RE: Any TrueCrypt users out there

[Joe Tinney]

Not to hijack the thread or anything, but can TrueCrypt be
centrally/remotely managed or does using the full disk encryption
require you to be at each system for setup, password changes and other
management/maintenance tasks that may be associated with it?

 

From: Steven Calvanese [mailto:scalvan...@membersolutions.com] 
Sent: Wednesday, March 04, 2009 5:21 PM
To: NT System Admin Issues
Subject: RE: Any TrueCrypt users out there

 

We are using 6.1, used the default settings, created a 20something
character password and encrypted the whole disk with no problems... so
far...  It hasn't even been a week yet.

 

 



From: John Cook [mailto:john.c...@pfsf.org] 
Sent: Wednesday, March 04, 2009 4:28 PM
To: NT System Admin Issues
Subject: RE: Any TrueCrypt users out there

BTW we're using version 6.1

 

John W. Cook

Systems Administrator

Partnership For Strong Families

315 SE 2nd Ave

Gainesville, Fl 32601

Office (352) 393-2741 x320

Cell (352) 215-6944

Fax (352) 393-2746

MCSE, MCTS, MCP+I,CompTIA A+, N+

 

From: John Cook [mailto:john.c...@pfsf.org] 
Sent: Wednesday, March 04, 2009 4:23 PM
To: NT System Admin Issues
Subject: RE: Any TrueCrypt users out there

 

We're not getting the password promptand we can't access the machine
because if you cancel out it locks it.

 

John W. Cook

Systems Administrator

Partnership For Strong Families

315 SE 2nd Ave

Gainesville, Fl 32601

Office (352) 393-2741 x320

Cell (352) 215-6944

Fax (352) 393-2746

MCSE, MCTS, MCP+I,CompTIA A+, N+

 

From: Steven Calvanese [mailto:scalvan...@membersolutions.com] 
Sent: Wednesday, March 04, 2009 4:21 PM
To: NT System Admin Issues
Subject: RE: Any TrueCrypt users out there

 

I setup our laptops outside the docking station with TrueCrypt last
week.  Most of the users leave the laptops on their docking stations and
they are still required to input the password.

 



From: John Cook [mailto:john.c...@pfsf.org] 
Sent: Wednesday, March 04, 2009 4:15 PM
To: NT System Admin Issues
Subject: Any TrueCrypt users out there

We're experimenting with said encryption program but have run into an
issue - if the laptop is set up outside the docking station with the
software there is no password prompt once the laptop is put into the
docking station ie a different hardware profile is presented. Any
ideas??

 

TIA

John Cook

 

 

    

CONFIDENTIALITY STATEMENT: The information transmitted, or contained or
attached to or with this Notice is intended only for the person or
entity to which it is addressed and may contain Protected Health
Information (PHI), confidential and/or privileged material. Any review,
transmission, dissemination, or other use of, and taking any action in
reliance upon this information by persons or entities other than the
intended recipient without the express written consent of the sender are
prohibited. This information may be protected by the Health Insurance
Portability and Accountability Act of 1996 (HIPAA), and other Federal
and Florida laws. Improper or unauthorized use or disclosure of this
information could result in civil and/or criminal penalties.
Consider the environment. Please don't print this e-mail unless you
really need to.

 

 

 

 

 

 

 



CONFIDENTIALITY STATEMENT: The information transmitted, or contained or
attached to or with this Notice is intended only for the person or
entity to which it is addressed and may contain Protected Health
Information (PHI), confidential and/or privileged material. Any review,
transmission, dissemination, or other use of, and taking any action in
reliance upon this information by persons or entities other than the
intended recipient without the express written consent of the sender are
prohibited. This information may be protected by the Health Insurance
Portability and Accountability Act of 1996 (HIPAA), and other Federal
and Florida laws. Improper or unauthorized use or disclosure of this
information could result in civil and/or criminal penalties.
Consider the environment. Please don't print this e-mail unless you
really need to.

 

 

 



CONFIDENTIALITY STATEMENT: The information transmitted, or contained or
attached to or with this Notice is intended only for the person or
entity to which it is addressed and may contain Protected Health
Information (PHI), confidential and/or privileged material. Any review,
transmission, dissemination, or other use of, and taking any action in
reliance upon this information by persons or entities other than the
intended recipient without the express written consent of the sender are
prohibited. This information may be protected by the Health Insurance
Portability and Accountability Act of 1996 (HIPAA), and other Federal
and Florida laws. Improper or unauthorized use or disclosure of this
information could result in civil and/or crimi

Re: Adding a linux box to Active Directory

[Ben Scott]

On Wed, Mar 4, 2009 at 9:40 AM, John Aldrich
 wrote:
> Anyone here have any experience adding a linux box to a Win2k3 Active
> Directory?

  I've done it with CentOS 5.x and Win 2000 Active Directory.  I don't
think Win 2003 is any different.

  Make sure the "smb" and "winbind" services are configured to start
at boot, and are currently running.

  One can, in theory, configure it all using the
"system-config-authentication" GUI tool.  You want to enable Winbind,
with Security Model of "ads".  The "Winbind Domain" should be the
NetBIOS domain name (FOO); the "Winbind ADS Realm" should be the
Active Directory domain name (foo.example.com).  You don't need to
specify a domain controller.

  Samba logs copious amounts of information under the /var/log/samba/
directory.  Check there for errors.

  I already had an extensive set of tweaked config files, so I did it
manually.  I can post the series of steps and commands from my notes
if the automatic stuff above doesn't get you anywhere.  Doing it
step-by-step manually has the advantage of making it easy to isolate
the trouble.  It's not hard if you're used to Unix command lines and
config files.  If you're not used to that, it might look a little
intimidating, but it's still not really that hard -- akin to editing
the registry in NT.

  FWIW, I followed the Samba documentation, which I thought was pretty good:

http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.html#ads-member

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Network Browse Problem

[Ben Scott]

On Wed, Mar 4, 2009 at 5:33 PM, James Kerr  wrote:
> Their PCs appear to not be able to browse to the others PC in the
> workgroup but that just started happening about two days ago.

  Is there a Windows Server on the local network?

  If you type in the PC name to Start -> Run as a UNC path, i.e.,
\\COMPUTERNAME will it open?  What about if you type in the IP
address, i.e., \\192.0.2.42 ?

  Can you ping other computers by name?

  My standard recommendation is: Run a WINS server, set NetBIOS node
type to 0x2/P-node/peer, tweak registry on all workstations to prevent
them from attempting to become a browse master.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: OT: Is my Google bigger than yours? Lets check!

[Ben Scott]

On Wed, Mar 4, 2009 at 3:19 PM, Rod Trent  wrote:
> And, don't forget your messages are sifted through by Google to determine
> surfing habits and ad targeting.

  Aren't the other big freemail providers doing this these days, too?

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Changing Account Settings en Masse

[!Amado Abenojar]

Try "dsquery" and pipe it into "dsmod" in the command line.

i.e. 

dsquery user "OU=Employees, DC=Domain, DC=Com" -stalepassword 60 | dsmod user 
-mustchpwd yes

this command line queries users in the Employees OU who have not changed their 
password in 60 days and pipes the list to dsmod which configures each object 
with "User must change password at next logon"

regards

Amado Abenojar
MCSE,MCSA

==
From: john.hornbuc...@taylor.k12.fl.us
To: ntsysadmin@lyris.sunbelt-software.com
Date: Tue, 3 Mar 2009 18:43:11 -0500
Subject: Changing Account Settings en Masse
















We’ve previously not allowed users to change their own
passwords; we’ve handled that for them, and in Active Directory have
their accounts configured to prevent them from doing it.

 

We’re implementing some new policies now, and in the
near future users will need to be able to change their own passwords.

 

I feel sure there’s a way for me to enable this
capability without having to launch ADUC and bring up each user’s account
individually.

 

Could one of you command line commandos give me a point in
the right direction?







 
John Hornbuckle


MIS Department

Taylor County School District

www.taylor.k12.fl.us






~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Looking for a utility that I can run on my laptop and know on servers their BIOS/firware they are running

[Manpreet Chaniana]

Yes this specific to Intel servers only

 

From: Sam Cayze [mailto:sam.ca...@rollouts.com] 
Sent: Wednesday, March 04, 2009 1:49 PM
To: NT System Admin Issues
Subject: RE: Looking for a utility that I can run on my laptop and know on
servers their BIOS/firware they are running

 

I take it this is for a whole domain?

  _  

From: RITA KAUR [mailto:mchani...@rogers.com] 
Sent: Wednesday, March 04, 2009 12:10 PM
To: NT System Admin Issues
Subject: Looking for a utility that I can run on my laptop and know on
servers their BIOS/firware they are running

FY1,

 

I am looking for a utility that I can run on my laptop and get to know what
BIOS/firmware are running on Intel Platform ASAP. Help is highly appreciated

 

Thanks for all your help

 

M 

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Network Browse Problem

[Jon Harris]

Also look to see if the Browsing service has been turned off.  Sounds like a
true mess and someone thought they were doing good or else they were trying
to save their job.

Jon

On Wed, Mar 4, 2009 at 5:43 PM, lists  wrote:

> Check DNS and DHCP servers. Is this a domain or a workgroup?  You
> mentioned workgroup but thought I'd check to be sure. Compare
> firewall/router DNS entries with internal DNS and DHCP servers.  The
> "two days ago.." comment makes me think DHCP.
>
> Cheers.
>
> -Original Message-
> From: James Kerr [mailto:cluster...@gmail.com]
> Sent: Wednesday, March 04, 2009 4:34 PM
> To: NT System Admin Issues
> Subject: Network Browse Problem
>
> I took a quick look today at a small LAN that I do not manage. Their PCs
>
> appear to not be able to browse to the others PC in the workgroup but
> that
> just started happening about two days ago. They can access the Internet
> through their router and they can connect to network shares on the other
> PCs
> that already are mapped or have a shortcut. Is this a possible virus
> infection here? The LAN is a mix of 2000, XP and Vista and its a friggin
>
> mess but I'm trying to help them out.
>
> James
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Password Policy Change

[Kurt Buff]

OK - I definitely see where you're coming from.

However, I believe that my environment is a bit better locked down
than what you have so frequently experienced.

And no, I don't want someone to come audit me on that! :)

Kurt

On Wed, Mar 4, 2009 at 14:23, Michael B. Smith
 wrote:
> Well, I can only speak to my own experience.
>
> In every SMORG that I've entered as a "new consultant", I've found that there 
> are a number (generally MANY) users who have membership in high-privilege 
> groups or have access to high-privilege accounts. Usually, this comes as a 
> surprise to their supervisors, and the IT person often does not know what 
> membership in those groups entails. They simply are aware that "hey, if I put 
> Josie into group A, she stops complaining."
>
> Am I suggesting that those IT people are idiots? No. I've learned that most 
> IT people are VERY well meaning, but it is simply impossible to know 
> everything. Once you learn about the "objective domain" (OD) for your company 
> (that is, the problems and priority of various issues within a given 
> organization) an IT person tends to focus on that OD. This is quite 
> reasonable.
>
> It often takes an outside party (such as myself, or any number of other 
> qualified individuals) to take an "objective look" at access and policies to 
> determine whether they make sense - especially within such guidelines as 
> NIST-800, SOX-70, HIPAA, PCI, etc. Or even within the audit guidelines of a 
> particular company. I've often found that access to high-privilege accounts 
> is political - for example, the CFO who controls IT wants to have access to 
> everything that IT does.  Well, I can understand that - but from an audit 
> perspective, that's ridiculous. The CFO doesn't know how to use that 
> privilege and their account may represent an access path that is otherwise 
> "uncontrolled" and therefore unsecureable. The smart CFO will agree that she 
> doesn't want that as an audit "finding".
>
> When explained from a rational perspective, almost all (99%+) of folks are OK 
> with this. Those few left are typically dealt with by explaining the issue to 
> the CEO of the company.
>
> That's my introduction. :-) Given my experience, I prefer to implement a 
> weekly password change on all non-basic accounts (that is, anything that has 
> above-standard access). Am I paranoid? Perhaps. How many people, in a 
> properly controlled environment, is this likely to affect? Less than 5.
>
> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Wednesday, March 04, 2009 4:10 PM
> To: NT System Admin Issues
> Subject: Re: Password Policy Change
>
> I was only thinking about the standard user base, but I think I agree.
>
> Elucidate your thoughts? *Every* employee termination, or only upon
> termination where the employee/manager had access to privileged
> accounts?
>
> I assume that you're thinking about rainbow tables and pass-the-hash attacks.
>
>
>
> On Wed, Mar 4, 2009 at 12:29, Michael B. Smith
>  wrote:
>> I think that's fine as long as you change the passwords on any 
>> higher-privilege accounts upon every employee termination, managerial 
>> change, or every two weeks and review the need-to-know of those passwords on 
>> a regular basis.
>>
>> I am one of a relatively small (but growing) contingent who believes that 
>> any higher-privilege account (including service account) should be changed 
>> far more frequently than a low-privilege/normal-user account.
>>
>> -Original Message-
>> From: Kurt Buff [mailto:kurt.b...@gmail.com]
>> Sent: Wednesday, March 04, 2009 2:49 PM
>> To: NT System Admin Issues
>> Subject: Re: Password Policy Change
>>
>> If the account was created more than 60 days ago, setting this policy
>> will force a password change at next logon.
>>
>> If the account was created less than 60 days ago, setting this policy
>> will force a password change when the account reaches 60 days.
>>
>> FWIW, I don't like a 60 day period. If I had my druthers, I'd enforce
>> a very long password (greater than 16 characters) and force the
>> password change at 180 or 365 days. This is spite of rainbow tables
>> and pass-the-hash attacks.
>>
>> Kurt
>>
>> On Wed, Mar 4, 2009 at 07:51, John Hornbuckle
>>  wrote:
>>> Right now, our users' passwords don't expire. We're looking at changing 
>>> that.
>>>
>>> My question is this... If I decide to enable password expiration, how is 
>>> the expiration date calculated for my users?
>>>
>>> Let's say that today I set passwords to expire every 60 days. Will all 
>>> current users' passwords expire 60 days from today? Or will all current 
>>> users' passwords expire today, if those passwords are 60 days or older?
>>>
>>>
>>>
>>> John Hornbuckle
>>> MIS Department
>>> Taylor County School District
>>> 318 North Clark Street
>>> Perry, FL 32347
>>>
>>> www.taylor.k12.fl.us
>>>
>>>
>>>
>>>
>>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>>> ~ 

RE: Password Policy Change

[Michael B. Smith]

This process (of identifying service accounts) and of changing their passwords 
(and of generating random passwords for that) is very well documented and 
simple to do.

I cover all part of this on my blog, I believe that the Scripting Guys do as 
well, and so does cwashington on his website.

(And we all have slightly different solutions. Pick your favorite!)

-Original Message-
From: Scott Kaufman at HQ [mailto:skauf...@ittesi.com] 
Sent: Wednesday, March 04, 2009 5:36 PM
To: NT System Admin Issues
Subject: RE: Password Policy Change

I agree in principal with Michael, but the reality of changing service accounts 
that often can incur a very high management overhead, unless you have a well 
documented/scripted/automated solution in place that can change the password on 
the accounts, bounce the services & verify everything is hunky-dory.  I've not 
looked for this solution, and have skimmed marketing material that this is 
possible.

I also would assume the same as Kurt, rainbow tables & pass-the-hash if the 
previous employee had access to the password hash.  Far more serious IMO, is 
where the employee might have made a copy of the service account 
username/password, and the system is exposed to the internet.  

When I make a service account, I set the password to at least 16 characters, 
which should force AD to not store the NTLM hash, & make the password a 
complete jumble of random ASCII characters.  Then I deny TS logon & dial-in 
access.  On occasion I've even gone so far as to specify which computers that 
account can logon to.

Scott Kaufman
Lead Network Analyst
ITT ESI, Inc.

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Wednesday, March 04, 2009 4:10 PM
To: NT System Admin Issues
Subject: Re: Password Policy Change

I was only thinking about the standard user base, but I think I agree.

Elucidate your thoughts? *Every* employee termination, or only upon
termination where the employee/manager had access to privileged
accounts?

I assume that you're thinking about rainbow tables and pass-the-hash attacks.



On Wed, Mar 4, 2009 at 12:29, Michael B. Smith
 wrote:
> I think that's fine as long as you change the passwords on any 
> higher-privilege accounts upon every employee termination, managerial change, 
> or every two weeks and review the need-to-know of those passwords on a 
> regular basis.
>
> I am one of a relatively small (but growing) contingent who believes that any 
> higher-privilege account (including service account) should be changed far 
> more frequently than a low-privilege/normal-user account.
>
> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Wednesday, March 04, 2009 2:49 PM
> To: NT System Admin Issues
> Subject: Re: Password Policy Change
>
> If the account was created more than 60 days ago, setting this policy
> will force a password change at next logon.
>
> If the account was created less than 60 days ago, setting this policy
> will force a password change when the account reaches 60 days.
>
> FWIW, I don't like a 60 day period. If I had my druthers, I'd enforce
> a very long password (greater than 16 characters) and force the
> password change at 180 or 365 days. This is spite of rainbow tables
> and pass-the-hash attacks.
>
> Kurt
>
> On Wed, Mar 4, 2009 at 07:51, John Hornbuckle
>  wrote:
>> Right now, our users' passwords don't expire. We're looking at changing that.
>>
>> My question is this... If I decide to enable password expiration, how is the 
>> expiration date calculated for my users?
>>
>> Let's say that today I set passwords to expire every 60 days. Will all 
>> current users' passwords expire 60 days from today? Or will all current 
>> users' passwords expire today, if those passwords are 60 days or older?
>>
>>
>>
>> John Hornbuckle
>> MIS Department
>> Taylor County School District
>> 318 North Clark Street
>> Perry, FL 32347
>>
>> www.taylor.k12.fl.us
>>
>>
>>
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~ ���~
>>
>>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ ���~
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ 
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Password Policy Change

[Jeremy Anderson]

Late to the game, but doesn't this work as well?

Dsquery user -name * -startnode "my_OU",dc=company,dc=com" -limit 0 | dsmod 
user -pwdneverexpires no

And you can also add -mustchangepwd yes to the end of that and force everyone 
to change their password at next logon.

Jeremy

-Original Message-
From: Scott Kaufman at HQ [mailto:skauf...@ittesi.com]
Sent: Wednesday, March 04, 2009 9:10 AM
To: NT System Admin Issues
Subject: RE: Password Policy Change

It's not 90 days from when you set the policy, it's 90 days from the
last password change on the user account.
If you change the policy to be 90 days, all user accounts that have the
password last set date that is greater than 90 days will immediately get
set to change password at next logon.

Unless you can guarantee that all user account passwords were changed
within 90 days, I'd start with a long time frame, like 200 days, and
each month (or two weeks) keep reducing it down until you get to 90
days.  Or be prepared for a lot of helpdesk calls & user complaining.
Also check any service accounts, as those accounts will get the same
thing & services will start failing.

Lived through this a few times from "consultants" changing it because
upper management said to change it based on a recommendation/report from
another third party blah blah blah, but didn't take the time to look
at the user accounts & determine how many would get affected by the
change.

It will be a great test of your customer service skills & resolve if you
just implement the change :)


Scott Kaufman
Lead Network Analyst
ITT ESI, Inc.


-Original Message-
From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Wednesday, March 04, 2009 11:03 AM
To: NT System Admin Issues
Subject: RE: Password Policy Change

You mean, 90 days from the day you set the policy?



-Original Message-
From: Cameron Cooper [mailto:ccoo...@aurico.com]
Sent: Wednesday, March 04, 2009 10:59 AM
To: NT System Admin Issues
Subject: RE: Password Policy Change

If I remember correctly, when we implemented this (every 90 days) the
passwords would change after the time frame was set to expire.

___
Cameron Cooper
IT Director - CompTIA A+ Certified
Aurico Reports, Inc
Phone: 847-890-4021Fax: 847-255-1896
ccoo...@aurico.com



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: OT: Is my Google bigger than yours? Lets check!

[Angus Scott-Fleming]

On 4 Mar 2009 at 15:19, Rod Trent  wrote:

> And, don't forget your messages are sifted through by Google to determine
> surfing habits and ad targeting.

This is why I will never use Google's Chrome browser, and why I'm leery of 
using any Google products as my sole provider (e.g. email, calendar, RSS 
reader).  If I could be sure they would NOT do this if I paid them for Google 
Apps, I might consider using them.  Has anyone ever seen language in any EULA 
that says they differentiate between free and paid-for WRT this sort of 
analysis?

--
Angus Scott-Fleming
GeoApps, Tucson, Arizona
1-520-290-5038
+---+




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Looking for a utility that I can run on my laptop and know on servers their BIOS/firware they are running

[Alverson, Tom (Xetron)]

Put the text below into a file called something like bios_info.vbs and
then run it with:

 

Cscript bios_info.vbs

 

 

 

 

 

strComputer = "."

