Windows Audit logging and reporting
Hi chaps, I have a client that's dealing with an increasing number of blue chip firms and they are being asked, almost daily, to complete IT surveys about how they handle and do certain things internally. The main thing that has come up from this is that they really need to be able to show that they are able to log, and report on, various 'things'; mainly windows security audit logs, file access, permission changes, this kind of thing. Can anyone recommend an SME friendly package that will both allow them to store the mass of logs that will inevitably be created when they turn on full security auditing, as well as report on this data. I guess something that has an easy to use reporting/graphing tool inbuilt which can query it's own mass of data. The ability to also store/report on other kinds of log data may also be good. That will give something for my client to actually put in to the audit reporting section of these reports rather than just e :) Thanks Olly -- G2 Support Online Backups Email: oliver.marsh...@g2support.commailto:oliver.marsh...@g2support.com Web:http://www.g2support.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: P2V SBS aka two DC's
Thanks guys. A brainstorm I had tonight was to demote the non SBS DC so I am effectively P2V-ing a one DC environment, and if all looks good then re-DCPROMO the former DC back to it's former glory. if P2V blows up I have the physical SBS machine still. I hate not having a solid back-out plan. Option C would be to power off the non SBS DC during the *entire* event, that way I maintain a DC if the P2V goes amazingly hayware and both new and old SBS burst into flames. I view backups as a latch ditch plan Z, I like to have a non-backup/restore as plan B. I do realize I might be over cautious here since - as stated - my P2V test with the target new server OS went fine, the only thing different for production is the box getting converted is different hardware than my test, which should hardly matter. The test environment P2V'd a white box ASUS system, the real system is a Dell PowerEdge so I think it should actually be more compatible. My VM setup is Server 2008 w/ Hyper-V and using System Center Virtual Machine Manager handling the P2V itself. Like VMWare, P2V-ing is crazy-easy, but I'd like to keep ol' Murphy at bay regardless Dave From: Benjamin Zachary - Lists [li...@levelfive.us] Sent: Tuesday, January 06, 2009 6:22 PM To: NT System Admin Issues Subject: RE: P2V SBS aka two DC's I have had such good success with vmware convertor 3 (not 4 beta) I just get a good backup, convert it and run it. In all of the multiDC environments I have done this the only problem I ever run into is the time being off by too much. From: David Lum [mailto:david@nwea.org] Sent: Tuesday, January 06, 2009 17:25 To: NT System Admin Issues Subject: P2V SBS aka two DC's Has anyone here P2V’d a couple of DC’s? I P2V’d an SBS server in test and it went fine – my concern is how to handle it in production when there’s a SBS server AND a 2nd DC involved. At some point I need to make the 2nd DC think that the first DC was just powered off for a bit. Would it work if I: 1) Do an offline P2V (read: the system (ServerA) P2V does a PXE boot into the host Hyper-V machine to get VM’d), 2) Leave physical ServerA off once it’s P2V’d 3) Bring up the VM of ServerA? My thinking here is each DC would just think ServerA was powered off for a few hours, does this sound correct? Question 2: If I need to roll back to physical ServerA….ServerB (the 2nd DC) will now have thought it’s talked to ServerA since the P2V outage, but effectively ServerA will have suffered a time warp by several hours, right? David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: P2V SBS aka two DC's
We did that here with our SBS 2003 setup and a few old boxes that were actually as GC's etc. The SBS box was creaking along and blue screening so we P2V'd that and then went nuts and did the other old boxes. We just P2V'd it in the same way you described, leaving the SBS physical box off after the p2v process. The only difference was that we did it via a 3rd party tool (shadowprotect) in to a blank VM as we were worried the sheer age of the SBS hardware would cause issues when we fired up the VM. Olly -- G2 Support Online Backups Email: oliver.marsh...@g2support.commailto:oliver.marsh...@g2support.com Web:http://www.g2support.com From: David Lum [mailto:david@nwea.org] Sent: 07 January 2009 08:47 To: NT System Admin Issues Subject: RE: P2V SBS aka two DC's Thanks guys. A brainstorm I had tonight was to demote the non SBS DC so I am effectively P2V-ing a one DC environment, and if all looks good then re-DCPROMO the former DC back to it's former glory. if P2V blows up I have the physical SBS machine still. I hate not having a solid back-out plan. Option C would be to power off the non SBS DC during the *entire* event, that way I maintain a DC if the P2V goes amazingly hayware and both new and old SBS burst into flames. I view backups as a latch ditch plan Z, I like to have a non-backup/restore as plan B. I do realize I might be over cautious here since - as stated - my P2V test with the target new server OS went fine, the only thing different for production is the box getting converted is different hardware than my test, which should hardly matter. The test environment P2V'd a white box ASUS system, the real system is a Dell PowerEdge so I think it should actually be more compatible. My VM setup is Server 2008 w/ Hyper-V and using System Center Virtual Machine Manager handling the P2V itself. Like VMWare, P2V-ing is crazy-easy, but I'd like to keep ol' Murphy at bay regardless Dave From: Benjamin Zachary - Lists [li...@levelfive.us] Sent: Tuesday, January 06, 2009 6:22 PM To: NT System Admin Issues Subject: RE: P2V SBS aka two DC's I have had such good success with vmware convertor 3 (not 4 beta) I just get a good backup, convert it and run it. In all of the multiDC environments I have done this the only problem I ever run into is the time being off by too much. From: David Lum [mailto:david@nwea.org] Sent: Tuesday, January 06, 2009 17:25 To: NT System Admin Issues Subject: P2V SBS aka two DC's Has anyone here P2V'd a couple of DC's? I P2V'd an SBS server in test and it went fine - my concern is how to handle it in production when there's a SBS server AND a 2nd DC involved. At some point I need to make the 2nd DC think that the first DC was just powered off for a bit. Would it work if I: 1) Do an offline P2V (read: the system (ServerA) P2V does a PXE boot into the host Hyper-V machine to get VM'd), 2) Leave physical ServerA off once it's P2V'd 3) Bring up the VM of ServerA? My thinking here is each DC would just think ServerA was powered off for a few hours, does this sound correct? Question 2: If I need to roll back to physical ServerAServerB (the 2nd DC) will now have thought it's talked to ServerA since the P2V outage, but effectively ServerA will have suffered a time warp by several hours, right? David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Windows Audit logging and reporting
Have you checked the kiwi site. Although I got an email yesterday from SolarWinds that they have bought Kiwi and all of their products. dave From: Oliver Marshall [mailto:oliver.marsh...@g2support.com] Sent: Wednesday, January 07, 2009 1:30 AM To: NT System Admin Issues Subject: Windows Audit logging and reporting Hi chaps, I have a client that's dealing with an increasing number of blue chip firms and they are being asked, almost daily, to complete IT surveys about how they handle and do certain things internally. The main thing that has come up from this is that they really need to be able to show that they are able to log, and report on, various 'things'; mainly windows security audit logs, file access, permission changes, this kind of thing. Can anyone recommend an SME friendly package that will both allow them to store the mass of logs that will inevitably be created when they turn on full security auditing, as well as report on this data. I guess something that has an easy to use reporting/graphing tool inbuilt which can query it's own mass of data. The ability to also store/report on other kinds of log data may also be good. That will give something for my client to actually put in to the audit reporting section of these reports rather than just e J Thanks Olly -- G2 Support Online Backups Email: oliver.marsh...@g2support.com Web:http://www.g2support.com This message contains confidential information and is intended only for the intended recipient(s). If you are not the named recipient you should not read, distribute or copy this e-mail. Please notify the sender immediately via e-mail if you have received this e-mail by mistake; then, delete this e-mail from your system. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Active Directory attribute query
Hi all, Happy New Year, etc. For some reason the default printer for our users is set via an Active Directory attribute (don't ask why, before my time). I was wondering if there is any easy way to be able to change this, preferably through ADUC? At the minute I can only do it via Adsiedit.msc, which is not really what I want to be teaching my two newly-supplied first-line minions to utilise, as I can envisage one of them changing the wrong attribute and making an arse out of it. All suggestions welcome, Windows 2003 native AD. TIA, JRR ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Active Directory attribute query
Dsquery/dsmod; perhaps in an HTA wrapper - or a CMD/BAT wrapper would be easier. Similar idea for adfind/admod. Regards, Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP My blog: http://TheEssentialExchange.com/blogs/michael I'll be at TEC'2009! http://www.tec2009.com/vegas/index.php From: James Rankin [mailto:kz2...@googlemail.com] Sent: Wednesday, January 07, 2009 6:42 AM To: NT System Admin Issues Subject: Active Directory attribute query Hi all, Happy New Year, etc. For some reason the default printer for our users is set via an Active Directory attribute (don't ask why, before my time). I was wondering if there is any easy way to be able to change this, preferably through ADUC? At the minute I can only do it via Adsiedit.msc, which is not really what I want to be teaching my two newly-supplied first-line minions to utilise, as I can envisage one of them changing the wrong attribute and making an arse out of it. All suggestions welcome, Windows 2003 native AD. TIA, JRR ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Active Directory attribute query
Hmmm, yeah, I could probably dust off my old batch skills and come up with something along those lines. I will have a look-see Cheers, 2009/1/7 Michael B. Smith mich...@theessentialexchange.com Dsquery/dsmod; perhaps in an HTA wrapper – or a CMD/BAT wrapper would be easier. Similar idea for adfind/admod. Regards, Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP My blog: http://TheEssentialExchange.com/blogs/michael I'll be at TEC'2009! http://www.tec2009.com/vegas/index.php *From:* James Rankin [mailto:kz2...@googlemail.com] *Sent:* Wednesday, January 07, 2009 6:42 AM *To:* NT System Admin Issues *Subject:* Active Directory attribute query Hi all, Happy New Year, etc. For some reason the default printer for our users is set via an Active Directory attribute (don't ask why, before my time). I was wondering if there is any easy way to be able to change this, preferably through ADUC? At the minute I can only do it via Adsiedit.msc, which is not really what I want to be teaching my two newly-supplied first-line minions to utilise, as I can envisage one of them changing the wrong attribute and making an arse out of it. All suggestions welcome, Windows 2003 native AD. TIA, JRR ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: OT : Anti-Phishing training game
I tried this link and can't seem to get to any sites at cups.cs.cmu.edu. Is this site no longer functional. I even googled for it and the links show up but still I only get page not found. On Tue, Jan 6, 2009 at 4:09 PM, Erik Goldoff egold...@gmail.com wrote: Cute, if slow, game for teaching regular folks how to spot Phishing scams in browser URLs ... http://cups.cs.cmu.edu/antiphishing_phil/new/index.html Erik Goldoff *IT Consultant* *Systems, Networks, Security * -- Thanks Dave Vantine ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: A little OT: Cisco VPN Concentrator
I am doing one now (during my free time). Pretty painless but I did notice changes to the the VPN setup when I enabled our new security license extending out VPN options to allow for clientless and more clients to connect. I am stuck at the moment trying to make sure the settings I need are correct with the license changes in place. You may want to get the Smartnet contract as well as the last Java update is suppose to kill the GUI interface that shipped with my ASA. Jon On Tue, Jan 6, 2009 at 3:38 PM, Bob Fronk b...@btrfronk.com wrote: Anyone with PIX to ASA conversion experience care to weigh in? Sticking with Cisco due to current Cisco VOIP project and remote sites. -Original Message- From: Bob Fronk [mailto:b...@btrfronk.com] Sent: Tuesday, January 06, 2009 3:12 PM To: NT System Admin Issues Subject: RE: A little OT: Cisco VPN Concentrator Ok... time to shop for an ASA. -Original Message- From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Tuesday, January 06, 2009 3:06 PM To: NT System Admin Issues Subject: Re: A little OT: Cisco VPN Concentrator I skimmed the tech docs, faqs, and vvarious other sheets too. 4mbps max throughput is the number I saw. I read about limiting issues when using compression, and another vague reference to the amount of simultaneous connections. All vague, with no substance. -- ME2 On Tue, Jan 6, 2009 at 2:59 PM, Brian Prentiss bprent...@gmail.com wrote: Data Sheet http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5743/ps5749/ps2284/ product_data_sheet09186a00801d3b56.html On Tue, Jan 6, 2009 at 12:58 PM, Brian Prentiss bprent...@gmail.com wrote: http://supportwiki.cisco.com/ViewWiki/index.php/Cisco_VPN_3005_Concentra tor This doc states max as 4Mbps. Apparently it is software only, and is discontinued at this point. I think the suggested replacement is an ASA (sized depending on what kind of throughput the requirements are). I couldn't find a data sheet. I hope that helps, Brian On Tue, Jan 6, 2009 at 12:22 PM, Bob Fronk b...@btrfronk.com wrote: I am using a Cisco VPN Concentrator 3005 as an endpoint for mobile users and small remote sites. Lately I have found that remote sites can only pull down 2.8mpbs over the VPN. We have a DS3, so I would expect the remote clients to be able to pull down their full bandwidth, depending on connection (DSL / Cable). I have tested this at two sites, each with over 10mbs available to them for download. When off VPN, they get the full 10mbps, when VPN is connected (which forces all traffic across the VPN) the download speed drops back to 2.8mbps. I can't seem to locate the bottle neck producing setting inside the VPN concentrator. Appreciate any suggestions. Thanks. Bob ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Server OS Reinstall
I've got a server (Server 2003 R2) that conked out on me over the Christmas holidays. I'm not quite sure what went wrong--the hardware seems to be okay. But there was some sort of corruption in the RAID array and the OS gives a stop 0x0024 every time it goes to boot. A fresh OS install won't be too painful, because this server was only a DC/DHCP/DNS server. But my question is this... When I reinstall, should I give the server the same name it had before? Or will that confuse Active Directory? And if I give it a different name, how do I remove all references to the old server name from AD? Just wondering what best practices are. Amazingly, I've never had to do this before in my years as a sysadmin. Just lucky, I guess! John Hornbuckle MIS Department Taylor County School District 318 North Clark Street Perry, FL 32347 www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Windows 2008 Terminal Server, Citrix, or both?
