Password policy enforcement
We are looking to implement some more secure password policies (mainly to stop users using *Password1* for everything). Whilst I appreciate that education is required, my boss is advocating some password policy enforcement software and has come up with this http://www.anixis.com/products/ppe/default.htm Does anyone have any experience of this, or similar products, and how useful are they? Will 2008 AD offer anything better (I am aware it supports multiple password policies)? Are there any other things we could be doing to enforce better password security (I have proposed the idea of the Minimum Password Age, and have mentioned smart cards, but am on the lookout for anything useful) As always, TIA, JRR ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Finding dupes
On Wednesday 29 April 2009, Sean Martin wrote: You need to install windows 2003 r2. Already have that... -- Thanks, John Aldrich Blueridge Industries IT Manager ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Password policy enforcement
Hi, I compiled a passfilt.dll a couple of years back for someone on this list that allowed for regex based password policies. I wonder if that project is still around. Cheers Ken From: James Rankin [kz2...@googlemail.com] Sent: Thursday, 30 April 2009 9:09 PM To: NT System Admin Issues Subject: Password policy enforcement We are looking to implement some more secure password policies (mainly to stop users using Password1 for everything). Whilst I appreciate that education is required, my boss is advocating some password policy enforcement software and has come up with this http://www.anixis.com/products/ppe/default.htm Does anyone have any experience of this, or similar products, and how useful are they? Will 2008 AD offer anything better (I am aware it supports multiple password policies)? Are there any other things we could be doing to enforce better password security (I have proposed the idea of the Minimum Password Age, and have mentioned smart cards, but am on the lookout for anything useful) As always, TIA, JRR ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Sharepoint assistance needed...
Sounds like that could be an IE zone setting? Has the IP address been added to their IE Trusted or Local Intranet zone, but the server name has not been added? -Bonnie From: Eustace Doc [mailto:mailed2thew...@gmail.com] Sent: Tuesday, April 28, 2009 2:14 PM To: NT System Admin Issues Subject: Sharepoint assistance needed... I may be missing something simple, but it's got me bagged. * Sharepoint Server 2.0 * Only the default site is enabled. * Users from another domain are accessing the web site and after getting authenticated, * When they use the server name they keep getting prompted for authentication no matter where they go on the site. * If they user the IP address they do NOT get prompted again for authentication. Can someone point me in the right direction? Is it a DNS issue? If so what? Thanks in advance, DOC ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Finding dupes
Where do I find the W2K3 R2 File Server Resource Manager? I have looked on my system and I do not see it on the start menu or on any of the pull-down menus or in control panel. -Original Message- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Thursday, April 30, 2009 5:58 AM To: NT System Admin Issues Subject: Re: Finding dupes On Wednesday 29 April 2009, Sean Martin wrote: You need to install windows 2003 r2. Already have that... -- Thanks, John Aldrich Blueridge Industries IT Manager ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.323 / Virus Database: 270.12.8/2086 - Release Date: 04/29/09 18:03:00 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Finding dupes
http://technet.microsoft.com/en-us/library/cc772721.aspx On Thu, Apr 30, 2009 at 8:54 AM, John Aldrich jaldr...@blueridgecarpet.comwrote: Where do I find the W2K3 R2 File Server Resource Manager? I have looked on my system and I do not see it on the start menu or on any of the pull-down menus or in control panel. -Original Message- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Thursday, April 30, 2009 5:58 AM To: NT System Admin Issues Subject: Re: Finding dupes On Wednesday 29 April 2009, Sean Martin wrote: You need to install windows 2003 r2. Already have that... -- Thanks, John Aldrich Blueridge Industries IT Manager ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.323 / Virus Database: 270.12.8/2086 - Release Date: 04/29/09 18:03:00 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Finding dupes
Sounds like you didn't add it during the initial install. That part is optional. Add/Remove Windows components and add it in. -Original Message- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Thursday, April 30, 2009 8:54 AM To: NT System Admin Issues Subject: RE: Finding dupes Where do I find the W2K3 R2 File Server Resource Manager? I have looked on my system and I do not see it on the start menu or on any of the pull- down menus or in control panel. -Original Message- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Thursday, April 30, 2009 5:58 AM To: NT System Admin Issues Subject: Re: Finding dupes On Wednesday 29 April 2009, Sean Martin wrote: You need to install windows 2003 r2. Already have that... -- Thanks, John Aldrich Blueridge Industries IT Manager ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.323 / Virus Database: 270.12.8/2086 - Release Date: 04/29/09 18:03:00 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Finding dupes
On it now! :-) Thanks! -Original Message- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Thursday, April 30, 2009 9:04 AM To: NT System Admin Issues Subject: RE: Finding dupes Sounds like you didn't add it during the initial install. That part is optional. Add/Remove Windows components and add it in. -Original Message- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Thursday, April 30, 2009 8:54 AM To: NT System Admin Issues Subject: RE: Finding dupes Where do I find the W2K3 R2 File Server Resource Manager? I have looked on my system and I do not see it on the start menu or on any of the pull- down menus or in control panel. -Original Message- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Thursday, April 30, 2009 5:58 AM To: NT System Admin Issues Subject: Re: Finding dupes On Wednesday 29 April 2009, Sean Martin wrote: You need to install windows 2003 r2. Already have that... -- Thanks, John Aldrich Blueridge Industries IT Manager ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.323 / Virus Database: 270.12.8/2086 - Release Date: 04/29/09 18:03:00 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.323 / Virus Database: 270.12.8/2086 - Release Date: 04/30/09 06:01:00 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Finding dupes
Much appreciated. John-AldrichTile-Tools From: Rob Bonfiglio [mailto:robbonfig...@gmail.com] Sent: Thursday, April 30, 2009 9:05 AM To: NT System Admin Issues Subject: Re: Finding dupes http://technet.microsoft.com/en-us/library/cc772721.aspx On Thu, Apr 30, 2009 at 8:54 AM, John Aldrich jaldr...@blueridgecarpet.com wrote: Where do I find the W2K3 R2 File Server Resource Manager? I have looked on my system and I do not see it on the start menu or on any of the pull-down menus or in control panel. -Original Message- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Thursday, April 30, 2009 5:58 AM To: NT System Admin Issues Subject: Re: Finding dupes On Wednesday 29 April 2009, Sean Martin wrote: You need to install windows 2003 r2. Already have that... -- Thanks, John Aldrich Blueridge Industries IT Manager ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ No virus found in this incoming message. Checked by AVG - www.avg.com http://www.avg.com/ Version: 8.5.323 / Virus Database: 270.12.8/2086 - Release Date: 04/29/09 18:03:00 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.323 / Virus Database: 270.12.8/2086 - Release Date: 04/30/09 06:01:00 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~image001.jpgimage002.jpg
RE: DNS issue
I'll take a look at that. Thanks. We've recommended logging but the client is still balking at the costs to log/analyze. But they'll pay us to break/fix it daily. LOL... *** Charlie Kaiser charl...@golden-eagle.org Kingman, AZ *** -Original Message- From: Richard Stovall [mailto:richard.stov...@researchdata.com] Sent: Wednesday, April 29, 2009 5:24 PM To: NT System Admin Issues Subject: RE: DNS issue It's been a good while, but I've fixed certain lookup problems in the past by disabling edns on 2k3 DNS servers behind older pixes. dnscmd /config /enableednsprobes 0 Just a thought. Have you enabled detailed packet logging on your DNS servers to look into exactly what replies you're getting? Good luck with it. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: DNS issue
