS-Firewall, CQS-IDS, CQS-VPN, ISSP, CISP,
JNCIA-ER

DPSciences Corporation
7400 N. Shadeland Ave., Suite 245

Indianapolis, IN 46250
Office:  (317) 849-6772 x 7626
Fax:   (317) 849-7134
arohy...@dpsciences.com mailto:dwiss...@dpsciences.com 
http://www.dpsciences.com/

 

From: Joe Heaton [mailto:jhea...@etp.ca.gov] 
Sent: Wednesday, January 07, 2009 2:38 PM
To: NT System Admin Issues
Subject: Cisco Catalyst command question

 

I need to enable SNMP on my Catalyst.  I've found 3 SNMP commands, and
need to know which/how to use them:

 

Snmp-server enable traps - Is this the command to enable SNMP?  How do I
use this generically, to simply turn snmp on so that my network
monitoring tool can identify the box, and monitor the ports?

 

Snmp-server host - Do I need to specify the machine that's going to be
doing snmp queries, or can I just leave it open?  Is it dangerous not to
specify a host?

 

Snmp-server community - self explanatory, to set the community string,
with the access rights.

 

 

From what I'm reading in the Command Reference, it appears that I want
to use the snmp-server host command, specify the specific host, and
leave it at that.  Is that the approved method?

 

Joe Heaton

AISA

Employment Training Panel

1100 J Street, 4th Floor

Sacramento, CA  95814

(916) 327-5276

jhea...@etp.ca.gov

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

Re: feeling quite dumb today - could use some help

2009-01-07 Thread Bryan Garmon
In the reverse lookup zone there is a SOA record for the DC (Server A) and
also a NS record for the DC (Server A)

And no - when I try nslookup on IP of server A it returns unknown - can't
find IP: Non-existent domain



On Wed, Jan 7, 2009 at 3:10 PM, Christopher Bodnar 
christopher_bod...@glic.com wrote:

  But is there a PTR record in the reverse lookup zone?



 Can you do an nslookup on the IP address of server A?



 Nslookup 10.x.x.x









 Chris Bodnar, MCSE
 Sr. Systems Engineer
 Distributed Systems Service Delivery - Intel Services
 Guardian Life Insurance Company of America
 Email: christopher_bod...@glic.com
 Phone: 610-807-6459
 Fax: 610-807-6003
  --

 *From:* Bryan Garmon [mailto:bryan.gar...@gmail.com]
 *Sent:* Wednesday, January 07, 2009 3:04 PM
 *To:* NT System Admin Issues
 *Subject:* Re: feeling quite dumb today - could use some help












  --

   *This message, and any attachments to it, may contain information that
 is privileged, confidential, and exempt from disclosure under applicable
 law. If the reader of this message is not the intended recipient, you are
 notified that any use, dissemination, distribution, copying, or
 communication of this message is strictly prohibited. If you have received
 this message in error, please notify the sender immediately by return e-mail
 and delete the message and any attachments. Thank you. *


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

RE: Cisco Catalyst command question

2009-01-07 Thread Joe Heaton
Perfect.  Thanks Phil, and Aaron.

Joe Heaton
Employment Training Panel

-Original Message-
From: Phil Brutsche [mailto:p...@optimumdata.com] 
Sent: Wednesday, January 07, 2009 12:14 PM
To: NT System Admin Issues
Subject: Re: Cisco Catalyst command question

It depends on what exactly you're going to do snmp-wise.

snmp-server enable traps enables the sending of SNMP traps, and
snmp-server host sets the host to send them to.

If you are going to generate bandwidth graphs with Cacti, MRTG or
something similar all you need to do is set the SNMP community, like so:

snmp-server community public RO

If you want to limit which hosts can perform snmp queries, you would do
something like this:

access-list 1 permit 192.168.0.0 0.0.0.255
snmp-server community public RO 1

Joe Heaton wrote:
 I need to enable SNMP on my Catalyst.  I've found 3 SNMP commands, and
 need to know which/how to use them:
 
  
 
 Snmp-server enable traps - Is this the command to enable SNMP?  How do
I
 use this generically, to simply turn snmp on so that my network
 monitoring tool can identify the box, and monitor the ports?
 
  
 
 Snmp-server host - Do I need to specify the machine that's going to be
 doing snmp queries, or can I just leave it open?  Is it dangerous not
to
 specify a host?
 
  
 
 Snmp-server community - self explanatory, to set the community string,
 with the access rights.

-- 

Phil Brutsche
p...@optimumdata.com


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


Re: feeling quite dumb today - could use some help

2009-01-07 Thread Bryan Garmon
Okay - I get it now - sorry - I now have PTR records in the reverse lookup
name for both Server A and Server B and NSlookup is now working as expected.
Thanks for the help.

On Wed, Jan 7, 2009 at 3:16 PM, Bryan Garmon bryan.gar...@gmail.com wrote:

  In the reverse lookup zone there is a SOA record for the DC (Server A)
 and also a NS record for the DC (Server A)

 And no - when I try nslookup on IP of server A it returns unknown - can't
 find IP: Non-existent domain



  On Wed, Jan 7, 2009 at 3:10 PM, Christopher Bodnar 
 christopher_bod...@glic.com wrote:

  But is there a PTR record in the reverse lookup zone?