Hi Folks, I currently have a Citrix Presentation Server (or whatever it's called this week) for all remote users, and some internal users. I also use the Citrix Access Gateway appliance for external users, which I really like. I am going to stand up a new Terminal Server/Citrix farm in the next few months to specifically dedicated to a particular application. I am wondering if I can just use Windows 2008 Terminal Server and forgo the Citrix part? I do like Citrix but it would add over $100k to licensing costs, and that does not include Citrix Access Gateway licenses. I will also need to provide some sort of secure remote access, if I use Terminal Server only, similar to the Citrix Access Gateway. I am currently on Terminal Server 2003 and I understand 2008 is much better. Suggestions and comments appreciated. Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Server OS Reinstall
I never reuse a DC name, even if I removed it gracefully. That may be a bit overkill, but I would strongly advise against reusing a name on a failed DC. You can clean it out of AD, and you will need to but I still wouldn't reuse the name. I have always done a manual removal with the info in this article: http://www.petri.co.il/delete_failed_dcs_from_ad.htm -Original Message- From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, January 07, 2009 9:18 AM To: NT System Admin Issues Subject: Server OS Reinstall I've got a server (Server 2003 R2) that conked out on me over the Christmas holidays. I'm not quite sure what went wrong--the hardware seems to be okay. But there was some sort of corruption in the RAID array and the OS gives a stop 0x0024 every time it goes to boot. A fresh OS install won't be too painful, because this server was only a DC/DHCP/DNS server. But my question is this... When I reinstall, should I give the server the same name it had before? Or will that confuse Active Directory? And if I give it a different name, how do I remove all references to the old server name from AD? Just wondering what best practices are. Amazingly, I've never had to do this before in my years as a sysadmin. Just lucky, I guess! John Hornbuckle MIS Department Taylor County School District 318 North Clark Street Perry, FL 32347 www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Server OS Reinstall
I believe you can use the Network ID instead of Join Domain after your install and select/choose the old name from AD Thanks, Jake Gardner TTC Network Administrator Ext. 246 -Original Message- From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, January 07, 2009 9:18 AM To: NT System Admin Issues Subject: Server OS Reinstall I've got a server (Server 2003 R2) that conked out on me over the Christmas holidays. I'm not quite sure what went wrong--the hardware seems to be okay. But there was some sort of corruption in the RAID array and the OS gives a stop 0x0024 every time it goes to boot. A fresh OS install won't be too painful, because this server was only a DC/DHCP/DNS server. But my question is this... When I reinstall, should I give the server the same name it had before? Or will that confuse Active Directory? And if I give it a different name, how do I remove all references to the old server name from AD? Just wondering what best practices are. Amazingly, I've never had to do this before in my years as a sysadmin. Just lucky, I guess! John Hornbuckle MIS Department Taylor County School District 318 North Clark Street Perry, FL 32347 www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ***Teletronics Technology Corporation*** This e-mail is confidential and may also be privileged. If you are not the addressee or authorized by the addressee to receive this e-mail, you may not disclose, copy, distribute, or use this e-mail. If you have received this e-mail in error, please notify the sender immediately by reply e-mail or by telephone at 267-352-2020 and destroy this message and any copies. Thank you. *** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: OT : Anti-Phishing training game
still comes up functional for me Erik Goldoff IT Consultant Systems, Networks, Security _ From: vbs [mailto:dvant...@gmail.com] Sent: Wednesday, January 07, 2009 8:13 AM To: NT System Admin Issues Subject: Re: OT : Anti-Phishing training game I tried this link and can't seem to get to any sites at cups.cs.cmu.edu. Is this site no longer functional. I even googled for it and the links show up but still I only get page not found. On Tue, Jan 6, 2009 at 4:09 PM, Erik Goldoff egold...@gmail.com wrote: Cute, if slow, game for teaching regular folks how to spot Phishing scams in browser URLs ... http://cups.cs.cmu.edu/antiphishing_phil/new/index.html Erik Goldoff IT Consultant Systems, Networks, Security -- Thanks Dave Vantine ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Server OS Reinstall
I have done this many times with no ill affects. Here is the MS documentation on the process: http://support.microsoft.com/kb/216498 I personally have never had an issue with using this procedure and using the same name. YMMV Chris Bodnar, MCSE Sr. Systems Engineer Distributed Systems Service Delivery - Intel Services Guardian Life Insurance Company of America Email: christopher_bod...@glic.com Phone: 610-807-6459 Fax: 610-807-6003 -Original Message- From: john.hornbuc...@taylor.k12.fl.us [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, January 07, 2009 9:18 AM To: NT System Admin Issues Subject: Server OS Reinstall I've got a server (Server 2003 R2) that conked out on me over the Christmas holidays. I'm not quite sure what went wrong--the hardware seems to be okay. But there was some sort of corruption in the RAID array and the OS gives a stop 0x0024 every time it goes to boot. A fresh OS install won't be too painful, because this server was only a DC/DHCP/DNS server. But my question is this... When I reinstall, should I give the server the same name it had before? Or will that confuse Active Directory? And if I give it a different name, how do I remove all references to the old server name from AD? Just wondering what best practices are. Amazingly, I've never had to do this before in my years as a sysadmin. Just lucky, I guess! John Hornbuckle MIS Department Taylor County School District 318 North Clark Street Perry, FL 32347 www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ - This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: OT : Anti-Phishing training game
You could try and use it at the publisher's web site, here: http://wombatsecurity.com/antiphishing_phil/index.html -- ME2 On Wed, Jan 7, 2009 at 9:39 AM, Erik Goldoff egold...@gmail.com wrote: still comes up functional for me Erik Goldoff IT Consultant Systems, Networks, Security From: vbs [mailto:dvant...@gmail.com] Sent: Wednesday, January 07, 2009 8:13 AM To: NT System Admin Issues Subject: Re: OT : Anti-Phishing training game I tried this link and can't seem to get to any sites at cups.cs.cmu.edu. Is this site no longer functional. I even googled for it and the links show up but still I only get page not found. On Tue, Jan 6, 2009 at 4:09 PM, Erik Goldoff egold...@gmail.com wrote: Cute, if slow, game for teaching regular folks how to spot Phishing scams in browser URLs ... http://cups.cs.cmu.edu/antiphishing_phil/new/index.html Erik Goldoff IT Consultant Systems, Networks, Security -- Thanks Dave Vantine ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Server OS Reinstall
Usually the C24 Stop error is registry corruption, I have seen this a few times, if you have a backup of your Software Hive you can problem boot to a new partition and replace the old one, with the backup and point back to affected system and boot successful. If you don't want to go through that pain. Do a standard build, don't add to domain and then restore from tape accordingly. Z Edward E. Ziots Network Engineer Lifespan Organization Email: ezi...@lifespan.org Phone: 401-639-3505 MCSE, MCP+I, ME, CCA, Security +, Network + -Original Message- From: Christopher Bodnar [mailto:christopher_bod...@glic.com] Sent: Wednesday, January 07, 2009 9:43 AM To: NT System Admin Issues Subject: RE: Server OS Reinstall I have done this many times with no ill affects. Here is the MS documentation on the process: http://support.microsoft.com/kb/216498 I personally have never had an issue with using this procedure and using the same name. YMMV Chris Bodnar, MCSE Sr. Systems Engineer Distributed Systems Service Delivery - Intel Services Guardian Life Insurance Company of America Email: christopher_bod...@glic.com Phone: 610-807-6459 Fax: 610-807-6003 -Original Message- From: john.hornbuc...@taylor.k12.fl.us [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, January 07, 2009 9:18 AM To: NT System Admin Issues Subject: Server OS Reinstall I've got a server (Server 2003 R2) that conked out on me over the Christmas holidays. I'm not quite sure what went wrong--the hardware seems to be okay. But there was some sort of corruption in the RAID array and the OS gives a stop 0x0024 every time it goes to boot. A fresh OS install won't be too painful, because this server was only a DC/DHCP/DNS server. But my question is this... When I reinstall, should I give the server the same name it had before? Or will that confuse Active Directory? And if I give it a different name, how do I remove all references to the old server name from AD? Just wondering what best practices are. Amazingly, I've never had to do this before in my years as a sysadmin. Just lucky, I guess! John Hornbuckle MIS Department Taylor County School District 318 North Clark Street Perry, FL 32347 www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ - This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Server OS Reinstall
This looks promising. Although I'm worried about the warning: The administrator must also make sure that replication has occurred since the demotion before manually removing the NTDS Settings object for any server. Using the Ntdsutil utility incorrectly may result in partial or complete loss of Active Directory functionality. There was no demotion, though, since the server went down unexpectedly. Does that matter? You just do the 20 steps listed under ntdsutil? -Original Message- From: Christopher Bodnar [mailto:christopher_bod...@glic.com] Sent: Wednesday, January 07, 2009 9:43 AM To: NT System Admin Issues Subject: RE: Server OS Reinstall I have done this many times with no ill affects. Here is the MS documentation on the process: http://support.microsoft.com/kb/216498 I personally have never had an issue with using this procedure and using the same name. YMMV Chris Bodnar, MCSE Sr. Systems Engineer Distributed Systems Service Delivery - Intel Services Guardian Life Insurance Company of America Email: christopher_bod...@glic.com Phone: 610-807-6459 Fax: 610-807-6003 -Original Message- From: john.hornbuc...@taylor.k12.fl.us [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, January 07, 2009 9:18 AM To: NT System Admin Issues Subject: Server OS Reinstall I've got a server (Server 2003 R2) that conked out on me over the Christmas holidays. I'm not quite sure what went wrong--the hardware seems to be okay. But there was some sort of corruption in the RAID array and the OS gives a stop 0x0024 every time it goes to boot. A fresh OS install won't be too painful, because this server was only a DC/DHCP/DNS server. But my question is this... When I reinstall, should I give the server the same name it had before? Or will that confuse Active Directory? And if I give it a different name, how do I remove all references to the old server name from AD? Just wondering what best practices are. Amazingly, I've never had to do this before in my years as a sysadmin. Just lucky, I guess! John Hornbuckle MIS Department Taylor County School District 318 North Clark Street Perry, FL 32347 www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ - This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Server OS Reinstall
This sounds easiest. But can anyone confirm if it actually works? -Original Message- From: Jake Gardner [mailto:jgard...@ttcdas.com] Sent: Wednesday, January 07, 2009 9:37 AM To: NT System Admin Issues Subject: RE: Server OS Reinstall I believe you can use the Network ID instead of Join Domain after your install and select/choose the old name from AD Thanks, Jake Gardner TTC Network Administrator Ext. 246 -Original Message- From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, January 07, 2009 9:18 AM To: NT System Admin Issues Subject: Server OS Reinstall I've got a server (Server 2003 R2) that conked out on me over the Christmas holidays. I'm not quite sure what went wrong--the hardware seems to be okay. But there was some sort of corruption in the RAID array and the OS gives a stop 0x0024 every time it goes to boot. A fresh OS install won't be too painful, because this server was only a DC/DHCP/DNS server. But my question is this... When I reinstall, should I give the server the same name it had before? Or will that confuse Active Directory? And if I give it a different name, how do I remove all references to the old server name from AD? Just wondering what best practices are. Amazingly, I've never had to do this before in my years as a sysadmin. Just lucky, I guess! John Hornbuckle MIS Department Taylor County School District 318 North Clark Street Perry, FL 32347 www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ***Teletronics Technology Corporation*** This e-mail is confidential and may also be privileged. If you are not the addressee or authorized by the addressee to receive this e-mail, you may not disclose, copy, distribute, or use this e-mail. If you have received this e-mail in error, please notify the sender immediately by reply e-mail or by telephone at 267-352-2020 and destroy this message and any copies. Thank you. *** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Server OS Reinstall
It's weird... I had tried booting from a Windows CD to do a repair, but setup said it couldn't recognize the C: partition and wanted to format it. This is strange for two reasons: 1. Setup could recognize the D: partition just fine (and both C: and D: are partitions in the same hardware RAID 5 array). 2. The C: partition can't be totally FUBAR, because the system will boot off of it and Windows will load about 75% before getting the blue screen. -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, January 07, 2009 9:52 AM To: NT System Admin Issues Subject: RE: Server OS Reinstall Usually the C24 Stop error is registry corruption, I have seen this a few times, if you have a backup of your Software Hive you can problem boot to a new partition and replace the old one, with the backup and point back to affected system and boot successful. If you don't want to go through that pain. Do a standard build, don't add to domain and then restore from tape accordingly. Z Edward E. Ziots Network Engineer Lifespan Organization Email: ezi...@lifespan.org Phone: 401-639-3505 MCSE, MCP+I, ME, CCA, Security +, Network + -Original Message- From: Christopher Bodnar [mailto:christopher_bod...@glic.com] Sent: Wednesday, January 07, 2009 9:43 AM To: NT System Admin Issues Subject: RE: Server OS Reinstall I have done this many times with no ill affects. Here is the MS documentation on the process: http://support.microsoft.com/kb/216498 I personally have never had an issue with using this procedure and using the same name. YMMV Chris Bodnar, MCSE Sr. Systems Engineer Distributed Systems Service Delivery - Intel Services Guardian Life Insurance Company of America Email: christopher_bod...@glic.com Phone: 610-807-6459 Fax: 610-807-6003 -Original Message- From: john.hornbuc...@taylor.k12.fl.us [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, January 07, 2009 9:18 AM To: NT System Admin Issues Subject: Server OS Reinstall I've got a server (Server 2003 R2) that conked out on me over the Christmas holidays. I'm not quite sure what went wrong--the hardware seems to be okay. But there was some sort of corruption in the RAID array and the OS gives a stop 0x0024 every time it goes to boot. A fresh OS install won't be too painful, because this server was only a DC/DHCP/DNS server. But my question is this... When I reinstall, should I give the server the same name it had before? Or will that confuse Active Directory? And if I give it a different name, how do I remove all references to the old server name from AD? Just wondering what best practices are. Amazingly, I've never had to do this before in my years as a sysadmin. Just lucky, I guess! John Hornbuckle MIS Department Taylor County School District 318 North Clark Street Perry, FL 32347 www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ - This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: OT : Anti-Phishing training game
I meant to add, I also can't get to the CUPS site. -- ME2 On Wed, Jan 7, 2009 at 9:50 AM, Micheal Espinola Jr michealespin...@gmail.com wrote: You could try and use it at the publisher's web site, here: http://wombatsecurity.com/antiphishing_phil/index.html -- ME2 On Wed, Jan 7, 2009 at 9:39 AM, Erik Goldoff egold...@gmail.com wrote: still comes up functional for me Erik Goldoff IT Consultant Systems, Networks, Security From: vbs [mailto:dvant...@gmail.com] Sent: Wednesday, January 07, 2009 8:13 AM To: NT System Admin Issues Subject: Re: OT : Anti-Phishing training game I tried this link and can't seem to get to any sites at cups.cs.cmu.edu. Is this site no longer functional. I even googled for it and the links show up but still I only get page not found. On Tue, Jan 6, 2009 at 4:09 PM, Erik Goldoff egold...@gmail.com wrote: Cute, if slow, game for teaching regular folks how to spot Phishing scams in browser URLs ... http://cups.cs.cmu.edu/antiphishing_phil/new/index.html Erik Goldoff IT Consultant Systems, Networks, Security -- Thanks Dave Vantine ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: OT : Anti-Phishing training game
This works ok... I checked my firewall for the other domain and for some reason packets are being dropped. Thanks On Wed, Jan 7, 2009 at 9:50 AM, Micheal Espinola Jr michealespin...@gmail.com wrote: You could try and use it at the publisher's web site, here: http://wombatsecurity.com/antiphishing_phil/index.html -- ME2 On Wed, Jan 7, 2009 at 9:39 AM, Erik Goldoff egold...@gmail.com wrote: still comes up functional for me Erik Goldoff IT Consultant Systems, Networks, Security From: vbs [mailto:dvant...@gmail.com] Sent: Wednesday, January 07, 2009 8:13 AM To: NT System Admin Issues Subject: Re: OT : Anti-Phishing training game I tried this link and can't seem to get to any sites at cups.cs.cmu.edu. Is this site no longer functional. I even googled for it and the links show up but still I only get page not found. On Tue, Jan 6, 2009 at 4:09 PM, Erik Goldoff egold...@gmail.com wrote: Cute, if slow, game for teaching regular folks how to spot Phishing scams in browser URLs ... http://cups.cs.cmu.edu/antiphishing_phil/new/index.html Erik Goldoff IT Consultant Systems, Networks, Security -- Thanks Dave Vantine ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ -- Thanks Dave Vantine ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Server OS Reinstall
Sorry, I wasn't paying attention. I would only do this for member servers and workstations. Messing with a DC is a whole 'nuther ball game. I'd go with Chris's suggestion and follow the MS article. Thanks, Jake Gardner TTC Network Administrator Ext. 246 -Original Message- From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, January 07, 2009 9:56 AM To: NT System Admin Issues Subject: RE: Server OS Reinstall This sounds easiest. But can anyone confirm if it actually works? -Original Message- From: Jake Gardner [mailto:jgard...@ttcdas.com] Sent: Wednesday, January 07, 2009 9:37 AM To: NT System Admin Issues Subject: RE: Server OS Reinstall I believe you can use the Network ID instead of Join Domain after your install and select/choose the old name from AD Thanks, Jake Gardner TTC Network Administrator Ext. 246 -Original Message- From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, January 07, 2009 9:18 AM To: NT System Admin Issues Subject: Server OS Reinstall I've got a server (Server 2003 R2) that conked out on me over the Christmas holidays. I'm not quite sure what went wrong--the hardware seems to be okay. But there was some sort of corruption in the RAID array and the OS gives a stop 0x0024 every time it goes to boot. A fresh OS install won't be too painful, because this server was only a DC/DHCP/DNS server. But my question is this... When I reinstall, should I give the server the same name it had before? Or will that confuse Active Directory? And if I give it a different name, how do I remove all references to the old server name from AD? Just wondering what best practices are. Amazingly, I've never had to do this before in my years as a sysadmin. Just lucky, I guess! John Hornbuckle MIS Department Taylor County School District 318 North Clark Street Perry, FL 32347 www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ***Teletronics Technology Corporation*** This e-mail is confidential and may also be privileged. If you are not the addressee or authorized by the addressee to receive this e-mail, you may not disclose, copy, distribute, or use this e-mail. If you have received this e-mail in error, please notify the sender immediately by reply e-mail or by telephone at 267-352-2020 and destroy this message and any copies. Thank you. *** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Opinion wanted: W2K8 network items
Working on a standard Windows Server 2008 build. Anyone though abut disabling the following: IPv6 Link-Layer Topology Discovery Mapper I/O Driver Link-Layer Topology Discovery Responder Looking for any things I might run into if I disable them. Thanks, Chris Bodnar, MCSE Sr. Systems Engineer Distributed Systems Service Delivery - Intel Services Guardian Life Insurance Company of America Email: christopher_bod...@glic.com Phone: 610-807-6459 Fax: 610-807-6003 - This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Opinion wanted: W2K8 network items
I know you will need to get the IPv6 turned off before you use WSUS to get reliable communication with Windows 2008 servers. Either that or make sure your Default web site is set to use IPv4 first. Once it is in you can't make changes and not see WSUS work. Personally I left it on and just had my 2008 DC do IPv6 DNS. I just need to finish up learing how to do manual assigning of IP's in v6 and I can finish this up. Jon On Wed, Jan 7, 2009 at 10:15 AM, Christopher Bodnar christopher_bod...@glic.com wrote: Working on a standard Windows Server 2008 build. Anyone though abut disabling the following: IPv6 Link-Layer Topology Discovery Mapper I/O Driver Link-Layer Topology Discovery Responder Looking for any things I might run into if I disable them. Thanks, Chris Bodnar, MCSE Sr. Systems Engineer Distributed Systems Service Delivery - Intel Services Guardian Life Insurance Company of America Email: christopher_bod...@glic.com Phone: 610-807-6459 Fax: 610-807-6003 -- *This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. * ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Server OS Reinstall
Hey Z what is this tape thing you speak of??? TVK -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, January 07, 2009 8:52 AM To: NT System Admin Issues Subject: RE: Server OS Reinstall Usually the C24 Stop error is registry corruption, I have seen this a few times, if you have a backup of your Software Hive you can problem boot to a new partition and replace the old one, with the backup and point back to affected system and boot successful. If you don't want to go through that pain. Do a standard build, don't add to domain and then restore from tape accordingly. Z Edward E. Ziots Network Engineer Lifespan Organization Email: ezi...@lifespan.org Phone: 401-639-3505 MCSE, MCP+I, ME, CCA, Security +, Network + -Original Message- From: Christopher Bodnar [mailto:christopher_bod...@glic.com] Sent: Wednesday, January 07, 2009 9:43 AM To: NT System Admin Issues Subject: RE: Server OS Reinstall I have done this many times with no ill affects. Here is the MS documentation on the process: http://support.microsoft.com/kb/216498 I personally have never had an issue with using this procedure and using the same name. YMMV Chris Bodnar, MCSE Sr. Systems Engineer Distributed Systems Service Delivery - Intel Services Guardian Life Insurance Company of America Email: christopher_bod...@glic.com Phone: 610-807-6459 Fax: 610-807-6003 -Original Message- From: john.hornbuc...@taylor.k12.fl.us [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, January 07, 2009 9:18 AM To: NT System Admin Issues Subject: Server OS Reinstall I've got a server (Server 2003 R2) that conked out on me over the Christmas holidays. I'm not quite sure what went wrong--the hardware seems to be okay. But there was some sort of corruption in the RAID array and the OS gives a stop 0x0024 every time it goes to boot. A fresh OS install won't be too painful, because this server was only a DC/DHCP/DNS server. But my question is this... When I reinstall, should I give the server the same name it had before? Or will that confuse Active Directory? And if I give it a different name, how do I remove all references to the old server name from AD? Just wondering what best practices are. Amazingly, I've never had to do this before in my years as a sysadmin. Just lucky, I guess! John Hornbuckle MIS Department Taylor County School District 318 North Clark Street Perry, FL 32347 www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ - This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Auditing Everything
I have a request from my CEO to audit everything that happens on our network. When users open files, when they change files, delete files, use any programs, go to any websites (we use ie7, firefox), etc etc etc. Do any of you have a good solution you can recommend for that? I can google all I want, but I won't know the real world experience by doing that. We are a smaller company - 16 users. Right now we have 3 servers (1 SBS 03, 2 that are 2003) in production. We use XP and Vista. Thanks in advance! Alex Carroll Software Support Crabtree Companies, Inc. 651-688-2727 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Windows 2008 Terminal Server, Citrix, or both?