The domains in question do have MX records, but the DNS lookup failures end up giving us A records only, and then exchange tries to deliver to the A record address, which accepts mail for a different domain. We've offered logging; we need them to approve the costs first... No bind in this org. Someone sent me a note about a known issue with the Watchguards. I'm going to look at that today... *** Charlie Kaiser charl...@golden-eagle.org Kingman, AZ *** -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Wednesday, April 29, 2009 7:34 PM To: NT System Admin Issues Subject: Re: DNS issue If a domain name has no MX records, but does have A records, then SMTP MTAs are supposed to treat the domain as if it had specified the hosts at those A records as the mail exchangers. This is per the relevant RFC. Does it happen for all domains, or just some? As someone else said, query logging would be good. Another thing to try is a packet sniffer. (Sometimes that's even better, because you might see stuff that the person programming an application's logging routines didn't think was relevant.) In the NT 4.0 days, I sometimes fixed deficiencies in the NT 4.0 DNS server by having it forward all DNS queries to a local ISC BIND named resolver which then did the Internet-facing stuff. The MS DNS server was much improved in Win 2000, but it's a thought if you get desperate. What I'm trying to find out is this: Is there a way to prevent server-side caching of negative replies to remote DNS queries? The normal control for this is the minimum TTL field from the SOA record of the zone being queried. Microsoft's documentation seems to imply that they just use that: The Windows 2000 DNS server caches negative responses according to the minimum TTL in the SOA record. However, it cannot be less than one minute or greater than 15 minutes. (http://technet.microsoft.com/en-us/library/cc959309.aspx) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: DNS issue
Also consider testing with someone else's DNS or your forwarders. OpenDNS perhaps. -Original Message- From: Charlie Kaiser [mailto:charl...@golden-eagle.org] Sent: Thursday, April 30, 2009 9:41 AM To: NT System Admin Issues Subject: RE: DNS issue The domains in question do have MX records, but the DNS lookup failures end up giving us A records only, and then exchange tries to deliver to the A record address, which accepts mail for a different domain. We've offered logging; we need them to approve the costs first... No bind in this org. Someone sent me a note about a known issue with the Watchguards. I'm going to look at that today... *** Charlie Kaiser charl...@golden-eagle.org Kingman, AZ *** -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Wednesday, April 29, 2009 7:34 PM To: NT System Admin Issues Subject: Re: DNS issue If a domain name has no MX records, but does have A records, then SMTP MTAs are supposed to treat the domain as if it had specified the hosts at those A records as the mail exchangers. This is per the relevant RFC. Does it happen for all domains, or just some? As someone else said, query logging would be good. Another thing to try is a packet sniffer. (Sometimes that's even better, because you might see stuff that the person programming an application's logging routines didn't think was relevant.) In the NT 4.0 days, I sometimes fixed deficiencies in the NT 4.0 DNS server by having it forward all DNS queries to a local ISC BIND named resolver which then did the Internet-facing stuff. The MS DNS server was much improved in Win 2000, but it's a thought if you get desperate. What I'm trying to find out is this: Is there a way to prevent server-side caching of negative replies to remote DNS queries? The normal control for this is the minimum TTL field from the SOA record of the zone being queried. Microsoft's documentation seems to imply that they just use that: The Windows 2000 DNS server caches negative responses according to the minimum TTL in the SOA record. However, it cannot be less than one minute or greater than 15 minutes. (http://technet.microsoft.com/en-us/library/cc959309.aspx) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: DNS issue
Here's an article about changing the negative caching: http://windowsitpro.com/article/articleid/48528/controlling-positive-and-negative-caching.html Jeff On Wed, Apr 29, 2009 at 7:25 PM, Charlie Kaiser charl...@golden-eagle.orgwrote: I'm running into a problem at one of our clients. W2K3 AD, running E2K3. When SMTP mail goes out, we're seeing DNS problems that result in NDRs. This type of problem has been documented here: http://social.technet.microsoft.com/forums/en-US/exchangesvrtransport/thread /178b88bb-bbdb-4cc2-896b-711fdeeb36d8/http://social.technet.microsoft.com/forums/en-US/exchangesvrtransport/thread%0A/178b88bb-bbdb-4cc2-896b-711fdeeb36d8/ Bottom line is that DNS lookups are failing, and mail is going to the A record for the remote domain instead of the MX record. Apparently this is by design with E2K3/W2K3 when a negative reply comes back. What I'm trying to find out is this: Is there a way to prevent server-side caching of negative replies to remote DNS queries? Or at least reduce their life to a few seconds? I've seen articles that show how to do it for the client side, but that doesn't affect the DNS server cache. We're using ISP forwarders (ATT). I think there may be a firewall (watchguard) or other external issue causing the DNS lookup failures. I'm trying to get the client to authorize that kind of troubleshooting, but in the meantime, we're looking for a fix from another angle. Right now, I've created an AT job to clear the DNS server cache every 5 minutes. That's an ugly workaround, but when the CEO gets NDRs, you get creative. :-) Any ideas? Thanks... *** Charlie Kaiser charl...@golden-eagle.org Kingman, AZ *** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: xp share removal?
You can use the command line for unc as well. Also you can make a secondary connection to a server using the IP instead of the netbios name. -sc -Original Message- From: Jeff Bunting bunting.j...@gmail.com Sent: Wednesday, April 29, 2009 1:39 PM To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Subject: xp share removal? I browsed to a share for which I don't have access to the files (different domain). Problem is, I want to connect under new credentials but Windows won't let me make two connections to the same share with different credentials, so how do I remove the connection besides net use /delete * ? net use output: Status Local RemoteNetwork --- OK Z:\\servername1\all Microsoft Windows Network OK \\servername2\SQLBKUP Microsoft Windows Network The command completed successfully. I want to remove the connection to \\servername2\SQLBKUP Thanks, Jeff ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Finding dupes
Carol, could you be a bit more specific? Now that I've got it installed, what do I do? I've never used this utility before. John-AldrichTile-Tools From: Carol Fee [mailto:c...@massbar.org] Sent: Wednesday, April 29, 2009 4:48 PM To: NT System Admin Issues Subject: RE: Finding dupes W2K3 R2 File Server Resource Manager CFee _ From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Wednesday, April 29, 2009 4:36 PM To: NT System Admin Issues Subject: Finding dupes Any suggestions for free/low-cost software to find duplicate files on a machine? I'm trying to clean up our file server and free up some space and I know how hard it is to find dupes manually, and I'm sure there's some really great software out there that'll do it in no time flat, but probably costs out the wazoo. Unfortunately with the economy in the tank, I'm on a VERY tight budget! John-AldrichTile-Tools No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.323 / Virus Database: 270.12.8/2086 - Release Date: 04/29/09 06:37:00 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~image001.jpgimage002.jpg
2003 R2
I need to find all 2003 R2 servers in my domain. Is there any easy way of doing this. I am comparing the attributes on a base 2003 and 2003 R2 and do not see any difference. Thanks ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Sharepoint assistance needed...
On another note, installed the service pack 2 for Sharepoint 3 yesterday and it buggered up my main site. On Tue, Apr 28, 2009 at 4:14 PM, Eustace Doc mailed2thew...@gmail.comwrote: I may be missing something simple, but it's got me bagged. - Sharepoint Server 2.0 - Only the default site is enabled. - Users from another domain are accessing the web site and after getting authenticated, - When they use the server name they keep getting prompted for authentication no matter where they go on the site. - If they user the IP address they do NOT get prompted again for authentication. Can someone point me in the right direction? Is it a DNS issue? If so what? Thanks in advance, DOC ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: xp share removal?