Set objWMIService = GetObject("winmgmts:" _

& "{impersonationLevel=impersonate}!\\" & strComputer &
"\root\cimv2")

 

Set colBIOS = objWMIService.ExecQuery _

("Select * from Win32_BIOS")

 

For each objBIOS in colBIOS

Wscript.Echo "Manufacturer: " & objBIOS.Manufacturer

Wscript.Echo "Name: " & objBIOS.Name

Wscript.Echo "Primary BIOS: " & objBIOS.PrimaryBIOS

Wscript.Echo "Release Date: " & objBIOS.ReleaseDate

Wscript.Echo "Serial Number: " & objBIOS.SerialNumber

Wscript.Echo "SMBIOS Version: " & objBIOS.SMBIOSBIOSVersion

Wscript.Echo "SMBIOS Major Version: " & objBIOS.SMBIOSMajorVersion

Wscript.Echo "SMBIOS Minor Version: " & objBIOS.SMBIOSMinorVersion

Wscript.Echo "SMBIOS Present: " & objBIOS.SMBIOSPresent

Wscript.Echo "Status: " & objBIOS.Status

Wscript.Echo "Version: " & objBIOS.Version

Next



From: RITA KAUR [mailto:mchani...@rogers.com] 
Sent: Wednesday, March 04, 2009 1:10 PM
To: NT System Admin Issues
Subject: Looking for a utility that I can run on my laptop and know on
servers their BIOS/firware they are running

 

FY1,

 

I am looking for a utility that I can run on my laptop and get to know
what BIOS/firmware are running on Intel Platform ASAP. Help is highly
appreciated

 

Thanks for all your help

 

M 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Network Browse Problem

[lists]

Check DNS and DHCP servers. Is this a domain or a workgroup?  You
mentioned workgroup but thought I'd check to be sure. Compare
firewall/router DNS entries with internal DNS and DHCP servers.  The
"two days ago.." comment makes me think DHCP.

Cheers.

-Original Message-
From: James Kerr [mailto:cluster...@gmail.com] 
Sent: Wednesday, March 04, 2009 4:34 PM
To: NT System Admin Issues
Subject: Network Browse Problem

I took a quick look today at a small LAN that I do not manage. Their PCs

appear to not be able to browse to the others PC in the workgroup but
that 
just started happening about two days ago. They can access the Internet 
through their router and they can connect to network shares on the other
PCs 
that already are mapped or have a shortcut. Is this a possible virus 
infection here? The LAN is a mix of 2000, XP and Vista and its a friggin

mess but I'm trying to help them out.

James 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Password Policy Change

[Scott Kaufman at HQ]

I agree in principal with Michael, but the reality of changing service accounts 
that often can incur a very high management overhead, unless you have a well 
documented/scripted/automated solution in place that can change the password on 
the accounts, bounce the services & verify everything is hunky-dory.  I've not 
looked for this solution, and have skimmed marketing material that this is 
possible.

I also would assume the same as Kurt, rainbow tables & pass-the-hash if the 
previous employee had access to the password hash.  Far more serious IMO, is 
where the employee might have made a copy of the service account 
username/password, and the system is exposed to the internet.  

When I make a service account, I set the password to at least 16 characters, 
which should force AD to not store the NTLM hash, & make the password a 
complete jumble of random ASCII characters.  Then I deny TS logon & dial-in 
access.  On occasion I've even gone so far as to specify which computers that 
account can logon to.

Scott Kaufman
Lead Network Analyst
ITT ESI, Inc.

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Wednesday, March 04, 2009 4:10 PM
To: NT System Admin Issues
Subject: Re: Password Policy Change

I was only thinking about the standard user base, but I think I agree.

Elucidate your thoughts? *Every* employee termination, or only upon
termination where the employee/manager had access to privileged
accounts?

I assume that you're thinking about rainbow tables and pass-the-hash attacks.



On Wed, Mar 4, 2009 at 12:29, Michael B. Smith
 wrote:
> I think that's fine as long as you change the passwords on any 
> higher-privilege accounts upon every employee termination, managerial change, 
> or every two weeks and review the need-to-know of those passwords on a 
> regular basis.
>
> I am one of a relatively small (but growing) contingent who believes that any 
> higher-privilege account (including service account) should be changed far 
> more frequently than a low-privilege/normal-user account.
>
> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Wednesday, March 04, 2009 2:49 PM
> To: NT System Admin Issues
> Subject: Re: Password Policy Change
>
> If the account was created more than 60 days ago, setting this policy
> will force a password change at next logon.
>
> If the account was created less than 60 days ago, setting this policy
> will force a password change when the account reaches 60 days.
>
> FWIW, I don't like a 60 day period. If I had my druthers, I'd enforce
> a very long password (greater than 16 characters) and force the
> password change at 180 or 365 days. This is spite of rainbow tables
> and pass-the-hash attacks.
>
> Kurt
>
> On Wed, Mar 4, 2009 at 07:51, John Hornbuckle
>  wrote:
>> Right now, our users' passwords don't expire. We're looking at changing that.
>>
>> My question is this... If I decide to enable password expiration, how is the 
>> expiration date calculated for my users?
>>
>> Let's say that today I set passwords to expire every 60 days. Will all 
>> current users' passwords expire 60 days from today? Or will all current 
>> users' passwords expire today, if those passwords are 60 days or older?
>>
>>
>>
>> John Hornbuckle
>> MIS Department
>> Taylor County School District
>> 318 North Clark Street
>> Perry, FL 32347
>>
>> www.taylor.k12.fl.us
>>
>>
>>
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~ ���~
>>
>>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ ���~
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ 
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Network Browse Problem

[James Kerr]

I took a quick look today at a small LAN that I do not manage. Their PCs 
appear to not be able to browse to the others PC in the workgroup but that 
just started happening about two days ago. They can access the Internet 
through their router and they can connect to network shares on the other PCs 
that already are mapped or have a shortcut. Is this a possible virus 
infection here? The LAN is a mix of 2000, XP and Vista and its a friggin 
mess but I'm trying to help them out.


James 



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Password Policy Change

[Michael B. Smith]

Well, I can only speak to my own experience.

In every SMORG that I've entered as a "new consultant", I've found that there 
are a number (generally MANY) users who have membership in high-privilege 
groups or have access to high-privilege accounts. Usually, this comes as a 
surprise to their supervisors, and the IT person often does not know what 
membership in those groups entails. They simply are aware that "hey, if I put 
Josie into group A, she stops complaining."

Am I suggesting that those IT people are idiots? No. I've learned that most IT 
people are VERY well meaning, but it is simply impossible to know everything. 
Once you learn about the "objective domain" (OD) for your company (that is, the 
problems and priority of various issues within a given organization) an IT 
person tends to focus on that OD. This is quite reasonable.

It often takes an outside party (such as myself, or any number of other 
qualified individuals) to take an "objective look" at access and policies to 
determine whether they make sense - especially within such guidelines as 
NIST-800, SOX-70, HIPAA, PCI, etc. Or even within the audit guidelines of a 
particular company. I've often found that access to high-privilege accounts is 
political - for example, the CFO who controls IT wants to have access to 
everything that IT does.  Well, I can understand that - but from an audit 
perspective, that's ridiculous. The CFO doesn't know how to use that privilege 
and their account may represent an access path that is otherwise "uncontrolled" 
and therefore unsecureable. The smart CFO will agree that she doesn't want that 
as an audit "finding".

When explained from a rational perspective, almost all (99%+) of folks are OK 
with this. Those few left are typically dealt with by explaining the issue to 
the CEO of the company.

That's my introduction. :-) Given my experience, I prefer to implement a weekly 
password change on all non-basic accounts (that is, anything that has 
above-standard access). Am I paranoid? Perhaps. How many people, in a properly 
controlled environment, is this likely to affect? Less than 5.

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Wednesday, March 04, 2009 4:10 PM
To: NT System Admin Issues
Subject: Re: Password Policy Change

I was only thinking about the standard user base, but I think I agree.

Elucidate your thoughts? *Every* employee termination, or only upon
termination where the employee/manager had access to privileged
accounts?

I assume that you're thinking about rainbow tables and pass-the-hash attacks.



On Wed, Mar 4, 2009 at 12:29, Michael B. Smith
 wrote:
> I think that's fine as long as you change the passwords on any 
> higher-privilege accounts upon every employee termination, managerial change, 
> or every two weeks and review the need-to-know of those passwords on a 
> regular basis.
>
> I am one of a relatively small (but growing) contingent who believes that any 
> higher-privilege account (including service account) should be changed far 
> more frequently than a low-privilege/normal-user account.
>
> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Wednesday, March 04, 2009 2:49 PM
> To: NT System Admin Issues
> Subject: Re: Password Policy Change
>
> If the account was created more than 60 days ago, setting this policy
> will force a password change at next logon.
>
> If the account was created less than 60 days ago, setting this policy
> will force a password change when the account reaches 60 days.
>
> FWIW, I don't like a 60 day period. If I had my druthers, I'd enforce
> a very long password (greater than 16 characters) and force the
> password change at 180 or 365 days. This is spite of rainbow tables
> and pass-the-hash attacks.
>
> Kurt
>
> On Wed, Mar 4, 2009 at 07:51, John Hornbuckle
>  wrote:
>> Right now, our users' passwords don't expire. We're looking at changing that.
>>
>> My question is this... If I decide to enable password expiration, how is the 
>> expiration date calculated for my users?
>>
>> Let's say that today I set passwords to expire every 60 days. Will all 
>> current users' passwords expire 60 days from today? Or will all current 
>> users' passwords expire today, if those passwords are 60 days or older?
>>
>>
>>
>> John Hornbuckle
>> MIS Department
>> Taylor County School District
>> 318 North Clark Street
>> Perry, FL 32347
>>
>> www.taylor.k12.fl.us
>>
>>
>>
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ 

RE: Any TrueCrypt users out there

[Steven Calvanese]

We are using 6.1, used the default settings, created a 20something
character password and encrypted the whole disk with no problems... so
far...  It hasn't even been a week yet.
 



From: John Cook [mailto:john.c...@pfsf.org] 
Sent: Wednesday, March 04, 2009 4:28 PM
To: NT System Admin Issues
Subject: RE: Any TrueCrypt users out there



BTW we're using version 6.1

 

John W. Cook

Systems Administrator

Partnership For Strong Families

315 SE 2nd Ave

Gainesville, Fl 32601

Office (352) 393-2741 x320

Cell (352) 215-6944

Fax (352) 393-2746

MCSE, MCTS, MCP+I,CompTIA A+, N+

 

From: John Cook [mailto:john.c...@pfsf.org] 
Sent: Wednesday, March 04, 2009 4:23 PM
To: NT System Admin Issues
Subject: RE: Any TrueCrypt users out there

 

We're not getting the password promptand we can't access the machine
because if you cancel out it locks it.

 

John W. Cook

Systems Administrator

Partnership For Strong Families

315 SE 2nd Ave

Gainesville, Fl 32601

Office (352) 393-2741 x320

Cell (352) 215-6944

Fax (352) 393-2746

MCSE, MCTS, MCP+I,CompTIA A+, N+

 

From: Steven Calvanese [mailto:scalvan...@membersolutions.com] 
Sent: Wednesday, March 04, 2009 4:21 PM
To: NT System Admin Issues
Subject: RE: Any TrueCrypt users out there

 

I setup our laptops outside the docking station with TrueCrypt last
week.  Most of the users leave the laptops on their docking stations and
they are still required to input the password.

 



From: John Cook [mailto:john.c...@pfsf.org] 
Sent: Wednesday, March 04, 2009 4:15 PM
To: NT System Admin Issues
Subject: Any TrueCrypt users out there

We're experimenting with said encryption program but have run into an
issue - if the laptop is set up outside the docking station with the
software there is no password prompt once the laptop is put into the
docking station ie a different hardware profile is presented. Any
ideas??

 

TIA

John Cook

 

 

    

CONFIDENTIALITY STATEMENT: The information transmitted, or contained or
attached to or with this Notice is intended only for the person or
entity to which it is addressed and may contain Protected Health
Information (PHI), confidential and/or privileged material. Any review,
transmission, dissemination, or other use of, and taking any action in
reliance upon this information by persons or entities other than the
intended recipient without the express written consent of the sender are
prohibited. This information may be protected by the Health Insurance
Portability and Accountability Act of 1996 (HIPAA), and other Federal
and Florida laws. Improper or unauthorized use or disclosure of this
information could result in civil and/or criminal penalties.
Consider the environment. Please don't print this e-mail unless you
really need to.

 

 

 

 

 

 

 



CONFIDENTIALITY STATEMENT: The information transmitted, or contained or
attached to or with this Notice is intended only for the person or
entity to which it is addressed and may contain Protected Health
Information (PHI), confidential and/or privileged material. Any review,
transmission, dissemination, or other use of, and taking any action in
reliance upon this information by persons or entities other than the
intended recipient without the express written consent of the sender are
prohibited. This information may be protected by the Health Insurance
Portability and Accountability Act of 1996 (HIPAA), and other Federal
and Florida laws. Improper or unauthorized use or disclosure of this
information could result in civil and/or criminal penalties.
Consider the environment. Please don't print this e-mail unless you
really need to.

 

 



CONFIDENTIALITY STATEMENT: The information transmitted, or contained or
attached to or with this Notice is intended only for the person or
entity to which it is addressed and may contain Protected Health
Information (PHI), confidential and/or privileged material. Any review,
transmission, dissemination, or other use of, and taking any action in
reliance upon this information by persons or entities other than the
intended recipient without the express written consent of the sender are
prohibited. This information may be protected by the Health Insurance
Portability and Accountability Act of 1996 (HIPAA), and other Federal
and Florida laws. Improper or unauthorized use or disclosure of this
information could result in civil and/or criminal penalties.
Consider the environment. Please don't print this e-mail unless you
really need to.



 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Is my Google bigger than yours? Lets check!

[Steven Peck]

and 7301 MB here as well.

On Wed, Mar 4, 2009 at 12:03 PM, Angus Scott-Fleming
 wrote:
> On 4 Mar 2009 at 13:35, Christopher J. Bosak  wrote:
>
>> 7301 MB
>
> ditto on the three gmail accounts I checked.
>
> --
> Angus Scott-Fleming
> GeoApps, Tucson, Arizona
> 1-520-290-5038
> +---+
>
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Vipre impressions ?

[Stu Sjouwerman]

Thanks guys - we work hard at it ! 

Warm regards,


Stu Sjouwerman
Founder, VP Marketing.
P: +1-727-562-0101 ext 218
F: +1-727-562-5199
s...@sunbelt-software.com


 
-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Wednesday, March 04, 2009 4:05 PM
To: NT System Admin Issues
Subject: Re: Vipre impressions ?

True enough, especially WRT limited rights. However, WRT to quality,
the little guys tend to be hungriest, and I think that's where Stu and
Co. are at the moment, aside from being talented.

On Wed, Mar 4, 2009 at 12:26, Michael B. Smith
 wrote:
> A/V systems seem to come and go...that being said, I'm slowly installing 
> Vipre at all my customers as their other licenses expire. But ssshI 
> don't want Stu to get a big head or anything.
>
> I've been through times when McAfee was best, and Symantec, and ESET, and 
> Sybari, and and and 
>
> Truth be told - the best thing to prevent viruses, is to do what Vista tried 
> to do, and everyone screamed at. Get rid of users running as Admins. That 
> pretty much fixes all the problems (not 100% of course - but darn close).
>
> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Wednesday, March 04, 2009 2:59 PM
> To: NT System Admin Issues
> Subject: Re: Vipre impressions ?
>
> You won't regret it.
>
> On Wed, Mar 4, 2009 at 08:07, Sherry Abercrombie  wrote:
>> 
>>
>> This email offer and this discussion thread comes at a very opportune time
>> here for me.  I'm currently in the throes of having to deploy (for the
>> second time in the last 6 months because migrating to a full blown SQL
>> database from the MSDE version blew it up beyond repair) McAfee ePO.  I hate
>> it, my supervisor hates it.  It's interface is horrible and complex, not
>> intuitive at all, the rules are excruciating to set up, and finally, after
>> years of asking, at least my immediate supervisor is open and willing to
>> look at other applications because he's suffered with ePO almost as much as
>> I have.  Unfortunately, we have a contract with McAfee through next year,
>> fortunately he's wanting us to start the research/evaluation process for an
>> alternative to McAfee by this summer so that budgeting can get put in at the
>> appropriate time.
>>
>> 
>>
>> I think I'm going to join the Vipre discussion list, and lurk ;)  Vipre was
>> the first alternative software option that I mentioned to him yesterday
>> during this discussion...
>>
>> On Wed, Mar 4, 2009 at 9:54 AM, Cameron Cooper  wrote:
>>>
>>> Have been with Sunbelt for 3-4 years now, first started with their
>>> CounterSpy product and then upgraded it to VIPRE Enterprise.  Overall we
>>> have been extremely satisfied with the product.  We used to have Symantec
>>> Endpoint Protection and had users complain that their computers were running
>>> slow.. all to find out that Endpoint Protection was causing this.  This was
>>> still happening even after we setup the scans to perform at night.  Another
>>> reason that we switch, was that when running the trial version, it would
>>> find stuff that Endpoint Protection wouldn't find.
>>>
>>>
>>>
>>> Don't want to get your hopes up with this product and make you think that
>>> there won't be problems.  Like any other software company out there, there
>>> will e problems with updates etc.  But did want to mention that Sunbelt's
>>> customer support is one of the best that is out there.  Within this list you
>>> will have Sunbelt employees and even the CEO chime in to help with issues.
>>>
>>>
>>>
>>> All in all... as much as we can build up Sunbelt and VIPRE, it will come do
>>> to how you feel it has either helped or hindered you network.  So go ahead
>>> and download the trial and take it for a test spin.  And if you have any
>>> questions or problems... this list is the best place to get help.
>>>
>>>
>>>
>>> ­­­___
>>>
>>> Cameron Cooper
>>>
>>> IT Director - CompTIA A+ Certified
>>>
>>> Aurico Reports, Inc
>>>
>>> Phone: 847-890-4021    Fax: 847-255-1896
>>>
>>> ccoo...@aurico.com
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>> --
>> Sherry Abercrombie
>>
>> "Any sufficiently advanced technology is indistinguishable from magic."
>> Arthur C. Clarke
>>
>>
>>
>>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~



..

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Any TrueCrypt users out there

[John Cook]

BTW we're using version 6.1

John W. Cook
Systems Administrator
Partnership For Strong Families
315 SE 2nd Ave
Gainesville, Fl 32601
Office (352) 393-2741 x320
Cell (352) 215-6944
Fax (352) 393-2746
MCSE, MCTS, MCP+I,CompTIA A+, N+

From: John Cook [mailto:john.c...@pfsf.org]
Sent: Wednesday, March 04, 2009 4:23 PM
To: NT System Admin Issues
Subject: RE: Any TrueCrypt users out there

We're not getting the password promptand we can't access the machine 
because if you cancel out it locks it.

John W. Cook
Systems Administrator
Partnership For Strong Families
315 SE 2nd Ave
Gainesville, Fl 32601
Office (352) 393-2741 x320
Cell (352) 215-6944
Fax (352) 393-2746
MCSE, MCTS, MCP+I,CompTIA A+, N+

From: Steven Calvanese [mailto:scalvan...@membersolutions.com]
Sent: Wednesday, March 04, 2009 4:21 PM
To: NT System Admin Issues
Subject: RE: Any TrueCrypt users out there

I setup our laptops outside the docking station with TrueCrypt last week.  Most 
of the users leave the laptops on their docking stations and they are still 
required to input the password.


From: John Cook [mailto:john.c...@pfsf.org]
Sent: Wednesday, March 04, 2009 4:15 PM
To: NT System Admin Issues
Subject: Any TrueCrypt users out there
We're experimenting with said encryption program but have run into an issue - 
if the laptop is set up outside the docking station with the software there is 
no password prompt once the laptop is put into the docking station ie a 
different hardware profile is presented. Any ideas??

TIA
John Cook


  
CONFIDENTIALITY STATEMENT: The information transmitted, or contained or 
attached to or with this Notice is intended only for the person or entity to 
which it is addressed and may contain Protected Health Information (PHI), 
confidential and/or privileged material. Any review, transmission, 
dissemination, or other use of, and taking any action in reliance upon this 
information by persons or entities other than the intended recipient without 
the express written consent of the sender are prohibited. This information may 
be protected by the Health Insurance Portability and Accountability Act of 1996 
(HIPAA), and other Federal and Florida laws. Improper or unauthorized use or 
disclosure of this information could result in civil and/or criminal penalties.
Consider the environment. Please don't print this e-mail unless you really need 
to.












CONFIDENTIALITY STATEMENT: The information transmitted, or contained or 
attached to or with this Notice is intended only for the person or entity to 
which it is addressed and may contain Protected Health Information (PHI), 
confidential and/or privileged material. Any review, transmission, 
dissemination, or other use of, and taking any action in reliance upon this 
information by persons or entities other than the intended recipient without 
the express written consent of the sender are prohibited. This information may 
be protected by the Health Insurance Portability and Accountability Act of 1996 
(HIPAA), and other Federal and Florida laws. Improper or unauthorized use or 
disclosure of this information could result in civil and/or criminal penalties.
Consider the environment. Please don't print this e-mail unless you really need 
to.






CONFIDENTIALITY STATEMENT: The information transmitted, or contained or 
attached to or with this Notice is intended only for the person or entity to 
which it is addressed and may contain Protected Health Information (PHI), 
confidential and/or privileged material. Any review, transmission, 
dissemination, or other use of, and taking any action in reliance upon this 
information by persons or entities other than the intended recipient without 
the express written consent of the sender are prohibited. This information may 
be protected by the Health Insurance Portability and Accountability Act of 1996 
(HIPAA), and other Federal and Florida laws. Improper or unauthorized use or 
disclosure of this information could result in civil and/or criminal penalties.
Consider the environment. Please don't print this e-mail unless you really need 
to.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Support techs remote access rights to user PCs

[Malcolm Reitz]

You're reading too much in to my message. The issue is really exactly what I
said -a group of people having unrestricted and untrackable access to other
people's PCs. When a desktop tech comes by to fix my broken PC, I know he
had physical access and that is tracked by our incident management system.
But if he has local Administrator privileges on my PC, I have no idea when
he may access my PC and no good way of tracking that he did. It almost
doesn't matter what kind of data is on the PC. Also, privacy rules are
different across the globe and often much stricter outside of the US.