I'm using the published apps with TS08 and it works really well. Easy to use, the end users love it. On Wed, Jan 7, 2009 at 8:19 AM, Tom Miller tmil...@hnncsb.org wrote: Hi Folks, I currently have a Citrix Presentation Server (or whatever it's called this week) for all remote users, and some internal users. I also use the Citrix Access Gateway appliance for external users, which I really like. I am going to stand up a new Terminal Server/Citrix farm in the next few months to specifically dedicated to a particular application. I am wondering if I can just use Windows 2008 Terminal Server and forgo the Citrix part? I do like Citrix but it would add over $100k to licensing costs, and that does not include Citrix Access Gateway licenses. I will also need to provide some sort of secure remote access, if I use Terminal Server only, similar to the Citrix Access Gateway. I am currently on Terminal Server 2003 and I understand 2008 is much better. Suggestions and comments appreciated. Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Auditing Everything
I hope you have enormous event log files and a ton of disk space overhead, if you want to do this using Event Viewer. Turning on file and folder auditing for all files is a bit bonkers in my opinion though. In the past I have done event log collection and parsing using dumpel and a bit of batch scripting, although there are loads of other products out there that others will doubtless reel off for you. I use WebSense for internet monitoring, and find it a fantastic product. Maybe a bit pricey for a shop your size though. Same goes for SCOM which I use for event log monitoring, although System Center Essentials might be suitable for your needs, and includes WSUS and a version of the-application-formerly-known-as-SMS if I remember rightly. 2009/1/7 Alex Carroll acarr...@crabco.net I have a request from my CEO to audit everything that happens on our network. When users open files, when they change files, delete files, use any programs, go to any websites (we use ie7, firefox), etc etc etc. Do any of you have a good solution you can recommend for that? I can google all I want, but I won't know the real world experience by doing that. We are a smaller company – 16 users. Right now we have 3 servers (1 SBS 03, 2 that are 2003) in production. We use XP and Vista. Thanks in advance! Alex Carroll Software Support Crabtree Companies, Inc. 651-688-2727 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Auditing Everything
Turn on the auditing you want on the server(s) and use Logparser and elsave to grab your event logs and clean them up then dump them since they will get HUGE. SBS I believe comes with ISA which you can use to monitor web traffic regardless of browser. Just point the pc's default gateways to ISA and not your router, then set the proxy in the browser. Thanks, Jake Gardner TTC Network Administrator Ext. 246 From: Alex Carroll [mailto:acarr...@crabco.net] Sent: Wednesday, January 07, 2009 10:25 AM To: NT System Admin Issues Subject: Auditing Everything I have a request from my CEO to audit everything that happens on our network. When users open files, when they change files, delete files, use any programs, go to any websites (we use ie7, firefox), etc etc etc. Do any of you have a good solution you can recommend for that? I can google all I want, but I won't know the real world experience by doing that. We are a smaller company - 16 users. Right now we have 3 servers (1 SBS 03, 2 that are 2003) in production. We use XP and Vista. Thanks in advance! Alex Carroll Software Support Crabtree Companies, Inc. 651-688-2727 ***Teletronics Technology Corporation*** This e-mail is confidential and may also be privileged. If you are not the addressee or authorized by the addressee to receive this e-mail, you may not disclose, copy, distribute, or use this e-mail. If you have received this e-mail in error, please notify the sender immediately by reply e-mail or by telephone at 267-352-2020 and destroy this message and any copies. Thank you. *** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Windows 2008 Terminal Server, Citrix, or both?
I have Citrix MPS 4.5 but 2008 Terminal Services seems to be (finally) a viable alternative to this. However it will depend entirely on the speed to my remote sites, and how well it fits in with my future projects (VDI) whether I take the plunge and bin Citrix altogether. I do have to say though that in the (limited) testing I have done so far that 2008 TS does look quite a good product. 2009/1/7 Tom Miller tmil...@hnncsb.org Hi Folks, I currently have a Citrix Presentation Server (or whatever it's called this week) for all remote users, and some internal users. I also use the Citrix Access Gateway appliance for external users, which I really like. I am going to stand up a new Terminal Server/Citrix farm in the next few months to specifically dedicated to a particular application. I am wondering if I can just use Windows 2008 Terminal Server and forgo the Citrix part? I do like Citrix but it would add over $100k to licensing costs, and that does not include Citrix Access Gateway licenses. I will also need to provide some sort of secure remote access, if I use Terminal Server only, similar to the Citrix Access Gateway. I am currently on Terminal Server 2003 and I understand 2008 is much better. Suggestions and comments appreciated. Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Auditing Everything
GFI EventSentry. On Wed, Jan 7, 2009 at 10:25 AM, Alex Carroll acarr...@crabco.net wrote: I have a request from my CEO to audit everything that happens on our network. When users open files, when they change files, delete files, use any programs, go to any websites (we use ie7, firefox), etc etc etc. Do any of you have a good solution you can recommend for that? I can google all I want, but I won't know the real world experience by doing that. We are a smaller company – 16 users. Right now we have 3 servers (1 SBS 03, 2 that are 2003) in production. We use XP and Vista. Thanks in advance! Alex Carroll Software Support Crabtree Companies, Inc. 651-688-2727 -- -- Give a man a fish, and he'll eat for a day. Give a fish a man, and he'll eat for weeks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Auditing Everything
On Wed, Jan 7, 2009 at 7:25 AM, Alex Carroll acarr...@crabco.net wrote: I have a request from my CEO to audit everything that happens on our network. When users open files, when they change files, delete files, use any programs, go to any websites (we use ie7, firefox), etc etc etc. Do any of you have a good solution you can recommend for that? I can google all I want, but I won't know the real world experience by doing that. We are a smaller company – 16 users. Right now we have 3 servers (1 SBS 03, 2 that are 2003) in production. We use XP and Vista. Thanks in advance! Alex Carroll Software Support Crabtree Companies, Inc. 651-688-2727 There is almost certainly no single package that will do what your CEO wants. The tasks are too diverse. And, given the size of your company, not only will it cost a lot of money to implement. That's because, even if you use all free software, which isn't very likely, it will take a lot of time to figure the software out. Ask your CEO if he's willing to hire at least one, and possibly two or even more people to sort through the data and act on it. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Upgrading DCs to 64 bit
Has anyone upgraded their 2003 domain from 32 bit DCs to 64 bit DCs? Our security team wants to move to 64 bit to take advantage of the larger event logs - anyone done it? Were there any issues running some DCs 32 bit and some 64 bit? Anyone run a mixed environment long term? I'm planning on doing some testing, but wanted some advance scouting if available. Brian Webb - MCSE TDS Corporate IS, Windows Server Platform Team Senior Systems Administrator When stuck on a problem as often can be, try to remember G.B.T.T.D. (Go Back To The Definition). - Dave Seybold ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Opinion wanted: W2K8 network items
I disable these in some 2008 web servers running IIS and ColdFusion. I have no issue. Does disabling them gain some performance.. I do not know From: Christopher Bodnar [mailto:christopher_bod...@glic.com] Sent: Wednesday, January 07, 2009 7:16 AM To: NT System Admin Issues Subject: Opinion wanted: W2K8 network items Working on a standard Windows Server 2008 build. Anyone though abut disabling the following: IPv6 Link-Layer Topology Discovery Mapper I/O Driver Link-Layer Topology Discovery Responder Looking for any things I might run into if I disable them. Thanks, Chris Bodnar, MCSE Sr. Systems Engineer Distributed Systems Service Delivery - Intel Services Guardian Life Insurance Company of America Email: christopher_bod...@glic.com Phone: 610-807-6459 Fax: 610-807-6003 _ This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Server OS Reinstall
I reuse DC names every time I do HW refresh and have renamed newly promoted DC's back to the name of the one that was removed when I had to run a site in parallel during HW refresh. The thing you need to insure is that the metadata is cleaned up no matter and said cleanup is replicated whether you are doing it forcefully or gracefully, KB216498 explains the process in detail. You also need to take into consideration other services that may have been running on the failed DC, FSMO roles etc. http://support.microsoft.com/kb/216498/ -Original Message- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Wednesday, January 07, 2009 6:31 AM To: NT System Admin Issues Subject: RE: Server OS Reinstall I never reuse a DC name, even if I removed it gracefully. That may be a bit overkill, but I would strongly advise against reusing a name on a failed DC. You can clean it out of AD, and you will need to but I still wouldn't reuse the name. I have always done a manual removal with the info in this article: http://www.petri.co.il/delete_failed_dcs_from_ad.htm -Original Message- From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, January 07, 2009 9:18 AM To: NT System Admin Issues Subject: Server OS Reinstall I've got a server (Server 2003 R2) that conked out on me over the Christmas holidays. I'm not quite sure what went wrong--the hardware seems to be okay. But there was some sort of corruption in the RAID array and the OS gives a stop 0x0024 every time it goes to boot. A fresh OS install won't be too painful, because this server was only a DC/DHCP/DNS server. But my question is this... When I reinstall, should I give the server the same name it had before? Or will that confuse Active Directory? And if I give it a different name, how do I remove all references to the old server name from AD? Just wondering what best practices are. Amazingly, I've never had to do this before in my years as a sysadmin. Just lucky, I guess! John Hornbuckle MIS Department Taylor County School District 318 North Clark Street Perry, FL 32347 www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Auditing Everything
I would look at the suite of products from ScriptLogic/Quest. I am fairly certain that you will find 1 or 2 products there that can be used to achieve the desired results. TVK -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Wednesday, January 07, 2009 9:36 AM To: NT System Admin Issues Subject: Re: Auditing Everything On Wed, Jan 7, 2009 at 7:25 AM, Alex Carroll acarr...@crabco.net wrote: I have a request from my CEO to audit everything that happens on our network. When users open files, when they change files, delete files, use any programs, go to any websites (we use ie7, firefox), etc etc etc. Do any of you have a good solution you can recommend for that? I can google all I want, but I won't know the real world experience by doing that. We are a smaller company - 16 users. Right now we have 3 servers (1 SBS 03, 2 that are 2003) in production. We use XP and Vista. Thanks in advance! Alex Carroll Software Support Crabtree Companies, Inc. 651-688-2727 There is almost certainly no single package that will do what your CEO wants. The tasks are too diverse. And, given the size of your company, not only will it cost a lot of money to implement. That's because, even if you use all free software, which isn't very likely, it will take a lot of time to figure the software out. Ask your CEO if he's willing to hire at least one, and possibly two or even more people to sort through the data and act on it. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Auditing Everything
I think what the CEO is asking for will cost as much, if not more as they have invested already in IT, based upon your size. You need a proxy server for web surfing to log websites, so ISA for example. Servers need all the auditing logging turned up and then that will generate massive log files, so you need to export them to a storage server or log management system such as GFI EventsManager. And you will need that on your servers and your workstations since he wants 'any programs'. Go back and ask him/her what they are trying to accomplish and what they really need to monitor, perhaps he tossed out a list that is much bigger than they need. And perhaps point out that if this is a productivity issue that maybe this is an HR issue. If people are not doing their jobs then address that specifically don't try and prove they are using computers wrong. Just prove they are not doing their jobs. From: Alex Carroll [mailto:acarr...@crabco.net] Sent: Wednesday, January 07, 2009 10:25 AM To: NT System Admin Issues Subject: Auditing Everything I have a request from my CEO to audit everything that happens on our network. When users open files, when they change files, delete files, use any programs, go to any websites (we use ie7, firefox), etc etc etc. Do any of you have a good solution you can recommend for that? I can google all I want, but I won't know the real world experience by doing that. We are a smaller company - 16 users. Right now we have 3 servers (1 SBS 03, 2 that are 2003) in production. We use XP and Vista. Thanks in advance! Alex Carroll Software Support Crabtree Companies, Inc. 651-688-2727 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Upgrading DCs to 64 bit
I have a mix of 64-bit Server 2008 DCs and 32-bit Server 2003 DCs. No problems here. John Hornbuckle MIS Department Taylor County School District 318 North Clark Street Perry, FL 32347 www.taylor.k12.fl.ushttp://www.taylor.k12.fl.us From: Webb, Brian (Corp) [mailto:brian.w...@teldta.com] Sent: Wednesday, January 07, 2009 10:37 AM To: NT System Admin Issues Subject: Upgrading DCs to 64 bit Has anyone upgraded their 2003 domain from 32 bit DCs to 64 bit DCs? Our security team wants to move to 64 bit to take advantage of the larger event logs - anyone done it? Were there any issues running some DCs 32 bit and some 64 bit? Anyone run a mixed environment long term? I'm planning on doing some testing, but wanted some advance scouting if available. Brian Webb - MCSE TDS Corporate IS, Windows Server Platform Team Senior Systems Administrator When stuck on a problem as often can be, try to remember G.B.T.T.D. (Go Back To The Definition). - Dave Seybold ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Upgrading DCs to 64 bit
I have been running a mix of 32 and 64-bit DCs for over a year with no ill effects at all. I prefer the performance gains I receive from running 64-bit, but not all MS management tools (GPMC in particular) would run on 64-bit prior to Server 2008's release, so I had to keep at least 1 32-bit server around for that purpose. TVK From: Webb, Brian (Corp) [mailto:brian.w...@teldta.com] Sent: Wednesday, January 07, 2009 9:37 AM To: NT System Admin Issues Subject: Upgrading DCs to 64 bit Has anyone upgraded their 2003 domain from 32 bit DCs to 64 bit DCs? Our security team wants to move to 64 bit to take advantage of the larger event logs - anyone done it? Were there any issues running some DCs 32 bit and some 64 bit? Anyone run a mixed environment long term? I'm planning on doing some testing, but wanted some advance scouting if available. Brian Webb - MCSE TDS Corporate IS, Windows Server Platform Team Senior Systems Administrator When stuck on a problem as often can be, try to remember G.B.T.T.D. (Go Back To The Definition). - Dave Seybold ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Auditing Everything
And how many people does he plan to hire to review and report on all this data? You'll probably need to add storage and another server to accommodate it. Take a look at Adventnet's Eventlog Analyzer... http://manageengine.adventnet.com/products/eventlog/index.html Roger Wright Network Administrator Evatone, Inc. 727.572.7076 x388 _ From: Alex Carroll [mailto:acarr...@crabco.net] Sent: Wednesday, January 07, 2009 10:25 AM To: NT System Admin Issues Subject: Auditing Everything I have a request from my CEO to audit everything that happens on our network. When users open files, when they change files, delete files, use any programs, go to any websites (we use ie7, firefox), etc etc etc. Do any of you have a good solution you can recommend for that? I can google all I want, but I won't know the real world experience by doing that. We are a smaller company - 16 users. Right now we have 3 servers (1 SBS 03, 2 that are 2003) in production. We use XP and Vista. Thanks in advance! Alex Carroll Software Support Crabtree Companies, Inc. 651-688-2727 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Windows 2008 Terminal Server, Citrix, or both?