Handy to know; I think I probably typed the sharename wrong - \sqlbackup instead of \sqlbkup - and proceeded to try to correct what I assumed was incorrect syntax. On Thu, Apr 30, 2009 at 10:02 AM, James Rankin kz2...@googlemail.comwrote: Or, to save keystrokes, /d instead of /delete :-) 2009/4/29 Jeff Bunting bunting.j...@gmail.com D'oh!! I swear I tried that; must've fat-fingered something... I'll retreat to the corner and put on my dunce cap now. Thanks! Jeff On Wed, Apr 29, 2009 at 1:40 PM, Damien Solodow damien.solo...@ibcschools.edu wrote: You should be able to do ‘net use \\servername2\sqlbkup /delete’ *From:* Jeff Bunting [mailto:bunting.j...@gmail.com] *Sent:* Wednesday, April 29, 2009 1:39 PM *To:* NT System Admin Issues *Subject:* xp share removal? I browsed to a share for which I don't have access to the files (different domain). Problem is, I want to connect under new credentials but Windows won't let me make two connections to the same share with different credentials, so how do I remove the connection *besides **net use /delete ** ? net use output: Status Local RemoteNetwork --- OK Z:\\servername1\all Microsoft Windows Network OK \\servername2\SQLBKUP Microsoft Windows Network The command completed successfully. I want to remove the connection to \\servername2\SQLBKUP Thanks, Jeff ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Finding dupes
Storage Reports Management Schedule a new report task CFee From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Thursday, April 30, 2009 10:06 AM To: NT System Admin Issues Subject: RE: Finding dupes Carol, could you be a bit more specific? Now that I've got it installed, what do I do? I've never used this utility before. From: Carol Fee [mailto:c...@massbar.org] Sent: Wednesday, April 29, 2009 4:48 PM To: NT System Admin Issues Subject: RE: Finding dupes W2K3 R2 File Server Resource Manager CFee From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Wednesday, April 29, 2009 4:36 PM To: NT System Admin Issues Subject: Finding dupes Any suggestions for free/low-cost software to find duplicate files on a machine? I'm trying to clean up our file server and free up some space and I know how hard it is to find dupes manually, and I'm sure there's some really great software out there that'll do it in no time flat, but probably costs out the wazoo... Unfortunately with the economy in the tank, I'm on a VERY tight budget! No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.323 / Virus Database: 270.12.8/2086 - Release Date: 04/29/09 06:37:00 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~image001.jpgimage002.jpg
Re: 2003 R2
I don't have any 2003 R2 servers on my network, but I would imagine the operatingSystem and/or the operatingSystemVersion attributes on the computer account in AD would be different for 2003 R2 machines. On Thu, Apr 30, 2009 at 10:09 AM, KenM kenmli...@gmail.com wrote: I need to find all 2003 R2 servers in my domain. Is there any easy way of doing this. I am comparing the attributes on a base 2003 and 2003 R2 and do not see any difference. Thanks ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Finding dupes
Ok. Thanks John-AldrichTile-Tools From: Carol Fee [mailto:c...@massbar.org] Sent: Thursday, April 30, 2009 10:19 AM To: NT System Admin Issues Subject: RE: Finding dupes Storage Reports Management Schedule a new report task CFee _ From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Thursday, April 30, 2009 10:06 AM To: NT System Admin Issues Subject: RE: Finding dupes Carol, could you be a bit more specific? Now that I've got it installed, what do I do? I've never used this utility before. John-AldrichTile-Tools From: Carol Fee [mailto:c...@massbar.org] Sent: Wednesday, April 29, 2009 4:48 PM To: NT System Admin Issues Subject: RE: Finding dupes W2K3 R2 File Server Resource Manager CFee _ From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Wednesday, April 29, 2009 4:36 PM To: NT System Admin Issues Subject: Finding dupes Any suggestions for free/low-cost software to find duplicate files on a machine? I'm trying to clean up our file server and free up some space and I know how hard it is to find dupes manually, and I'm sure there's some really great software out there that'll do it in no time flat, but probably costs out the wazoo. Unfortunately with the economy in the tank, I'm on a VERY tight budget! John-AldrichTile-Tools No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.323 / Virus Database: 270.12.8/2086 - Release Date: 04/29/09 06:37:00 No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.323 / Virus Database: 270.12.8/2086 - Release Date: 04/30/09 06:01:00 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~image001.jpgimage002.jpg
RE: DNS issue
Yeah; I saw that one, but it's a client-side setting only. I set that on the Exchange server, but it doesn't affect the DNS server's caching of outside lookups... And that's where the issue lies... *** Charlie Kaiser charl...@golden-eagle.org Kingman, AZ *** -Original Message- From: Jeff Bunting [mailto:bunting.j...@gmail.com] Sent: Thursday, April 30, 2009 6:52 AM To: NT System Admin Issues Subject: Re: DNS issue Here's an article about changing the negative caching: http://windowsitpro.com/article/articleid/48528/controlling-po sitive-and-negative-caching.html Jeff ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: 2003 R2
Maybe this if you know the computer names?? http://www.microsoft.com/technet/scriptcenter/resources/scriptshop/shop0305a.mspx John W. Cook Systems Administrator Partnership For Strong Families 315 SE 2nd Ave Gainesville, Fl 32601 Office (352) 393-2741 x320 Cell (352) 215-6944 Fax (352) 393-2746 MCSE, MCTS, MCP+I,CompTIA A+, N+ From: Rob Bonfiglio [mailto:robbonfig...@gmail.com] Sent: Thursday, April 30, 2009 10:20 AM To: NT System Admin Issues Subject: Re: 2003 R2 I don't have any 2003 R2 servers on my network, but I would imagine the operatingSystem and/or the operatingSystemVersion attributes on the computer account in AD would be different for 2003 R2 machines. On Thu, Apr 30, 2009 at 10:09 AM, KenM kenmli...@gmail.commailto:kenmli...@gmail.com wrote: I need to find all 2003 R2 servers in my domain. Is there any easy way of doing this. I am comparing the attributes on a base 2003 and 2003 R2 and do not see any difference. Thanks CONFIDENTIALITY STATEMENT: The information transmitted, or contained or attached to or with this Notice is intended only for the person or entity to which it is addressed and may contain Protected Health Information (PHI), confidential and/or privileged material. Any review, transmission, dissemination, or other use of, and taking any action in reliance upon this information by persons or entities other than the intended recipient without the express written consent of the sender are prohibited. This information may be protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other Federal and Florida laws. Improper or unauthorized use or disclosure of this information could result in civil and/or criminal penalties. Consider the environment. Please don't print this e-mail unless you really need to. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Forefront
Anyone using Forefront? I have looked at F-Secure (don't like it at all), looking at Kaspersky now (Seems ok so far) but I read up on Forefront and the AD integration and expected way of use and design of the app looks very nice. Thanks, jlc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: 2003 R2
No they are the same operatingSystem: Windows Server 2003 operatingSystemVersion: 5.2 (3790) operatingSystemServicePack: Service Pack 2 On Thu, Apr 30, 2009 at 10:20 AM, Rob Bonfiglio robbonfig...@gmail.comwrote: I don't have any 2003 R2 servers on my network, but I would imagine the operatingSystem and/or the operatingSystemVersion attributes on the computer account in AD would be different for 2003 R2 machines. On Thu, Apr 30, 2009 at 10:09 AM, KenM kenmli...@gmail.com wrote: I need to find all 2003 R2 servers in my domain. Is there any easy way of doing this. I am comparing the attributes on a base 2003 and 2003 R2 and do not see any difference. Thanks ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: xp share removal?