 

Your idea of using separate accounts for privileged access rights is a good
one and one we have already adopted.

 

-Malcolm

 

From: Webb, Brian (Corp) [mailto:brian.w...@teldta.com] 
Sent: Wednesday, March 04, 2009 2:23 PM
To: NT System Admin Issues
Subject: RE: Support techs remote access rights to user PCs

 

Is the issue that you don't trust your desktop and application support
techs?  If so, you need to get some different techs.

 

If the issue is that your users are putting stuff on their local hard drives
that is sensitive, you need to re-train your users to put that data in
secure areas.

 

We generally don't care about techs (and even some users) having local admin
rights as long as they are assigned to a different account that they aren't
using as their primary login.  Our techs do not surf the web or read e-mail
when they are logged in with admin rights.  They use RunAs or MakeMeAdmin to
access their admin rights when needed.  We also have an "admin terminal
server" that you can log into with your admin account to run tasks that need
admin rights.

 

-Brian

 

 

  _  

From: Malcolm Reitz [mailto:malcolm.re...@live.com] 
Sent: Wednesday, March 04, 2009 11:44 AM
To: NT System Admin Issues
Subject: Support techs remote access rights to user PCs

We are having an internal discussion on how to handle computer access rights
for our application support and desktop support techs. Right now, certain
techs are in an AD group which is in the local Administrators group on some
PCs. This lets them resolve end-user issues by accessing the user PCs with
Remote Desktop, Remote Registry, or simple connections to a share. However,
it also means they can get to anything on the users' PCs and there is no
auditable access tracking.

 

So, we'd like to remove this access privilege and have the techs use other
support methodologies, such as Remote Assistance, which requires the users
to be aware of what's going on. There are cases, though, where the app
support guys say they have to make batch updates to groups of PCs (such as
to point them to a new license server) and they're balking at giving up
their local admin rights. I've already thought of some ways to handle these
issues, but I'd like to hear what some of you have done. We're running XP
SP2/SP3 desktops on 2008 AD domains. The PCs are managed with SCCM 2007 SP1.

 

Thanks,

-Malcolm

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Any TrueCrypt users out there

[John Cook]

We're not getting the password promptand we can't access the machine 
because if you cancel out it locks it.

John W. Cook
Systems Administrator
Partnership For Strong Families
315 SE 2nd Ave
Gainesville, Fl 32601
Office (352) 393-2741 x320
Cell (352) 215-6944
Fax (352) 393-2746
MCSE, MCTS, MCP+I,CompTIA A+, N+

From: Steven Calvanese [mailto:scalvan...@membersolutions.com]
Sent: Wednesday, March 04, 2009 4:21 PM
To: NT System Admin Issues
Subject: RE: Any TrueCrypt users out there

I setup our laptops outside the docking station with TrueCrypt last week.  Most 
of the users leave the laptops on their docking stations and they are still 
required to input the password.


From: John Cook [mailto:john.c...@pfsf.org]
Sent: Wednesday, March 04, 2009 4:15 PM
To: NT System Admin Issues
Subject: Any TrueCrypt users out there
We're experimenting with said encryption program but have run into an issue - 
if the laptop is set up outside the docking station with the software there is 
no password prompt once the laptop is put into the docking station ie a 
different hardware profile is presented. Any ideas??

TIA
John Cook


  
CONFIDENTIALITY STATEMENT: The information transmitted, or contained or 
attached to or with this Notice is intended only for the person or entity to 
which it is addressed and may contain Protected Health Information (PHI), 
confidential and/or privileged material. Any review, transmission, 
dissemination, or other use of, and taking any action in reliance upon this 
information by persons or entities other than the intended recipient without 
the express written consent of the sender are prohibited. This information may 
be protected by the Health Insurance Portability and Accountability Act of 1996 
(HIPAA), and other Federal and Florida laws. Improper or unauthorized use or 
disclosure of this information could result in civil and/or criminal penalties.
Consider the environment. Please don't print this e-mail unless you really need 
to.












CONFIDENTIALITY STATEMENT: The information transmitted, or contained or 
attached to or with this Notice is intended only for the person or entity to 
which it is addressed and may contain Protected Health Information (PHI), 
confidential and/or privileged material. Any review, transmission, 
dissemination, or other use of, and taking any action in reliance upon this 
information by persons or entities other than the intended recipient without 
the express written consent of the sender are prohibited. This information may 
be protected by the Health Insurance Portability and Accountability Act of 1996 
(HIPAA), and other Federal and Florida laws. Improper or unauthorized use or 
disclosure of this information could result in civil and/or criminal penalties.
Consider the environment. Please don't print this e-mail unless you really need 
to.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Cisco help.

[Andy Shook]

Jim,

interface ethernet0/0
 ip address 66.192.186.10 255.255.255.252
 speed 10
duplex full
 no fair-queue

(Then issue 'no shut' to ensure the interface is up.)
!
ip classless
ip route 0.0.0.0 0.0.0.0 66.192.186.9
no ip http server

Let me know if you need anything else,


Shook

From: Jim Majorowicz [mailto:jmajorow...@gmail.com]
Sent: Wednesday, March 04, 2009 4:12 PM
To: NT System Admin Issues
Subject: Cisco help.

Who here remembers the 1760 and IOS 12.3(14)T5?

If I replace theT1-DSU WIC (although looking at specs for that unit I may have 
an open slot) with a WIC-1ENET 10base-T Ethernet WIC how would I change the 
following interface config to reflect the new WIC, assuming the IP address 
doesn't change?

interface Serial0/0
 ip address 66.192.186.10 255.255.255.252
 encapsulation ppp
 no fair-queue
 service-module t1 timeslots 1-8
!
ip classless
ip route 0.0.0.0 0.0.0.0 66.192.186.9
no ip http server







~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Vipre impressions ?

[Sherry Abercrombie]

If I gave them the ePO console, all they would do is remove any and all
scanning etc from the DBA servers and be done with it.  Of course, they
WOULD have to figure out how to do thathmmm...

On Wed, Mar 4, 2009 at 12:23 PM, David Lum  wrote:

>  If the DBA’s are ticked at you’ give them the ePO console and have them
> try to configure say, reporting for just specific failures…they’ll have
> empathy for you quick!
>
>
>
> My Excel sheet has a tab for each tab in the ePO console, so I know  a tab
> is a 1:1 ratio to a main ePO options (it, a tab for Dashboards, a tab for
> Reporting, a tab for Software, etc…).
>
>
>
> Friggin’ asinine such a thing is needed, but good Lord ePO is a kludge…
>
>
>
> Dave
>
>
>
>
>
> *From:* Sherry Abercrombie [mailto:saber...@gmail.com]
> *Sent:* Wednesday, March 04, 2009 10:10 AM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Vipre impressions ?
>
>
>
> Thanks Dave, I'm glad to hear someone else has the same experience with
> ePO.  Kind of confirms that I'm not an incompetent admin.  Right now, the
> DBA group is more than a little ticked off at me
>
> I will probably be doing the same with Excel, that's a good idea Dave,
> thanks for sharing it.  Maybe we should start a support group for admins
> that are forced to use this product.
>
> On Wed, Mar 4, 2009 at 11:51 AM, David Lum  wrote:
>
> I’m with you on ePO Sherry! I have hours and hours using the interface and
> have gone to an Excel sheet and screenshots to figure out what’s what! It’s
> really flexible, but far too complex to leverage properly. We added McAfee
> Host Intrusion and AntiSpyware Enterprise pieces and it has so much
> potential, but virtually impossible to administer. GRRR.
>
>
>
> Currently I like Trend WorryFree the best between Vipre, Trend and McAfee.
> With the add-ins McAfee has more outright capability, but the interface
> truly sucks donkey bits. Trend has a nice easy-to-figure out firewall piece
> that Vipre doesn’t have yet.
>
>
>
> One guy on the Vipre list was mad that Vipre didn’t catch a vulnerability
> exploited because some systems weren’t patched. Don’t blame your alarm
> company when things get stolen from your house when you leave the front door
> open…
>
> *David Lum** **// *SYSTEMS ENGINEER
> NORTHWEST EVALUATION ASSOCIATION
> (Desk) 971.222.1025 *// *(Cell) 503.267.9764
>
>
>
> *From:* Sherry Abercrombie [mailto:saber...@gmail.com]
> *Sent:* Wednesday, March 04, 2009 8:08 AM
>
>
> *To:* NT System Admin Issues
>
> *Subject:* Re: Vipre impressions ?
>
>
>
> 
>
> This email offer and this discussion thread comes at a very opportune time
> here for me.  I'm currently in the throes of having to deploy (for the
> second time in the last 6 months because migrating to a full blown SQL
> database from the MSDE version blew it up beyond repair) McAfee ePO.  I hate
> it, my supervisor hates it.  It's interface is horrible and complex, not
> intuitive at all, the rules are excruciating to set up, and finally, after
> years of asking, at least my immediate supervisor is open and willing to
> look at other applications because he's suffered with ePO almost as much as
> I have.  Unfortunately, we have a contract with McAfee through next year,
> fortunately he's wanting us to start the research/evaluation process for an
> alternative to McAfee by this summer so that budgeting can get put in at the
> appropriate time.
>
> 
>
> I think I'm going to join the Vipre discussion list, and lurk ;)  Vipre was
> the first alternative software option that I mentioned to him yesterday
> during this discussion...
>
> On Wed, Mar 4, 2009 at 9:54 AM, Cameron Cooper  wrote:
>
> Have been with Sunbelt for 3-4 years now, first started with their
> CounterSpy product and then upgraded it to VIPRE Enterprise.  Overall we
> have been extremely satisfied with the product.  We used to have Symantec
> Endpoint Protection and had users complain that their computers were running
> slow.. all to find out that Endpoint Protection was causing this.  This was
> still happening even after we setup the scans to perform at night.  Another
> reason that we switch, was that when running the trial version, it would
> find stuff that Endpoint Protection wouldn’t find.
>
>
>
> Don’t want to get your hopes up with this product and make you think that
> there won’t be problems.  Like any other software company out there, there
> will e problems with updates etc.  But did want to mention that Sunbelt’s
> customer support is one of the best that is out there.  Within this list you
> will have Sunbelt employees and even the CEO chime in to help with issues.
>
>
>
> All in all… as much as we can build up Sunbelt and VIPRE, it will come do
> to how you feel it has either helped or hindered you network.  So go ahead
> and download the trial and take it for a test spin.  And if you have any
> questions or problems… this list is the best place to get help.
>
>
>
> ­­­___
>
> *Cameron Cooper*
>
> *

RE: Any TrueCrypt users out there

[Steven Calvanese]

I setup our laptops outside the docking station with TrueCrypt last
week.  Most of the users leave the laptops on their docking stations and
they are still required to input the password.



From: John Cook [mailto:john.c...@pfsf.org] 
Sent: Wednesday, March 04, 2009 4:15 PM
To: NT System Admin Issues
Subject: Any TrueCrypt users out there


We're experimenting with said encryption program but have run into an
issue - if the laptop is set up outside the docking station with the
software there is no password prompt once the laptop is put into the
docking station ie a different hardware profile is presented. Any
ideas??
 
TIA
John Cook
 


    
CONFIDENTIALITY STATEMENT: The information transmitted, or contained or
attached to or with this Notice is intended only for the person or
entity to which it is addressed and may contain Protected Health
Information (PHI), confidential and/or privileged material. Any review,
transmission, dissemination, or other use of, and taking any action in
reliance upon this information by persons or entities other than the
intended recipient without the express written consent of the sender are
prohibited. This information may be protected by the Health Insurance
Portability and Accountability Act of 1996 (HIPAA), and other Federal
and Florida laws. Improper or unauthorized use or disclosure of this
information could result in civil and/or criminal penalties.
Consider the environment. Please don't print this e-mail unless you
really need to.



 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Any TrueCrypt users out there

[John Cook]

The whole drive..

John W. Cook
Systems Administrator
Partnership For Strong Families
315 SE 2nd Ave
Gainesville, Fl 32601
Office (352) 393-2741 x320
Cell (352) 215-6944
Fax (352) 393-2746
MCSE, MCTS, MCP+I,CompTIA A+, N+

From: Sam Cayze [mailto:sam.ca...@rollouts.com]
Sent: Wednesday, March 04, 2009 4:19 PM
To: NT System Admin Issues
Subject: RE: Any TrueCrypt users out there

Um, what are you encrypting?  *.tc files, or the whole drive?

From: John Cook [mailto:john.c...@pfsf.org]
Sent: Wednesday, March 04, 2009 3:15 PM
To: NT System Admin Issues
Subject: Any TrueCrypt users out there

We're experimenting with said encryption program but have run into an issue - 
if the laptop is set up outside the docking station with the software there is 
no password prompt once the laptop is put into the docking station ie a 
different hardware profile is presented. Any ideas??

TIA
John Cook


  
CONFIDENTIALITY STATEMENT: The information transmitted, or contained or 
attached to or with this Notice is intended only for the person or entity to 
which it is addressed and may contain Protected Health Information (PHI), 
confidential and/or privileged material. Any review, transmission, 
dissemination, or other use of, and taking any action in reliance upon this 
information by persons or entities other than the intended recipient without 
the express written consent of the sender are prohibited. This information may 
be protected by the Health Insurance Portability and Accountability Act of 1996 
(HIPAA), and other Federal and Florida laws. Improper or unauthorized use or 
disclosure of this information could result in civil and/or criminal penalties.
Consider the environment. Please don't print this e-mail unless you really need 
to.












CONFIDENTIALITY STATEMENT: The information transmitted, or contained or 
attached to or with this Notice is intended only for the person or entity to 
which it is addressed and may contain Protected Health Information (PHI), 
confidential and/or privileged material. Any review, transmission, 
dissemination, or other use of, and taking any action in reliance upon this 
information by persons or entities other than the intended recipient without 
the express written consent of the sender are prohibited. This information may 
be protected by the Health Insurance Portability and Accountability Act of 1996 
(HIPAA), and other Federal and Florida laws. Improper or unauthorized use or 
disclosure of this information could result in civil and/or criminal penalties.
Consider the environment. Please don't print this e-mail unless you really need 
to.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Any TrueCrypt users out there

[Sam Cayze]

Um, what are you encrypting?  *.tc files, or the whole drive?

 

From: John Cook [mailto:john.c...@pfsf.org] 
Sent: Wednesday, March 04, 2009 3:15 PM
To: NT System Admin Issues
Subject: Any TrueCrypt users out there

 

We're experimenting with said encryption program but have run into an
issue - if the laptop is set up outside the docking station with the
software there is no password prompt once the laptop is put into the
docking station ie a different hardware profile is presented. Any
ideas??

 

TIA

John Cook

 

 

    

CONFIDENTIALITY STATEMENT: The information transmitted, or contained or
attached to or with this Notice is intended only for the person or
entity to which it is addressed and may contain Protected Health
Information (PHI), confidential and/or privileged material. Any review,
transmission, dissemination, or other use of, and taking any action in
reliance upon this information by persons or entities other than the
intended recipient without the express written consent of the sender are
prohibited. This information may be protected by the Health Insurance
Portability and Accountability Act of 1996 (HIPAA), and other Federal
and Florida laws. Improper or unauthorized use or disclosure of this
information could result in civil and/or criminal penalties.
Consider the environment. Please don't print this e-mail unless you
really need to.

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Any TrueCrypt users out there

[John Cook]

We're experimenting with said encryption program but have run into an issue - 
if the laptop is set up outside the docking station with the software there is 
no password prompt once the laptop is put into the docking station ie a 
different hardware profile is presented. Any ideas??

TIA
John Cook



  
CONFIDENTIALITY STATEMENT: The information transmitted, or contained or 
attached to or with this Notice is intended only for the person or entity to 
which it is addressed and may contain Protected Health Information (PHI), 
confidential and/or privileged material. Any review, transmission, 
dissemination, or other use of, and taking any action in reliance upon this 
information by persons or entities other than the intended recipient without 
the express written consent of the sender are prohibited. This information may 
be protected by the Health Insurance Portability and Accountability Act of 1996 
(HIPAA), and other Federal and Florida laws. Improper or unauthorized use or 
disclosure of this information could result in civil and/or criminal penalties.
Consider the environment. Please don't print this e-mail unless you really need 
to.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Cisco help.

[Jim Majorowicz]

Who here remembers the 1760 and IOS 12.3(14)T5?

 

If I replace theT1-DSU WIC (although looking at specs for that unit I may
have an open slot) with a WIC-1ENET 10base-T Ethernet WIC how would I change
the following interface config to reflect the new WIC, assuming the IP
address doesn't change?

 

interface Serial0/0
 ip address 66.192.186.10 255.255.255.252
 encapsulation ppp
 no fair-queue
 service-module t1 timeslots 1-8
!
ip classless
ip route 0.0.0.0 0.0.0.0 66.192.186.9
no ip http server

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Password Policy Change

[Kurt Buff]

I was only thinking about the standard user base, but I think I agree.

Elucidate your thoughts? *Every* employee termination, or only upon
termination where the employee/manager had access to privileged
accounts?

I assume that you're thinking about rainbow tables and pass-the-hash attacks.



On Wed, Mar 4, 2009 at 12:29, Michael B. Smith
 wrote:
> I think that's fine as long as you change the passwords on any 
> higher-privilege accounts upon every employee termination, managerial change, 
> or every two weeks and review the need-to-know of those passwords on a 
> regular basis.
>
> I am one of a relatively small (but growing) contingent who believes that any 
> higher-privilege account (including service account) should be changed far 
> more frequently than a low-privilege/normal-user account.
>
> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Wednesday, March 04, 2009 2:49 PM
> To: NT System Admin Issues
> Subject: Re: Password Policy Change
>
> If the account was created more than 60 days ago, setting this policy
> will force a password change at next logon.
>
> If the account was created less than 60 days ago, setting this policy
> will force a password change when the account reaches 60 days.
>
> FWIW, I don't like a 60 day period. If I had my druthers, I'd enforce
> a very long password (greater than 16 characters) and force the
> password change at 180 or 365 days. This is spite of rainbow tables
> and pass-the-hash attacks.
>
> Kurt
>
> On Wed, Mar 4, 2009 at 07:51, John Hornbuckle
>  wrote:
>> Right now, our users' passwords don't expire. We're looking at changing that.
>>
>> My question is this... If I decide to enable password expiration, how is the 
>> expiration date calculated for my users?
>>
>> Let's say that today I set passwords to expire every 60 days. Will all 
>> current users' passwords expire 60 days from today? Or will all current 
>> users' passwords expire today, if those passwords are 60 days or older?
>>
>>
>>
>> John Hornbuckle
>> MIS Department
>> Taylor County School District
>> 318 North Clark Street
>> Perry, FL 32347
>>
>> www.taylor.k12.fl.us
>>
>>
>>
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Vipre impressions ?

[Kurt Buff]

True enough, especially WRT limited rights. However, WRT to quality,
the little guys tend to be hungriest, and I think that's where Stu and
Co. are at the moment, aside from being talented.

On Wed, Mar 4, 2009 at 12:26, Michael B. Smith
 wrote:
> A/V systems seem to come and go...that being said, I'm slowly installing 
> Vipre at all my customers as their other licenses expire. But ssshI 
> don't want Stu to get a big head or anything.
>
> I've been through times when McAfee was best, and Symantec, and ESET, and 
> Sybari, and and and 
>
> Truth be told - the best thing to prevent viruses, is to do what Vista tried 
> to do, and everyone screamed at. Get rid of users running as Admins. That 
> pretty much fixes all the problems (not 100% of course - but darn close).
>
> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Wednesday, March 04, 2009 2:59 PM
> To: NT System Admin Issues
> Subject: Re: Vipre impressions ?
>
> You won't regret it.
>
> On Wed, Mar 4, 2009 at 08:07, Sherry Abercrombie  wrote:
>> 
>>
>> This email offer and this discussion thread comes at a very opportune time
>> here for me.  I'm currently in the throes of having to deploy (for the
>> second time in the last 6 months because migrating to a full blown SQL
>> database from the MSDE version blew it up beyond repair) McAfee ePO.  I hate
>> it, my supervisor hates it.  It's interface is horrible and complex, not
>> intuitive at all, the rules are excruciating to set up, and finally, after
>> years of asking, at least my immediate supervisor is open and willing to
>> look at other applications because he's suffered with ePO almost as much as
>> I have.  Unfortunately, we have a contract with McAfee through next year,
>> fortunately he's wanting us to start the research/evaluation process for an
>> alternative to McAfee by this summer so that budgeting can get put in at the
>> appropriate time.
>>
>> 
>>
>> I think I'm going to join the Vipre discussion list, and lurk ;)  Vipre was
>> the first alternative software option that I mentioned to him yesterday
>> during this discussion...
>>
>> On Wed, Mar 4, 2009 at 9:54 AM, Cameron Cooper  wrote:
>>>
>>> Have been with Sunbelt for 3-4 years now, first started with their
>>> CounterSpy product and then upgraded it to VIPRE Enterprise.  Overall we
>>> have been extremely satisfied with the product.  We used to have Symantec
>>> Endpoint Protection and had users complain that their computers were running
>>> slow.. all to find out that Endpoint Protection was causing this.  This was
>>> still happening even after we setup the scans to perform at night.  Another
>>> reason that we switch, was that when running the trial version, it would
>>> find stuff that Endpoint Protection wouldn’t find.
>>>
>>>
>>>
>>> Don’t want to get your hopes up with this product and make you think that
>>> there won’t be problems.  Like any other software company out there, there
>>> will e problems with updates etc.  But did want to mention that Sunbelt’s
>>> customer support is one of the best that is out there.  Within this list you
>>> will have Sunbelt employees and even the CEO chime in to help with issues.
>>>
>>>
>>>
>>> All in all… as much as we can build up Sunbelt and VIPRE, it will come do
>>> to how you feel it has either helped or hindered you network.  So go ahead
>>> and download the trial and take it for a test spin.  And if you have any
>>> questions or problems… this list is the best place to get help.
>>>
>>>
>>>
>>> ­­­___
>>>
>>> Cameron Cooper
>>>
>>> IT Director - CompTIA A+ Certified
>>>
>>> Aurico Reports, Inc
>>>
>>> Phone: 847-890-4021    Fax: 847-255-1896
>>>
>>> ccoo...@aurico.com
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>> --
>> Sherry Abercrombie
>>
>> "Any sufficiently advanced technology is indistinguishable from magic."
>> Arthur C. Clarke
>>
>>
>>
>>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: OT: Is my Google bigger than yours? Lets check!