How do you provide secure remote access? I'm using the published apps with TS08 and it works really well. Easy to use, the end users love it. On Wed, Jan 7, 2009 at 8:19 AM, Tom Miller tmil...@hnncsb.org wrote: Hi Folks, I currently have a Citrix Presentation Server (or whatever it's called this week) for all remote users, and some internal users. I also use the Citrix Access Gateway appliance for external users, which I really like. I am going to stand up a new Terminal Server/Citrix farm in the next few months to specifically dedicated to a particular application. I am wondering if I can just use Windows 2008 Terminal Server and forgo the Citrix part? I do like Citrix but it would add over $100k to licensing costs, and that does not include Citrix Access Gateway licenses. I will also need to provide some sort of secure remote access, if I use Terminal Server only, similar to the Citrix Access Gateway. I am currently on Terminal Server 2003 and I understand 2008 is much better. Suggestions and comments appreciated. Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. Steve Ens stevey...@gmail.com 1/7/2009 10:28 AM Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Auditing Everything
Make sure you email the CEO the logs every night. By Friday, he will ask you to turn off auditing. From: Alex Carroll [mailto:acarr...@crabco.net] Sent: Wednesday, January 07, 2009 7:25 AM To: NT System Admin Issues Subject: Auditing Everything I have a request from my CEO to audit everything that happens on our network. When users open files, when they change files, delete files, use any programs, go to any websites (we use ie7, firefox), etc etc etc. Do any of you have a good solution you can recommend for that? I can google all I want, but I won't know the real world experience by doing that. We are a smaller company - 16 users. Right now we have 3 servers (1 SBS 03, 2 that are 2003) in production. We use XP and Vista. Thanks in advance! Alex Carroll Software Support Crabtree Companies, Inc. 651-688-2727 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Auditing Everything
Christ you all. It doesn't have to be this hard. If they have a Sonicwall, buy the Viewpoint module. If they don't have a Sonicwall, then get them one. There are equivalent products for Cisco and Watchguard. For AD, just turn on appropriate auditing and use GFI EventSentry to gather and report on events. That's it, you're done. Aside from literal keystroke logging on the workstations, these two items will handle everything else on the network that is appropriate. Whether they *should* do it or not is a whole different question, and not what the OP asked. -- Durf On Wed, Jan 7, 2009 at 10:44 AM, Roger Wright rwri...@evatone.com wrote: And how many people does he plan to hire to review and report on all this data? You'll probably need to add storage and another server to accommodate it. Take a look at Adventnet's Eventlog Analyzer… http://manageengine.adventnet.com/products/eventlog/index.html Roger Wright Network Administrator Evatone, Inc. 727.572.7076 x388 _ *From:* Alex Carroll [mailto:acarr...@crabco.net] *Sent:* Wednesday, January 07, 2009 10:25 AM *To:* NT System Admin Issues *Subject:* Auditing Everything I have a request from my CEO to audit everything that happens on our network. When users open files, when they change files, delete files, use any programs, go to any websites (we use ie7, firefox), etc etc etc. Do any of you have a good solution you can recommend for that? I can google all I want, but I won't know the real world experience by doing that. We are a smaller company – 16 users. Right now we have 3 servers (1 SBS 03, 2 that are 2003) in production. We use XP and Vista. Thanks in advance! Alex Carroll Software Support Crabtree Companies, Inc. 651-688-2727 -- -- Give a man a fish, and he'll eat for a day. Give a fish a man, and he'll eat for weeks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Windows 2008 Terminal Server, Citrix, or both?
VPN for now... On Wed, Jan 7, 2009 at 9:42 AM, Tom Miller tmil...@hnncsb.org wrote: How do you provide secure remote access? I'm using the published apps with TS08 and it works really well. Easy to use, the end users love it. On Wed, Jan 7, 2009 at 8:19 AM, Tom Miller tmil...@hnncsb.org wrote: Hi Folks, I currently have a Citrix Presentation Server (or whatever it's called this week) for all remote users, and some internal users. I also use the Citrix Access Gateway appliance for external users, which I really like. I am going to stand up a new Terminal Server/Citrix farm in the next few months to specifically dedicated to a particular application. I am wondering if I can just use Windows 2008 Terminal Server and forgo the Citrix part? I do like Citrix but it would add over $100k to licensing costs, and that does not include Citrix Access Gateway licenses. I will also need to provide some sort of secure remote access, if I use Terminal Server only, similar to the Citrix Access Gateway. I am currently on Terminal Server 2003 and I understand 2008 is much better. Suggestions and comments appreciated. Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. Steve Ens stevey...@gmail.com 1/7/2009 10:28 AM Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Upgrading DCs to 64 bit
We added a 64 bit DC to our existing domain with no issues whatsoever early last year to add some horsepower to a site allegedly being hammered by Exchange and to test all our processes, documentation, 3rd party agents, services etc in preparation for the next HW refresh. We did it in the lab as well so we have had 2 forests running that way the better part of a year if you consider that long term Test your 3rd party SW, AV, prepare your patching mechanism etc. By now it should be a non-issue but you never know. From: Webb, Brian (Corp) [mailto:brian.w...@teldta.com] Sent: Wednesday, January 07, 2009 7:37 AM To: NT System Admin Issues Subject: Upgrading DCs to 64 bit Has anyone upgraded their 2003 domain from 32 bit DCs to 64 bit DCs? Our security team wants to move to 64 bit to take advantage of the larger event logs - anyone done it? Were there any issues running some DCs 32 bit and some 64 bit? Anyone run a mixed environment long term? I'm planning on doing some testing, but wanted some advance scouting if available. Brian Webb - MCSE TDS Corporate IS, Windows Server Platform Team Senior Systems Administrator When stuck on a problem as often can be, try to remember G.B.T.T.D. (Go Back To The Definition). - Dave Seybold ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Auditing Everything
For internet auditing I like St Bernard iPrism. Hardware appliance (1U rack mount form factor) that sits between your users and your internet connection. Setup is typically less than 1 hour. As for file monitoring... that sounds very unrealistic given your size. From: Alex Carroll [mailto:acarr...@crabco.net] Sent: Wednesday, January 07, 2009 10:25 AM To: NT System Admin Issues Subject: Auditing Everything I have a request from my CEO to audit everything that happens on our network. When users open files, when they change files, delete files, use any programs, go to any websites (we use ie7, firefox), etc etc etc. Do any of you have a good solution you can recommend for that? I can google all I want, but I won't know the real world experience by doing that. We are a smaller company - 16 users. Right now we have 3 servers (1 SBS 03, 2 that are 2003) in production. We use XP and Vista. Thanks in advance! Alex Carroll Software Support Crabtree Companies, Inc. 651-688-2727 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Upgrading DCs to 64 bit
We have been using 64 bit 2003 servers and 32 bit servers for a few years now on 2003, last year we moved most of our DC's to 64 bit servers and we are having zero problems with it. -Original Message- From: Free, Bob [mailto:r...@pge.com] Sent: Wednesday, January 07, 2009 9:56 AM To: NT System Admin Issues Subject: RE: Upgrading DCs to 64 bit We added a 64 bit DC to our existing domain with no issues whatsoever early last year to add some horsepower to a site allegedly being hammered by Exchange and to test all our processes, documentation, 3rd party agents, services etc in preparation for the next HW refresh. We did it in the lab as well so we have had 2 forests running that way the better part of a year if you consider that long term Test your 3rd party SW, AV, prepare your patching mechanism etc. By now it should be a non-issue but you never know. From: Webb, Brian (Corp) [mailto:brian.w...@teldta.com] Sent: Wednesday, January 07, 2009 7:37 AM To: NT System Admin Issues Subject: Upgrading DCs to 64 bit Has anyone upgraded their 2003 domain from 32 bit DCs to 64 bit DCs? Our security team wants to move to 64 bit to take advantage of the larger event logs - anyone done it? Were there any issues running some DCs 32 bit and some 64 bit? Anyone run a mixed environment long term? I'm planning on doing some testing, but wanted some advance scouting if available. Brian Webb - MCSE TDS Corporate IS, Windows Server Platform Team Senior Systems Administrator When stuck on a problem as often can be, try to remember G.B.T.T.D. (Go Back To The Definition). - Dave Seybold ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Windows 2008 Terminal Server, Citrix, or both?
From: Tom Miller [mailto:tmil...@hnncsb.org] Subject: Re: Windows 2008 Terminal Server, Citrix, or both? How do you provide secure remote access? You would use the TS Gateway Role Service. I would highly recommend the TS 2008 Resource Kit. Excellent book with a lot of the info you are looking for. Webster ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
SecurID and TS Gateway.
Has anyone setup the TS Gateway to use SecurID? We are trying to set that up in a test Lab and so far we find it is not supported on Server 2008? If you have done it, do you have any Sites or documentation you can point me to for help? So far from our scouring of the RSA site we cannot find anything that covers it. TIA ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Auditing Everything
There will be a performance hit. I would ask what he's trying to accomplish...what are his goals? Licensing? Misuse? Malware protection? Information theft? He's suggested a solution to an unknown problem. It's the CEO's job to tell the IT guy what he needs, it's the IT guys job to figure out how to accomplish it. My FIRST comment to the CEO would be I can do this for you, what are you looking to accomplish? It will help me get your end result for the lowest cost... David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 From: Durf [mailto:stygm...@gmail.com] Sent: Wednesday, January 07, 2009 7:49 AM To: NT System Admin Issues Subject: Re: Auditing Everything Christ you all. It doesn't have to be this hard. If they have a Sonicwall, buy the Viewpoint module. If they don't have a Sonicwall, then get them one. There are equivalent products for Cisco and Watchguard. For AD, just turn on appropriate auditing and use GFI EventSentry to gather and report on events. That's it, you're done. Aside from literal keystroke logging on the workstations, these two items will handle everything else on the network that is appropriate. Whether they *should* do it or not is a whole different question, and not what the OP asked. -- Durf On Wed, Jan 7, 2009 at 10:44 AM, Roger Wright rwri...@evatone.commailto:rwri...@evatone.com wrote: And how many people does he plan to hire to review and report on all this data? You'll probably need to add storage and another server to accommodate it. Take a look at Adventnet's Eventlog Analyzer... http://manageengine.adventnet.com/products/eventlog/index.html Roger Wright Network Administrator Evatone, Inc. 727.572.7076 x388 _ From: Alex Carroll [mailto:acarr...@crabco.netmailto:acarr...@crabco.net] Sent: Wednesday, January 07, 2009 10:25 AM To: NT System Admin Issues Subject: Auditing Everything I have a request from my CEO to audit everything that happens on our network. When users open files, when they change files, delete files, use any programs, go to any websites (we use ie7, firefox), etc etc etc. Do any of you have a good solution you can recommend for that? I can google all I want, but I won't know the real world experience by doing that. We are a smaller company - 16 users. Right now we have 3 servers (1 SBS 03, 2 that are 2003) in production. We use XP and Vista. Thanks in advance! Alex Carroll Software Support Crabtree Companies, Inc. 651-688-2727 -- -- Give a man a fish, and he'll eat for a day. Give a fish a man, and he'll eat for weeks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Server OS Reinstall
Good point... This server was also a GC. Not sure if that affects the cleanup process in any way... -Original Message- From: Free, Bob [mailto:r...@pge.com] Sent: Wednesday, January 07, 2009 10:40 AM To: NT System Admin Issues Subject: RE: Server OS Reinstall I reuse DC names every time I do HW refresh and have renamed newly promoted DC's back to the name of the one that was removed when I had to run a site in parallel during HW refresh. The thing you need to insure is that the metadata is cleaned up no matter and said cleanup is replicated whether you are doing it forcefully or gracefully, KB216498 explains the process in detail. You also need to take into consideration other services that may have been running on the failed DC, FSMO roles etc. http://support.microsoft.com/kb/216498/ -Original Message- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Wednesday, January 07, 2009 6:31 AM To: NT System Admin Issues Subject: RE: Server OS Reinstall I never reuse a DC name, even if I removed it gracefully. That may be a bit overkill, but I would strongly advise against reusing a name on a failed DC. You can clean it out of AD, and you will need to but I still wouldn't reuse the name. I have always done a manual removal with the info in this article: http://www.petri.co.il/delete_failed_dcs_from_ad.htm -Original Message- From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, January 07, 2009 9:18 AM To: NT System Admin Issues Subject: Server OS Reinstall I've got a server (Server 2003 R2) that conked out on me over the Christmas holidays. I'm not quite sure what went wrong--the hardware seems to be okay. But there was some sort of corruption in the RAID array and the OS gives a stop 0x0024 every time it goes to boot. A fresh OS install won't be too painful, because this server was only a DC/DHCP/DNS server. But my question is this... When I reinstall, should I give the server the same name it had before? Or will that confuse Active Directory? And if I give it a different name, how do I remove all references to the old server name from AD? Just wondering what best practices are. Amazingly, I've never had to do this before in my years as a sysadmin. Just lucky, I guess! John Hornbuckle MIS Department Taylor County School District 318 North Clark Street Perry, FL 32347 www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Auditing Everything
The performance hit is minor for a network of that size and not worth worrying about. And, for any and all of those solutions, the Audit log is the solution. What is the problem that would NOT involve gathering and reporting on Audit logs? That's just standard practice. -- Durf On Wed, Jan 7, 2009 at 11:22 AM, David Lum david@nwea.org wrote: There will be a performance hit. I would ask what he's trying to accomplish…what are his goals? Licensing? Misuse? Malware protection? Information theft? He's suggested a solution to an unknown problem. It's the CEO's job to tell the IT guy what he needs, it's the IT guys job to figure out how to accomplish it. My FIRST comment to the CEO would be I can do this for you, what are you looking to accomplish? It will help me get your end result for the lowest cost… *David Lum** **// *SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 *// *(Cell) 503.267.9764 *From:* Durf [mailto:stygm...@gmail.com] *Sent:* Wednesday, January 07, 2009 7:49 AM *To:* NT System Admin Issues *Subject:* Re: Auditing Everything Christ you all. It doesn't have to be this hard. If they have a Sonicwall, buy the Viewpoint module. If they don't have a Sonicwall, then get them one. There are equivalent products for Cisco and Watchguard. For AD, just turn on appropriate auditing and use GFI EventSentry to gather and report on events. That's it, you're done. Aside from literal keystroke logging on the workstations, these two items will handle everything else on the network that is appropriate. Whether they *should* do it or not is a whole different question, and not what the OP asked. -- Durf On Wed, Jan 7, 2009 at 10:44 AM, Roger Wright rwri...@evatone.com wrote: And how many people does he plan to hire to review and report on all this data? You'll probably need to add storage and another server to accommodate it. Take a look at Adventnet's Eventlog Analyzer… http://manageengine.adventnet.com/products/eventlog/index.html Roger Wright Network Administrator Evatone, Inc. 727.572.7076 x388 _ *From:* Alex Carroll [mailto:acarr...@crabco.net] *Sent:* Wednesday, January 07, 2009 10:25 AM *To:* NT System Admin Issues *Subject:* Auditing Everything I have a request from my CEO to audit everything that happens on our network. When users open files, when they change files, delete files, use any programs, go to any websites (we use ie7, firefox), etc etc etc. Do any of you have a good solution you can recommend for that? I can google all I want, but I won't know the real world experience by doing that. We are a smaller company – 16 users. Right now we have 3 servers (1 SBS 03, 2 that are 2003) in production. We use XP and Vista. Thanks in advance! Alex Carroll Software Support Crabtree Companies, Inc. 651-688-2727 -- -- Give a man a fish, and he'll eat for a day. Give a fish a man, and he'll eat for weeks! -- -- Give a man a fish, and he'll eat for a day. Give a fish a man, and he'll eat for weeks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: File name is too long
Don't worry, I am sure that someday soon, you too will be part of the Vista OS. Maybe in a future service pack release? On Tue, Jan 6, 2009 at 3:52 PM, Kurt Buff kurt.b...@gmail.com wrote: Yeah, unlike me... Heh. On Tue, Jan 6, 2009 at 2:51 PM, Michael B. Smith mich...@theessentialexchange.com wrote: It's part of the OS with Vista and Server 2008. Finally - respectability! :-) Regards, Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP My blog: http://TheEssentialExchange.com/blogs/michael I'll be at TEC'2009! http://www.tec2009.com/vegas/index.php -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Tuesday, January 06, 2009 5:42 PM To: NT System Admin Issues Subject: Re: File name is too long I've been using robocopy since it came out - I think with the NT3.51 RK. It's a very good and dear friend. Treat it well. Kurt On Tue, Jan 6, 2009 at 2:18 PM, Eric Brouwer er...@forestpost.com wrote: Wow. First experience with robocopy. Great little tool! Thanks, guys. On Jan 6, 2009, at 1:00 PM, Kennedy, Jim wrote: And it is WAY faster. Robocopy FTW. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Tuesday, January 06, 2009 12:59 PM To: NT System Admin Issues Subject: Re: File name is too long While, as others suggest, 'subst' might help, your real help here is two-fold: 1) robocopy - get it from the MSFT resource kits. I can handle file/path specifications greater than 254 characters, as it uses a different API than win32 2) shorten the path. Kurt On Tue, Jan 6, 2009 at 8:55 AM, Eric Brouwer er...@forestpost.com wrote: Good afternoon, I'm trying to copy files from an NT server to a Windows 2003 server. I am running into the problem of file/path name limitations. I am trying to do this from Windows Explorer, and I keep getting the file name is too long error. Is there another utility I can use to accomplish the copy? Thanks, Eric Brouwer IT Manager www.forestpost.com er...@forestpost.com 248.855.4333 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ Eric Brouwer IT Manager www.forestpost.com er...@forestpost.com 248.855.4333 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Auditing Everything