Or, to save keystrokes, /d instead of /delete :-) 2009/4/29 Jeff Bunting bunting.j...@gmail.com D'oh!! I swear I tried that; must've fat-fingered something... I'll retreat to the corner and put on my dunce cap now. Thanks! Jeff On Wed, Apr 29, 2009 at 1:40 PM, Damien Solodow damien.solo...@ibcschools.edu wrote: You should be able to do ‘net use \\servername2\sqlbkup /delete’ *From:* Jeff Bunting [mailto:bunting.j...@gmail.com] *Sent:* Wednesday, April 29, 2009 1:39 PM *To:* NT System Admin Issues *Subject:* xp share removal? I browsed to a share for which I don't have access to the files (different domain). Problem is, I want to connect under new credentials but Windows won't let me make two connections to the same share with different credentials, so how do I remove the connection *besides **net use /delete ** ? net use output: Status Local RemoteNetwork --- OK Z:\\servername1\all Microsoft Windows Network OK \\servername2\SQLBKUP Microsoft Windows Network The command completed successfully. I want to remove the connection to \\servername2\SQLBKUP Thanks, Jeff ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: 2003 R2
If you are running WSUS you will see it there CFee From: KenM [mailto:kenmli...@gmail.com] Sent: Thursday, April 30, 2009 10:28 AM To: NT System Admin Issues Subject: Re: 2003 R2 No they are the same operatingSystem: Windows Server 2003 operatingSystemVersion: 5.2 (3790) operatingSystemServicePack: Service Pack 2 On Thu, Apr 30, 2009 at 10:20 AM, Rob Bonfiglio robbonfig...@gmail.com wrote: I don't have any 2003 R2 servers on my network, but I would imagine the operatingSystem and/or the operatingSystemVersion attributes on the computer account in AD would be different for 2003 R2 machines. On Thu, Apr 30, 2009 at 10:09 AM, KenM kenmli...@gmail.com wrote: I need to find all 2003 R2 servers in my domain. Is there any easy way of doing this. I am comparing the attributes on a base 2003 and 2003 R2 and do not see any difference. Thanks ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: 2003 R2
no WSUS for the servers. I need to do this with a script, a few hundred servers. On Thu, Apr 30, 2009 at 10:34 AM, Carol Fee c...@massbar.org wrote: If you are running WSUS you will see it there *CFee* -- *From:* KenM [mailto:kenmli...@gmail.com] *Sent:* Thursday, April 30, 2009 10:28 AM *To:* NT System Admin Issues *Subject:* Re: 2003 R2 No they are the same operatingSystem: Windows Server 2003 operatingSystemVersion: 5.2 (3790) operatingSystemServicePack: Service Pack 2 On Thu, Apr 30, 2009 at 10:20 AM, Rob Bonfiglio robbonfig...@gmail.comwrote: I don't have any 2003 R2 servers on my network, but I would imagine the operatingSystem and/or the operatingSystemVersion attributes on the computer account in AD would be different for 2003 R2 machines. On Thu, Apr 30, 2009 at 10:09 AM, KenM kenmli...@gmail.com wrote: I need to find all 2003 R2 servers in my domain. Is there any easy way of doing this. I am comparing the attributes on a base 2003 and 2003 R2 and do not see any difference. Thanks ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: 2003 R2
You can do it via a WMI query. Grab a copy of wmicodecreator from the MS downloads site and poke around, it's a value under win32.computersystem I think... From: KenM [mailto:kenmli...@gmail.com] Sent: Thursday, April 30, 2009 10:41 AM To: NT System Admin Issues Subject: Re: 2003 R2 no WSUS for the servers. I need to do this with a script, a few hundred servers. On Thu, Apr 30, 2009 at 10:34 AM, Carol Fee c...@massbar.org wrote: If you are running WSUS you will see it there CFee From: KenM [mailto:kenmli...@gmail.com] Sent: Thursday, April 30, 2009 10:28 AM To: NT System Admin Issues Subject: Re: 2003 R2 No they are the same operatingSystem: Windows Server 2003 operatingSystemVersion: 5.2 (3790) operatingSystemServicePack: Service Pack 2 On Thu, Apr 30, 2009 at 10:20 AM, Rob Bonfiglio robbonfig...@gmail.com wrote: I don't have any 2003 R2 servers on my network, but I would imagine the operatingSystem and/or the operatingSystemVersion attributes on the computer account in AD would be different for 2003 R2 machines. On Thu, Apr 30, 2009 at 10:09 AM, KenM kenmli...@gmail.com wrote: I need to find all 2003 R2 servers in my domain. Is there any easy way of doing this. I am comparing the attributes on a base 2003 and 2003 R2 and do not see any difference. Thanks ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
strange profiles on server
Bit perplexed with this one. On one of my domain controllers which is used by approximately 2,000 users, there is a partial profile in the documents and settings directory. The user does not have access to the server. I have double checked user permissions and the default domain controller policy. User has no privilege to logon locally (interactive) or logon through terminal server. I also verified the user had no elevated access assigned to him (no domain admins, etc.) At the day/time the profile was created (based on the time stamps), the Security Log does NOT show a local logon (interactice) or a logon through terminal server session. It only shows a 'network' conection which is from drive mappings, etc. , the same logon type as all other users on the network. On the server's documenets and settings directory, the user's profile is NOT the same as what you normally see when logging into to the server. The profile contains ONLY the Application Data and Local Settings direction, all the other directories are missing. There is also a NTUSER.DAT and NTUSER.LOG file. It seems like an anomoly or something to me. Based on access rights, security logs, etc. and testing done, the user does NOT have access to logon to this server. So, how did this incomplete user profile get created? Seems odd. Thoughts welcome. mail2web.com What can On Demand Business Solutions do for you? http://link.mail2web.com/Business/SharePoint ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: strange profiles on server
Absolutely no help, but fwiw I have seen this to. The user in question would be Completely incapable of logging into the server in question as well... jlc -Original Message- From: jesse-r...@wi.rr.com [mailto:jesse-r...@wi.rr.com] Sent: Thursday, April 30, 2009 8:45 AM To: NT System Admin Issues Subject: strange profiles on server Bit perplexed with this one. On one of my domain controllers which is used by approximately 2,000 users, there is a partial profile in the documents and settings directory. The user does not have access to the server. I have double checked user permissions and the default domain controller policy. User has no privilege to logon locally (interactive) or logon through terminal server. I also verified the user had no elevated access assigned to him (no domain admins, etc.) At the day/time the profile was created (based on the time stamps), the Security Log does NOT show a local logon (interactice) or a logon through terminal server session. It only shows a 'network' conection which is from drive mappings, etc. , the same logon type as all other users on the network. On the server's documenets and settings directory, the user's profile is NOT the same as what you normally see when logging into to the server. The profile contains ONLY the Application Data and Local Settings direction, all the other directories are missing. There is also a NTUSER.DAT and NTUSER.LOG file. It seems like an anomoly or something to me. Based on access rights, security logs, etc. and testing done, the user does NOT have access to logon to this server. So, how did this incomplete user profile get created? Seems odd. Thoughts welcome. mail2web.com - What can On Demand Business Solutions do for you? http://link.mail2web.com/Business/SharePoint ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Windows Updates fails to connect with Vista
Is anyone else out there, with Vista , having problems trying to get to the Windows Updates? When we do we receive Error Code 80072EFD. When looking into that error, it mentions that the update.microsoft.com (and others) needs to be placed into the firewall... which they have been. Disabled VIPRE and the Windows Firewall, restarted the wuauserv and renamed the softwaredistribution folder and still can't get Vista to update. All our XP machines are able to get to the update site without any problems. Any ideas? _ Cameron Cooper IT Director - CompTIA A+ Certified Aurico Reports, Inc Phone: 847-890-4021Fax: 847-255-1896 ccoo...@aurico.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: 2003 R2
I don't have a non-R2 WS03 server to check right now, but I believe you need to look at the CSDBuildNumber value under HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion or HKLM\SOFTWARE\Wow6432node\Microsoft\Windows NT\Currentversion My R2 servers show this minor revision number at 4478. -Bonnie From: KenM [mailto:kenmli...@gmail.com] Sent: Thursday, April 30, 2009 7:10 AM To: NT System Admin Issues Subject: 2003 R2 I need to find all 2003 R2 servers in my domain. Is there any easy way of doing this. I am comparing the attributes on a base 2003 and 2003 R2 and do not see any difference. Thanks ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: 2003 R2
Thanks Bonnie. This will help but I found a better key. The same place you recomended but the productname key give you either Microsoft Windows Server 2003 or Microsoft Windows Server 2003 R2 Thanks for your help, now just need to create a vbs or powershell script to pull this info. On Thu, Apr 30, 2009 at 10:51 AM, Miller Bonnie L. mille...@mukilteo.wednet.edu wrote: I don’t have a non-R2 WS03 server to check right now, but I believe you need to look at the “CSDBuildNumber” value under HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion or HKLM\SOFTWARE\Wow6432node\Microsoft\Windows NT\Currentversion My R2 servers show this minor revision number at 4478. -Bonnie *From:* KenM [mailto:kenmli...@gmail.com] *Sent:* Thursday, April 30, 2009 7:10 AM *To:* NT System Admin Issues *Subject:* 2003 R2 I need to find all 2003 R2 servers in my domain. Is there any easy way of doing this. I am comparing the attributes on a base 2003 and 2003 R2 and do not see any difference. Thanks ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Windows Internal Database on SBS
My estemed predecessor in his infinite wisdom decided to install everything for SBS all at one time and all on the system volume. He left me with an aborted installation of Sharepoint and WSUS which I've finally gotten around to cleaning up. I've since removed WSUS and Sharepoint from the server, but left the Windows Internal Database (WID) alone. Is it safe to delete WID now that WSUS and Sharepoint are no longer on the server or are there other services which SBS has that rely on it? Thanks, Jonathan ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: 2003 R2
I use the following to query individual servers. It might help get you started. - Sean = ' on error resume next strComputer=InputBox (Enter the server name) Set objWMIService = GetObject(winmgmts:\\ strComputer \root\cimv2) Set colItems = objWMIService.ExecQuery(Select * from Win32_OperatingSystem) For Each objItem in colItems If InStr(objItem.OtherTypeDescription, R2) Then WScript.Echo This computer is running Windows Server 2003 R2. Else WScript.Echo This computer is not running Windows Server 2003 R2. End If Next ' = On Thu, Apr 30, 2009 at 7:01 AM, KenM kenmli...@gmail.com wrote: Thanks Bonnie. This will help but I found a better key. The same place you recomended but the productname key give you either Microsoft Windows Server 2003 or Microsoft Windows Server 2003 R2 Thanks for your help, now just need to create a vbs or powershell script to pull this info. On Thu, Apr 30, 2009 at 10:51 AM, Miller Bonnie L. mille...@mukilteo.wednet.edu wrote: I don’t have a non-R2 WS03 server to check right now, but I believe you need to look at the “CSDBuildNumber” value under HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion or HKLM\SOFTWARE\Wow6432node\Microsoft\Windows NT\Currentversion My R2 servers show this minor revision number at 4478. -Bonnie *From:* KenM [mailto:kenmli...@gmail.com] *Sent:* Thursday, April 30, 2009 7:10 AM *To:* NT System Admin Issues *Subject:* 2003 R2 I need to find all 2003 R2 servers in my domain. Is there any easy way of doing this. I am comparing the attributes on a base 2003 and 2003 R2 and do not see any difference. Thanks ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: 2003 R2
PowerShell using WMI:
$LIST = GET-CONTENT C:\LIST.TXT
FOREACH ($COMPUTER IN $LIST) {
IF ( $(GWMI -COMP $COMPUTER WIN32_OPERATINGSYSTEM).NAME -MATCH R2) {
ADD-CONTENT -PATH C:\OS.TXT file:///\\PATH-TO-FILE\R2-SYSTEMS.TXT
-value $COMPUTER
}
}
Change C:\LIST.TXT and C:\OS.TXT to files of your choice.