[Kurt Buff]

A few things, responding to both Rod and John:

1) Just because it's production, doesn't mean they won't lose your
email anyway. That's the risk you take with any email provider, paid
or not. For a free provider, I like google, and don't like yahoo or
hotmail, or any of the others I've encountered. If I'm not doing the
backups myself, I don't trust them.

2) In regard to the above, I should be using a POP3 client, but I
can't use one at work (that's a policy win for me, actually!), and
that's where I do 90% of my mail, cause that's how much it's
work-related - technical lists of many sorts are the bulk of mail.
Some day. Not only that, the mail clients I've seen don't use a
maildir format - I'm really hoping someone will put one out - mbox and
pst just don't do it for me.

3) If you don't think your email at any free provider is being
reviewed, you're dreaming. The nice thing about google is that they're
up front about it.

Could I be doing things better? Yup. Am I worried a bunch about it? Nope.

Kurt

On Wed, Mar 4, 2009 at 12:19, Rod Trent  wrote:
> And, don't forget your messages are sifted through by Google to determine
> surfing habits and ad targeting.
>
> -Original Message-
> From: Kelsey, John [mailto:jckel...@drmc.org]
> Sent: Wednesday, March 04, 2009 3:14 PM
> To: NT System Admin Issues
> Subject: RE: OT: Is my Google bigger than yours? Lets check!
>
> I wouldn't keep anything in there you might actually need someday.  Don't
> forget...its a BETA.  Still...after how many years, its still beta.
>
> That's a great little word to hide behind when all of your mail suddenly
> disappears.
>
> ***
> John C. Kelsey
> DuBois Regional Medical Center
> (:  814.375.3073
> *:   jckel...@drmc.org
> ***
>
>
> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Wednesday, March 04, 2009 15:12
> To: NT System Admin Issues
> Subject: Re: OT: Is my Google bigger than yours? Lets check!
>
>
> I just let them ride. The ones I've read aren't bolded in the interface.
>
> I also don't use the Inbox very much - I live in All Mail. That way, any new
> messages in a thread get moved to the top.
>
> If I ever get a POP3 client set up again, I'll have it archive after
> download, as I did before, but for now the web interface is just fine.
>
> On Wed, Mar 4, 2009 at 11:47, Roger Wright  wrote:
>> How do you manage them?  Archive after reading?
>>
>>
>>
>> Roger Wright
>> Network Administrator
>> Evatone, Inc.
>> 727.572.7076  x388
>> _
>>
>>
>> -Original Message-
>> From: Kurt Buff [mailto:kurt.b...@gmail.com]
>> Sent: Wednesday, March 04, 2009 2:45 PM
>> To: NT System Admin Issues
>> Subject: Re: OT: Is my Google bigger than yours? Lets check!
>>
>> According to google:
>>
>> I have 145,928 messages.
>>
>> I am currently using 4177 MB (57%) of your 7301 MB.
>>
>> Kurt
>>
>> On Wed, Mar 4, 2009 at 10:44, Micheal Espinola Jr
>>  wrote:
>>> :-)
>>>
>>> I recently noticed that free Gmail accounts are being advertised as
>>> coming with ~2.7G of storage space. My paid-for Google Apps account
>>> has 25.6G.   My free Google Apps account has 7.2G, and my free/normal
>>> Gmal account currently has 17.1G.
>>>
>>> Now, I know I've seen tickers on the Gmail landing page before that
>>> showed how Google's Gmail storage space was constantly growing...
>>> but was it just for me (as an early adopter), or you too?
>>>
>>> --
>>> ME2
>>>
>>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>>>    ~
>>>
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>>   ~
>>
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>>   ~
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>   ~
>
> This email and any files transmitted with it are confidential and intended
> solely for the use of the individual or entity to whom they are addressed.
> If you have received this email in error please notify the system manager.
> This message contains confidential information and is intended only for the
> individual named. If you are not the named addressee you should not
> disseminate, distribute or copy this e-mail.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Trend Micro ImgSetup GUID

[Klint Price - ArizonaITPro]

Background:

I work for an employer that uses Trend OfficeScan throughout the enterprise.
I utilize VMs extensively in my environment
Company policy dictates that I have to use Trend, and I am not in the 
group that decided to go with other vendors

That being said, Trend has a utility called ImgSetup.exe which creates a 
unique Trend GUID on boot from a sysprepped machine.  It works well for 
what I need, however it only works in a x86 environment, and we are now 
pushing x64.  If you run the utility on a x64 box, it states it only 
works in an x86 environment, and then errors out.

I would like to know if anyone has any insight how the GUID is created.

On a 32-bit box, when you run the utility, it creates an entry in the 
"runonce" section of the registry.  The parameter created calls 
ImgSetup.exe, and passes in the MAC address of the machine the utility 
is being run on.

After rebooting, you end up with a HEX formatted GUID in the registry 
that looks along the lines of:

----

Any ideas?

Klint



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: SQl 2000 sp4 DB into SQL 2000 sp3a server

[Joseph L. Casale]

Cool, I have a virtualized environment, but I was hoping to gain concrete
knowledge as I am not versed in SQL by any means.
Ill give this a shot :)

jlc

-Original Message-
From: Phil Brutsche [mailto:p...@optimumdata.com] 
Sent: Wednesday, March 04, 2009 1:27 PM
To: NT System Admin Issues
Subject: Re: SQl 2000 sp4 DB into SQL 2000 sp3a server

Detach removes the database from original MS SQL instance, but it can
always be re-attached.

The only caveat I can think of is with regards to users in 2 different
ways:

1) when you re-attach a database the user ID that re-attached is the DB
owner. That may or may not cause a problem but something to be mindful of.

2) End-user accounts if your application uses database users for
authentication - those are stored in the "master" DB of the SQL 2000 SP4
instance and won't transfer over automatically, regardless of whether
you use the detach/reattach or backup/restore method. If you use
detach/reattach you might end up having to redo those.

BTW, the backup/restore method I'm thinking of is the one in the
Enterprise Manager. If your application has it's own backup/restore
procedure it would be best to use that for the backup. In my experience
the application-specific backup/restore procedure will take care of point 2.

I suspect you will want to ask some of your questions in a MS
SQL-specific forum - SQL Server Central
(http://www.sqlservercentral.com/) comes to mind.

Don't you have a test environment for this application?

Joseph L. Casale wrote:
> Just asking as once I apply SP4 and attempt the migration I can't
> undo this (other reasons). I know SQL versions sometimes perform
> upgrades...
> 
> On another note, I don't know sh!t about mssql, but I was going to
> backup to a file, then restore from a file. Is the this detaching
> method you speak of the same thing or what caveats occur between the
> two methods?

-- 

Phil Brutsche
p...@optimumdata.com

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Vipre impressions ?

[Steve Ens]

Amen.  I find it is those people who know something about Windows that have
the hardest time with UAC and Vista.  Those who know more, love Vista and
understand it better.

On Wed, Mar 4, 2009 at 2:26 PM, Michael B. Smith <
mich...@theessentialexchange.com> wrote:

> A/V systems seem to come and go...that being said, I'm slowly installing
> Vipre at all my customers as their other licenses expire. But ssshI
> don't want Stu to get a big head or anything.
>
> I've been through times when McAfee was best, and Symantec, and ESET, and
> Sybari, and and and 
>
> Truth be told - the best thing to prevent viruses, is to do what Vista
> tried to do, and everyone screamed at. Get rid of users running as Admins.
> That pretty much fixes all the problems (not 100% of course - but darn
> close).
>
> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Wednesday, March 04, 2009 2:59 PM
> To: NT System Admin Issues
> Subject: Re: Vipre impressions ?
>
> You won't regret it.
>
> On Wed, Mar 4, 2009 at 08:07, Sherry Abercrombie 
> wrote:
> > 
> >
> > This email offer and this discussion thread comes at a very opportune
> time
> > here for me.  I'm currently in the throes of having to deploy (for the
> > second time in the last 6 months because migrating to a full blown SQL
> > database from the MSDE version blew it up beyond repair) McAfee ePO.  I
> hate
> > it, my supervisor hates it.  It's interface is horrible and complex, not
> > intuitive at all, the rules are excruciating to set up, and finally,
> after
> > years of asking, at least my immediate supervisor is open and willing to
> > look at other applications because he's suffered with ePO almost as much
> as
> > I have.  Unfortunately, we have a contract with McAfee through next year,
> > fortunately he's wanting us to start the research/evaluation process for
> an
> > alternative to McAfee by this summer so that budgeting can get put in at
> the
> > appropriate time.
> >
> > 
> >
> > I think I'm going to join the Vipre discussion list, and lurk ;)  Vipre
> was
> > the first alternative software option that I mentioned to him yesterday
> > during this discussion...
> >
> > On Wed, Mar 4, 2009 at 9:54 AM, Cameron Cooper 
> wrote:
> >>
> >> Have been with Sunbelt for 3-4 years now, first started with their
> >> CounterSpy product and then upgraded it to VIPRE Enterprise.  Overall we
> >> have been extremely satisfied with the product.  We used to have
> Symantec
> >> Endpoint Protection and had users complain that their computers were
> running
> >> slow.. all to find out that Endpoint Protection was causing this.  This
> was
> >> still happening even after we setup the scans to perform at night.
>  Another
> >> reason that we switch, was that when running the trial version, it would
> >> find stuff that Endpoint Protection wouldn’t find.
> >>
> >>
> >>
> >> Don’t want to get your hopes up with this product and make you think
> that
> >> there won’t be problems.  Like any other software company out there,
> there
> >> will e problems with updates etc.  But did want to mention that
> Sunbelt’s
> >> customer support is one of the best that is out there.  Within this list
> you
> >> will have Sunbelt employees and even the CEO chime in to help with
> issues.
> >>
> >>
> >>
> >> All in all… as much as we can build up Sunbelt and VIPRE, it will come
> do
> >> to how you feel it has either helped or hindered you network.  So go
> ahead
> >> and download the trial and take it for a test spin.  And if you have any
> >> questions or problems… this list is the best place to get help.
> >>
> >>
> >>
> >> ­­­___
> >>
> >> Cameron Cooper
> >>
> >> IT Director - CompTIA A+ Certified
> >>
> >> Aurico Reports, Inc
> >>
> >> Phone: 847-890-4021Fax: 847-255-1896
> >>
> >> ccoo...@aurico.com
> >>
> >>
> >>
> >>
> >>
> >>
> >
> >
> > --
> > Sherry Abercrombie
> >
> > "Any sufficiently advanced technology is indistinguishable from magic."
> > Arthur C. Clarke
> >
> >
> >
> >
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Password Policy Change

[Michael B. Smith]

I think that's fine as long as you change the passwords on any higher-privilege 
accounts upon every employee termination, managerial change, or every two weeks 
and review the need-to-know of those passwords on a regular basis.

I am one of a relatively small (but growing) contingent who believes that any 
higher-privilege account (including service account) should be changed far more 
frequently than a low-privilege/normal-user account.

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Wednesday, March 04, 2009 2:49 PM
To: NT System Admin Issues
Subject: Re: Password Policy Change

If the account was created more than 60 days ago, setting this policy
will force a password change at next logon.

If the account was created less than 60 days ago, setting this policy
will force a password change when the account reaches 60 days.

FWIW, I don't like a 60 day period. If I had my druthers, I'd enforce
a very long password (greater than 16 characters) and force the
password change at 180 or 365 days. This is spite of rainbow tables
and pass-the-hash attacks.

Kurt

On Wed, Mar 4, 2009 at 07:51, John Hornbuckle
 wrote:
> Right now, our users' passwords don't expire. We're looking at changing that.
>
> My question is this... If I decide to enable password expiration, how is the 
> expiration date calculated for my users?
>
> Let's say that today I set passwords to expire every 60 days. Will all 
> current users' passwords expire 60 days from today? Or will all current 
> users' passwords expire today, if those passwords are 60 days or older?
>
>
>
> John Hornbuckle
> MIS Department
> Taylor County School District
> 318 North Clark Street
> Perry, FL 32347
>
> www.taylor.k12.fl.us
>
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Vipre impressions ?

[Michael B. Smith]

A/V systems seem to come and go...that being said, I'm slowly installing Vipre 
at all my customers as their other licenses expire. But ssshI don't 
want Stu to get a big head or anything.

I've been through times when McAfee was best, and Symantec, and ESET, and 
Sybari, and and and 

Truth be told - the best thing to prevent viruses, is to do what Vista tried to 
do, and everyone screamed at. Get rid of users running as Admins. That pretty 
much fixes all the problems (not 100% of course - but darn close).

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Wednesday, March 04, 2009 2:59 PM
To: NT System Admin Issues
Subject: Re: Vipre impressions ?

You won't regret it.

On Wed, Mar 4, 2009 at 08:07, Sherry Abercrombie  wrote:
> 
>
> This email offer and this discussion thread comes at a very opportune time
> here for me.  I'm currently in the throes of having to deploy (for the
> second time in the last 6 months because migrating to a full blown SQL
> database from the MSDE version blew it up beyond repair) McAfee ePO.  I hate
> it, my supervisor hates it.  It's interface is horrible and complex, not
> intuitive at all, the rules are excruciating to set up, and finally, after
> years of asking, at least my immediate supervisor is open and willing to
> look at other applications because he's suffered with ePO almost as much as
> I have.  Unfortunately, we have a contract with McAfee through next year,
> fortunately he's wanting us to start the research/evaluation process for an
> alternative to McAfee by this summer so that budgeting can get put in at the
> appropriate time.
>
> 
>
> I think I'm going to join the Vipre discussion list, and lurk ;)  Vipre was
> the first alternative software option that I mentioned to him yesterday
> during this discussion...
>
> On Wed, Mar 4, 2009 at 9:54 AM, Cameron Cooper  wrote:
>>
>> Have been with Sunbelt for 3-4 years now, first started with their
>> CounterSpy product and then upgraded it to VIPRE Enterprise.  Overall we
>> have been extremely satisfied with the product.  We used to have Symantec
>> Endpoint Protection and had users complain that their computers were running
>> slow.. all to find out that Endpoint Protection was causing this.  This was
>> still happening even after we setup the scans to perform at night.  Another
>> reason that we switch, was that when running the trial version, it would
>> find stuff that Endpoint Protection wouldn’t find.
>>
>>
>>
>> Don’t want to get your hopes up with this product and make you think that
>> there won’t be problems.  Like any other software company out there, there
>> will e problems with updates etc.  But did want to mention that Sunbelt’s
>> customer support is one of the best that is out there.  Within this list you
>> will have Sunbelt employees and even the CEO chime in to help with issues.
>>
>>
>>
>> All in all… as much as we can build up Sunbelt and VIPRE, it will come do
>> to how you feel it has either helped or hindered you network.  So go ahead
>> and download the trial and take it for a test spin.  And if you have any
>> questions or problems… this list is the best place to get help.
>>
>>
>>
>> ­­­___
>>
>> Cameron Cooper
>>
>> IT Director - CompTIA A+ Certified
>>
>> Aurico Reports, Inc
>>
>> Phone: 847-890-4021Fax: 847-255-1896
>>
>> ccoo...@aurico.com
>>
>>
>>
>>
>>
>>
>
>
> --
> Sherry Abercrombie
>
> "Any sufficiently advanced technology is indistinguishable from magic."
> Arthur C. Clarke
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: SQl 2000 sp4 DB into SQL 2000 sp3a server

[Phil Brutsche]

Detach removes the database from original MS SQL instance, but it can
always be re-attached.

The only caveat I can think of is with regards to users in 2 different
ways:

1) when you re-attach a database the user ID that re-attached is the DB
owner. That may or may not cause a problem but something to be mindful of.

2) End-user accounts if your application uses database users for
authentication - those are stored in the "master" DB of the SQL 2000 SP4
instance and won't transfer over automatically, regardless of whether
you use the detach/reattach or backup/restore method. If you use
detach/reattach you might end up having to redo those.

BTW, the backup/restore method I'm thinking of is the one in the
Enterprise Manager. If your application has it's own backup/restore
procedure it would be best to use that for the backup. In my experience
the application-specific backup/restore procedure will take care of point 2.

I suspect you will want to ask some of your questions in a MS
SQL-specific forum - SQL Server Central
(http://www.sqlservercentral.com/) comes to mind.

Don't you have a test environment for this application?

Joseph L. Casale wrote:
> Just asking as once I apply SP4 and attempt the migration I can't
> undo this (other reasons). I know SQL versions sometimes perform
> upgrades...
> 
> On another note, I don't know sh!t about mssql, but I was going to
> backup to a file, then restore from a file. Is the this detaching
> method you speak of the same thing or what caveats occur between the
> two methods?

-- 

Phil Brutsche
p...@optimumdata.com

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Laptop

[Rubens Almeida]

Not that I am aware of, but that probably exists. Unfortunately I
don't have any Lenovo's tech support on my sametime :(

On Wed, Mar 4, 2009 at 4:58 PM, Liu, David (G2DD)  wrote:
> Other than the fact that theres new BIOS update almost every month I'd
> agree that it keeps Lenovo lappies running just fine.
>
> On tat thought, does anyone know if there's an enterprise level update
> sver that can be set up to approve/push out updates for Lenovo laptops ?
>
>
> -Original Message-
> From: Rubens Almeida [mailto:rubensalme...@gmail.com]
> Sent: Wednesday, March 04, 2009 2:50 PM
> To: NT System Admin Issues
> Subject: Re: Laptop
>
> I've been a ThinkPad user for tha last 4 years, and a thumbs up rule
> is to have your bios and drivers always up to date.
> ThinkVantage System Update handles both jobs perfectly and it's one of
> the very first things I install when I get my brand new TP:
>
> http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&;
> lndocid=TVSU-UPDATE
>
> Hope that helps :)
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Support techs remote access rights to user PCs

[Webb, Brian (Corp)]

Is the issue that you don't trust your desktop and application support
techs?  If so, you need to get some different techs.
 
If the issue is that your users are putting stuff on their local hard
drives that is sensitive, you need to re-train your users to put that
data in secure areas.
 
We generally don't care about techs (and even some users) having local
admin rights as long as they are assigned to a different account that
they aren't using as their primary login.  Our techs do not surf the web
or read e-mail when they are logged in with admin rights.  They use
RunAs or MakeMeAdmin to access their admin rights when needed.  We also
have an "admin terminal server" that you can log into with your admin
account to run tasks that need admin rights.
 
-Brian

 



From: Malcolm Reitz [mailto:malcolm.re...@live.com] 
Sent: Wednesday, March 04, 2009 11:44 AM
To: NT System Admin Issues
Subject: Support techs remote access rights to user PCs



We are having an internal discussion on how to handle computer access
rights for our application support and desktop support techs. Right now,
certain techs are in an AD group which is in the local Administrators
group on some PCs. This lets them resolve end-user issues by accessing
the user PCs with Remote Desktop, Remote Registry, or simple connections
to a share. However, it also means they can get to anything on the
users' PCs and there is no auditable access tracking.

 

So, we'd like to remove this access privilege and have the techs use
other support methodologies, such as Remote Assistance, which requires
the users to be aware of what's going on. There are cases, though, where
the app support guys say they have to make batch updates to groups of
PCs (such as to point them to a new license server) and they're balking
at giving up their local admin rights. I've already thought of some ways
to handle these issues, but I'd like to hear what some of you have done.
We're running XP SP2/SP3 desktops on 2008 AD domains. The PCs are
managed with SCCM 2007 SP1.

 

Thanks,

-Malcolm


 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: OT: Is my Google bigger than yours? Lets check!

[Rod Trent]

And, don't forget your messages are sifted through by Google to determine
surfing habits and ad targeting.

-Original Message-
From: Kelsey, John [mailto:jckel...@drmc.org] 
Sent: Wednesday, March 04, 2009 3:14 PM
To: NT System Admin Issues
Subject: RE: OT: Is my Google bigger than yours? Lets check!

I wouldn't keep anything in there you might actually need someday.  Don't
forget...its a BETA.  Still...after how many years, its still beta.  

That's a great little word to hide behind when all of your mail suddenly
disappears.

***
John C. Kelsey
DuBois Regional Medical Center
(:  814.375.3073  
*:   jckel...@drmc.org 
***


-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Wednesday, March 04, 2009 15:12
To: NT System Admin Issues
Subject: Re: OT: Is my Google bigger than yours? Lets check!


I just let them ride. The ones I've read aren't bolded in the interface.

I also don't use the Inbox very much - I live in All Mail. That way, any new
messages in a thread get moved to the top.