True, it may not be too difficult to capture all the information, but it could be very resource-intensive to actually make use of it. The secret is to capture only what you need, not everything that happens, so it's easier discern what's really going on. For a small office environment there are several useful and low-cost systems that could be implemented to help in this regard. OpenDNS is one, and the tools from Adventnet can also assist in making sense of it all. Roger Wright Network Administrator Evatone, Inc. 727.572.7076 x388 _ From: Durf [mailto:stygm...@gmail.com] Sent: Wednesday, January 07, 2009 10:49 AM To: NT System Admin Issues Subject: Re: Auditing Everything Christ you all. It doesn't have to be this hard. If they have a Sonicwall, buy the Viewpoint module. If they don't have a Sonicwall, then get them one. There are equivalent products for Cisco and Watchguard. For AD, just turn on appropriate auditing and use GFI EventSentry to gather and report on events. That's it, you're done. Aside from literal keystroke logging on the workstations, these two items will handle everything else on the network that is appropriate. Whether they *should* do it or not is a whole different question, and not what the OP asked. -- Durf On Wed, Jan 7, 2009 at 10:44 AM, Roger Wright rwri...@evatone.com wrote: And how many people does he plan to hire to review and report on all this data? You'll probably need to add storage and another server to accommodate it. Take a look at Adventnet's Eventlog Analyzer... http://manageengine.adventnet.com/products/eventlog/index.html Roger Wright Network Administrator Evatone, Inc. 727.572.7076 x388 _ From: Alex Carroll [mailto:acarr...@crabco.net] Sent: Wednesday, January 07, 2009 10:25 AM To: NT System Admin Issues Subject: Auditing Everything I have a request from my CEO to audit everything that happens on our network. When users open files, when they change files, delete files, use any programs, go to any websites (we use ie7, firefox), etc etc etc. Do any of you have a good solution you can recommend for that? I can google all I want, but I won't know the real world experience by doing that. We are a smaller company - 16 users. Right now we have 3 servers (1 SBS 03, 2 that are 2003) in production. We use XP and Vista. Thanks in advance! Alex Carroll Software Support Crabtree Companies, Inc. 651-688-2727 -- -- Give a man a fish, and he'll eat for a day. Give a fish a man, and he'll eat for weeks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Auditing Everything
Watch out setting the server's event log bigger than 300MB. CHeck this out: http://www.windowsnetworking.com/kbase/WindowsTips/Windows2003/AdminTips/Admin/MaximumsizeforEventlogs.html You are gonna have to use something other than windoze file auditing due to this limit. Something designed for $$ this $$ need $$. Like I see in other posts, you will need multiple tools. We use MS ISA's logging for web surfing history - it works well if setup right. Something tells me he wants it at no cost. hth,Devin On Wed, Jan 7, 2009 at 9:31 AM, Michael B. Smith mich...@theessentialexchange.com wrote: Is he a control freak, or what? ISA can give you web auditing. For the rest, you'll need a third party application. (And you can also go third-party for web auditing – WebSense is probably the most popular.) Personally, I'm fond of NetPro's ChangeAuditor (they were recently acquired by Quest). NetWrix also has a suite of tools for this that is installed at one of my clients. To audit EVERYTHING, you may find it necessary to add a server that does nothing but process audit records. The volume is quite large, even in a small network. Regards, Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP My blog: http://TheEssentialExchange.com/blogs/michael I'll be at TEC'2009! http://www.tec2009.com/vegas/index.php From: Alex Carroll [mailto:acarr...@crabco.net] Sent: Wednesday, January 07, 2009 10:25 AM To: NT System Admin Issues Subject: Auditing Everything I have a request from my CEO to audit everything that happens on our network. When users open files, when they change files, delete files, use any programs, go to any websites (we use ie7, firefox), etc etc etc. Do any of you have a good solution you can recommend for that? I can google all I want, but I won't know the real world experience by doing that. We are a smaller company – 16 users. Right now we have 3 servers (1 SBS 03, 2 that are 2003) in production. We use XP and Vista. Thanks in advance! Alex Carroll Software Support Crabtree Companies, Inc. 651-688-2727 -- Devin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Auditing Everything
No, you really just need a couple of tools. Why are you making this more complicated than it has to be? Have you implemented this before? Audit Logging settings for the top four events, and GFI EventSentry. What else, specifically, are you saying they need? Please be specific. -- Durf On Wed, Jan 7, 2009 at 11:32 AM, Devin Meade devin.me...@gmail.com wrote: Watch out setting the server's event log bigger than 300MB. CHeck this out: http://www.windowsnetworking.com/kbase/WindowsTips/Windows2003/AdminTips/Admin/MaximumsizeforEventlogs.html You are gonna have to use something other than windoze file auditing due to this limit. Something designed for $$ this $$ need $$. Like I see in other posts, you will need multiple tools. We use MS ISA's logging for web surfing history - it works well if setup right. Something tells me he wants it at no cost. hth,Devin On Wed, Jan 7, 2009 at 9:31 AM, Michael B. Smith mich...@theessentialexchange.com wrote: Is he a control freak, or what? ISA can give you web auditing. For the rest, you'll need a third party application. (And you can also go third-party for web auditing – WebSense is probably the most popular.) Personally, I'm fond of NetPro's ChangeAuditor (they were recently acquired by Quest). NetWrix also has a suite of tools for this that is installed at one of my clients. To audit EVERYTHING, you may find it necessary to add a server that does nothing but process audit records. The volume is quite large, even in a small network. Regards, Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP My blog: http://TheEssentialExchange.com/blogs/michael I'll be at TEC'2009! http://www.tec2009.com/vegas/index.php From: Alex Carroll [mailto:acarr...@crabco.net] Sent: Wednesday, January 07, 2009 10:25 AM To: NT System Admin Issues Subject: Auditing Everything I have a request from my CEO to audit everything that happens on our network. When users open files, when they change files, delete files, use any programs, go to any websites (we use ie7, firefox), etc etc etc. Do any of you have a good solution you can recommend for that? I can google all I want, but I won't know the real world experience by doing that. We are a smaller company – 16 users. Right now we have 3 servers (1 SBS 03, 2 that are 2003) in production. We use XP and Vista. Thanks in advance! Alex Carroll Software Support Crabtree Companies, Inc. 651-688-2727 -- Devin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ -- -- Give a man a fish, and he'll eat for a day. Give a fish a man, and he'll eat for weeks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Auditing Everything
No, not really. GFI EventSentry's whole purpose is to handle this. You run reports out of it and set alert conditions. The *entire idea* is to use that software to handle the complexity for you. Do you have another recommendation? -- Durf On Wed, Jan 7, 2009 at 11:27 AM, Roger Wright rwri...@evatone.com wrote: True, it may not be too difficult to capture all the information, but it could be very resource-intensive to actually make use of it. The secret is to capture only what you need, not everything that happens, so it's easier discern what's really going on. For a small office environment there are several useful and low-cost systems that could be implemented to help in this regard. OpenDNS is one, and the tools from Adventnet can also assist in making sense of it all. Roger Wright Network Administrator Evatone, Inc. 727.572.7076 x388 _ *From:* Durf [mailto:stygm...@gmail.com] *Sent:* Wednesday, January 07, 2009 10:49 AM *To:* NT System Admin Issues *Subject:* Re: Auditing Everything Christ you all. It doesn't have to be this hard. If they have a Sonicwall, buy the Viewpoint module. If they don't have a Sonicwall, then get them one. There are equivalent products for Cisco and Watchguard. For AD, just turn on appropriate auditing and use GFI EventSentry to gather and report on events. That's it, you're done. Aside from literal keystroke logging on the workstations, these two items will handle everything else on the network that is appropriate. Whether they *should* do it or not is a whole different question, and not what the OP asked. -- Durf On Wed, Jan 7, 2009 at 10:44 AM, Roger Wright rwri...@evatone.com wrote: And how many people does he plan to hire to review and report on all this data? You'll probably need to add storage and another server to accommodate it. Take a look at Adventnet's Eventlog Analyzer… http://manageengine.adventnet.com/products/eventlog/index.html Roger Wright Network Administrator Evatone, Inc. 727.572.7076 x388 _ *From:* Alex Carroll [mailto:acarr...@crabco.net] *Sent:* Wednesday, January 07, 2009 10:25 AM *To:* NT System Admin Issues *Subject:* Auditing Everything I have a request from my CEO to audit everything that happens on our network. When users open files, when they change files, delete files, use any programs, go to any websites (we use ie7, firefox), etc etc etc. Do any of you have a good solution you can recommend for that? I can google all I want, but I won't know the real world experience by doing that. We are a smaller company – 16 users. Right now we have 3 servers (1 SBS 03, 2 that are 2003) in production. We use XP and Vista. Thanks in advance! Alex Carroll Software Support Crabtree Companies, Inc. 651-688-2727 -- -- Give a man a fish, and he'll eat for a day. Give a fish a man, and he'll eat for weeks! -- -- Give a man a fish, and he'll eat for a day. Give a fish a man, and he'll eat for weeks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: File name is too long
LOL! I was speaking more to the respectability part of that remark... On Wed, Jan 7, 2009 at 8:27 AM, Steven Peck sep...@gmail.com wrote: Don't worry, I am sure that someday soon, you too will be part of the Vista OS. Maybe in a future service pack release? On Tue, Jan 6, 2009 at 3:52 PM, Kurt Buff kurt.b...@gmail.com wrote: Yeah, unlike me... Heh. On Tue, Jan 6, 2009 at 2:51 PM, Michael B. Smith mich...@theessentialexchange.com wrote: It's part of the OS with Vista and Server 2008. Finally - respectability! :-) Regards, Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP My blog: http://TheEssentialExchange.com/blogs/michael I'll be at TEC'2009! http://www.tec2009.com/vegas/index.php ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Auditing Everything
Log files don't need to be big if you know what you're looking for. It goes back to the I *can* audit everything, but what are you looking for? I, for example, have monitoring software and I look for application installs on all PC's for a 50-user company by simply having it look for Event ID 11707 in the Application log of each PC. Log files are set to their normal size (16MB), and whatever meets the criteria I get an e-mail about, I don't have to search a log for anything. If you know what you're looking for, you can be proactive an never have to manually dig through log files. As Durf says, log files will take care of the needs, but knowing what you're looking for saves a LOT of time. Durf is right, you can accomplish this with auditing settings and an application that can read logs. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 -Original Message- From: Devin Meade [mailto:devin.me...@gmail.com] Sent: Wednesday, January 07, 2009 8:32 AM To: NT System Admin Issues Subject: Re: Auditing Everything Watch out setting the server's event log bigger than 300MB. CHeck this out: http://www.windowsnetworking.com/kbase/WindowsTips/Windows2003/AdminTips/Admin/MaximumsizeforEventlogs.html You are gonna have to use something other than windoze file auditing due to this limit. Something designed for $$ this $$ need $$. Like I see in other posts, you will need multiple tools. We use MS ISA's logging for web surfing history - it works well if setup right. Something tells me he wants it at no cost. hth,Devin On Wed, Jan 7, 2009 at 9:31 AM, Michael B. Smith mich...@theessentialexchange.com wrote: Is he a control freak, or what? ISA can give you web auditing. For the rest, you'll need a third party application. (And you can also go third-party for web auditing - WebSense is probably the most popular.) Personally, I'm fond of NetPro's ChangeAuditor (they were recently acquired by Quest). NetWrix also has a suite of tools for this that is installed at one of my clients. To audit EVERYTHING, you may find it necessary to add a server that does nothing but process audit records. The volume is quite large, even in a small network. Regards, Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP My blog: http://TheEssentialExchange.com/blogs/michael I'll be at TEC'2009! http://www.tec2009.com/vegas/index.php From: Alex Carroll [mailto:acarr...@crabco.net] Sent: Wednesday, January 07, 2009 10:25 AM To: NT System Admin Issues Subject: Auditing Everything I have a request from my CEO to audit everything that happens on our network. When users open files, when they change files, delete files, use any programs, go to any websites (we use ie7, firefox), etc etc etc. Do any of you have a good solution you can recommend for that? I can google all I want, but I won't know the real world experience by doing that. We are a smaller company - 16 users. Right now we have 3 servers (1 SBS 03, 2 that are 2003) in production. We use XP and Vista. Thanks in advance! Alex Carroll Software Support Crabtree Companies, Inc. 651-688-2727 -- Devin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Auditing Everything
Not, that's not it, and he won't be done. Someone still has to review the logs, and understand what's happening. The order is to audit everything that happens on our network. When users open files, when they change files, delete files, use any programs, go to any websites (we use ie7, firefox), etc etc etc It's the audit .. change files, delete files, use any programs part that is going to be hell to fulfill. It ain't going to happen, without at least a couple of people going over the logs, and that's after they install the auditing software on all of the machines. As I said, even if all of the software is free, it's going to cost a *lot* of money, for the man-hours needed, if nothing else. That doesn't count the hardware resources necessary to collect/massage/analyze/report on all of that new data. The CEO is dreaming. Kurt On Wed, Jan 7, 2009 at 7:49 AM, Durf stygm...@gmail.com wrote: Christ you all. It doesn't have to be this hard. If they have a Sonicwall, buy the Viewpoint module. If they don't have a Sonicwall, then get them one. There are equivalent products for Cisco and Watchguard. For AD, just turn on appropriate auditing and use GFI EventSentry to gather and report on events. That's it, you're done. Aside from literal keystroke logging on the workstations, these two items will handle everything else on the network that is appropriate. Whether they *should* do it or not is a whole different question, and not what the OP asked. -- Durf On Wed, Jan 7, 2009 at 10:44 AM, Roger Wright rwri...@evatone.com wrote: And how many people does he plan to hire to review and report on all this data? You'll probably need to add storage and another server to accommodate it. Take a look at Adventnet's Eventlog Analyzer… http://manageengine.adventnet.com/products/eventlog/index.html Roger Wright Network Administrator Evatone, Inc. 727.572.7076 x388 _ From: Alex Carroll [mailto:acarr...@crabco.net] Sent: Wednesday, January 07, 2009 10:25 AM To: NT System Admin Issues Subject: Auditing Everything I have a request from my CEO to audit everything that happens on our network. When users open files, when they change files, delete files, use any programs, go to any websites (we use ie7, firefox), etc etc etc. Do any of you have a good solution you can recommend for that? I can google all I want, but I won't know the real world experience by doing that. We are a smaller company – 16 users. Right now we have 3 servers (1 SBS 03, 2 that are 2003) in production. We use XP and Vista. Thanks in advance! Alex Carroll Software Support Crabtree Companies, Inc. 651-688-2727 -- -- Give a man a fish, and he'll eat for a day. Give a fish a man, and he'll eat for weeks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: File name is too long
-Original Message- From: Steven Peck [mailto:sep...@gmail.com] Subject: Re: File name is too long Don't worry, I am sure that someday soon, you too will be part of the Vista OS. Maybe in a future service pack release? That would make for an extremely HHUUGGEE service pack! Webster ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Auditing Everything
Okay guys I suppose you are partially right. The need was stated to carte blanche audit everything. The built in windows audit *has a limit*. It can be overwritten when full. You can loose events. That doesn't fill this need. The need needs to be clarified -- maybe audit file changes on X drive over the last Y days. If you need to audit everything there is a chance that using windows security log wont meet that need. That's all I was getting at. Our file shares have auditing for file changes and we overwrite events as needed. I have used eventcomb to mine our audit entries and it works for our need. Again, the need must be defined. One one box, we do get only about a weeks worth of audit entries then they are overwritten. That meets our need and our owners understand this. I deal with these off-the-cuff requests all the time. The request is made - I deliver the cost. The request is re-defined. I answer with a different cost. Reminds me of building our house. Start out at 4500sq ft and then see the cost, then start cutting back. Devin On Wed, Jan 7, 2009 at 10:47 AM, David Lum david@nwea.org wrote: Log files don't need to be big if you know what you're looking for. It goes back to the I *can* audit everything, but what are you looking for? I, for example, have monitoring software and I look for application installs on all PC's for a 50-user company by simply having it look for Event ID 11707 in the Application log of each PC. Log files are set to their normal size (16MB), and whatever meets the criteria I get an e-mail about, I don't have to search a log for anything. If you know what you're looking for, you can be proactive an never have to manually dig through log files. As Durf says, log files will take care of the needs, but knowing what you're looking for saves a LOT of time. Durf is right, you can accomplish this with auditing settings and an application that can read logs. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 -Original Message- From: Devin Meade [mailto:devin.me...@gmail.com] Sent: Wednesday, January 07, 2009 8:32 AM To: NT System Admin Issues Subject: Re: Auditing Everything Watch out setting the server's event log bigger than 300MB. CHeck this out: http://www.windowsnetworking.com/kbase/WindowsTips/Windows2003/AdminTips/Admin/MaximumsizeforEventlogs.html You are gonna have to use something other than windoze file auditing due to this limit. Something designed for $$ this $$ need $$. Like I see in other posts, you will need multiple tools. We use MS ISA's logging for web surfing history - it works well if setup right. Something tells me he wants it at no cost. hth,Devin On Wed, Jan 7, 2009 at 9:31 AM, Michael B. Smith mich...@theessentialexchange.com wrote: Is he a control freak, or what? ISA can give you web auditing. For the rest, you'll need a third party application. (And you can also go third-party for web auditing – WebSense is probably the most popular.) Personally, I'm fond of NetPro's ChangeAuditor (they were recently acquired by Quest). NetWrix also has a suite of tools for this that is installed at one of my clients. To audit EVERYTHING, you may find it necessary to add a server that does nothing but process audit records. The volume is quite large, even in a small network. Regards, Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP My blog: http://TheEssentialExchange.com/blogs/michael I'll be at TEC'2009! http://www.tec2009.com/vegas/index.php From: Alex Carroll [mailto:acarr...@crabco.net] Sent: Wednesday, January 07, 2009 10:25 AM To: NT System Admin Issues Subject: Auditing Everything I have a request from my CEO to audit everything that happens on our network. When users open files, when they change files, delete files, use any programs, go to any websites (we use ie7, firefox), etc etc etc. Do any of you have a good solution you can recommend for that? I can google all I want, but I won't know the real world experience by doing that. We are a smaller company – 16 users. Right now we have 3 servers (1 SBS 03, 2 that are 2003) in production. We use XP and Vista. Thanks in advance! Alex Carroll Software Support Crabtree Companies, Inc. 651-688-2727 -- Devin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ -- Devin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Auditing Everything