From: Damien Solodow [mailto:damien.solo...@ibcschools.edu]
Sent: Thursday, April 30, 2009 10:44 AM
To: NT System Admin Issues
Subject: RE: 2003 R2
You can do it via a WMI query. Grab a copy of wmicodecreator from the MS
downloads site and poke around, it's a value under win32.computersystem
I think...
From: KenM [mailto:kenmli...@gmail.com]
Sent: Thursday, April 30, 2009 10:41 AM
To: NT System Admin Issues
Subject: Re: 2003 R2
no WSUS for the servers. I need to do this with a script, a few hundred
servers.
On Thu, Apr 30, 2009 at 10:34 AM, Carol Fee c...@massbar.org wrote:
If you are running WSUS you will see it there
CFee
From: KenM [mailto:kenmli...@gmail.com]
Sent: Thursday, April 30, 2009 10:28 AM
To: NT System Admin Issues
Subject: Re: 2003 R2
No they are the same
operatingSystem: Windows Server 2003
operatingSystemVersion: 5.2 (3790)
operatingSystemServicePack: Service Pack 2
On Thu, Apr 30, 2009 at 10:20 AM, Rob Bonfiglio robbonfig...@gmail.com
wrote:
I don't have any 2003 R2 servers on my network, but I would imagine the
operatingSystem and/or the operatingSystemVersion attributes on the
computer account in AD would be different for 2003 R2 machines.
On Thu, Apr 30, 2009 at 10:09 AM, KenM kenmli...@gmail.com wrote:
I need to find all 2003 R2 servers in my domain. Is there any easy way
of doing this. I am comparing the attributes on a base 2003 and 2003 R2
and do not see any difference.
Thanks
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Windows Updates fails to connect with Vista
I just fixed that issue yesterday myself. I got a clue to the issue from looking up the error codes I found on my WSUS server. Seems the selfupdate site was shutdown. Jon On Thu, Apr 30, 2009 at 10:48 AM, Cameron Cooper ccoo...@aurico.com wrote: Is anyone else out there, with Vista , having problems trying to get to the Windows Updates? When we do we receive Error Code 80072EFD. When looking into that error, it mentions that the update.microsoft.com (and others) needs to be placed into the firewall… which they have been. Disabled VIPRE and the Windows Firewall, restarted the wuauserv and renamed the softwaredistribution folder and still can’t get Vista to update. All our XP machines are able to get to the update site without any problems. Any ideas? _ *Cameron Cooper* *IT Director - CompTIA A+ Certified* Aurico Reports, Inc Phone: 847-890-4021Fax: 847-255-1896 ccoo...@aurico.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: 2003 R2
Script it with psinfo and a batch file of your servers. psinfo \\servername | findstr /I R2 Should be easy to do a call statement with parameter and put it in the psinfo command. You will get the following out; Kernel version:Microsoft Windows Server 2003 R2, Multiprocessor Free Z Edward Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + ezi...@lifespan.org Phone:401-639-3505 From: John Cook [mailto:john.c...@pfsf.org] Sent: Thursday, April 30, 2009 10:25 AM To: NT System Admin Issues Subject: RE: 2003 R2 Maybe this if you know the computer names?? http://www.microsoft.com/technet/scriptcenter/resources/scriptshop/shop0 305a.mspx John W. Cook Systems Administrator Partnership For Strong Families 315 SE 2nd Ave Gainesville, Fl 32601 Office (352) 393-2741 x320 Cell (352) 215-6944 Fax (352) 393-2746 MCSE, MCTS, MCP+I,CompTIA A+, N+ From: Rob Bonfiglio [mailto:robbonfig...@gmail.com] Sent: Thursday, April 30, 2009 10:20 AM To: NT System Admin Issues Subject: Re: 2003 R2 I don't have any 2003 R2 servers on my network, but I would imagine the operatingSystem and/or the operatingSystemVersion attributes on the computer account in AD would be different for 2003 R2 machines. On Thu, Apr 30, 2009 at 10:09 AM, KenM kenmli...@gmail.com wrote: I need to find all 2003 R2 servers in my domain. Is there any easy way of doing this. I am comparing the attributes on a base 2003 and 2003 R2 and do not see any difference. Thanks CONFIDENTIALITY STATEMENT: The information transmitted, or contained or attached to or with this Notice is intended only for the person or entity to which it is addressed and may contain Protected Health Information (PHI), confidential and/or privileged material. Any review, transmission, dissemination, or other use of, and taking any action in reliance upon this information by persons or entities other than the intended recipient without the express written consent of the sender are prohibited. This information may be protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other Federal and Florida laws. Improper or unauthorized use or disclosure of this information could result in civil and/or criminal penalties. Consider the environment. Please don't print this e-mail unless you really need to. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Outlook 2007/Vista/ Exchange 2003/RPC Connection Issues
For the past few weeks, we've had a problem that the two of us in the office using Vista were unable to access Exchange over the VPN server. This was a new development we've been running vista for over a year now. Outlook would just hang for hours even. Occasionally I would get Microsoft exchange server is unavailable. After doing some troubleshooting we finally figured out the Outlook was trying to communicate on port 135 (RPC Endpoint Mapper) to our DCs. We had to make firewall changes to allow communication from our VPN server to our DCs on port 135.The thing that has left us scratching our head is why is it just these Vista clients? We have probably 30-40 other users running Office 2007 and they have no issues, and why did it work all that time before? It only seemed to be the vista clients. We do not use RPC over HTTP. Any thoughts? Thanks, Todd ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Windows Updates fails to connect with Vista
Just checked the WSUS server and didn't find any errors. When you went to your selfupdate site, did you do this in IE? When I type in the site name into IE I receive the following: HTTP Error 404 - File or directory not found. Internet Information Services (IIS) _ Cameron Cooper IT Director - CompTIA A+ Certified Aurico Reports, Inc Phone: 847-890-4021Fax: 847-255-1896 ccoo...@aurico.com mailto:ccoo...@aurico.com From: Jon Harris [mailto:jk.har...@gmail.com] Sent: Thursday, April 30, 2009 10:13 AM To: NT System Admin Issues Subject: Re: Windows Updates fails to connect with Vista I just fixed that issue yesterday myself. I got a clue to the issue from looking up the error codes I found on my WSUS server. Seems the selfupdate site was shutdown. Jon On Thu, Apr 30, 2009 at 10:48 AM, Cameron Cooper ccoo...@aurico.com wrote: Is anyone else out there, with Vista , having problems trying to get to the Windows Updates? When we do we receive Error Code 80072EFD. When looking into that error, it mentions that the update.microsoft.com http://update.microsoft.com/ (and others) needs to be placed into the firewall... which they have been. Disabled VIPRE and the Windows Firewall, restarted the wuauserv and renamed the softwaredistribution folder and still can't get Vista to update. All our XP machines are able to get to the update site without any problems. Any ideas? _ Cameron Cooper IT Director - CompTIA A+ Certified Aurico Reports, Inc Phone: 847-890-4021Fax: 847-255-1896 ccoo...@aurico.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: 2003 R2