If I ever get a POP3 client set up again, I'll have it archive after
download, as I did before, but for now the web interface is just fine.

On Wed, Mar 4, 2009 at 11:47, Roger Wright  wrote:
> How do you manage them?  Archive after reading?
>
>
>
> Roger Wright
> Network Administrator
> Evatone, Inc.
> 727.572.7076  x388
> _
>
>
> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Wednesday, March 04, 2009 2:45 PM
> To: NT System Admin Issues
> Subject: Re: OT: Is my Google bigger than yours? Lets check!
>
> According to google:
>
> I have 145,928 messages.
>
> I am currently using 4177 MB (57%) of your 7301 MB.
>
> Kurt
>
> On Wed, Mar 4, 2009 at 10:44, Micheal Espinola Jr 
>  wrote:
>> :-)
>>
>> I recently noticed that free Gmail accounts are being advertised as 
>> coming with ~2.7G of storage space. My paid-for Google Apps account 
>> has 25.6G.   My free Google Apps account has 7.2G, and my free/normal 
>> Gmal account currently has 17.1G.
>>
>> Now, I know I've seen tickers on the Gmail landing page before that 
>> showed how Google's Gmail storage space was constantly growing...   
>> but was it just for me (as an early adopter), or you too?
>>
>> --
>> ME2
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>>    ~
>>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
  ~

This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system manager.
This message contains confidential information and is intended only for the
individual named. If you are not the named addressee you should not
disseminate, distribute or copy this e-mail.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: OT: Is my Google bigger than yours? Lets check!

[Kelsey, John]

I wouldn't keep anything in there you might actually need someday.  Don't 
forget...its a BETA.  Still...after how many years, its still beta.  

That's a great little word to hide behind when all of your mail suddenly 
disappears.

***
John C. Kelsey
DuBois Regional Medical Center
(:  814.375.3073  
*:   jckel...@drmc.org 
***


-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Wednesday, March 04, 2009 15:12
To: NT System Admin Issues
Subject: Re: OT: Is my Google bigger than yours? Lets check!


I just let them ride. The ones I've read aren't bolded in the interface.

I also don't use the Inbox very much - I live in All Mail. That way, any new 
messages in a thread get moved to the top.

If I ever get a POP3 client set up again, I'll have it archive after download, 
as I did before, but for now the web interface is just fine.

On Wed, Mar 4, 2009 at 11:47, Roger Wright  wrote:
> How do you manage them?  Archive after reading?
>
>
>
> Roger Wright
> Network Administrator
> Evatone, Inc.
> 727.572.7076  x388
> _
>
>
> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Wednesday, March 04, 2009 2:45 PM
> To: NT System Admin Issues
> Subject: Re: OT: Is my Google bigger than yours? Lets check!
>
> According to google:
>
> I have 145,928 messages.
>
> I am currently using 4177 MB (57%) of your 7301 MB.
>
> Kurt
>
> On Wed, Mar 4, 2009 at 10:44, Micheal Espinola Jr 
>  wrote:
>> :-)
>>
>> I recently noticed that free Gmail accounts are being advertised as 
>> coming with ~2.7G of storage space. My paid-for Google Apps account 
>> has 25.6G.   My free Google Apps account has 7.2G, and my free/normal 
>> Gmal account currently has 17.1G.
>>
>> Now, I know I've seen tickers on the Gmail landing page before that 
>> showed how Google's Gmail storage space was constantly growing...   
>> but was it just for me (as an early adopter), or you too?
>>
>> --
>> ME2
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>>    ~
>>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they are addressed. If 
you have received this email in error please notify the system manager. This 
message contains confidential information and is intended only for the 
individual named. If you are not the named addressee you should not 
disseminate, distribute or copy this e-mail.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: OT: Is my Google bigger than yours? Lets check!

[Kurt Buff]

I just let them ride. The ones I've read aren't bolded in the interface.

I also don't use the Inbox very much - I live in All Mail. That way,
any new messages in a thread get moved to the top.

If I ever get a POP3 client set up again, I'll have it archive after
download, as I did before, but for now the web interface is just fine.

On Wed, Mar 4, 2009 at 11:47, Roger Wright  wrote:
> How do you manage them?  Archive after reading?
>
>
>
> Roger Wright
> Network Administrator
> Evatone, Inc.
> 727.572.7076  x388
> _
>
>
> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Wednesday, March 04, 2009 2:45 PM
> To: NT System Admin Issues
> Subject: Re: OT: Is my Google bigger than yours? Lets check!
>
> According to google:
>
> I have 145,928 messages.
>
> I am currently using 4177 MB (57%) of your 7301 MB.
>
> Kurt
>
> On Wed, Mar 4, 2009 at 10:44, Micheal Espinola Jr
>  wrote:
>> :-)
>>
>> I recently noticed that free Gmail accounts are being advertised as
>> coming with ~2.7G of storage space. My paid-for Google Apps account
>> has 25.6G.�� My free Google Apps account has 7.2G, and my free/normal
>> Gmal account currently has 17.1G.
>>
>> Now, I know I've seen tickers on the Gmail landing page before that
>> showed how Google's Gmail storage space was constantly growing... � but
>> was it just for me (as an early adopter), or you too?
>>
>> --
>> ME2
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~ �� ~
>>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: OT: Is my Google bigger than yours? Lets check!

[Andy Ognenoff]

I do it exactly the same way.

 - Andy O.

>-Original Message-
>From: Micheal Espinola Jr [mailto:michealespin...@gmail.com]
>Sent: Wednesday, March 04, 2009 2:08 PM
>To: NT System Admin Issues
>Subject: Re: OT: Is my Google bigger than yours? Lets check!
>
>45,712 messages, using 1.9 GB (10%) of 17.1 GB.  I had a lot more, but
>I've archived out (downloaded then deleted) as well split my mail to
>other accounts.
>
>For this account as it currently stands, which is now only used for
>list server and computing related discussions, I filter all known mail
>to archive and tagged with thier own appropriete label.
>
>That way, I can jump into particular subject matter (security,
>patching, administration, rags (industry advertising) etc) or to a
>particular content source (KB article links, microsoft, symantec,
>cisco, ISBN numbers, etc), or ignore them completely with my DNS
>(bounce message) filter/label.
>
>When Im looking at a more generic topic or thread, I can easily
>identify the meat of the threads by who posted or where the links are.
>
>All new/unknown message stay seperate in my inbox, making them easy to
>identify and easy to find/filter.
>
>works for me.  Ymmv.



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: OT: Is my Google bigger than yours? Lets check!

[Micheal Espinola Jr]

45,712 messages, using 1.9 GB (10%) of 17.1 GB.  I had a lot more, but
I've archived out (downloaded then deleted) as well split my mail to
other accounts.

For this account as it currently stands, which is now only used for
list server and computing related discussions, I filter all known mail
to archive and tagged with thier own appropriete label.

That way, I can jump into particular subject matter (security,
patching, administration, rags (industry advertising) etc) or to a
particular content source (KB article links, microsoft, symantec,
cisco, ISBN numbers, etc), or ignore them completely with my DNS
(bounce message) filter/label.

When Im looking at a more generic topic or thread, I can easily
identify the meat of the threads by who posted or where the links are.

All new/unknown message stay seperate in my inbox, making them easy to
identify and easy to find/filter.

works for me.  ymmv.

--
ME2



On Wed, Mar 4, 2009 at 2:47 PM, Roger Wright  wrote:
> How do you manage them?  Archive after reading?
>
>
>
> Roger Wright
> Network Administrator
> Evatone, Inc.
> 727.572.7076  x388
> _
>
>
> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Wednesday, March 04, 2009 2:45 PM
> To: NT System Admin Issues
> Subject: Re: OT: Is my Google bigger than yours? Lets check!
>
> According to google:
>
> I have 145,928 messages.
>
> I am currently using 4177 MB (57%) of your 7301 MB.
>
> Kurt
>
> On Wed, Mar 4, 2009 at 10:44, Micheal Espinola Jr
>  wrote:
>> :-)
>>
>> I recently noticed that free Gmail accounts are being advertised as
>> coming with ~2.7G of storage space. My paid-for Google Apps account
>> has 25.6G.�� My free Google Apps account has 7.2G, and my free/normal
>> Gmal account currently has 17.1G.
>>
>> Now, I know I've seen tickers on the Gmail landing page before that
>> showed how Google's Gmail storage space was constantly growing... � but
>> was it just for me (as an early adopter), or you too?
>>
>> --
>> ME2
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~ �� ~
>>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Is my Google bigger than yours? Lets check!

[Angus Scott-Fleming]

On 4 Mar 2009 at 13:35, Christopher J. Bosak  wrote:

> 7301 MB

ditto on the three gmail accounts I checked.

--
Angus Scott-Fleming
GeoApps, Tucson, Arizona
1-520-290-5038
+---+




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Vipre impressions ?

[Kurt Buff]

Yes, we're dealing with that, but I still think it's a damn fine system.

I don't think you can name any A/V company that hasn't had an update
screw things - and usually it's much worse. We haven't had anything
like the BSODs I've seen with other A/V systems.

Kurt

On Wed, Mar 4, 2009 at 07:51, Steve Kelsay  wrote:
> It is not a good time to ask.
>
> It is a very good program, easy to manage, but they just had a glitch with
> an update that is getting sorted out. The response you get may be tainted by
> that. This is an anomaly, but their support is first rate.
>
> I can’t wait until I can get our old system out and Vipre in fully.
>
>
>
> From: Jon Harris [mailto:jk.har...@gmail.com]
> Sent: Wednesday, March 04, 2009 10:49 AM
> To: NT System Admin Issues
> Subject: Re: Vipre impressions ?
>
>
>
> I would check with some of the admins on the Sunbelt Vipre list.  You might
> get more hits on your question.
>
>
>
> Jon
>
> On Wed, Mar 4, 2009 at 10:46 AM, Jeff Kraus  wrote:
>
> Hi all,
>
>
>
> now that Vipre has been out for a while and the incredible deal sunbelt is
> offering to switch,what are the impressions of it from anyone running it?
>
> The cost to switch is comparable to my Sophos renewal.
>
> I have not yet download the trial , looking for knowledgeable opinions
> first.
>
>
>
> Thanks
>
>
>
> Jeff
>
>
>
> Jeffrey Kraus
>
> Network Manager
>
> NIC Holding Corp.
>
> 25 Melville Park Rd.
>
> Suite 210
>
> Melville NY, 11747
>
> Voice: 631.753.4272
>
> Fax:   631.390.5472
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Vipre impressions ?

[Kurt Buff]

You won't regret it.

On Wed, Mar 4, 2009 at 08:07, Sherry Abercrombie  wrote:
> 
>
> This email offer and this discussion thread comes at a very opportune time
> here for me.  I'm currently in the throes of having to deploy (for the
> second time in the last 6 months because migrating to a full blown SQL
> database from the MSDE version blew it up beyond repair) McAfee ePO.  I hate
> it, my supervisor hates it.  It's interface is horrible and complex, not
> intuitive at all, the rules are excruciating to set up, and finally, after
> years of asking, at least my immediate supervisor is open and willing to
> look at other applications because he's suffered with ePO almost as much as
> I have.  Unfortunately, we have a contract with McAfee through next year,
> fortunately he's wanting us to start the research/evaluation process for an
> alternative to McAfee by this summer so that budgeting can get put in at the
> appropriate time.
>
> 
>
> I think I'm going to join the Vipre discussion list, and lurk ;)  Vipre was
> the first alternative software option that I mentioned to him yesterday
> during this discussion...
>
> On Wed, Mar 4, 2009 at 9:54 AM, Cameron Cooper  wrote:
>>
>> Have been with Sunbelt for 3-4 years now, first started with their
>> CounterSpy product and then upgraded it to VIPRE Enterprise.  Overall we
>> have been extremely satisfied with the product.  We used to have Symantec
>> Endpoint Protection and had users complain that their computers were running
>> slow.. all to find out that Endpoint Protection was causing this.  This was
>> still happening even after we setup the scans to perform at night.  Another
>> reason that we switch, was that when running the trial version, it would
>> find stuff that Endpoint Protection wouldn’t find.
>>
>>
>>
>> Don’t want to get your hopes up with this product and make you think that
>> there won’t be problems.  Like any other software company out there, there
>> will e problems with updates etc.  But did want to mention that Sunbelt’s
>> customer support is one of the best that is out there.  Within this list you
>> will have Sunbelt employees and even the CEO chime in to help with issues.
>>
>>
>>
>> All in all… as much as we can build up Sunbelt and VIPRE, it will come do
>> to how you feel it has either helped or hindered you network.  So go ahead
>> and download the trial and take it for a test spin.  And if you have any
>> questions or problems… this list is the best place to get help.
>>
>>
>>
>> ­­­___
>>
>> Cameron Cooper
>>
>> IT Director - CompTIA A+ Certified
>>
>> Aurico Reports, Inc
>>
>> Phone: 847-890-4021    Fax: 847-255-1896
>>
>> ccoo...@aurico.com
>>
>>
>>
>>
>>
>>
>
>
> --
> Sherry Abercrombie
>
> "Any sufficiently advanced technology is indistinguishable from magic."
> Arthur C. Clarke
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: OT: Is my Google bigger than yours? Lets check!

[Jon Harris]

You have almost 4 time the massages I have but I have the same space as you
anyway.

Jon

On Wed, Mar 4, 2009 at 2:47 PM, Roger Wright  wrote:

> How do you manage them?  Archive after reading?
>
>
>
> Roger Wright
> Network Administrator
> Evatone, Inc.
> 727.572.7076  x388
> _
>
>
> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Wednesday, March 04, 2009 2:45 PM
> To: NT System Admin Issues
> Subject: Re: OT: Is my Google bigger than yours? Lets check!
>
>  According to google:
>
> I have 145,928 messages.
>
> I am currently using 4177 MB (57%) of your 7301 MB.
>
> Kurt
>
> On Wed, Mar 4, 2009 at 10:44, Micheal Espinola Jr
>  wrote:
> > :-)
> >
> > I recently noticed that free Gmail accounts are being advertised as
> > coming with ~2.7G of storage space. My paid-for Google Apps account
> > has 25.6G.�� My free Google Apps account has 7.2G, and my free/normal
> > Gmal account currently has 17.1G.
> >
> > Now, I know I've seen tickers on the Gmail landing page before that
> > showed how Google's Gmail storage space was constantly growing... � but
> > was it just for me (as an early adopter), or you too?
> >
> > --
> > ME2
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> > ~ �� ~
> >
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: SQl 2000 sp4 DB into SQL 2000 sp3a server

[Joseph L. Casale]

Just asking as once I apply SP4 and attempt the migration I can't undo this 
(other reasons).
I know SQL versions sometimes perform upgrades...

On another note, I don't know sh!t about mssql, but I was going to backup to a 
file, then restore from a file. Is the this detaching method you speak of the 
same thing or what caveats occur between the two methods?

Thanks!
jlc

-Original Message-
From: Phil Brutsche [mailto:p...@optimumdata.com] 
Sent: Wednesday, March 04, 2009 12:54 PM
To: NT System Admin Issues
Subject: Re: SQl 2000 sp4 DB into SQL 2000 sp3a server

Wouldn't it be as simple as:

a) Detach database
b) Copy database files to different host
c) Re-attach database

?

Joseph L. Casale wrote:
> Don't even ask (application support)...
> 
>  
> 
> Can I do this? I need to export a 2ksp4 db and bring it online in 2ksp3a
> server?
> 
>  
> 
> Thanks!
> jlc
> 
> 
>  
> 
>  
> 


-- 

Phil Brutsche
p...@optimumdata.com


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: OT: Is my Google bigger than yours? Lets check!

[Lee Douglas]

I also have 7301 MB. Early adopter.

Speaking of GMail, anyone know if they are ever going to start throwing away
trash and/or spam that is more than 30 days old?



On Wed, Mar 4, 2009 at 2:45 PM, Kurt Buff  wrote:

> According to google:
>
> I have 145,928 messages.
>
> I am currently using 4177 MB (57%) of your 7301 MB.
>
> Kurt
>
> On Wed, Mar 4, 2009 at 10:44, Micheal Espinola Jr
>  wrote:
> > :-)
> >
> > I recently noticed that free Gmail accounts are being advertised as
> > coming with ~2.7G of storage space. My paid-for Google Apps account
> > has 25.6G.  My free Google Apps account has 7.2G, and my free/normal
> > Gmal account currently has 17.1G.
> >
> > Now, I know I've seen tickers on the Gmail landing page before that
> > showed how Google's Gmail storage space was constantly growing...  but
> > was it just for me (as an early adopter), or you too?
> >
> > --
> > ME2
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> > ~   ~
> >
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Laptop

[Liu, David (G2DD)]

Other than the fact that theres new BIOS update almost every month I'd
agree that it keeps Lenovo lappies running just fine. 

On tat thought, does anyone know if there's an enterprise level update
sver that can be set up to approve/push out updates for Lenovo laptops ?


-Original Message-
From: Rubens Almeida [mailto:rubensalme...@gmail.com] 
Sent: Wednesday, March 04, 2009 2:50 PM
To: NT System Admin Issues
Subject: Re: Laptop

I've been a ThinkPad user for tha last 4 years, and a thumbs up rule
is to have your bios and drivers always up to date.
ThinkVantage System Update handles both jobs perfectly and it's one of
the very first things I install when I get my brand new TP:

http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&;
lndocid=TVSU-UPDATE

Hope that helps :)

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Vipre impressions ?

[Kurt Buff]

Definitely like it. Responsive, manageable and a very good admin interface.

Not perfect, but way better than the McAfee with EPO we had, and
better than the Trend I used many years ago.

We're servicing about 300 workstations.

The biggest issue we've had is getting rid of the McAfee - that's a
definite PITA.

On Wed, Mar 4, 2009 at 07:46, Jeff Kraus  wrote:
> Hi all,
>
> now that Vipre has been out for a while and the incredible deal sunbelt is
> offering to switch,what are the impressions of it from anyone running it?
> The cost to switch is comparable to my Sophos renewal.
> I have not yet download the trial , looking for knowledgeable opinions
> first.
>
> Thanks
>
> Jeff
>
> Jeffrey Kraus
> Network Manager
> NIC Holding Corp.
> 25 Melville Park Rd.
> Suite 210
> Melville NY, 11747
> Voice: 631.753.4272
> Fax:   631.390.5472
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: OT: Is my Google bigger than yours? Lets check!

[Steve Ens]

Always, then there is an easy searchable NT knowledgebase...

On Wed, Mar 4, 2009 at 1:47 PM, Roger Wright  wrote:

> How do you manage them?  Archive after reading?
>
>
>
> Roger Wright
> Network Administrator
> Evatone, Inc.
> 727.572.7076  x388
> _
>
>
> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Wednesday, March 04, 2009 2:45 PM
> To: NT System Admin Issues
> Subject: Re: OT: Is my Google bigger than yours? Lets check!
>
> According to google:
>
> I have 145,928 messages.
>
> I am currently using 4177 MB (57%) of your 7301 MB.
>
> Kurt
>
> On Wed, Mar 4, 2009 at 10:44, Micheal Espinola Jr
>  wrote:
> > :-)
> >
> > I recently noticed that free Gmail accounts are being advertised as
> > coming with ~2.7G of storage space. My paid-for Google Apps account
> > has 25.6G.�� My free Google Apps account has 7.2G, and my free/normal
> > Gmal account currently has 17.1G.
> >
> > Now, I know I've seen tickers on the Gmail landing page before that
> > showed how Google's Gmail storage space was constantly growing... � but
> > was it just for me (as an early adopter), or you too?
> >
> > --
> > ME2
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> > ~ �� ~
> >
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: SQl 2000 sp4 DB into SQL 2000 sp3a server

[Phil Brutsche]

Wouldn't it be as simple as:

a) Detach database
b) Copy database files to different host
c) Re-attach database

?

Joseph L. Casale wrote:
> Don’t even ask (application support)…
> 
>  
> 
> Can I do this? I need to export a 2ksp4 db and bring it online in 2ksp3a
> server?
> 
>  
> 
> Thanks!
> jlc
> 
> 
>  
> 
>  
> 


-- 

Phil Brutsche
p...@optimumdata.com


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: NT4 in a 2003 domain

[Jeff Bunting]

Thanks Chris.  That's what I was thinking, but it has been a few years and,
my google-fu was weak and I couldn't find it stated explicitly.

On Wed, Mar 4, 2009 at 2:45 PM, Christopher Bodnar <
christopher_bod...@glic.com> wrote:

>  Only against the PDC emulator.
>
>
>
>
>
>
>
> Chris Bodnar, MCSE
> Sr. Systems Engineer
> Distributed Systems Service Delivery - Intel Services
> Guardian Life Insurance Company of America
> Email: christopher_bod...@glic.com
> Phone: 610-807-6459
> Fax: 610-807-6003
>   --
>
> *From:* bunting.j...@gmail.com [mailto:bunting.j...@gmail.com]
> *Sent:* Wednesday, March 04, 2009 2:25 PM
> *To:* NT System Admin Issues
> *Subject:* NT4 in a 2003 domain
>
>
>
>
>
>
>
>
>
>
>
>
>  --
>
> * This message, and any attachments to it, may contain information that is
> privileged, confidential, and exempt from disclosure under applicable law.
> If the reader of this message is not the intended recipient, you are
> notified that any use, dissemination, distribution, copying, or
> communication of this message is strictly prohibited. If you have received
> this message in error, please notify the sender immediately by return e-mail
> and delete the message and any attachments. Thank you. *
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Laptop

[Rubens Almeida]

I've been a ThinkPad user for tha last 4 years, and a thumbs up rule
is to have your bios and drivers always up to date.
ThinkVantage System Update handles both jobs perfectly and it's one of
the very first things I install when I get my brand new TP:

http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=TVSU-UPDATE

Hope that helps :)

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Password Policy Change

[Kurt Buff]

If the account was created more than 60 days ago, setting this policy
will force a password change at next logon.