We aren't partially right - we are entirely right. The whole point of GFI EventSentry is to *gather the events from Windows and store them in SQL*. So I can safely disregard your whole first paragraph as frankly ignorant of the possibilities. If you have any clients who have compliance needs, such as the recent Massachussets data privacy regulations, or basically any HIPAA, SARBOX, etc kind of requirements, this is the product that will accomplish these needs. Using the Windows Event Log properly and auditing for Security Events, you can tell who made any modifications to accounts, password changes, security priv elevations...and so forth. There are several products that can accomplish this - I don't want to evangelize GFI; they are just the product I am familiar with. I'm not a reseller or GFI employee. However, the fact it IT CAN DO WHAT THE OP REQUESTED, in combination with other products and techniques. Please, you all, stop saying different unless you have actual knowledge to the contrary. There are a lot of reasons why the OP *should* not do such a thing. But they *can* if they need to. -- Durf -- Durf On Wed, Jan 7, 2009 at 12:07 PM, Devin Meade devin.me...@gmail.com wrote: Okay guys I suppose you are partially right. The need was stated to carte blanche audit everything. The built in windows audit *has a limit*. It can be overwritten when full. You can loose events. That doesn't fill this need. The need needs to be clarified -- maybe audit file changes on X drive over the last Y days. If you need to audit everything there is a chance that using windows security log wont meet that need. That's all I was getting at. Our file shares have auditing for file changes and we overwrite events as needed. I have used eventcomb to mine our audit entries and it works for our need. Again, the need must be defined. One one box, we do get only about a weeks worth of audit entries then they are overwritten. That meets our need and our owners understand this. I deal with these off-the-cuff requests all the time. The request is made - I deliver the cost. The request is re-defined. I answer with a different cost. Reminds me of building our house. Start out at 4500sq ft and then see the cost, then start cutting back. Devin On Wed, Jan 7, 2009 at 10:47 AM, David Lum david@nwea.org wrote: Log files don't need to be big if you know what you're looking for. It goes back to the I *can* audit everything, but what are you looking for? I, for example, have monitoring software and I look for application installs on all PC's for a 50-user company by simply having it look for Event ID 11707 in the Application log of each PC. Log files are set to their normal size (16MB), and whatever meets the criteria I get an e-mail about, I don't have to search a log for anything. If you know what you're looking for, you can be proactive an never have to manually dig through log files. As Durf says, log files will take care of the needs, but knowing what you're looking for saves a LOT of time. Durf is right, you can accomplish this with auditing settings and an application that can read logs. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 -Original Message- From: Devin Meade [mailto:devin.me...@gmail.com] Sent: Wednesday, January 07, 2009 8:32 AM To: NT System Admin Issues Subject: Re: Auditing Everything Watch out setting the server's event log bigger than 300MB. CHeck this out: http://www.windowsnetworking.com/kbase/WindowsTips/Windows2003/AdminTips/Admin/MaximumsizeforEventlogs.html You are gonna have to use something other than windoze file auditing due to this limit. Something designed for $$ this $$ need $$. Like I see in other posts, you will need multiple tools. We use MS ISA's logging for web surfing history - it works well if setup right. Something tells me he wants it at no cost. hth,Devin On Wed, Jan 7, 2009 at 9:31 AM, Michael B. Smith mich...@theessentialexchange.com wrote: Is he a control freak, or what? ISA can give you web auditing. For the rest, you'll need a third party application. (And you can also go third-party for web auditing – WebSense is probably the most popular.) Personally, I'm fond of NetPro's ChangeAuditor (they were recently acquired by Quest). NetWrix also has a suite of tools for this that is installed at one of my clients. To audit EVERYTHING, you may find it necessary to add a server that does nothing but process audit records. The volume is quite large, even in a small network. Regards, Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP My blog: http://TheEssentialExchange.com/blogs/michael I'll be at TEC'2009! http://www.tec2009.com/vegas/index.php From: Alex Carroll [mailto:acarr...@crabco.net] Sent: Wednesday, January
Re: File name is too long
On Wed, Jan 7, 2009 at 8:53 AM, Webster carlwebs...@gmail.com wrote: -Original Message- From: Steven Peck [mailto:sep...@gmail.com] Subject: Re: File name is too long Don't worry, I am sure that someday soon, you too will be part of the Vista OS. Maybe in a future service pack release? That would make for an extremely HHUUGGEE service pack! Webster I don't think the world is ready for any more than one of me... Heh. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Auditing Everything
Durf: He needs a better definition of the need. You say I am wrong and then go on to speak of defined needs with legistation mentioned. I totally agree (didnt I just say that)? The windows event log alone won't do it. If you go over 300MB on a 2003 server you will have perfomance issues. You then go on to and mention GFI which is a product designed to do this. Okay. To the OP: If you do decide to use the built in security log, please make sure you run down the event log size limitations. Also understand that there is a chance of loosing audit data. If that's important - then you must offload the audit logging. Oh dang there is that define the needs thing again. By all means use it if it works for you, it does for us. More on event log limitation: http://technet.microsoft.com/en-us/library/cc778402.aspx http://techrepublic.com.com/5208-7343-0.html?forumID=101threadID=256498 http://redmondmag.com/columns/article.asp?EditorialsID=743 I hope this helps you in your choices, that's what this list is all about. -Devin On Wed, Jan 7, 2009 at 11:54 AM, Durf stygm...@gmail.com wrote: We aren't partially right - we are entirely right. The whole point of GFI EventSentry is to *gather the events from Windows and store them in SQL*. So I can safely disregard your whole first paragraph as frankly ignorant of the possibilities. If you have any clients who have compliance needs, such as the recent Massachussets data privacy regulations, or basically any HIPAA, SARBOX, etc kind of requirements, this is the product that will accomplish these needs. Using the Windows Event Log properly and auditing for Security Events, you can tell who made any modifications to accounts, password changes, security priv elevations...and so forth. There are several products that can accomplish this - I don't want to evangelize GFI; they are just the product I am familiar with. I'm not a reseller or GFI employee. However, the fact it IT CAN DO WHAT THE OP REQUESTED, in combination with other products and techniques. Please, you all, stop saying different unless you have actual knowledge to the contrary. There are a lot of reasons why the OP *should* not do such a thing. But they *can* if they need to. -- Durf -- Durf On Wed, Jan 7, 2009 at 12:07 PM, Devin Meade devin.me...@gmail.com wrote: Okay guys I suppose you are partially right. The need was stated to carte blanche audit everything. The built in windows audit *has a limit*. It can be overwritten when full. You can loose events. That doesn't fill this need. The need needs to be clarified -- maybe audit file changes on X drive over the last Y days. If you need to audit everything there is a chance that using windows security log wont meet that need. That's all I was getting at. Our file shares have auditing for file changes and we overwrite events as needed. I have used eventcomb to mine our audit entries and it works for our need. Again, the need must be defined. One one box, we do get only about a weeks worth of audit entries then they are overwritten. That meets our need and our owners understand this. I deal with these off-the-cuff requests all the time. The request is made - I deliver the cost. The request is re-defined. I answer with a different cost. Reminds me of building our house. Start out at 4500sq ft and then see the cost, then start cutting back. Devin On Wed, Jan 7, 2009 at 10:47 AM, David Lum david@nwea.org wrote: Log files don't need to be big if you know what you're looking for. It goes back to the I *can* audit everything, but what are you looking for? I, for example, have monitoring software and I look for application installs on all PC's for a 50-user company by simply having it look for Event ID 11707 in the Application log of each PC. Log files are set to their normal size (16MB), and whatever meets the criteria I get an e-mail about, I don't have to search a log for anything. If you know what you're looking for, you can be proactive an never have to manually dig through log files. As Durf says, log files will take care of the needs, but knowing what you're looking for saves a LOT of time. Durf is right, you can accomplish this with auditing settings and an application that can read logs. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 -Original Message- From: Devin Meade [mailto:devin.me...@gmail.com] Sent: Wednesday, January 07, 2009 8:32 AM To: NT System Admin Issues Subject: Re: Auditing Everything Watch out setting the server's event log bigger than 300MB. CHeck this out: http://www.windowsnetworking.com/kbase/WindowsTips/Windows2003/AdminTips/Admin/MaximumsizeforEventlogs.html You are gonna have to use something other than windoze file auditing due to this limit. Something designed for $$ this $$ need $$. Like I see in other posts,
Re: Auditing Everything
Gathering data is not sufficient - it will not accomplish the stated goals, by itself, even though, as you say, tools exist that can do what he wants. That's because the audit function is not mere data collection. The task also requires evaluation/interpretation of the gathered data. That is the real stumbling block, assuming the added hardware and software and other implementation costs can be overcome, which I doubt is going to happen in a 16-person office. While technically, yes, the job can be done, the task is ill-defined, and will, if carried out literally, reduce profit margins to zero, or below, unless it's more profitable than company I've ever heard of. Kurt On Wed, Jan 7, 2009 at 9:54 AM, Durf stygm...@gmail.com wrote: We aren't partially right - we are entirely right. The whole point of GFI EventSentry is to *gather the events from Windows and store them in SQL*. So I can safely disregard your whole first paragraph as frankly ignorant of the possibilities. If you have any clients who have compliance needs, such as the recent Massachussets data privacy regulations, or basically any HIPAA, SARBOX, etc kind of requirements, this is the product that will accomplish these needs. Using the Windows Event Log properly and auditing for Security Events, you can tell who made any modifications to accounts, password changes, security priv elevations...and so forth. There are several products that can accomplish this - I don't want to evangelize GFI; they are just the product I am familiar with. I'm not a reseller or GFI employee. However, the fact it IT CAN DO WHAT THE OP REQUESTED, in combination with other products and techniques. Please, you all, stop saying different unless you have actual knowledge to the contrary. There are a lot of reasons why the OP *should* not do such a thing. But they *can* if they need to. -- Durf -- Durf On Wed, Jan 7, 2009 at 12:07 PM, Devin Meade devin.me...@gmail.com wrote: Okay guys I suppose you are partially right. The need was stated to carte blanche audit everything. The built in windows audit *has a limit*. It can be overwritten when full. You can loose events. That doesn't fill this need. The need needs to be clarified -- maybe audit file changes on X drive over the last Y days. If you need to audit everything there is a chance that using windows security log wont meet that need. That's all I was getting at. Our file shares have auditing for file changes and we overwrite events as needed. I have used eventcomb to mine our audit entries and it works for our need. Again, the need must be defined. One one box, we do get only about a weeks worth of audit entries then they are overwritten. That meets our need and our owners understand this. I deal with these off-the-cuff requests all the time. The request is made - I deliver the cost. The request is re-defined. I answer with a different cost. Reminds me of building our house. Start out at 4500sq ft and then see the cost, then start cutting back. Devin On Wed, Jan 7, 2009 at 10:47 AM, David Lum david@nwea.org wrote: Log files don't need to be big if you know what you're looking for. It goes back to the I *can* audit everything, but what are you looking for? I, for example, have monitoring software and I look for application installs on all PC's for a 50-user company by simply having it look for Event ID 11707 in the Application log of each PC. Log files are set to their normal size (16MB), and whatever meets the criteria I get an e-mail about, I don't have to search a log for anything. If you know what you're looking for, you can be proactive an never have to manually dig through log files. As Durf says, log files will take care of the needs, but knowing what you're looking for saves a LOT of time. Durf is right, you can accomplish this with auditing settings and an application that can read logs. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 -Original Message- From: Devin Meade [mailto:devin.me...@gmail.com] Sent: Wednesday, January 07, 2009 8:32 AM To: NT System Admin Issues Subject: Re: Auditing Everything Watch out setting the server's event log bigger than 300MB. CHeck this out: http://www.windowsnetworking.com/kbase/WindowsTips/Windows2003/AdminTips/Admin/MaximumsizeforEventlogs.html You are gonna have to use something other than windoze file auditing due to this limit. Something designed for $$ this $$ need $$. Like I see in other posts, you will need multiple tools. We use MS ISA's logging for web surfing history - it works well if setup right. Something tells me he wants it at no cost. hth,Devin On Wed, Jan 7, 2009 at 9:31 AM, Michael B. Smith mich...@theessentialexchange.com wrote: Is he a control freak, or what? ISA can give you web auditing. For the rest, you'll
RE: Auditing Everything
Can you all clarify something? I cannot find GFI EventSentry, I can find GFI EventsManager http://www.gfi.com/eventsmanager/ and netikus ltd. EventSentry http://www.eventsentry.com/ . So I am just wondering which one is the product people are using? Gene Giannamore Abide International Inc. Technical Support 561 1st Street West Sonoma,Ca.95476 (707) 935-1577Office (707) 935-9387Fax (707) 766-4185 Cell gene.giannam...@abideinternational.com -Original Message- From: Durf [mailto:stygm...@gmail.com] Sent: Wednesday, January 07, 2009 9:55 AM To: NT System Admin Issues Subject: Re: Auditing Everything We aren't partially right - we are entirely right. The whole point of GFI EventSentry is to *gather the events from Windows and store them in SQL*. So I can safely disregard your whole first paragraph as frankly ignorant of the possibilities. If you have any clients who have compliance needs, such as the recent Massachussets data privacy regulations, or basically any HIPAA, SARBOX, etc kind of requirements, this is the product that will accomplish these needs. Using the Windows Event Log properly and auditing for Security Events, you can tell who made any modifications to accounts, password changes, security priv elevations...and so forth. There are several products that can accomplish this - I don't want to evangelize GFI; they are just the product I am familiar with. I'm not a reseller or GFI employee. However, the fact it IT CAN DO WHAT THE OP REQUESTED, in combination with other products and techniques. Please, you all, stop saying different unless you have actual knowledge to the contrary. There are a lot of reasons why the OP *should* not do such a thing. But they *can* if they need to. -- Durf -- Durf On Wed, Jan 7, 2009 at 12:07 PM, Devin Meade devin.me...@gmail.com wrote: Okay guys I suppose you are partially right. The need was stated to carte blanche audit everything. The built in windows audit *has a limit*. It can be overwritten when full. You can loose events. That doesn't fill this need. The need needs to be clarified -- maybe audit file changes on X drive over the last Y days. If you need to audit everything there is a chance that using windows security log wont meet that need. That's all I was getting at. Our file shares have auditing for file changes and we overwrite events as needed. I have used eventcomb to mine our audit entries and it works for our need. Again, the need must be defined. One one box, we do get only about a weeks worth of audit entries then they are overwritten. That meets our need and our owners understand this. I deal with these off-the-cuff requests all the time. The request is made - I deliver the cost. The request is re-defined. I answer with a different cost. Reminds me of building our house. Start out at 4500sq ft and then see the cost, then start cutting back. Devin On Wed, Jan 7, 2009 at 10:47 AM, David Lum david@nwea.org wrote: Log files don't need to be big if you know what you're looking for. It goes back to the I *can* audit everything, but what are you looking for? I, for example, have monitoring software and I look for application installs on all PC's for a 50-user company by simply having it look for Event ID 11707 in the Application log of each PC. Log files are set to their normal size (16MB), and whatever meets the criteria I get an e-mail about, I don't have to search a log for anything. If you know what you're looking for, you can be proactive an never have to manually dig through log files. As Durf says, log files will take care of the needs, but knowing what you're looking for saves a LOT of time. Durf is right, you can accomplish this with auditing settings and an application that can read logs. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 -Original Message- From: Devin Meade [mailto:devin.me...@gmail.com] Sent: Wednesday, January 07, 2009 8:32 AM To: NT System Admin Issues Subject: Re: Auditing Everything Watch out setting the server's event log bigger than 300MB. CHeck this out: http://www.windowsnetworking.com/kbase/WindowsTips/Windows2003/AdminTips/Admin/MaximumsizeforEventlogs.html You are gonna have to use something other than windoze file auditing due to this limit. Something designed for $$ this $$ need $$. Like I see in other posts, you will need multiple tools. We use MS ISA's logging for web surfing history - it works well if setup right.