Thanks, that is what I was looking for. On Thu, Apr 30, 2009 at 11:07 AM, Sean Martin seanmarti...@gmail.comwrote: I use the following to query individual servers. It might help get you started. - Sean = ' on error resume next strComputer=InputBox (Enter the server name) Set objWMIService = GetObject(winmgmts:\\ strComputer \root\cimv2) Set colItems = objWMIService.ExecQuery(Select * from Win32_OperatingSystem) For Each objItem in colItems If InStr(objItem.OtherTypeDescription, R2) Then WScript.Echo This computer is running Windows Server 2003 R2. Else WScript.Echo This computer is not running Windows Server 2003 R2. End If Next ' = On Thu, Apr 30, 2009 at 7:01 AM, KenM kenmli...@gmail.com wrote: Thanks Bonnie. This will help but I found a better key. The same place you recomended but the productname key give you either Microsoft Windows Server 2003 or Microsoft Windows Server 2003 R2 Thanks for your help, now just need to create a vbs or powershell script to pull this info. On Thu, Apr 30, 2009 at 10:51 AM, Miller Bonnie L. mille...@mukilteo.wednet.edu wrote: I don’t have a non-R2 WS03 server to check right now, but I believe you need to look at the “CSDBuildNumber” value under HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion or HKLM\SOFTWARE\Wow6432node\Microsoft\Windows NT\Currentversion My R2 servers show this minor revision number at 4478. -Bonnie *From:* KenM [mailto:kenmli...@gmail.com] *Sent:* Thursday, April 30, 2009 7:10 AM *To:* NT System Admin Issues *Subject:* 2003 R2 I need to find all 2003 R2 servers in my domain. Is there any easy way of doing this. I am comparing the attributes on a base 2003 and 2003 R2 and do not see any difference. Thanks ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Outlook 2007/Vista/ Exchange 2003/RPC Connection Issues
Sorry it was port 1025. From: Todd Arnett [mailto:tarn...@lastar.com] Sent: Thursday, April 30, 2009 11:22 AM To: NT System Admin Issues Subject: Outlook 2007/Vista/ Exchange 2003/RPC Connection Issues For the past few weeks, we've had a problem that the two of us in the office using Vista were unable to access Exchange over the VPN server. This was a new development we've been running vista for over a year now. Outlook would just hang for hours even. Occasionally I would get Microsoft exchange server is unavailable. After doing some troubleshooting we finally figured out the Outlook was trying to communicate on port 135 (RPC Endpoint Mapper) to our DCs. We had to make firewall changes to allow communication from our VPN server to our DCs on port 135.The thing that has left us scratching our head is why is it just these Vista clients? We have probably 30-40 other users running Office 2007 and they have no issues, and why did it work all that time before? It only seemed to be the vista clients. We do not use RPC over HTTP. Any thoughts? Thanks, Todd ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: 2003 R2
You can always use WMIC with a FOR loop from the CMD prompt... for /f %i in (serverlist.txt) do wmic /node:%i os get csname,name output.txt Will do a wmi query against every machine listed in serverlist.txt for the machine name and full OS name with install partition and dump it to a text file called output.txt. i.e.: SERVERNAME Microsoft Windows Server 2003 R2 Standard Edition|C:\WINDOWS|\Device\Harddisk0\Partition1 SERVERNAME2 Microsoft Windows Server 2003 R2 Standard Edition|C:\WINDOWS|\Device\Harddisk0\Partition1 -Brian From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Thursday, April 30, 2009 10:05 AM To: NT System Admin Issues Subject: RE: 2003 R2 Script it with psinfo and a batch file of your servers. psinfo \\servername | findstr /I R2 Should be easy to do a call statement with parameter and put it in the psinfo command. You will get the following out; Kernel version:Microsoft Windows Server 2003 R2, Multiprocessor Free Z Edward Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + ezi...@lifespan.org Phone:401-639-3505 From: John Cook [mailto:john.c...@pfsf.org] Sent: Thursday, April 30, 2009 10:25 AM To: NT System Admin Issues Subject: RE: 2003 R2 Maybe this if you know the computer names?? http://www.microsoft.com/technet/scriptcenter/resources/scriptshop/shop0 305a.mspx John W. Cook Systems Administrator Partnership For Strong Families 315 SE 2nd Ave Gainesville, Fl 32601 Office (352) 393-2741 x320 Cell (352) 215-6944 Fax (352) 393-2746 MCSE, MCTS, MCP+I,CompTIA A+, N+ From: Rob Bonfiglio [mailto:robbonfig...@gmail.com] Sent: Thursday, April 30, 2009 10:20 AM To: NT System Admin Issues Subject: Re: 2003 R2 I don't have any 2003 R2 servers on my network, but I would imagine the operatingSystem and/or the operatingSystemVersion attributes on the computer account in AD would be different for 2003 R2 machines. On Thu, Apr 30, 2009 at 10:09 AM, KenM kenmli...@gmail.com wrote: I need to find all 2003 R2 servers in my domain. Is there any easy way of doing this. I am comparing the attributes on a base 2003 and 2003 R2 and do not see any difference. Thanks CONFIDENTIALITY STATEMENT: The information transmitted, or contained or attached to or with this Notice is intended only for the person or entity to which it is addressed and may contain Protected Health Information (PHI), confidential and/or privileged material. Any review, transmission, dissemination, or other use of, and taking any action in reliance upon this information by persons or entities other than the intended recipient without the express written consent of the sender are prohibited. This information may be protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other Federal and Florida laws. Improper or unauthorized use or disclosure of this information could result in civil and/or criminal penalties. Consider the environment. Please don't print this e-mail unless you really need to. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Remote access options
With the pandemic, I've been tasked with coming up with a plan for remote access, in order to keep the business running, in case of having to have people stay home. So, with that, I've decided to ask you guys what you're using/doing, for teleworking. A couple of options I thought of off the top of my head: 1) VPN - simple, gives the user a good desktop experience. Slow, at least slower than working from your desk. 2) Citrix - same as above, can publish specific apps, or entire desktop if needed. Low bandwidth requirements. I listed those two, as our firewall has built-in VPN capabilities, which we are currently using, and therefore would be the quickest option to implement. We also have Citrix already, although only a single server, running PS 4.0. I know I'd want to implement an Access Gateway, etc with the Citrix option. Thanks, Joe Heaton AISA Employment Training Panel 1100 J Street, 4th Floor Sacramento, CA 95814 (916) 327-5276 jhea...@etp.ca.gov ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Spam filters
Swarthsome?? Joe Heaton Employment Training Panel From: Steve Ens [mailto:stevey...@gmail.com] Sent: Wednesday, April 29, 2009 8:20 AM To: NT System Admin Issues Subject: Re: Spam filters Yes I like the Ninja...he is sleak, and swarthsome. I have him in place in three or four locations. On Wed, Apr 29, 2009 at 10:08 AM, Jay Dale jd...@xpresstel.com wrote: Hey guys, I am a pretty new customer of VIPRE and like what I've seen so far. Sold it to a couple of small customers with no complaints as of yet. My question is regarding email spam filtering. I know a lot of you VIPRE users perhaps are using Ninja, which I'm assuming is server-based. For years I have been using Katharion, which is similar to Postini as an offsite-based filter. I'm just curious as to what you guys prefer when it comes to these kinds of apps, or if you prefer appliance-based filtering. Thanks, Jay Jay Dale * I.T. Director Xpresstel, Inc * Telecom I.T. Solutions 8515 Jackrabbit Rd* Ste T* Houston, TX 77095 Office: 281-856-8335 * Fax: 281-856-8399 http://www.xpresstel.com THE INFORMATION CONTAINED IN THIS TRANSMISSION IS A PRIVILEGED FIRM-CLIENT COMMUNICATION, WORK PRODUCT AND/OR CONFIDENTIAL COMMUNICATION OF INFORMATION INTENDED FOR THE USE OF THE INDIVIDUAL OR ENTITY NAMED ABOVE. IF THE READER OF THIS MESSAGE IS NOT THE INTENDED RECIPIENT, YOU ARE HEREBY NOTIFIED THAT ANY DISSEMINATION, DISTRIBUTION OR COPYING OF THIS COMMUNICATION IS STRICTLY PROHIBITED. IF YOU HAVE RECEIVED THIS EMAIL IN ERROR, PLEASE IMMEDIATELY SEND A REPLY AND DELETE THE EMAIL PROMPTLY. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Remote access options