If the account was created less than 60 days ago, setting this policy
will force a password change when the account reaches 60 days.

FWIW, I don't like a 60 day period. If I had my druthers, I'd enforce
a very long password (greater than 16 characters) and force the
password change at 180 or 365 days. This is spite of rainbow tables
and pass-the-hash attacks.

Kurt

On Wed, Mar 4, 2009 at 07:51, John Hornbuckle
 wrote:
> Right now, our users' passwords don't expire. We're looking at changing that.
>
> My question is this... If I decide to enable password expiration, how is the 
> expiration date calculated for my users?
>
> Let's say that today I set passwords to expire every 60 days. Will all 
> current users' passwords expire 60 days from today? Or will all current 
> users' passwords expire today, if those passwords are 60 days or older?
>
>
>
> John Hornbuckle
> MIS Department
> Taylor County School District
> 318 North Clark Street
> Perry, FL 32347
>
> www.taylor.k12.fl.us
>
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: OT: Is my Google bigger than yours? Lets check!

[Roger Wright]

How do you manage them?  Archive after reading?

   

Roger Wright
Network Administrator
Evatone, Inc.
727.572.7076  x388
_  


-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Wednesday, March 04, 2009 2:45 PM
To: NT System Admin Issues
Subject: Re: OT: Is my Google bigger than yours? Lets check!

According to google:

I have 145,928 messages.

I am currently using 4177 MB (57%) of your 7301 MB.

Kurt

On Wed, Mar 4, 2009 at 10:44, Micheal Espinola Jr
 wrote:
> :-)
>
> I recently noticed that free Gmail accounts are being advertised as
> coming with ~2.7G of storage space. My paid-for Google Apps account
> has 25.6G.���My free Google Apps account has 7.2G, and my free/normal
> Gmal account currently has 17.1G.
>
> Now, I know I've seen tickers on the Gmail landing page before that
> showed how Google's Gmail storage space was constantly growing... ��but
> was it just for me (as an early adopter), or you too?
>
> --
> ME2
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ ���~
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

SQl 2000 sp4 DB into SQL 2000 sp3a server

[Joseph L. Casale]

Don't even ask (application support)...

Can I do this? I need to export a 2ksp4 db and bring it online in 2ksp3a server?

Thanks!
jlc

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: NT4 in a 2003 domain

[Christopher Bodnar]

Only against the PDC emulator.

 

 

 

Chris Bodnar, MCSE
Sr. Systems Engineer
Distributed Systems Service Delivery - Intel Services
Guardian Life Insurance Company of America
Email: christopher_bod...@glic.com
Phone: 610-807-6459
Fax: 610-807-6003

  _  

From: bunting.j...@gmail.com [mailto:bunting.j...@gmail.com] 
Sent: Wednesday, March 04, 2009 2:25 PM
To: NT System Admin Issues
Subject: NT4 in a 2003 domain

 

 

 



-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: OT: Is my Google bigger than yours? Lets check!

[Kurt Buff]

According to google:

I have 145,928 messages.

I am currently using 4177 MB (57%) of your 7301 MB.

Kurt

On Wed, Mar 4, 2009 at 10:44, Micheal Espinola Jr
 wrote:
> :-)
>
> I recently noticed that free Gmail accounts are being advertised as
> coming with ~2.7G of storage space. My paid-for Google Apps account
> has 25.6G.  My free Google Apps account has 7.2G, and my free/normal
> Gmal account currently has 17.1G.
>
> Now, I know I've seen tickers on the Gmail landing page before that
> showed how Google's Gmail storage space was constantly growing...  but
> was it just for me (as an early adopter), or you too?
>
> --
> ME2
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Is my Google bigger than yours? Lets check!

[Christopher J. Bosak]

7301 MB

Christopher J. Bosak
Vector Company
c. 847.603.4673
cbo...@vector-co.com

"You need to install an RTFM Interface, due to an LBNC issue."
- B.O.F.H. (Merged 2 into 1) - Me

-Original Message-
From: Michael B. Smith [mailto:mich...@theessentialexchange.com] 
Sent: Wednesday, March 04, 2009 12:58 hrs
To: NT System Admin Issues
Subject: RE: Is my Google bigger than yours? Lets check!

I was an early adopter as well...I think I got my invitation from you as a
matter of fact. (It might've been Bob Free; too many years ago now!)

But my free/normal gmail account says 7301 MB. And yes, I get that ticker...

-Original Message-
From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] 
Sent: Wednesday, March 04, 2009 1:45 PM
To: NT System Admin Issues
Subject: OT: Is my Google bigger than yours? Lets check!

:-)

I recently noticed that free Gmail accounts are being advertised as
coming with ~2.7G of storage space. My paid-for Google Apps account
has 25.6G.  My free Google Apps account has 7.2G, and my free/normal
Gmal account currently has 17.1G.

Now, I know I've seen tickers on the Gmail landing page before that
showed how Google's Gmail storage space was constantly growing...  but
was it just for me (as an early adopter), or you too?

--
ME2

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Vipre impressions ?

[Jeff Bunting]

That's spelled Kludge (capital "K"). ;-)

maybe ePU is a better nomenclature.

On Wed, Mar 4, 2009 at 1:23 PM, David Lum  wrote:

>  If the DBA’s are ticked at you’ give them the ePO console and have them
> try to configure say, reporting for just specific failures…they’ll have
> empathy for you quick!
>
>
>
> My Excel sheet has a tab for each tab in the ePO console, so I know  a tab
> is a 1:1 ratio to a main ePO options (it, a tab for Dashboards, a tab for
> Reporting, a tab for Software, etc…).
>
>
>
> Friggin’ asinine such a thing is needed, but good Lord ePO is a kludge…
>
>
>
> Dave
>
>
>
>
>
> *From:* Sherry Abercrombie [mailto:saber...@gmail.com]
> *Sent:* Wednesday, March 04, 2009 10:10 AM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Vipre impressions ?
>
>
>
> Thanks Dave, I'm glad to hear someone else has the same experience with
> ePO.  Kind of confirms that I'm not an incompetent admin.  Right now, the
> DBA group is more than a little ticked off at me
>
> I will probably be doing the same with Excel, that's a good idea Dave,
> thanks for sharing it.  Maybe we should start a support group for admins
> that are forced to use this product.
>
> On Wed, Mar 4, 2009 at 11:51 AM, David Lum  wrote:
>
> I’m with you on ePO Sherry! I have hours and hours using the interface and
> have gone to an Excel sheet and screenshots to figure out what’s what! It’s
> really flexible, but far too complex to leverage properly. We added McAfee
> Host Intrusion and AntiSpyware Enterprise pieces and it has so much
> potential, but virtually impossible to administer. GRRR.
>
>
>
> Currently I like Trend WorryFree the best between Vipre, Trend and McAfee.
> With the add-ins McAfee has more outright capability, but the interface
> truly sucks donkey bits. Trend has a nice easy-to-figure out firewall piece
> that Vipre doesn’t have yet.
>
>
>
> One guy on the Vipre list was mad that Vipre didn’t catch a vulnerability
> exploited because some systems weren’t patched. Don’t blame your alarm
> company when things get stolen from your house when you leave the front door
> open…
>
> *David Lum** **// *SYSTEMS ENGINEER
> NORTHWEST EVALUATION ASSOCIATION
> (Desk) 971.222.1025 *// *(Cell) 503.267.9764
>
>
>
> *From:* Sherry Abercrombie [mailto:saber...@gmail.com]
> *Sent:* Wednesday, March 04, 2009 8:08 AM
>
>
> *To:* NT System Admin Issues
>
> *Subject:* Re: Vipre impressions ?
>
>
>
> 
>
> This email offer and this discussion thread comes at a very opportune time
> here for me.  I'm currently in the throes of having to deploy (for the
> second time in the last 6 months because migrating to a full blown SQL
> database from the MSDE version blew it up beyond repair) McAfee ePO.  I hate
> it, my supervisor hates it.  It's interface is horrible and complex, not
> intuitive at all, the rules are excruciating to set up, and finally, after
> years of asking, at least my immediate supervisor is open and willing to
> look at other applications because he's suffered with ePO almost as much as
> I have.  Unfortunately, we have a contract with McAfee through next year,
> fortunately he's wanting us to start the research/evaluation process for an
> alternative to McAfee by this summer so that budgeting can get put in at the
> appropriate time.
>
> 
>
> I think I'm going to join the Vipre discussion list, and lurk ;)  Vipre was
> the first alternative software option that I mentioned to him yesterday
> during this discussion...
>
> On Wed, Mar 4, 2009 at 9:54 AM, Cameron Cooper  wrote:
>
> Have been with Sunbelt for 3-4 years now, first started with their
> CounterSpy product and then upgraded it to VIPRE Enterprise.  Overall we
> have been extremely satisfied with the product.  We used to have Symantec
> Endpoint Protection and had users complain that their computers were running
> slow.. all to find out that Endpoint Protection was causing this.  This was
> still happening even after we setup the scans to perform at night.  Another
> reason that we switch, was that when running the trial version, it would
> find stuff that Endpoint Protection wouldn’t find.
>
>
>
> Don’t want to get your hopes up with this product and make you think that
> there won’t be problems.  Like any other software company out there, there
> will e problems with updates etc.  But did want to mention that Sunbelt’s
> customer support is one of the best that is out there.  Within this list you
> will have Sunbelt employees and even the CEO chime in to help with issues.
>
>
>
> All in all… as much as we can build up Sunbelt and VIPRE, it will come do
> to how you feel it has either helped or hindered you network.  So go ahead
> and download the trial and take it for a test spin.  And if you have any
> questions or problems… this list is the best place to get help.
>
>
>
> ­­­___
>
> *Cameron Cooper*
>
> *IT Director - CompTIA A+ Certified*
>
> Aurico Reports, Inc
>
> Phone: 847-890-4021Fax: 847-255-1896
>
> ccoo...@auric

NT4 in a 2003 domain

[Jeff Bunting]

Quick question:  Will an NT4 member server only authenticate against the PDC
emulator in a mixed mode 2003 domain, or can it use other DCs too?

Thanks,
Jeff

p.s. I know about the digital signing, NTLM, etc. that needs to be set

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Help with resolving Terminal server problems

[Webster]

> -Original Message-
> From: Gene Giannamore [mailto:gene.giannam...@abideinternational.com]
> Subject: RE: Help with resolving Terminal server problems
> 
> So citrix ica will improve the TS experience over stock MS. Now I just
> need to find proof or ROI type info inorder get the purchase approved.

You could also look at WAN Acceleration type products or see if your
routers/firewalls/etc can do QoS on RDP or prioritize RDP.

As far as ICA vs RDP there are many white papers available on the
"Internets" which you can via "The Google".  And you can forget all the crap
about an ICA session requires xKb of bandwidth and an RDP session requires
yKb of bandwidth.  Those numbers mean nothing.  I watched a presentation by
the chief engineer of the ICA protocol.  He says "it all depends" when
calculating bandwidth.

With ICA, you can use Citrix policies to disable some of the protocol
channels.  With the RDP used in TS2008 you can do the same thing.  PLUS,
vendors can add their own virtual channels to both protocols and build and
tear down at will.  So how much bandwidth will an ICA session take vs an RDP
session?  It all depends!  Which one is faster?  It all depends.  i.e. for
ICA, is Session Reliability being used?  If so and you are using QoS for the
ICA Protocol, does your QoS system know that port 2598 traffic is also ICA
type traffic?

Bottom line?  It all depends.


Webster


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Password Policy Change

[John Hornbuckle]

Thanks for the heads-up!


-Original Message-
From: James Winzenz [mailto:james.winz...@pulte.com] 
Sent: Wednesday, March 04, 2009 12:45 PM
To: NT System Admin Issues
Subject: RE: Password Policy Change

One thing you will need to be aware of (and may work in your favor):

When you uncheck the "password never expires" box, AD automatically
forces an immediate password change.  If you don't want to force them to
immediately change their passwords, you can probably script something
that would turn off the password never expires flag and then would turn
off the user must change password at next logon flag.  Otherwise this
could be a good opportunity to kill two birds with one stone.  You can
apply the policy without it affecting them initially, but when you go
back and change the password never expires flag, they will be forced to
change their passwords.   As a practice here, whenever we find a
non-service account (or non-authorized account) that has the password
set to never expire, we uncheck it and force the user to immediately
change their password.

Thanks,

James Winzenz
Infrastructure Systems Engineer II - Security
Pulte Homes Information Services


-Original Message-
From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Wednesday, March 04, 2009 10:16 AM
To: NT System Admin Issues
Subject: RE: Password Policy Change

Thanks for the tips.

We have accounts that haven't had their passwords changed in years. And
99% haven't been changed within 90 days, so if I set the policy to 90
days pretty much everyone's would expire at that time.

Everyone's account is configured with the "Password never expires"
option enabled. Earlier today I had gotten some tips on how to disable
that option for everyone at once. But now I'm thinking the thing to do
is to disable it for smaller groups of users at a time.




-Original Message-
From: Scott Kaufman at HQ [mailto:skauf...@ittesi.com]
Sent: Wednesday, March 04, 2009 12:10 PM
To: NT System Admin Issues
Subject: RE: Password Policy Change

It's not 90 days from when you set the policy, it's 90 days from the
last password change on the user account.
If you change the policy to be 90 days, all user accounts that have the
password last set date that is greater than 90 days will immediately get
set to change password at next logon.

Unless you can guarantee that all user account passwords were changed
within 90 days, I'd start with a long time frame, like 200 days, and
each month (or two weeks) keep reducing it down until you get to 90
days.  Or be prepared for a lot of helpdesk calls & user complaining.
Also check any service accounts, as those accounts will get the same
thing & services will start failing.

Lived through this a few times from "consultants" changing it because
upper management said to change it based on a recommendation/report from
another third party blah blah blah, but didn't take the time to look
at the user accounts & determine how many would get affected by the
change.

It will be a great test of your customer service skills & resolve if you
just implement the change :)


Scott Kaufman
Lead Network Analyst
ITT ESI, Inc.


-Original Message-
From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Wednesday, March 04, 2009 11:03 AM
To: NT System Admin Issues
Subject: RE: Password Policy Change

You mean, 90 days from the day you set the policy?



-Original Message-
From: Cameron Cooper [mailto:ccoo...@aurico.com]
Sent: Wednesday, March 04, 2009 10:59 AM
To: NT System Admin Issues
Subject: RE: Password Policy Change

If I remember correctly, when we implemented this (every 90 days) the
passwords would change after the time frame was set to expire.

___
Cameron Cooper
IT Director - CompTIA A+ Certified
Aurico Reports, Inc
Phone: 847-890-4021Fax: 847-255-1896
ccoo...@aurico.com



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpo

RE: Is my Google bigger than yours? Lets check!

[Michael B. Smith]

I was an early adopter as well...I think I got my invitation from you as a
matter of fact. (It might've been Bob Free; too many years ago now!)

But my free/normal gmail account says 7301 MB. And yes, I get that ticker...

-Original Message-
From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] 
Sent: Wednesday, March 04, 2009 1:45 PM
To: NT System Admin Issues
Subject: OT: Is my Google bigger than yours? Lets check!

:-)

I recently noticed that free Gmail accounts are being advertised as
coming with ~2.7G of storage space. My paid-for Google Apps account
has 25.6G.  My free Google Apps account has 7.2G, and my free/normal
Gmal account currently has 17.1G.

Now, I know I've seen tickers on the Gmail landing page before that
showed how Google's Gmail storage space was constantly growing...  but
was it just for me (as an early adopter), or you too?

--
ME2

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Is my Google bigger than yours? Lets check!

[Jacob]

My free Gmail is 7301MB

-Original Message-
From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] 
Sent: Wednesday, March 04, 2009 10:45 AM
To: NT System Admin Issues
Subject: OT: Is my Google bigger than yours? Lets check!

:-)

I recently noticed that free Gmail accounts are being advertised as
coming with ~2.7G of storage space. My paid-for Google Apps account
has 25.6G.  My free Google Apps account has 7.2G, and my free/normal
Gmal account currently has 17.1G.

Now, I know I've seen tickers on the Gmail landing page before that
showed how Google's Gmail storage space was constantly growing...  but
was it just for me (as an early adopter), or you too?

--
ME2

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Hiding words in an outlook form

[Michael B. Smith]

Almost certainly it will not do what you want.

 

You didn't tell us what version of Exchange we are talking about, but with
Exchange 2007, you'd be looking at either transport rules (to do the
searching within the Exchange organization) or a transport agent (to put a
custom header onto an email that contains the invisible field).

 

The problem with custom forms is that when they leave the organization they
are generally turned into normal forms with the customization stripped out.

 

From: Steven Calvanese [mailto:scalvan...@membersolutions.com] 
Sent: Wednesday, March 04, 2009 8:25 AM
To: NT System Admin Issues
Subject: RE: Hiding words in an outlook form

 

It is right after the firewall.  We already have it configured to notify us
about cc#, ss#s and select keywords.  We want to prevent people from
forwarding certain emails to the outside.  So we were thinking that if we
could hide a keyword in a custom form then we could catch this with the box.
This custom form would only need to be used once or twice a month.

 

Thanks

 

  _  

From: Michael B. Smith [mailto:mich...@theessentialexchange.com] 
Sent: Tuesday, March 03, 2009 5:56 PM
To: NT System Admin Issues
Subject: RE: Hiding words in an outlook form

Now we've entered the application domain - and I don't know.

 

By default, encryption between the Outlook client and Exchange server is
encrypted (starting with Wave 12, and configurable before then).

 

Where does that box sit in the topology?

 

From: Steven Calvanese [mailto:scalvan...@membersolutions.com] 
Sent: Tuesday, March 03, 2009 5:50 PM
To: NT System Admin Issues
Subject: RE: Hiding words in an outlook form

 

Would the word be picked up by a PacketSure Palisade box?  We are trying to
control the forwarding of confidential emails.

 

 

  _  

From: Michael B. Smith [mailto:mich...@theessentialexchange.com] 
Sent: Tuesday, March 03, 2009 5:36 PM
To: NT System Admin Issues
Subject: RE: Hiding words in an outlook form

Sure. You can uncheck "Visible".

 

From: Steven Calvanese [mailto:scalvan...@membersolutions.com] 
Sent: Tuesday, March 03, 2009 5:23 PM
To: NT System Admin Issues
Subject: Hiding words in an outlook form

 

Is there a way to add words into an outlook form that can not be seen or
deleted by the user?


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Is my Google bigger than yours? Lets check!

[John Cook]

Freebie account has 7.3G

John W. Cook
Systems Administrator
Partnership For Strong Families
315 SE 2nd Ave
Gainesville, Fl 32601
Office (352) 393-2741 x320
Cell (352) 215-6944
Fax (352) 393-2746
MCSE, MCTS, MCP+I,CompTIA A+, N+


-Original Message-
From: Micheal Espinola Jr [mailto:michealespin...@gmail.com]
Sent: Wednesday, March 04, 2009 1:45 PM
To: NT System Admin Issues
Subject: OT: Is my Google bigger than yours? Lets check!

:-)

I recently noticed that free Gmail accounts are being advertised as
coming with ~2.7G of storage space. My paid-for Google Apps account
has 25.6G.  My free Google Apps account has 7.2G, and my free/normal
Gmal account currently has 17.1G.

Now, I know I've seen tickers on the Gmail landing page before that
showed how Google's Gmail storage space was constantly growing...  but
was it just for me (as an early adopter), or you too?

--
ME2

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

CONFIDENTIALITY STATEMENT: The information transmitted, or contained or 
attached to or with this Notice is intended only for the person or entity to 
which it is addressed and may contain Protected Health Information (PHI), 
confidential and/or privileged material. Any review, transmission, 
dissemination, or other use of, and taking any action in reliance upon this 
information by persons or entities other than the intended recipient without 
the express written consent of the sender are prohibited. This information may 
be protected by the Health Insurance Portability and Accountability Act of 1996 
(HIPAA), and other Federal and Florida laws. Improper or unauthorized use or 
disclosure of this information could result in civil and/or criminal penalties.
 Consider the environment. Please don't print this e-mail unless you really 
need to.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: OT: Is my Google bigger than yours? Lets check!

[Sam Cayze]

I got 7.53 here...



From: chipsh...@comcast.net [mailto:chipsh...@comcast.net] 
Sent: Wednesday, March 04, 2009 12:50 PM
To: NT System Admin Issues
Subject: Re: OT: Is my Google bigger than yours? Lets check!


My free normal gmail account shows 7.3 GB of available storage.
- Original Message -
From: "Micheal Espinola Jr" 
To: "NT System Admin Issues" 
Sent: Wednesday, March 4, 2009 1:44:44 PM GMT -05:00 US/Canada Eastern
Subject: OT: Is my Google bigger than yours? Lets check!

:-)

I recently noticed that free Gmail accounts are being advertised as
coming with ~2.7G of storage space. My paid-for Google Apps account
has 25.6G.  My free Google Apps account has 7.2G, and my free/normal
Gmal account currently has 17.1G.

Now, I know I've seen tickers on the Gmail landing page before that
showed how Google's Gmail storage space was constantly growing...  but
was it just for me (as an early adopter), or you too?

--
ME2

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~



 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: OT: Is my Google bigger than yours? Lets check!

[David]

Free gmail acct = 7.3G, and that dates from.August of '04.