 Can you do an nslookup on the IP address of server A?



 Nslookup 10.x.x.x









 Chris Bodnar, MCSE
 Sr. Systems Engineer
 Distributed Systems Service Delivery - Intel Services
 Guardian Life Insurance Company of America
 Email: christopher_bod...@glic.com
 Phone: 610-807-6459
 Fax: 610-807-6003
  --

 *From:* Bryan Garmon [mailto:bryan.gar...@gmail.com]
 *Sent:* Wednesday, January 07, 2009 3:04 PM
 *To:* NT System Admin Issues
 *Subject:* Re: feeling quite dumb today - could use some help












   --

   *This message, and any attachments to it, may contain information that
 is privileged, confidential, and exempt from disclosure under applicable
 law. If the reader of this message is not the intended recipient, you are
 notified that any use, dissemination, distribution, copying, or
 communication of this message is strictly prohibited. If you have received
 this message in error, please notify the sender immediately by return e-mail
 and delete the message and any attachments. Thank you. *








~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

File names that are too long - Can they be stopped?

2009-01-07 Thread Eric Wittersheim
Every year about this time I have to archive off data to media such as DVD
or CD and every year I run into problems because some of my users create
files that have names as long as a sentence or they are so far buried in a
folder structure that file copies fail, I cannot burn the files to CD, etc.
And every year after losing more of my hair I inform the users on the
restrictions of the NTFS file system and the importance on keeping names
short and sweet.  Either they don't listen or don't care because I keep
running into this problem.  Is there anyway to enforce a limit (Windows
Server 2000 and 2003) on the length of file names?

Thanks,

Eric

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

OT: Wednesday Funny

2009-01-07 Thread Michael B. Smith
BWAHAhahahahahah

 

http://www.flixxy.com/computer-history-ctrl-alt-del.htm

 

Regards,

 

Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP

My blog: http://TheEssentialExchange.com/blogs/michael

I'll be at TEC'2009! http://www.tec2009.com/vegas/index.php

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

Re: OT: Wednesday Funny

2009-01-07 Thread Jonathan Link
Reminds me of when I first saw NT, my first thought was how am I going to
warm boot this thing when it hangs.

On Wed, Jan 7, 2009 at 3:55 PM, Michael B. Smith 
mich...@theessentialexchange.com wrote:

BWAHAhahahahahah



 http://www.flixxy.com/computer-history-ctrl-alt-del.htm



 Regards,



 Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP

 My blog: 
 http://TheEssentialExchange.com/blogs/michaelhttp://theessentialexchange.com/blogs/michael

 I'll be at TEC'2009! http://www.tec2009.com/vegas/index.php









~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

Re: OT: Gotta Get Me Some o' Dat!

2009-01-07 Thread Micheal Espinola Jr
(sic)

--
ME2



On Wed, Jan 7, 2009 at 2:08 PM, Jacob ja...@excaliburfilms.com wrote:
 Pong Parties!

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


Re: Gotta Get Me Some o' Dat!

2009-01-07 Thread Micheal Espinola Jr
Finally, a heterosexual response.  rofl

--
ME2



On Wed, Jan 7, 2009 at 2:58 PM, James Kerr cluster...@gmail.com wrote:
 I'd prefer the cosplay girl next to it thanks.

 - Original Message -
 From: Jake Gardner
 To: NT System Admin Issues
 Sent: Wednesday, January 07, 2009 2:42 PM
 Subject: RE: Gotta Get Me Some o' Dat!
 110?  But mine goes to 150!
 http://www.switched.com/2007/12/27/worlds-largest-tv-measures-in-at-150-inches/

 Thanks,

 Jake Gardner
 TTC Network Administrator
 Ext. 246

 
 From: Roger Wright [mailto:rwri...@evatone.com]
 Sent: Wednesday, January 07, 2009 1:51 PM
 To: NT System Admin Issues
 Subject: OT: Gotta Get Me Some o' Dat!

 Perfect for the home office:



 http://www.engadget.com/2007/06/08/jvcs-worlds-largest-tv-110-inches-and-728-pounds-of-hd/







 Roger Wright

 Network Administrator

 Evatone, Inc.

 727.572.7076  x388



 _











 ***Teletronics Technology Corporation***
 This e-mail is confidential and may also be privileged.  If you are not the
 addressee or authorized by the addressee to receive this e-mail, you may not
 disclose, copy, distribute, or use this e-mail. If you have received this
 e-mail in error, please notify the sender immediately by reply e-mail or by
 telephone at 267-352-2020 and destroy this message and any copies.

 Thank you.

 ***





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~


RE: Wednesday Funny

2009-01-07 Thread Kim Longenbaugh
I love the look on Mike Gates' face when the IBM guy said I invented
it, but you made it famous

 



From: Michael B. Smith [mailto:mich...@theessentialexchange.com] 
Sent: Wednesday, January 07, 2009 2:55 PM
To: NT System Admin Issues
Subject: OT: Wednesday Funny

 

BWAHAhahahahahah

 

http://www.flixxy.com/computer-history-ctrl-alt-del.htm

 

Regards,

 

Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP

My blog: http://TheEssentialExchange.com/blogs/michael

I'll be at TEC'2009! http://www.tec2009.com/vegas/index.php

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

  1   2   >