my choice to connect a disparate collection of nonstandard home users from their own equipment would be Terminal Server / Citrix , *should* keep your interior network more secure than a VPN tunnel. And not being familiar with your firewall or quantities of tunnels needed, performance may be an issue. If you have large numbers of 3DES or better encrypted tunnels ( large relating to the capabilities of your firewall ) then you could overwhelm the firewall processor and buffers, impacting overall performance and reliability of network connections. RDP/ICA is simply traffic the firewall will process, and not spend time encrypting/decrypting with whatever VPN encryption engine it has Erik Goldoff IT Consultant Systems, Networks, Security _ From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Thursday, April 30, 2009 11:40 AM To: NT System Admin Issues Subject: Remote access options With the pandemic, I've been tasked with coming up with a plan for remote access, in order to keep the business running, in case of having to have people stay home. So, with that, I've decided to ask you guys what you're using/doing, for teleworking. A couple of options I thought of off the top of my head: 1) VPN - simple, gives the user a good desktop experience. Slow, at least slower than working from your desk. 2) Citrix - same as above, can publish specific apps, or entire desktop if needed. Low bandwidth requirements. I listed those two, as our firewall has built-in VPN capabilities, which we are currently using, and therefore would be the quickest option to implement. We also have Citrix already, although only a single server, running PS 4.0. I know I'd want to implement an Access Gateway, etc with the Citrix option. Thanks, Joe Heaton AISA Employment Training Panel 1100 J Street, 4th Floor Sacramento, CA 95814 (916) 327-5276 jhea...@etp.ca.gov ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Spam filters
Is that like Smarmy? John W. Cook Systems Administrator Partnership For Strong Families 315 SE 2nd Ave Gainesville, Fl 32601 Office (352) 393-2741 x320 Cell (352) 215-6944 Fax (352) 393-2746 MCSE, MCTS, MCP+I, A+, N+, VSP From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Thursday, April 30, 2009 11:44 AM To: NT System Admin Issues Subject: RE: Spam filters Swarthsome?? Joe Heaton Employment Training Panel From: Steve Ens [mailto:stevey...@gmail.com] Sent: Wednesday, April 29, 2009 8:20 AM To: NT System Admin Issues Subject: Re: Spam filters Yes I like the Ninja...he is sleak, and swarthsome. I have him in place in three or four locations. On Wed, Apr 29, 2009 at 10:08 AM, Jay Dale jd...@xpresstel.commailto:jd...@xpresstel.com wrote: Hey guys, I am a pretty new customer of VIPRE and like what I've seen so far. Sold it to a couple of small customers with no complaints as of yet. My question is regarding email spam filtering. I know a lot of you VIPRE users perhaps are using Ninja, which I'm assuming is server-based. For years I have been using Katharion, which is similar to Postini as an offsite-based filter. I'm just curious as to what you guys prefer when it comes to these kinds of apps, or if you prefer appliance-based filtering. Thanks, Jay Jay Dale * I.T. Director Xpresstel, Inc * Telecom I.T. Solutions 8515 Jackrabbit Rd* Ste T* Houston, TX 77095 Office: 281-856-8335 * Fax: 281-856-8399 http://www.xpresstel.com THE INFORMATION CONTAINED IN THIS TRANSMISSION IS A PRIVILEGED FIRM-CLIENT COMMUNICATION, WORK PRODUCT AND/OR CONFIDENTIAL COMMUNICATION OF INFORMATION INTENDED FOR THE USE OF THE INDIVIDUAL OR ENTITY NAMED ABOVE. IF THE READER OF THIS MESSAGE IS NOT THE INTENDED RECIPIENT, YOU ARE HEREBY NOTIFIED THAT ANY DISSEMINATION, DISTRIBUTION OR COPYING OF THIS COMMUNICATION IS STRICTLY PROHIBITED. IF YOU HAVE RECEIVED THIS EMAIL IN ERROR, PLEASE IMMEDIATELY SEND A REPLY AND DELETE THE EMAIL PROMPTLY. CONFIDENTIALITY STATEMENT: The information transmitted, or contained or attached to or with this Notice is intended only for the person or entity to which it is addressed and may contain Protected Health Information (PHI), confidential and/or privileged material. Any review, transmission, dissemination, or other use of, and taking any action in reliance upon this information by persons or entities other than the intended recipient without the express written consent of the sender are prohibited. This information may be protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other Federal and Florida laws. Improper or unauthorized use or disclosure of this information could result in civil and/or criminal penalties. Consider the environment. Please don't print this e-mail unless you really need to. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: 2003 R2
Hmm.. that's interesting as all of my R2 servers display the R2 part when you run the winver command, but some do NOT list it in the ProductName value under HKLM. From looking at a few, I think it might be the x64 servers that don't show it... Did one of the other posted scripts work for you? -Bonnie From: KenM [mailto:kenmli...@gmail.com] Sent: Thursday, April 30, 2009 8:01 AM To: NT System Admin Issues Subject: Re: 2003 R2 Thanks Bonnie. This will help but I found a better key. The same place you recomended but the productname key give you either Microsoft Windows Server 2003 or Microsoft Windows Server 2003 R2 Thanks for your help, now just need to create a vbs or powershell script to pull this info. On Thu, Apr 30, 2009 at 10:51 AM, Miller Bonnie L. mille...@mukilteo.wednet.edumailto:mille...@mukilteo.wednet.edu wrote: I don't have a non-R2 WS03 server to check right now, but I believe you need to look at the CSDBuildNumber value under HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion or HKLM\SOFTWARE\Wow6432node\Microsoft\Windows NT\Currentversion My R2 servers show this minor revision number at 4478. -Bonnie From: KenM [mailto:kenmli...@gmail.commailto:kenmli...@gmail.com] Sent: Thursday, April 30, 2009 7:10 AM To: NT System Admin Issues Subject: 2003 R2 I need to find all 2003 R2 servers in my domain. Is there any easy way of doing this. I am comparing the attributes on a base 2003 and 2003 R2 and do not see any difference. Thanks ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Avast AV
Anyone using the corporate level of this? Opinions? Also, for Stu, if you read this, how do your products compare to Avast, as far as CPU usage, overhead, etc.? Only reason I ask this is that I've forwarded the upcoming Sunbelt webinars to the rest of my IT group (6 people total) and one of the developers came back saying we should look at Avast as well... Joe Heaton AISA Employment Training Panel 1100 J Street, 4th Floor Sacramento, CA 95814 (916) 327-5276 jhea...@etp.ca.gov ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Sharepoint assistance needed...