On Wed, Mar 4, 2009 at 10:44 AM, Micheal Espinola Jr <
michealespin...@gmail.com> wrote:

> :-)
>
> I recently noticed that free Gmail accounts are being advertised as
> coming with ~2.7G of storage space. My paid-for Google Apps account
> has 25.6G.  My free Google Apps account has 7.2G, and my free/normal
> Gmal account currently has 17.1G.
>
> Now, I know I've seen tickers on the Gmail landing page before that
> showed how Google's Gmail storage space was constantly growing...  but
> was it just for me (as an early adopter), or you too?
>
> --
> ME2
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>



-- 
David

_

Frodo: “I wish none of this had happened.”

Gandalf: “So do all who live to see such times, but that is not for them to
decide.”

~Lord of the Rings

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: OT: Is my Google bigger than yours? Lets check!

[Chipshead]

My free normal gmail account shows 7.3 GB of available storage. 
- Original Message - 
From: "Micheal Espinola Jr" < michealespinola @ gmail .com> 
To: "NT System Admin Issues" < ntsysadmin @ lyris .sunbelt-software.com> 
Sent: Wednesday, March 4, 2009 1:44:44 PM GMT -05:00 US/Canada Eastern 
Subject: OT: Is my Google bigger than yours? Lets check! 

:-) 

I recently noticed that free Gmail accounts are being advertised as 
coming with ~2.7G of storage space. My paid-for Google Apps account 
has 25.6G.  My free Google Apps account has 7.2G, and my free/normal 
Gmal account currently has 17.1G. 

Now, I know I've seen tickers on the Gmail landing page before that 
showed how Google's Gmail storage space was constantly growing...  but 
was it just for me (as an early adopter), or you too? 

-- 
ME2 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ 
~ < http :// www . sunbeltsoftware .com/Business/VIPRE-Enterprise/>  ~ 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Looking for a utility that I can run on my laptop and know on servers their BIOS/firware they are running

[Sam Cayze]

I take it this is for a whole domain?



From: RITA KAUR [mailto:mchani...@rogers.com] 
Sent: Wednesday, March 04, 2009 12:10 PM
To: NT System Admin Issues
Subject: Looking for a utility that I can run on my laptop and know on
servers their BIOS/firware they are running


FY1,
 
I am looking for a utility that I can run on my laptop and get to know
what BIOS/firmware are running on Intel Platform ASAP. Help is highly
appreciated
 
Thanks for all your help
 
M 


 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Support techs remote access rights to user PCs

[Sam Cayze]

LogMeIn.com if it adheres to your security model.
 
Or, to continue remote desktop, you could just remove the techs from the
local admin group, and add them to the remote desktop group.  They can
use remote desktop, but with a restricted account.  Remote desktop has
it's limitations for interaction with logged on users, so it don't like
it for this role.  It's good for administering servers, that's about it.



From: Malcolm Reitz [mailto:malcolm.re...@live.com] 
Sent: Wednesday, March 04, 2009 11:44 AM
To: NT System Admin Issues
Subject: Support techs remote access rights to user PCs



We are having an internal discussion on how to handle computer access
rights for our application support and desktop support techs. Right now,
certain techs are in an AD group which is in the local Administrators
group on some PCs. This lets them resolve end-user issues by accessing
the user PCs with Remote Desktop, Remote Registry, or simple connections
to a share. However, it also means they can get to anything on the
users' PCs and there is no auditable access tracking.

 

So, we'd like to remove this access privilege and have the techs use
other support methodologies, such as Remote Assistance, which requires
the users to be aware of what's going on. There are cases, though, where
the app support guys say they have to make batch updates to groups of
PCs (such as to point them to a new license server) and they're balking
at giving up their local admin rights. I've already thought of some ways
to handle these issues, but I'd like to hear what some of you have done.
We're running XP SP2/SP3 desktops on 2008 AD domains. The PCs are
managed with SCCM 2007 SP1.

 

Thanks,

-Malcolm


 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Password Policy Change

[Cameron Cooper]

In my experience that only happens when the user is forced to change
their password.

 

Thanks for the tips on the password, will make it a policy not to ask
for a users password and if I need to log into their computer as them
will just reset their password.

 

---___

Cameron Cooper

IT Director - CompTIA A+ Certified

Aurico Reports, Inc

Phone: 847-890-4021Fax: 847-255-1896

ccoo...@aurico.com

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

OT: Is my Google bigger than yours? Lets check!

[Micheal Espinola Jr]

:-)

I recently noticed that free Gmail accounts are being advertised as
coming with ~2.7G of storage space. My paid-for Google Apps account
has 25.6G.  My free Google Apps account has 7.2G, and my free/normal
Gmal account currently has 17.1G.

Now, I know I've seen tickers on the Gmail landing page before that
showed how Google's Gmail storage space was constantly growing...  but
was it just for me (as an early adopter), or you too?

--
ME2

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Password Policy Change

[Michael B. Smith]

When the password comes up for renewal.

 

The OS does not store the actual password, just the hash of the password. It 
cannot tell, based on that hash, how complex a password is (as far as I know – 
I’m not a PhD in cryptography). That’s the rational…

 

From: chipsh...@comcast.net [mailto:chipsh...@comcast.net] 
Sent: Wednesday, March 04, 2009 1:20 PM
To: NT System Admin Issues
Subject: Re: Password Policy Change

 

If you change the minimum password length or force it to include special 
characters, does that change only get enforced when the password comes up for 
renewal or will everyone who does not meet the new enforced parameters be 
forced to change their password immediately regardless of age?

Thanks.

Steve
- Original Message -
From: "Scott Kaufman at HQ" 
To: "NT System Admin Issues" 
Sent: Wednesday, March 4, 2009 12:09:52 PM GMT -05:00 US/Canada Eastern
Subject: RE: Password Policy Change

It's not 90 days from when you set the policy, it's 90 days from the
last password change on the user account.
If you change the policy to be 90 days, all user accounts that have the
password last set date that is greater than 90 days will immediately get
set to change password at next logon.

Unless you can guarantee that all user account passwords were changed
within 90 days, I'd start with a long time frame, like 200 days, and
each month (or two weeks) keep reducing it down until you get to 90
days.  Or be prepared for a lot of helpdesk calls & user complaining.
Also check any service accounts, as those accounts will get the same
thing & services will start failing.

Lived through this a few times from "consultants" changing it because
upper management said to change it based on a recommendation/report from
another third party blah blah blah, but didn't take the time to look
at the user accounts & determine how many would get affected by the
change.

It will be a great test of your customer service skills & resolve if you
just implement the change :)


Scott Kaufman
Lead Network Analyst
ITT ESI, Inc.


-Original Message-
From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Wednesday, March 04, 2009 11:03 AM
To: NT System Admin Issues
Subject: RE: Password Policy Change

You mean, 90 days from the day you set the policy?



-Original Message-
From: Cameron Cooper [mailto:ccoo...@aurico.com] 
Sent: Wednesday, March 04, 2009 10:59 AM
To: NT System Admin Issues
Subject: RE: Password Policy Change

If I remember correctly, when we implemented this (every 90 days) the
passwords would change after the time frame was set to expire.  

___
Cameron Cooper
IT Director - CompTIA A+ Certified
Aurico Reports, Inc
Phone: 847-890-4021Fax: 847-255-1896
ccoo...@aurico.com



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Password Policy Change

[Cameron Cooper]

We had a remote user that was using a laptop, was let go from the
company and sent back the laptop.  When I opened up the box it was
shipped in, found that the laptop had been on (with lid closed) and the
user name and password was taped to the bottom.  Oh the joy of users,
even after being warned not to tape down their password anywhere.

 

---___

Cameron Cooper

IT Director - CompTIA A+ Certified

Aurico Reports, Inc

Phone: 847-890-4021Fax: 847-255-1896

ccoo...@aurico.com

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Vipre impressions ?

[David Lum]

If the DBA's are ticked at you' give them the ePO console and have them try to 
configure say, reporting for just specific failures...they'll have empathy for 
you quick!

My Excel sheet has a tab for each tab in the ePO console, so I know  a tab is a 
1:1 ratio to a main ePO options (it, a tab for Dashboards, a tab for Reporting, 
a tab for Software, etc...).

Friggin' asinine such a thing is needed, but good Lord ePO is a kludge...

Dave


From: Sherry Abercrombie [mailto:saber...@gmail.com]
Sent: Wednesday, March 04, 2009 10:10 AM
To: NT System Admin Issues
Subject: Re: Vipre impressions ?

Thanks Dave, I'm glad to hear someone else has the same experience with ePO.  
Kind of confirms that I'm not an incompetent admin.  Right now, the DBA group 
is more than a little ticked off at me

I will probably be doing the same with Excel, that's a good idea Dave, thanks 
for sharing it.  Maybe we should start a support group for admins that are 
forced to use this product.
On Wed, Mar 4, 2009 at 11:51 AM, David Lum 
mailto:david@nwea.org>> wrote:

I'm with you on ePO Sherry! I have hours and hours using the interface and have 
gone to an Excel sheet and screenshots to figure out what's what! It's really 
flexible, but far too complex to leverage properly. We added McAfee Host 
Intrusion and AntiSpyware Enterprise pieces and it has so much potential, but 
virtually impossible to administer. GRRR.



Currently I like Trend WorryFree the best between Vipre, Trend and McAfee. With 
the add-ins McAfee has more outright capability, but the interface truly sucks 
donkey bits. Trend has a nice easy-to-figure out firewall piece that Vipre 
doesn't have yet.



One guy on the Vipre list was mad that Vipre didn't catch a vulnerability 
exploited because some systems weren't patched. Don't blame your alarm company 
when things get stolen from your house when you leave the front door open...

David Lum // SYSTEMS ENGINEER
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764



From: Sherry Abercrombie [mailto:saber...@gmail.com]
Sent: Wednesday, March 04, 2009 8:08 AM

To: NT System Admin Issues
Subject: Re: Vipre impressions ?





This email offer and this discussion thread comes at a very opportune time here 
for me.  I'm currently in the throes of having to deploy (for the second time 
in the last 6 months because migrating to a full blown SQL database from the 
MSDE version blew it up beyond repair) McAfee ePO.  I hate it, my supervisor 
hates it.  It's interface is horrible and complex, not intuitive at all, the 
rules are excruciating to set up, and finally, after years of asking, at least 
my immediate supervisor is open and willing to look at other applications 
because he's suffered with ePO almost as much as I have.  Unfortunately, we 
have a contract with McAfee through next year, fortunately he's wanting us to 
start the research/evaluation process for an alternative to McAfee by this 
summer so that budgeting can get put in at the appropriate time.



I think I'm going to join the Vipre discussion list, and lurk ;)  Vipre was the 
first alternative software option that I mentioned to him yesterday during this 
discussion...

On Wed, Mar 4, 2009 at 9:54 AM, Cameron Cooper 
mailto:ccoo...@aurico.com>> wrote:

Have been with Sunbelt for 3-4 years now, first started with their CounterSpy 
product and then upgraded it to VIPRE Enterprise.  Overall we have been 
extremely satisfied with the product.  We used to have Symantec Endpoint 
Protection and had users complain that their computers were running slow.. all 
to find out that Endpoint Protection was causing this.  This was still 
happening even after we setup the scans to perform at night.  Another reason 
that we switch, was that when running the trial version, it would find stuff 
that Endpoint Protection wouldn't find.



Don't want to get your hopes up with this product and make you think that there 
won't be problems.  Like any other software company out there, there will e 
problems with updates etc.  But did want to mention that Sunbelt's customer 
support is one of the best that is out there.  Within this list you will have 
Sunbelt employees and even the CEO chime in to help with issues.



All in all... as much as we can build up Sunbelt and VIPRE, it will come do to 
how you feel it has either helped or hindered you network.  So go ahead and 
download the trial and take it for a test spin.  And if you have any questions 
or problems... this list is the best place to get help.



___

Cameron Cooper

IT Director - CompTIA A+ Certified

Aurico Reports, Inc

Phone: 847-890-4021Fax: 847-255-1896

ccoo...@aurico.com











--
Sherry Abercrombie

"Any sufficiently advanced technology is indistinguishable from magic."
Arthur C. Clarke












--
Sherry Abercrombie

"Any sufficiently advanced technology is indistinguishable from 

Re: Help with resolving Terminal server problems

[Phil Brutsche]

A less costly alternative might be to see if you can tell your firewall
to prioritize RDP traffic.

Webster wrote:
> Which is why, for situations like this, people use Citrix and the very
> bandwidth friendly ICA protocol.

-- 

Phil Brutsche
p...@optimumdata.com

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Looking for a utility that I can run on my laptop and know on servers their BIOS/firware they are running

[Steven Calvanese]

On Windows.
Start > Run > msinfo32.exe



From: RITA KAUR [mailto:mchani...@rogers.com] 
Sent: Wednesday, March 04, 2009 1:10 PM
To: NT System Admin Issues
Subject: Looking for a utility that I can run on my laptop and know on
servers their BIOS/firware they are running


FY1,
 
I am looking for a utility that I can run on my laptop and get to know
what BIOS/firmware are running on Intel Platform ASAP. Help is highly
appreciated
 
Thanks for all your help
 
M 


 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Looking for a utility that I can run on my laptop and know on servers their BIOS/firware they are running

[Joe Tinney]

CPU-Z has been successful for me in doing this. 

http://www.cpuid.com/cpuz.php 

The info is in the mainboard tab. It has command-line parameters that
will dump HTML or Text file outputs if you need to script it.

 

From: RITA KAUR [mailto:mchani...@rogers.com] 
Sent: Wednesday, March 04, 2009 1:10 PM
To: NT System Admin Issues
Subject: Looking for a utility that I can run on my laptop and know on
servers their BIOS/firware they are running

 

FY1,

 

I am looking for a utility that I can run on my laptop and get to know
what BIOS/firmware are running on Intel Platform ASAP. Help is highly
appreciated

 

Thanks for all your help

 

M 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Password Policy Change

[Chipshead]

If you change the minimum password length or force it to include special 
characters, does that change only get enforced when the password comes up for 
renewal or will everyone who does not meet the new enforced parameters be 
forced to change their password immediately regardless of age? 

Thanks . 

Steve 
- Original Message - 
From: "Scott Kaufman at HQ" < SKaufman @ ittesi .com> 
To: "NT System Admin Issues" < ntsysadmin @ lyris .sunbelt-software.com> 
Sent: Wednesday, March 4, 2009 12:09:52 PM GMT -05:00 US/Canada Eastern 
Subject: RE: Password Policy Change 

It's not 90 days from when you set the policy, it's 90 days from the 
last password change on the user account. 
If you change the policy to be 90 days, all user accounts that have the 
password last set date that is greater than 90 days will immediately get 
set to change password at next logon . 

Unless you can guarantee that all user account passwords were changed 
within 90 days, I'd start with a long time frame, like 200 days, and 
each month (or two weeks) keep reducing it down until you get to 90 
days.  Or be prepared for a lot of helpdesk calls & user complaining. 
Also check any service accounts, as those accounts will get the same 
thing & services will start failing. 

Lived through this a few times from "consultants" changing it because 
upper management said to change it based on a recommendation/report from 
another third party blah blah blah, but didn't take the time to look 
at the user accounts & determine how many would get affected by the 
change. 

It will be a great test of your customer service skills & resolve if you 
just implement the change :) 


Scott Kaufman 
Lead Network Analyst 
ITT ESI , Inc. 


-Original Message- 
From: John Hornbuckle [ mailto :john. hornbuckle @ taylor .k12.fl.us] 
Sent: Wednesday, March 04, 2009 11:03 AM 
To: NT System Admin Issues 
Subject: RE: Password Policy Change 

You mean, 90 days from the day you set the policy? 



-Original Message- 
From: Cameron Cooper [ mailto : Ccooper @ aurico .com] 
Sent: Wednesday, March 04, 2009 10:59 AM 
To: NT System Admin Issues 
Subject: RE: Password Policy Change 

If I remember correctly, when we implemented this (every 90 days) the 
passwords would change after the time frame was set to expire.   

___ 
Cameron Cooper 
IT Director - CompTIA A+ Certified 
Aurico Reports, Inc 
Phone: 847-890-4021    Fax: 847-255-1896 
ccooper @ aurico .com 



~ Finally, powerful endpoint security that ISN'T a resource hog! ~ 
~ < http :// www . sunbeltsoftware .com/Business/VIPRE-Enterprise/>  ~ 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ 
~ < http :// www . sunbeltsoftware .com/Business/VIPRE-Enterprise/>  ~ 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ 
~ < http :// www . sunbeltsoftware .com/Business/VIPRE-Enterprise/>  ~ 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Vipre impressions ?

[Sherry Abercrombie]

Thanks Dave, I'm glad to hear someone else has the same experience with
ePO.  Kind of confirms that I'm not an incompetent admin.  Right now, the
DBA group is more than a little ticked off at me

I will probably be doing the same with Excel, that's a good idea Dave,
thanks for sharing it.  Maybe we should start a support group for admins
that are forced to use this product.

On Wed, Mar 4, 2009 at 11:51 AM, David Lum  wrote:

>  I’m with you on ePO Sherry! I have hours and hours using the interface
> and have gone to an Excel sheet and screenshots to figure out what’s what!
> It’s really flexible, but far too complex to leverage properly. We added
> McAfee Host Intrusion and AntiSpyware Enterprise pieces and it has so much
> potential, but virtually impossible to administer. GRRR.
>
>
>
> Currently I like Trend WorryFree the best between Vipre, Trend and McAfee.
> With the add-ins McAfee has more outright capability, but the interface
> truly sucks donkey bits. Trend has a nice easy-to-figure out firewall piece
> that Vipre doesn’t have yet.
>
>
>
> One guy on the Vipre list was mad that Vipre didn’t catch a vulnerability
> exploited because some systems weren’t patched. Don’t blame your alarm
> company when things get stolen from your house when you leave the front door
> open…
>
> *David Lum** **// *SYSTEMS ENGINEER
> NORTHWEST EVALUATION ASSOCIATION
> (Desk) 971.222.1025 *// *(Cell) 503.267.9764
>
>
>
> *From:* Sherry Abercrombie [mailto:saber...@gmail.com]
> *Sent:* Wednesday, March 04, 2009 8:08 AM
> *To:* NT System Admin Issues
> *Subject:* Re: Vipre impressions ?
>
>
>
> 
>
> This email offer and this discussion thread comes at a very opportune time
> here for me.  I'm currently in the throes of having to deploy (for the
> second time in the last 6 months because migrating to a full blown SQL
> database from the MSDE version blew it up beyond repair) McAfee ePO.  I hate
> it, my supervisor hates it.  It's interface is horrible and complex, not
> intuitive at all, the rules are excruciating to set up, and finally, after
> years of asking, at least my immediate supervisor is open and willing to
> look at other applications because he's suffered with ePO almost as much as
> I have.  Unfortunately, we have a contract with McAfee through next year,
> fortunately he's wanting us to start the research/evaluation process for an
> alternative to McAfee by this summer so that budgeting can get put in at the
> appropriate time.
>
> 
>
> I think I'm going to join the Vipre discussion list, and lurk ;)  Vipre was
> the first alternative software option that I mentioned to him yesterday
> during this discussion...
>
> On Wed, Mar 4, 2009 at 9:54 AM, Cameron Cooper  wrote:
>
> Have been with Sunbelt for 3-4 years now, first started with their
> CounterSpy product and then upgraded it to VIPRE Enterprise.  Overall we
> have been extremely satisfied with the product.  We used to have Symantec
> Endpoint Protection and had users complain that their computers were running
> slow.. all to find out that Endpoint Protection was causing this.  This was
> still happening even after we setup the scans to perform at night.  Another
> reason that we switch, was that when running the trial version, it would
> find stuff that Endpoint Protection wouldn’t find.
>
>
>
> Don’t want to get your hopes up with this product and make you think that
> there won’t be problems.  Like any other software company out there, there
> will e problems with updates etc.  But did want to mention that Sunbelt’s
> customer support is one of the best that is out there.  Within this list you
> will have Sunbelt employees and even the CEO chime in to help with issues.
>
>
>
> All in all… as much as we can build up Sunbelt and VIPRE, it will come do
> to how you feel it has either helped or hindered you network.  So go ahead
> and download the trial and take it for a test spin.  And if you have any
> questions or problems… this list is the best place to get help.
>
>
>
> ­­­___
>
> *Cameron Cooper*
>
> *IT Director - CompTIA A+ Certified*
>
> Aurico Reports, Inc
>
> Phone: 847-890-4021Fax: 847-255-1896
>
> ccoo...@aurico.com
>
>
>
>
>
>
>
>
>
>
>
>
> --
> Sherry Abercrombie
>
> "Any sufficiently advanced technology is indistinguishable from magic."
> Arthur C. Clarke
>
>
>
>
>
>
>
>
>
>
>


-- 
Sherry Abercrombie

"Any sufficiently advanced technology is indistinguishable from magic."
Arthur C. Clarke

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Looking for a utility that I can run on my laptop and know on servers their BIOS/firware they are running

[RITA KAUR]

FY1,

I am looking for a utility that I can run on my laptop and get to know what 
BIOS/firmware are running on Intel Platform ASAP. Help is highly appreciated

Thanks for all your help

M 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Sad News

[Steven Peck]

Steve probably would have laughed.

He will be missed.