OT: Gotta Get Me Some o' Dat!
Perfect for the home office: http://www.engadget.com/2007/06/08/jvcs-worlds-largest-tv-110-inches-and -728-pounds-of-hd/ Roger Wright Network Administrator Evatone, Inc. 727.572.7076 x388 _ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~image002.jpg
Re: OT: Gotta Get Me Some o' Dat!
It's not the size of your TV, it's how you use it. On Wed, Jan 7, 2009 at 1:51 PM, Roger Wright rwri...@evatone.com wrote: Perfect for the home office: http://www.engadget.com/2007/06/08/jvcs-worlds-largest-tv-110-inches-and-728-pounds-of-hd/ Roger Wright Network Administrator Evatone, Inc. 727.572.7076 x388 [image: ET E-mail Signature Logo] _ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~image002.jpg
Re: OT: Gotta Get Me Some o' Dat!
i bet it looks horrible. -- ME2 On Wed, Jan 7, 2009 at 1:51 PM, Roger Wright rwri...@evatone.com wrote: Perfect for the home office: http://www.engadget.com/2007/06/08/jvcs-worlds-largest-tv-110-inches-and-728-pounds-of-hd/ Roger Wright Network Administrator Evatone, Inc. 727.572.7076 x388 _ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: OT: Gotta Get Me Some o' Dat!
Keep telling yourself that... From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Wednesday, January 07, 2009 1:56 PM To: NT System Admin Issues Subject: Re: OT: Gotta Get Me Some o' Dat! This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Auditing Everything
EventManager from GFI is what I wrote and what we have. I think the others typo'd or something :) -Original Message- From: Gene Giannamore [mailto:gene.giannam...@abideinternational.com] Sent: Wednesday, January 07, 2009 1:51 PM To: NT System Admin Issues Subject: RE: Auditing Everything Can you all clarify something? I cannot find GFI EventSentry, I can find GFI EventsManager http://www.gfi.com/eventsmanager/ and netikus ltd. EventSentry http://www.eventsentry.com/ . So I am just wondering which one is the product people are using? Gene Giannamore Abide International Inc. Technical Support 561 1st Street West Sonoma,Ca.95476 (707) 935-1577Office (707) 935-9387Fax (707) 766-4185 Cell gene.giannam...@abideinternational.com -Original Message- From: Durf [mailto:stygm...@gmail.com] Sent: Wednesday, January 07, 2009 9:55 AM To: NT System Admin Issues Subject: Re: Auditing Everything We aren't partially right - we are entirely right. The whole point of GFI EventSentry is to *gather the events from Windows and store them in SQL*. So I can safely disregard your whole first paragraph as frankly ignorant of the possibilities. If you have any clients who have compliance needs, such as the recent Massachussets data privacy regulations, or basically any HIPAA, SARBOX, etc kind of requirements, this is the product that will accomplish these needs. Using the Windows Event Log properly and auditing for Security Events, you can tell who made any modifications to accounts, password changes, security priv elevations...and so forth. There are several products that can accomplish this - I don't want to evangelize GFI; they are just the product I am familiar with. I'm not a reseller or GFI employee. However, the fact it IT CAN DO WHAT THE OP REQUESTED, in combination with other products and techniques. Please, you all, stop saying different unless you have actual knowledge to the contrary. There are a lot of reasons why the OP *should* not do such a thing. But they *can* if they need to. -- Durf -- Durf On Wed, Jan 7, 2009 at 12:07 PM, Devin Meade devin.me...@gmail.com wrote: Okay guys I suppose you are partially right. The need was stated to carte blanche audit everything. The built in windows audit *has a limit*. It can be overwritten when full. You can loose events. That doesn't fill this need. The need needs to be clarified -- maybe audit file changes on X drive over the last Y days. If you need to audit everything there is a chance that using windows security log wont meet that need. That's all I was getting at. Our file shares have auditing for file changes and we overwrite events as needed. I have used eventcomb to mine our audit entries and it works for our need. Again, the need must be defined. One one box, we do get only about a weeks worth of audit entries then they are overwritten. That meets our need and our owners understand this. I deal with these off-the-cuff requests all the time. The request is made - I deliver the cost. The request is re-defined. I answer with a different cost. Reminds me of building our house. Start out at 4500sq ft and then see the cost, then start cutting back. Devin On Wed, Jan 7, 2009 at 10:47 AM, David Lum david@nwea.org wrote: Log files don't need to be big if you know what you're looking for. It goes back to the I *can* audit everything, but what are you looking for? I, for example, have monitoring software and I look for application installs on all PC's for a 50-user company by simply having it look for Event ID 11707 in the Application log of each PC. Log files are set to their normal size (16MB), and whatever meets the criteria I get an e-mail about, I don't have to search a log for anything. If you know what you're looking for, you can be proactive an never have to manually dig through log files. As Durf says, log files will take care of the needs, but knowing what you're looking for saves a LOT of time. Durf is right, you can accomplish this with auditing settings and an application that can read logs. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 -Original Message- From: Devin Meade [mailto:devin.me...@gmail.com] Sent: Wednesday, January 07, 2009 8:32 AM To: NT System Admin Issues Subject: Re: Auditing Everything Watch out setting the server's event log bigger than 300MB. CHeck this out:
Re: OT: Gotta Get Me Some o' Dat!
Time to break out the Intellivision! Imagine over 100 inches of everyone's favorite 4 bit system. On Wed, Jan 7, 2009 at 1:59 PM, Rob Bonfiglio robbonfig...@gmail.comwrote: How else would you use it? Atari baby! On Wed, Jan 7, 2009 at 1:55 PM, Jonathan Link jonathan.l...@gmail.comwrote: It's not the size of your TV, it's how you use it. On Wed, Jan 7, 2009 at 1:51 PM, Roger Wright rwri...@evatone.com wrote: Perfect for the home office: http://www.engadget.com/2007/06/08/jvcs-worlds-largest-tv-110-inches-and-728-pounds-of-hd/ Roger Wright Network Administrator Evatone, Inc. 727.572.7076 x388 [image: ET E-mail Signature Logo] _ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~image002.jpg
RE: OT: Gotta Get Me Some o' Dat!
Pong Parties! From: Rob Bonfiglio [mailto:robbonfig...@gmail.com] Sent: Wednesday, January 07, 2009 10:59 AM To: NT System Admin Issues Subject: Re: OT: Gotta Get Me Some o' Dat! How else would you use it? Atari baby! On Wed, Jan 7, 2009 at 1:55 PM, Jonathan Link jonathan.l...@gmail.com wrote: It's not the size of your TV, it's how you use it. On Wed, Jan 7, 2009 at 1:51 PM, Roger Wright rwri...@evatone.com wrote: Perfect for the home office: http://www.engadget.com/2007/06/08/jvcs-worlds-largest-tv-110-inches-and-728 -pounds-of-hd/ Roger Wright Network Administrator Evatone, Inc. 727.572.7076 x388 ET E-mail Signature Logo _ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~image001.jpg
New DL380 G5
Ok, I'm getting ready for my VMware install, I would like to make sure my two new servers have the latest firmware before I install anything. What's the best way? Do I just insert the SmartStart and it will ask me for the latest ProLiant Support Pack? I need to install the second processor and apparently it's important to have the latest ROM update before installing the second processor. __ Stefan Jafs This email and any attached files are confidential and intended solely for the intended recipient(s). If you are not the named recipient you should not read, distribute, copy or alter this email. Any views or opinions expressed in this email are those of the author and do not represent those of the Amico Corpoartion company. Warning: Although precautions have been taken to make sure no viruses are present in this email, the company cannot accept responsibility for any loss or damage that arise from the use of this email or attachments. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
W2K8 SAV 10.2 client not getting updates from Parent server
Just installed the 10.2 client on a few test W2K8 32-bit boxes and none of them are getting the updates from the parent server. I don't see anything in the logs to indicate why. I am familiar with the process of setting up this type of configuration and have dropped the correct GRC.DAT file on the clients as well as making sure they have the correct certificates. I am also aware of the issue with 64-bit clients. I've done a bunch of Googling on this and so far no luck. I can manually update them by giving them the .XDB file or doing a LiveUpdate. Anyone run into this yet and resolve it? Thanks, Chris Bodnar, MCSE Sr. Systems Engineer Distributed Systems Service Delivery - Intel Services Guardian Life Insurance Company of America Email: christopher_bod...@glic.com Phone: 610-807-6459 Fax: 610-807-6003 - This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: New DL380 G5
Yes Smartstart will guide you through a ROM update. I've never done the update before installing the second proc though. Never have heard or read anything about that. On Wed, Jan 7, 2009 at 1:13 PM, Stefan Jafs sj...@amico.com wrote: Ok, I'm getting ready for my VMware install, I would like to make sure my two new servers have the latest firmware before I install anything. What's the best way? Do I just insert the SmartStart and it will ask me for the latest ProLiant Support Pack? I need to install the second processor and apparently it's important to have the latest ROM update before installing the second processor. *__* *Stefan Jafs* This email and any attached files are confidential and intended solely for the intended recipient(s). If you are not the named recipient you should not read, distribute, copy or alter this email. Any views or opinions expressed in this email are those of the author and do not represent those of the Amico Corporation. Warning: Although precautions have been taken to make sure no viruses are present in this email, the company cannot accept responsibility for any loss or damage that arise from the use of this email or attachments. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
feeling quite dumb today - could use some help
I'm trying to setup a simple lab and something just isn't working. I could use some help. Server A - 2003 AD DC with DNS - connects to internet just great using local DNS server which forwards requests to ISP. Server B - part of 2003 AD Domain - using DNS Server on Server A and using gateway that matches Server A's IP address. Static IPs on both servers. Server B can't get to the internet. Is this because I should have the gateway of Server B set to the Gateway of the internet facing router? Or is this something I've done wrong when DCPromo ran and installed and configured DNS? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: feeling quite dumb today - could use some help
Server B should use the same gateway that Server A is using. From: Bryan Garmon [mailto:bryan.gar...@gmail.com] Sent: Wednesday, January 07, 2009 1:28 PM To: NT System Admin Issues Subject: feeling quite dumb today - could use some help ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Cisco Catalyst command question
I need to enable SNMP on my Catalyst. I've found 3 SNMP commands, and need to know which/how to use them: Snmp-server enable traps - Is this the command to enable SNMP? How do I use this generically, to simply turn snmp on so that my network monitoring tool can identify the box, and monitor the ports? Snmp-server host - Do I need to specify the machine that's going to be doing snmp queries, or can I just leave it open? Is it dangerous not to specify a host? Snmp-server community - self explanatory, to set the community string, with the access rights. From what I'm reading in the Command Reference, it appears that I want to use the snmp-server host command, specify the specific host, and leave it at that. Is that the approved method? Joe Heaton AISA Employment Training Panel 1100 J Street, 4th Floor Sacramento, CA 95814 (916) 327-5276 jhea...@etp.ca.gov ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: feeling quite dumb today - could use some help
Thank you -that fixed that issue. Second pressing problem - In this simple setup - from Server B - I type nslookup and get Can't find server name for address W.X.Y.Z: Non-existent domain. Default Server: Unknown Address: W.Z.Y.Z. thoughts? On Wed, Jan 7, 2009 at 2:35 PM, Kim Longenbaugh k...@colonialsavings.comwrote: Server B should use the same gateway that Server A is using. -- *From:* Bryan Garmon [mailto:bryan.gar...@gmail.com] *Sent:* Wednesday, January 07, 2009 1:28 PM *To:* NT System Admin Issues *Subject:* feeling quite dumb today - could use some help ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: New DL380 G5
Use the latest firmware CD from HP.com, not smartstart. - John Barsodi From: Stefan Jafs [mailto:sj...@amico.com] Sent: Wednesday, January 07, 2009 11:14 AM To: NT System Admin Issues Subject: New DL380 G5 Ok, I'm getting ready for my VMware install, I would like to make sure my two new servers have the latest firmware before I install anything. What's the best way? Do I just insert the SmartStart and it will ask me for the latest ProLiant Support Pack? I need to install the second processor and apparently it's important to have the latest ROM update before installing the second processor. __ Stefan Jafs This email and any attached files are confidential and intended solely for the intended recipient(s). If you are not the named recipient you should not read, distribute, copy or alter this email. Any views or opinions expressed in this email are those of the author and do not represent those of the Amico Corporation. Warning: Although precautions have been taken to make sure no viruses are present in this email, the company cannot accept responsibility for any loss or damage that arise from the use of this email or attachments. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: New DL380 G5
Don't know how you figure that? If you buy a server at some date when revision X of firmware is out, how do you make it dual procced? Next month revision X+1 is out? Not logical... Toss the firmware cd in, or mount the iso via ilo and give'er. jlc From: Stefan Jafs [mailto:sj...@amico.com] Sent: Wednesday, January 07, 2009 12:14 PM To: NT System Admin Issues Subject: New DL380 G5 Ok, I'm getting ready for my VMware install, I would like to make sure my two new servers have the latest firmware before I install anything. What's the best way? Do I just insert the SmartStart and it will ask me for the latest ProLiant Support Pack? I need to install the second processor and apparently it's important to have the latest ROM update before installing the second processor. __ Stefan Jafs This email and any attached files are confidential and intended solely for the intended recipient(s). If you are not the named recipient you should not read, distribute, copy or alter this email. Any views or opinions expressed in this email are those of the author and do not represent those of the Amico Corporation. Warning: Although precautions have been taken to make sure no viruses are present in this email, the company cannot accept responsibility for any loss or damage that arise from the use of this email or attachments. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Gotta Get Me Some o' Dat!