Steven Peck

On Wed, Mar 4, 2009 at 9:15 AM, Kim Longenbaugh
 wrote:
> Yep, that’s Shook:  well-intentioned, indiscreet, yet slightly bumbling…
>
>
>
> 
>
> From: Andy Shook [mailto:andy.sh...@peak10.com]
> Sent: Wednesday, March 04, 2009 10:42 AM
> To: NT System Admin Issues
> Subject: RE: Sad News
>
>
>
> My intent was to honor Steve while busting on Blackstone
>
>
>
> Shook
>
>
>
> From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
> Sent: Wednesday, March 04, 2009 11:37 AM
> To: NT System Admin Issues
> Subject: RE: Sad News
>
>
>
> Oh, please don’t tell me we’re turning an obit thread into a joke thread!
>
>
>
> (Unless that was right up Steve’s alley—in which case, carry on in honor of
> him.)
>
>
>
>
>
>
>
> From: Andy Shook [mailto:andy.sh...@peak10.com]
> Sent: Wednesday, March 04, 2009 11:33 AM
> To: NT System Admin Issues
> Subject: RE: Sad News
>
>
>
> Hm…same thing  your wife said when you got out of the shower.
>
>
>
> Shook
>
>
>
> From: Martin Blackstone [mailto:mblackst...@gmail.com]
> Sent: Wednesday, March 04, 2009 11:22 AM
> To: NT System Admin Issues
> Subject: RE: Sad News
>
>
>
> I’m always at such a loss for words in these situations.
>
> Very sad….
>
>
>
>
>
> From: Rod Trent [mailto:rodtr...@myitforum.com]
> Sent: Tuesday, March 03, 2009 12:04 PM
> To: NT System Admin Issues
> Subject: RE: Sad News
>
>
>
> He was known by the myITforum crowd as the patch master.  His contributions
> were always spot-on and extremely helpful.  In fact, he started an entire
> Wiki series on OSD.  Steve won a myITforum award this past year at MMS 2008
> for outstanding performance and lasting contributor.
>
>
>
> I will sincerely miss Steve.
>
>
>
> We’ll be in prayer here for his family.
>
>
>
>
>
> From: Sherry Abercrombie [mailto:saber...@gmail.com]
> Sent: Tuesday, March 03, 2009 12:53 PM
> To: NT System Admin Issues
> Subject: Re: Sad News
>
>
>
> Yes, add my name to the list of condolences for his family.  He will indeed
> be missed here.
>
> As far as I can tell, his last post was Feb. 6 and he left us with this
> link:  http://despair.com/government.html.
>
> On Tue, Mar 3, 2009 at 11:41 AM, Micheal Espinola Jr
>  wrote:
>
> If you can, please pass along my condolenses to this unfortunate loss.
> He will be missed.
>
> --
> ME2
>
>
> On Tue, Mar 3, 2009 at 10:06 AM, Kevin Lundy  wrote:
>> It is with great sorrow that I inform you this morning that a long
>> time ntsysadmin list member, Steve Pruitt, passed away last night.
>>
>> Steve had an incredibly optimistic, positive attitude that will be
>> missed here at work, and I'm sure on this list.
>>
>>
>> Plans are still being made, but if any of you Tampa area members are
>> interested, email me off list and I will keep you informed.
>>
>> Regards
>> Kevin
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>
> --
> Sherry Abercrombie
>
> "Any sufficiently advanced technology is indistinguishable from magic."
> Arthur C. Clarke
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Password Policy Change

[Bill Songstad (WCUL)]

Dear users,

 

After careful consideration, management has decided to adopt expiring
passphrases as recommended by our security audit firm (or the federal
government or whatever...).  Toward that end, all users' network logon
passphrases will expire in 30 days regardless of their age at that time.
In addition, users should refrain from sharing their passphrases with
anyone, including IT staff from this point forward.  In an emergency, IT
can still reset your passphrase without knowing your current passphrase.
Passphrases will expire every 90 days hence and must be changed to a new
passphrase when prompted by the system.  Recycling of passphrases will
not be allowed by the system.  You will receive a warning 2 weeks prior
to your passphrase expiration and will be able to change your passphrase
at any time during that period.  

 

A little pre-planning can help you to avoid help desk calls during and
after your passphrase change: 

 

Your passphrase must be at least 7 characters long

Your passphrase must contain both an upper and lower case letter

Your passphrase must also contain either a number or a special character

 

Examples: 

PASSWORD7 is not allowed (no lowercase letter)

password7 is not allowed (no uppercase letter)

passwordSEVEN is not allowed (no number or special character)

 

Select a phrase that you can remember

Writing your password down in your workspace completely defeats the
purpose of this change

 

Thank you for your understanding and cooperation, 

 

The Nerds 

aka The Password Meanies.

 

 

Bill 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Vipre impressions ?

[David Lum]

I'm with you on ePO Sherry! I have hours and hours using the interface and have 
gone to an Excel sheet and screenshots to figure out what's what! It's really 
flexible, but far too complex to leverage properly. We added McAfee Host 
Intrusion and AntiSpyware Enterprise pieces and it has so much potential, but 
virtually impossible to administer. GRRR.

Currently I like Trend WorryFree the best between Vipre, Trend and McAfee. With 
the add-ins McAfee has more outright capability, but the interface truly sucks 
donkey bits. Trend has a nice easy-to-figure out firewall piece that Vipre 
doesn't have yet.

One guy on the Vipre list was mad that Vipre didn't catch a vulnerability 
exploited because some systems weren't patched. Don't blame your alarm company 
when things get stolen from your house when you leave the front door open...
David Lum // SYSTEMS ENGINEER
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764

From: Sherry Abercrombie [mailto:saber...@gmail.com]
Sent: Wednesday, March 04, 2009 8:08 AM
To: NT System Admin Issues
Subject: Re: Vipre impressions ?



This email offer and this discussion thread comes at a very opportune time here 
for me.  I'm currently in the throes of having to deploy (for the second time 
in the last 6 months because migrating to a full blown SQL database from the 
MSDE version blew it up beyond repair) McAfee ePO.  I hate it, my supervisor 
hates it.  It's interface is horrible and complex, not intuitive at all, the 
rules are excruciating to set up, and finally, after years of asking, at least 
my immediate supervisor is open and willing to look at other applications 
because he's suffered with ePO almost as much as I have.  Unfortunately, we 
have a contract with McAfee through next year, fortunately he's wanting us to 
start the research/evaluation process for an alternative to McAfee by this 
summer so that budgeting can get put in at the appropriate time.



I think I'm going to join the Vipre discussion list, and lurk ;)  Vipre was the 
first alternative software option that I mentioned to him yesterday during this 
discussion...
On Wed, Mar 4, 2009 at 9:54 AM, Cameron Cooper 
mailto:ccoo...@aurico.com>> wrote:

Have been with Sunbelt for 3-4 years now, first started with their CounterSpy 
product and then upgraded it to VIPRE Enterprise.  Overall we have been 
extremely satisfied with the product.  We used to have Symantec Endpoint 
Protection and had users complain that their computers were running slow.. all 
to find out that Endpoint Protection was causing this.  This was still 
happening even after we setup the scans to perform at night.  Another reason 
that we switch, was that when running the trial version, it would find stuff 
that Endpoint Protection wouldn't find.



Don't want to get your hopes up with this product and make you think that there 
won't be problems.  Like any other software company out there, there will e 
problems with updates etc.  But did want to mention that Sunbelt's customer 
support is one of the best that is out there.  Within this list you will have 
Sunbelt employees and even the CEO chime in to help with issues.



All in all... as much as we can build up Sunbelt and VIPRE, it will come do to 
how you feel it has either helped or hindered you network.  So go ahead and 
download the trial and take it for a test spin.  And if you have any questions 
or problems... this list is the best place to get help.



___

Cameron Cooper

IT Director - CompTIA A+ Certified

Aurico Reports, Inc

Phone: 847-890-4021Fax: 847-255-1896

ccoo...@aurico.com










--
Sherry Abercrombie

"Any sufficiently advanced technology is indistinguishable from magic."
Arthur C. Clarke





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Help with resolving Terminal server problems

[Gene Giannamore]

So citrix ica will improve the TS experience over stock MS. Now I just need to 
find proof or ROI type info inorder get the purchase approved.




Gene Giannamore
Abide International Inc.
Technical Support
561 1st Street West
Sonoma,Ca.95476
(707) 935-1577Office
(707) 935-9387Fax
(707) 766-4185Cell
gene.giannam...@abideinternational.com
www.abideinternational.com



-Original Message-
From: Webster [mailto:carlwebs...@gmail.com] 
Sent: Wednesday, March 04, 2009 9:29 AM
To: NT System Admin Issues
Subject: RE: Help with resolving Terminal server problems

> -Original Message-
> From: Gene Giannamore [mailto:gene.giannam...@abideinternational.com]
> Subject: RE: Help with resolving Terminal server problems
> 
> All subjective tests show the problems are only for the remote users,
> even if they use Comcast (we use Comcast here).

Which is why, for situations like this, people use Citrix and the very
bandwidth friendly ICA protocol.


Webster


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Support techs remote access rights to user PCs

[Malcolm Reitz]

We are having an internal discussion on how to handle computer access rights
for our application support and desktop support techs. Right now, certain
techs are in an AD group which is in the local Administrators group on some
PCs. This lets them resolve end-user issues by accessing the user PCs with
Remote Desktop, Remote Registry, or simple connections to a share. However,
it also means they can get to anything on the users' PCs and there is no
auditable access tracking.

 

So, we'd like to remove this access privilege and have the techs use other
support methodologies, such as Remote Assistance, which requires the users
to be aware of what's going on. There are cases, though, where the app
support guys say they have to make batch updates to groups of PCs (such as
to point them to a new license server) and they're balking at giving up
their local admin rights. I've already thought of some ways to handle these
issues, but I'd like to hear what some of you have done. We're running XP
SP2/SP3 desktops on 2008 AD domains. The PCs are managed with SCCM 2007 SP1.

 

Thanks,

-Malcolm


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Password Policy Change

[James Winzenz]

One thing you will need to be aware of (and may work in your favor):

When you uncheck the "password never expires" box, AD automatically
forces an immediate password change.  If you don't want to force them to
immediately change their passwords, you can probably script something
that would turn off the password never expires flag and then would turn
off the user must change password at next logon flag.  Otherwise this
could be a good opportunity to kill two birds with one stone.  You can
apply the policy without it affecting them initially, but when you go
back and change the password never expires flag, they will be forced to
change their passwords.   As a practice here, whenever we find a
non-service account (or non-authorized account) that has the password
set to never expire, we uncheck it and force the user to immediately
change their password.

Thanks,

James Winzenz
Infrastructure Systems Engineer II - Security
Pulte Homes Information Services


-Original Message-
From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Wednesday, March 04, 2009 10:16 AM
To: NT System Admin Issues
Subject: RE: Password Policy Change

Thanks for the tips.

We have accounts that haven't had their passwords changed in years. And
99% haven't been changed within 90 days, so if I set the policy to 90
days pretty much everyone's would expire at that time.

Everyone's account is configured with the "Password never expires"
option enabled. Earlier today I had gotten some tips on how to disable
that option for everyone at once. But now I'm thinking the thing to do
is to disable it for smaller groups of users at a time.




-Original Message-
From: Scott Kaufman at HQ [mailto:skauf...@ittesi.com]
Sent: Wednesday, March 04, 2009 12:10 PM
To: NT System Admin Issues
Subject: RE: Password Policy Change

It's not 90 days from when you set the policy, it's 90 days from the
last password change on the user account.
If you change the policy to be 90 days, all user accounts that have the
password last set date that is greater than 90 days will immediately get
set to change password at next logon.

Unless you can guarantee that all user account passwords were changed
within 90 days, I'd start with a long time frame, like 200 days, and
each month (or two weeks) keep reducing it down until you get to 90
days.  Or be prepared for a lot of helpdesk calls & user complaining.
Also check any service accounts, as those accounts will get the same
thing & services will start failing.

Lived through this a few times from "consultants" changing it because
upper management said to change it based on a recommendation/report from
another third party blah blah blah, but didn't take the time to look
at the user accounts & determine how many would get affected by the
change.

It will be a great test of your customer service skills & resolve if you
just implement the change :)


Scott Kaufman
Lead Network Analyst
ITT ESI, Inc.


-Original Message-
From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Wednesday, March 04, 2009 11:03 AM
To: NT System Admin Issues
Subject: RE: Password Policy Change

You mean, 90 days from the day you set the policy?



-Original Message-
From: Cameron Cooper [mailto:ccoo...@aurico.com]
Sent: Wednesday, March 04, 2009 10:59 AM
To: NT System Admin Issues
Subject: RE: Password Policy Change

If I remember correctly, when we implemented this (every 90 days) the
passwords would change after the time frame was set to expire.

___
Cameron Cooper
IT Director - CompTIA A+ Certified
Aurico Reports, Inc
Phone: 847-890-4021Fax: 847-255-1896
ccoo...@aurico.com



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Help with resolving Terminal server problems

[Webster]

> -Original Message-
> From: Gene Giannamore [mailto:gene.giannam...@abideinternational.com]
> Subject: RE: Help with resolving Terminal server problems
> 
> All subjective tests show the problems are only for the remote users,
> even if they use Comcast (we use Comcast here).

Which is why, for situations like this, people use Citrix and the very
bandwidth friendly ICA protocol.


Webster


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Vipre impressions ?

[David Mazzaccaro]

...
You picked a "not so good time to ask"!
Read through the Vipre discussion list from the past month.
IMO, I would wait it out for awhile!
I am beginning to doubt myself after I just from Symantec (yeah, you
read that right!)
 



From: Jeff Kraus [mailto:je...@northville.com] 
Sent: Wednesday, March 04, 2009 10:46 AM
To: NT System Admin Issues
Subject: Vipre impressions ?


Hi all,
 
now that Vipre has been out for a while and the incredible deal sunbelt
is offering to switch,what are the impressions of it from anyone running
it?
The cost to switch is comparable to my Sophos renewal.
I have not yet download the trial , looking for knowledgeable opinions
first.
 
Thanks
 
Jeff
 
Jeffrey Kraus
Network Manager
NIC Holding Corp.
25 Melville Park Rd.
Suite 210
Melville NY, 11747
Voice: 631.753.4272
Fax:   631.390.5472
 


 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Password Policy Change

[Cameron Cooper]

Not a problem... that what these lists are for.

 

---___

Cameron Cooper

IT Director - CompTIA A+ Certified

Aurico Reports, Inc

Phone: 847-890-4021Fax: 847-255-1896

ccoo...@aurico.com

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Password Policy Change

[Kim Longenbaugh]

Yep, I agree.  If a user reveals their password to an admin here, we
HAVE to reset it and force a change immediately.

 



From: Sherry Abercrombie [mailto:saber...@gmail.com] 
Sent: Wednesday, March 04, 2009 11:11 AM
To: NT System Admin Issues
Subject: Re: Password Policy Change

 

 That is a bad policy, habit to be in.  I never, ever ever ask a user
for their password.  If I need to see what is happening with them while
they are logged in then there are multiple ways to remote their desktop
to actually see what is happening.  

This gets your users used to giving their password to someone that they
view as being in authority to have it, and they may or may not know the
difference when asked by someone with less than honorable intentions.

As far as auditing passwords, there are 3rd party tools that will
accomplish do that and give you reports on it.

Sorry, don't mean to get on your case Cameron, but most admins on this
list will agree with me on this subject..

On Wed, Mar 4, 2009 at 10:28 AM, Cameron Cooper 
wrote:

How do you perform an audit of the passwords currently in use?  I
usually find out the password when asking the user when I need to log in
as them.

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Password Policy Change

[John Hornbuckle]

Thanks for the tips.

We have accounts that haven't had their passwords changed in years. And 99% 
haven't been changed within 90 days, so if I set the policy to 90 days pretty 
much everyone's would expire at that time.

Everyone's account is configured with the "Password never expires" option 
enabled. Earlier today I had gotten some tips on how to disable that option for 
everyone at once. But now I'm thinking the thing to do is to disable it for 
smaller groups of users at a time.




-Original Message-
From: Scott Kaufman at HQ [mailto:skauf...@ittesi.com] 
Sent: Wednesday, March 04, 2009 12:10 PM
To: NT System Admin Issues
Subject: RE: Password Policy Change

It's not 90 days from when you set the policy, it's 90 days from the
last password change on the user account.
If you change the policy to be 90 days, all user accounts that have the
password last set date that is greater than 90 days will immediately get
set to change password at next logon.

Unless you can guarantee that all user account passwords were changed
within 90 days, I'd start with a long time frame, like 200 days, and
each month (or two weeks) keep reducing it down until you get to 90
days.  Or be prepared for a lot of helpdesk calls & user complaining.
Also check any service accounts, as those accounts will get the same
thing & services will start failing.

Lived through this a few times from "consultants" changing it because
upper management said to change it based on a recommendation/report from
another third party blah blah blah, but didn't take the time to look
at the user accounts & determine how many would get affected by the
change.

It will be a great test of your customer service skills & resolve if you
just implement the change :)


Scott Kaufman
Lead Network Analyst
ITT ESI, Inc.


-Original Message-
From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Wednesday, March 04, 2009 11:03 AM
To: NT System Admin Issues
Subject: RE: Password Policy Change

You mean, 90 days from the day you set the policy?



-Original Message-
From: Cameron Cooper [mailto:ccoo...@aurico.com] 
Sent: Wednesday, March 04, 2009 10:59 AM
To: NT System Admin Issues
Subject: RE: Password Policy Change

If I remember correctly, when we implemented this (every 90 days) the
passwords would change after the time frame was set to expire.  

___
Cameron Cooper
IT Director - CompTIA A+ Certified
Aurico Reports, Inc
Phone: 847-890-4021Fax: 847-255-1896
ccoo...@aurico.com



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Sad News

[Kim Longenbaugh]

Yep, that's Shook:  well-intentioned, indiscreet, yet slightly
bumbling...

 



From: Andy Shook [mailto:andy.sh...@peak10.com] 
Sent: Wednesday, March 04, 2009 10:42 AM
To: NT System Admin Issues
Subject: RE: Sad News

 

My intent was to honor Steve while busting on Blackstone

 

Shook

 

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Wednesday, March 04, 2009 11:37 AM
To: NT System Admin Issues
Subject: RE: Sad News

 

Oh, please don't tell me we're turning an obit thread into a joke
thread!

 

(Unless that was right up Steve's alley-in which case, carry on in honor
of him.)

 

 

 

From: Andy Shook [mailto:andy.sh...@peak10.com] 
Sent: Wednesday, March 04, 2009 11:33 AM
To: NT System Admin Issues
Subject: RE: Sad News

 

Hm...same thing  your wife said when you got out of the shower.

 

Shook

 

From: Martin Blackstone [mailto:mblackst...@gmail.com] 
Sent: Wednesday, March 04, 2009 11:22 AM
To: NT System Admin Issues
Subject: RE: Sad News

 

I'm always at such a loss for words in these situations.

Very sad

 

 

From: Rod Trent [mailto:rodtr...@myitforum.com] 
Sent: Tuesday, March 03, 2009 12:04 PM
To: NT System Admin Issues
Subject: RE: Sad News

 

He was known by the myITforum crowd as the patch master.  His
contributions were always spot-on and extremely helpful.  In fact, he
started an entire Wiki series on OSD.  Steve won a myITforum award this
past year at MMS 2008 for outstanding performance and lasting
contributor.

 

I will sincerely miss Steve.

 

We'll be in prayer here for his family.

 

 

From: Sherry Abercrombie [mailto:saber...@gmail.com] 
Sent: Tuesday, March 03, 2009 12:53 PM
To: NT System Admin Issues
Subject: Re: Sad News

 

Yes, add my name to the list of condolences for his family.  He will
indeed be missed here.  

As far as I can tell, his last post was Feb. 6 and he left us with this
link:  http://despair.com/government.html.

On Tue, Mar 3, 2009 at 11:41 AM, Micheal Espinola Jr
 wrote:

If you can, please pass along my condolenses to this unfortunate loss.
He will be missed.

--
ME2




On Tue, Mar 3, 2009 at 10:06 AM, Kevin Lundy  wrote:
> It is with great sorrow that I inform you this morning that a long
> time ntsysadmin list member, Steve Pruitt, passed away last night.
>
> Steve had an incredibly optimistic, positive attitude that will be
> missed here at work, and I'm sure on this list.
>
>
> Plans are still being made, but if any of you Tampa area members are
> interested, email me off list and I will keep you informed.
>
> Regards
> Kevin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~




-- 
Sherry Abercrombie

"Any sufficiently advanced technology is indistinguishable from magic." 
Arthur C. Clarke

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Password Policy Change

[Sherry Abercrombie]

That is a bad policy, habit to be in.  I never, ever ever ask a user for
their password.  If I need to see what is happening with them while they are
logged in then there are multiple ways to remote their desktop to actually
see what is happening.

This gets your users used to giving their password to someone that they view
as being in authority to have it, and they may or may not know the
difference when asked by someone with less than honorable intentions.

As far as auditing passwords, there are 3rd party tools that will accomplish
do that and give you reports on it.

Sorry, don't mean to get on your case Cameron, but most admins on this list
will agree with me on this subject..

On Wed, Mar 4, 2009 at 10:28 AM, Cameron Cooper  wrote:

>  How do you perform an audit of the passwords currently in use?  I usually
> find out the password when asking the user when I need to log in as them.
>
>
>
> ­­­___
>
> *Cameron Cooper*
>
> *IT Director - CompTIA A+ Certified*
>
> Aurico Reports, Inc
>
> Phone: 847-890-4021Fax: 847-255-1896
>
> ccoo...@aurico.com
>
>
>
>
>
>
>
>


-- 
Sherry Abercrombie

"Any sufficiently advanced technology is indistinguishable from magic."
Arthur C. Clarke

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~