110? But mine goes to 150! http://www.switched.com/2007/12/27/worlds-largest-tv-measures-in-at-150- inches/ Thanks, Jake Gardner TTC Network Administrator Ext. 246 From: Roger Wright [mailto:rwri...@evatone.com] Sent: Wednesday, January 07, 2009 1:51 PM To: NT System Admin Issues Subject: OT: Gotta Get Me Some o' Dat! Perfect for the home office: http://www.engadget.com/2007/06/08/jvcs-worlds-largest-tv-110-inches-and -728-pounds-of-hd/ Roger Wright Network Administrator Evatone, Inc. 727.572.7076 x388 _ ***Teletronics Technology Corporation*** This e-mail is confidential and may also be privileged. If you are not the addressee or authorized by the addressee to receive this e-mail, you may not disclose, copy, distribute, or use this e-mail. If you have received this e-mail in error, please notify the sender immediately by reply e-mail or by telephone at 267-352-2020 and destroy this message and any copies. Thank you. *** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~image002.jpg
RE: New DL380 G5
Perfect that's what I was looking for, Thanks ___ Stefan Jafs From: Barsodi.John [mailto:john.bars...@igt.com] Sent: Wednesday, January 07, 2009 2:39 PM To: NT System Admin Issues Subject: RE: New DL380 G5 Use the latest firmware CD from HP.com, not smartstart. - John Barsodi From: Stefan Jafs [mailto:sj...@amico.com] Sent: Wednesday, January 07, 2009 11:14 AM To: NT System Admin Issues Subject: New DL380 G5 Ok, I'm getting ready for my VMware install, I would like to make sure my two new servers have the latest firmware before I install anything. What's the best way? Do I just insert the SmartStart and it will ask me for the latest ProLiant Support Pack? I need to install the second processor and apparently it's important to have the latest ROM update before installing the second processor. __ Stefan Jafs This email and any attached files are confidential and intended solely for the intended recipient(s). If you are not the named recipient you should not read, distribute, copy or alter this email. Any views or opinions expressed in this email are those of the author and do not represent those of the Amico Corporation. Warning: Although precautions have been taken to make sure no viruses are present in this email, the company cannot accept responsibility for any loss or damage that arise from the use of this email or attachments. This email and any attached files are confidential and intended solely for the intended recipient(s). If you are not the named recipient you should not read, distribute, copy or alter this email. Any views or opinions expressed in this email are those of the author and do not represent those of the Amico Corpoartion company. Warning: Although precautions have been taken to make sure no viruses are present in this email, the company cannot accept responsibility for any loss or damage that arise from the use of this email or attachments. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: feeling quite dumb today - could use some help
Is there a reverse lookup zone setup for the domain? Is there a PTR record for server A? Chris Bodnar, MCSE Sr. Systems Engineer Distributed Systems Service Delivery - Intel Services Guardian Life Insurance Company of America Email: christopher_bod...@glic.com Phone: 610-807-6459 Fax: 610-807-6003 _ From: Bryan Garmon [mailto:bryan.gar...@gmail.com] Sent: Wednesday, January 07, 2009 2:39 PM To: NT System Admin Issues Subject: Re: feeling quite dumb today - could use some help Thank you -that fixed that issue. Second pressing problem - In this simple setup - from Server B - I type nslookup and get Can't find server name for address W.X.Y.Z: Non-existent domain. Default Server: Unknown Address: W.Z.Y.Z. thoughts? On Wed, Jan 7, 2009 at 2:35 PM, Kim Longenbaugh k...@colonialsavings.com wrote: Server B should use the same gateway that Server A is using. - This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Gotta Get Me Some o' Dat!
I'd prefer the cosplay girl next to it thanks. - Original Message - From: Jake Gardner To: NT System Admin Issues Sent: Wednesday, January 07, 2009 2:42 PM Subject: RE: Gotta Get Me Some o' Dat! 110? But mine goes to 150! http://www.switched.com/2007/12/27/worlds-largest-tv-measures-in-at-150-inches/ Thanks, Jake Gardner TTC Network Administrator Ext. 246 -- From: Roger Wright [mailto:rwri...@evatone.com] Sent: Wednesday, January 07, 2009 1:51 PM To: NT System Admin Issues Subject: OT: Gotta Get Me Some o' Dat! Perfect for the home office: http://www.engadget.com/2007/06/08/jvcs-worlds-largest-tv-110-inches-and-728-pounds-of-hd/ Roger Wright Network Administrator Evatone, Inc. 727.572.7076 x388 _ ***Teletronics Technology Corporation*** This e-mail is confidential and may also be privileged. If you are not the addressee or authorized by the addressee to receive this e-mail, you may not disclose, copy, distribute, or use this e-mail. If you have received this e-mail in error, please notify the sender immediately by reply e-mail or by telephone at 267-352-2020 and destroy this message and any copies. Thank you. *** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~image002.jpg
Re: feeling quite dumb today - could use some help
Yes, I added a reverse lookup zone for the domain. DNS shows an SOA record, a NS record, and 3 Host (A) records - all of which point to the 2 servers in question. On Wed, Jan 7, 2009 at 2:47 PM, Christopher Bodnar christopher_bod...@glic.com wrote: Is there a reverse lookup zone setup for the domain? Is there a PTR record for server A? Chris Bodnar, MCSE Sr. Systems Engineer Distributed Systems Service Delivery - Intel Services Guardian Life Insurance Company of America Email: christopher_bod...@glic.com Phone: 610-807-6459 Fax: 610-807-6003 -- *From:* Bryan Garmon [mailto:bryan.gar...@gmail.com] *Sent:* Wednesday, January 07, 2009 2:39 PM *To:* NT System Admin Issues *Subject:* Re: feeling quite dumb today - could use some help Thank you -that fixed that issue. Second pressing problem - In this simple setup - from Server B - I type nslookup and get Can't find server name for address W.X.Y.Z: Non-existent domain. Default Server: Unknown Address: W.Z.Y.Z. thoughts? On Wed, Jan 7, 2009 at 2:35 PM, Kim Longenbaugh k...@colonialsavings.com wrote: Server B should use the same gateway that Server A is using. -- *This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. * ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: feeling quite dumb today - could use some help
But is there a PTR record in the reverse lookup zone? Can you do an nslookup on the IP address of server A? Nslookup 10.x.x.x Chris Bodnar, MCSE Sr. Systems Engineer Distributed Systems Service Delivery - Intel Services Guardian Life Insurance Company of America Email: christopher_bod...@glic.com Phone: 610-807-6459 Fax: 610-807-6003 _ From: Bryan Garmon [mailto:bryan.gar...@gmail.com] Sent: Wednesday, January 07, 2009 3:04 PM To: NT System Admin Issues Subject: Re: feeling quite dumb today - could use some help - This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Cisco Catalyst command question
snmp-server enable traps just enables the switch/router to begin sending trap events as they occur to the host that you provided in the snmp-server host command. Once you turn it on... issue the show run command and you'll see that the switch actually enabled a bunch more automatically for you. The snmp-server community command is what needs to be setup to allow an SNMP station to poll it for information (Read Only), or write information to it (Read Write). For simple SNMPv1, I like to use this config: access-list 99 permit 192.168.1.0 0.0.0.255 snmp-server community R3aD0n1Y R3adWr1t3 99 snmp-server location 1234 Some Street, Nowhereville, NW snmp-server contact John Smith - (123) 555-1212 snmp-server chassis-id CATSWITCH01 For a more secure implementation, look into v2 or v3 of SNMP as they add encryption and authentication to messages that traverse the wire. Hope this helps! Aaron T. Rohyans Senior Network Engineer CCIE #21945, CCSP, CCNA, CQS-Firewall, CQS-IDS, CQS-VPN, ISSP, CISP, JNCIA-ER DPSciences Corporation 7400 N. Shadeland Ave., Suite 245 Indianapolis, IN 46250 Office: (317) 849-6772 x 7626 Fax: (317) 849-7134 arohy...@dpsciences.com mailto:dwiss...@dpsciences.com http://www.dpsciences.com/ From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Wednesday, January 07, 2009 2:38 PM To: NT System Admin Issues Subject: Cisco Catalyst command question I need to enable SNMP on my Catalyst. I've found 3 SNMP commands, and need to know which/how to use them: Snmp-server enable traps - Is this the command to enable SNMP? How do I use this generically, to simply turn snmp on so that my network monitoring tool can identify the box, and monitor the ports? Snmp-server host - Do I need to specify the machine that's going to be doing snmp queries, or can I just leave it open? Is it dangerous not to specify a host? Snmp-server community - self explanatory, to set the community string, with the access rights. From what I'm reading in the Command Reference, it appears that I want to use the snmp-server host command, specify the specific host, and leave it at that. Is that the approved method? Joe Heaton AISA Employment Training Panel 1100 J Street, 4th Floor Sacramento, CA 95814 (916) 327-5276 jhea...@etp.ca.gov ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: feeling quite dumb today - could use some help
In the reverse lookup zone there is a SOA record for the DC (Server A) and also a NS record for the DC (Server A) And no - when I try nslookup on IP of server A it returns unknown - can't find IP: Non-existent domain On Wed, Jan 7, 2009 at 3:10 PM, Christopher Bodnar christopher_bod...@glic.com wrote: But is there a PTR record in the reverse lookup zone? Can you do an nslookup on the IP address of server A? Nslookup 10.x.x.x Chris Bodnar, MCSE Sr. Systems Engineer Distributed Systems Service Delivery - Intel Services Guardian Life Insurance Company of America Email: christopher_bod...@glic.com Phone: 610-807-6459 Fax: 610-807-6003 -- *From:* Bryan Garmon [mailto:bryan.gar...@gmail.com] *Sent:* Wednesday, January 07, 2009 3:04 PM *To:* NT System Admin Issues *Subject:* Re: feeling quite dumb today - could use some help -- *This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. * ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Cisco Catalyst command question
Perfect. Thanks Phil, and Aaron. Joe Heaton Employment Training Panel -Original Message- From: Phil Brutsche [mailto:p...@optimumdata.com] Sent: Wednesday, January 07, 2009 12:14 PM To: NT System Admin Issues Subject: Re: Cisco Catalyst command question It depends on what exactly you're going to do snmp-wise. snmp-server enable traps enables the sending of SNMP traps, and snmp-server host sets the host to send them to. If you are going to generate bandwidth graphs with Cacti, MRTG or something similar all you need to do is set the SNMP community, like so: snmp-server community public RO If you want to limit which hosts can perform snmp queries, you would do something like this: access-list 1 permit 192.168.0.0 0.0.0.255 snmp-server community public RO 1 Joe Heaton wrote: I need to enable SNMP on my Catalyst. I've found 3 SNMP commands, and need to know which/how to use them: Snmp-server enable traps - Is this the command to enable SNMP? How do I use this generically, to simply turn snmp on so that my network monitoring tool can identify the box, and monitor the ports? Snmp-server host - Do I need to specify the machine that's going to be doing snmp queries, or can I just leave it open? Is it dangerous not to specify a host? Snmp-server community - self explanatory, to set the community string, with the access rights. -- Phil Brutsche p...@optimumdata.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: feeling quite dumb today - could use some help
Okay - I get it now - sorry - I now have PTR records in the reverse lookup name for both Server A and Server B and NSlookup is now working as expected. Thanks for the help. On Wed, Jan 7, 2009 at 3:16 PM, Bryan Garmon bryan.gar...@gmail.com wrote: In the reverse lookup zone there is a SOA record for the DC (Server A) and also a NS record for the DC (Server A) And no - when I try nslookup on IP of server A it returns unknown - can't find IP: Non-existent domain On Wed, Jan 7, 2009 at 3:10 PM, Christopher Bodnar christopher_bod...@glic.com wrote: But is there a PTR record in the reverse lookup zone? Can you do an nslookup on the IP address of server A? Nslookup 10.x.x.x Chris Bodnar, MCSE Sr. Systems Engineer Distributed Systems Service Delivery - Intel Services Guardian Life Insurance Company of America Email: christopher_bod...@glic.com Phone: 610-807-6459 Fax: 610-807-6003 -- *From:* Bryan Garmon [mailto:bryan.gar...@gmail.com] *Sent:* Wednesday, January 07, 2009 3:04 PM *To:* NT System Admin Issues *Subject:* Re: feeling quite dumb today - could use some help -- *This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. * ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
File names that are too long - Can they be stopped?
Every year about this time I have to archive off data to media such as DVD or CD and every year I run into problems because some of my users create files that have names as long as a sentence or they are so far buried in a folder structure that file copies fail, I cannot burn the files to CD, etc. And every year after losing more of my hair I inform the users on the restrictions of the NTFS file system and the importance on keeping names short and sweet. Either they don't listen or don't care because I keep running into this problem. Is there anyway to enforce a limit (Windows Server 2000 and 2003) on the length of file names? Thanks, Eric ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
OT: Wednesday Funny
BWAHAhahahahahah http://www.flixxy.com/computer-history-ctrl-alt-del.htm Regards, Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP My blog: http://TheEssentialExchange.com/blogs/michael I'll be at TEC'2009! http://www.tec2009.com/vegas/index.php ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: OT: Wednesday Funny
Reminds me of when I first saw NT, my first thought was how am I going to warm boot this thing when it hangs. On Wed, Jan 7, 2009 at 3:55 PM, Michael B. Smith mich...@theessentialexchange.com wrote: BWAHAhahahahahah http://www.flixxy.com/computer-history-ctrl-alt-del.htm Regards, Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP My blog: http://TheEssentialExchange.com/blogs/michaelhttp://theessentialexchange.com/blogs/michael I'll be at TEC'2009! http://www.tec2009.com/vegas/index.php ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: OT: Gotta Get Me Some o' Dat!
(sic) -- ME2 On Wed, Jan 7, 2009 at 2:08 PM, Jacob ja...@excaliburfilms.com wrote: Pong Parties! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Gotta Get Me Some o' Dat!
Finally, a heterosexual response. rofl -- ME2 On Wed, Jan 7, 2009 at 2:58 PM, James Kerr cluster...@gmail.com wrote: I'd prefer the cosplay girl next to it thanks. - Original Message - From: Jake Gardner To: NT System Admin Issues Sent: Wednesday, January 07, 2009 2:42 PM Subject: RE: Gotta Get Me Some o' Dat! 110? But mine goes to 150! http://www.switched.com/2007/12/27/worlds-largest-tv-measures-in-at-150-inches/ Thanks, Jake Gardner TTC Network Administrator Ext. 246 From: Roger Wright [mailto:rwri...@evatone.com] Sent: Wednesday, January 07, 2009 1:51 PM To: NT System Admin Issues Subject: OT: Gotta Get Me Some o' Dat! Perfect for the home office: http://www.engadget.com/2007/06/08/jvcs-worlds-largest-tv-110-inches-and-728-pounds-of-hd/ Roger Wright Network Administrator Evatone, Inc. 727.572.7076 x388 _ ***Teletronics Technology Corporation*** This e-mail is confidential and may also be privileged. If you are not the addressee or authorized by the addressee to receive this e-mail, you may not disclose, copy, distribute, or use this e-mail. If you have received this e-mail in error, please notify the sender immediately by reply e-mail or by telephone at 267-352-2020 and destroy this message and any copies. Thank you. *** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Wednesday Funny
I love the look on Mike Gates' face when the IBM guy said I invented it, but you made it famous From: Michael B. Smith [mailto:mich...@theessentialexchange.com] Sent: Wednesday, January 07, 2009 2:55 PM To: NT System Admin Issues Subject: OT: Wednesday Funny BWAHAhahahahahah http://www.flixxy.com/computer-history-ctrl-alt-del.htm Regards, Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP My blog: http://TheEssentialExchange.com/blogs/michael I'll be at TEC'2009! http://www.tec2009.com/vegas/index.php ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~