Found the fix installed SP3 for Sharepoint 2.0. Thanks! ~Doc~ On Thu, Apr 30, 2009 at 5:28 AM, Miller Bonnie L. mille...@mukilteo.wednet.edu wrote: Sounds like that could be an IE zone setting? Has the IP address been added to their IE Trusted or Local Intranet zone, but the server name has not been added? -Bonnie *From:* Eustace Doc [mailto:mailed2thew...@gmail.com] *Sent:* Tuesday, April 28, 2009 2:14 PM *To:* NT System Admin Issues *Subject:* Sharepoint assistance needed... I may be missing something simple, but it's got me bagged. - Sharepoint Server 2.0 - Only the default site is enabled. - Users from another domain are accessing the web site and after getting authenticated, - When they use the server name they keep getting prompted for authentication no matter where they go on the site. - If they user the IP address they do NOT get prompted again for authentication. Can someone point me in the right direction? Is it a DNS issue? If so what? Thanks in advance, DOC -- Regards, Doc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: WS2008 R2 Active Directory Webcast - Friday 4/24
Is there a recording of this available anywhere? Joe Heaton Employment Training Panel From: Benjamin Zachary - Lists [mailto:li...@levelfive.us] Sent: Saturday, April 25, 2009 3:31 PM To: NT System Admin Issues Subject: RE: WS2008 R2 Active Directory Webcast - Friday 4/24 Good show Brian, I was in there for a decent part of it, cool stuff! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: strange profiles on server
I'm at least happy to hear someone else has seen this. Wish I knew how/why it happened. Original Message: - From: Joseph L. Casale jcas...@activenetwerx.com Date: Thu, 30 Apr 2009 14:47:55 + To: ntsysadmin@lyris.sunbelt-software.com Subject: RE: strange profiles on server Absolutely no help, but fwiw I have seen this to. The user in question would be Completely incapable of logging into the server in question as well... jlc -Original Message- From: jesse-r...@wi.rr.com [mailto:jesse-r...@wi.rr.com] Sent: Thursday, April 30, 2009 8:45 AM To: NT System Admin Issues Subject: strange profiles on server Bit perplexed with this one. On one of my domain controllers which is used by approximately 2,000 users, there is a partial profile in the documents and settings directory. The user does not have access to the server. I have double checked user permissions and the default domain controller policy. User has no privilege to logon locally (interactive) or logon through terminal server. I also verified the user had no elevated access assigned to him (no domain admins, etc.) At the day/time the profile was created (based on the time stamps), the Security Log does NOT show a local logon (interactice) or a logon through terminal server session. It only shows a 'network' conection which is from drive mappings, etc. , the same logon type as all other users on the network. On the server's documenets and settings directory, the user's profile is NOT the same as what you normally see when logging into to the server. The profile contains ONLY the Application Data and Local Settings direction, all the other directories are missing. There is also a NTUSER.DAT and NTUSER.LOG file. It seems like an anomoly or something to me. Based on access rights, security logs, etc. and testing done, the user does NOT have access to logon to this server. So, how did this incomplete user profile get created? Seems odd. Thoughts welcome. mail2web.com - What can On Demand Business Solutions do for you? http://link.mail2web.com/Business/SharePoint ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ myhosting.com - Premium Microsoft® Windows® and Linux web and application hosting - http://link.myhosting.com/myhosting ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Remote access options
That's more the way I'm leaning as well, don't want to put more processing load than necessary on the firewall. But, push come to shove, if they demand something within a day or two, VPN would have to be used, as I don't have the web stuff for Citrix, or an Access Gateway setup. Joe Heaton Employment Training Panel From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Thursday, April 30, 2009 8:46 AM To: NT System Admin Issues Subject: RE: Remote access options my choice to connect a disparate collection of nonstandard home users from their own equipment would be Terminal Server / Citrix , *should* keep your interior network more secure than a VPN tunnel. And not being familiar with your firewall or quantities of tunnels needed, performance may be an issue. If you have large numbers of 3DES or better encrypted tunnels ( large relating to the capabilities of your firewall ) then you could overwhelm the firewall processor and buffers, impacting overall performance and reliability of network connections. RDP/ICA is simply traffic the firewall will process, and not spend time encrypting/decrypting with whatever VPN encryption engine it has Erik Goldoff IT Consultant Systems, Networks, Security From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Thursday, April 30, 2009 11:40 AM To: NT System Admin Issues Subject: Remote access options With the pandemic, I've been tasked with coming up with a plan for remote access, in order to keep the business running, in case of having to have people stay home. So, with that, I've decided to ask you guys what you're using/doing, for teleworking. A couple of options I thought of off the top of my head: 1) VPN - simple, gives the user a good desktop experience. Slow, at least slower than working from your desk. 2) Citrix - same as above, can publish specific apps, or entire desktop if needed. Low bandwidth requirements. I listed those two, as our firewall has built-in VPN capabilities, which we are currently using, and therefore would be the quickest option to implement. We also have Citrix already, although only a single server, running PS 4.0. I know I'd want to implement an Access Gateway, etc with the Citrix option. Thanks, Joe Heaton AISA Employment Training Panel 1100 J Street, 4th Floor Sacramento, CA 95814 (916) 327-5276 jhea...@etp.ca.gov ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Forefront
I use it for clients. Does that mean you like it? Any pros/cons you can share:) How effective is it, I read one review about the speed of updates and amount of detections is low, but I took that report w/ a grain of salt. jlc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Remote access options
You *could* try a quick rollout of Terminal Server, temporary licenses are good for 90 days ( still true I think ) Erik Goldoff IT Consultant Systems, Networks, Security _ From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Thursday, April 30, 2009 12:17 PM To: NT System Admin Issues Subject: RE: Remote access options That's more the way I'm leaning as well, don't want to put more processing load than necessary on the firewall. But, push come to shove, if they demand something within a day or two, VPN would have to be used, as I don't have the web stuff for Citrix, or an Access Gateway setup. Joe Heaton Employment Training Panel From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Thursday, April 30, 2009 8:46 AM To: NT System Admin Issues Subject: RE: Remote access options my choice to connect a disparate collection of nonstandard home users from their own equipment would be Terminal Server / Citrix , *should* keep your interior network more secure than a VPN tunnel. And not being familiar with your firewall or quantities of tunnels needed, performance may be an issue. If you have large numbers of 3DES or better encrypted tunnels ( large relating to the capabilities of your firewall ) then you could overwhelm the firewall processor and buffers, impacting overall performance and reliability of network connections. RDP/ICA is simply traffic the firewall will process, and not spend time encrypting/decrypting with whatever VPN encryption engine it has Erik Goldoff IT Consultant Systems, Networks, Security _ From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Thursday, April 30, 2009 11:40 AM To: NT System Admin Issues Subject: Remote access options With the pandemic, I've been tasked with coming up with a plan for remote access, in order to keep the business running, in case of having to have people stay home. So, with that, I've decided to ask you guys what you're using/doing, for teleworking. A couple of options I thought of off the top of my head: 1) VPN - simple, gives the user a good desktop experience. Slow, at least slower than working from your desk. 2) Citrix - same as above, can publish specific apps, or entire desktop if needed. Low bandwidth requirements. I listed those two, as our firewall has built-in VPN capabilities, which we are currently using, and therefore would be the quickest option to implement. We also have Citrix already, although only a single server, running PS 4.0. I know I'd want to implement an Access Gateway, etc with the Citrix option. Thanks, Joe Heaton AISA Employment Training Panel 1100 J Street, 4th Floor Sacramento, CA 95814 (916) 327-5276 jhea...@etp.ca.gov ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: WS2008 R2 Active Directory Webcast - Friday 4/24
Yes! I got the link last night. I will also post the slides on my blog. We're pleased to let you know that the recording of the recent O'Reilly webcast by Laura E. Hunter and Brian Desmond is now ready for viewing: What's New in Windows Server 2008 R2 Active Directory. The recording is available on our webcast pagehttp://www.oreillynet.com/pub/e/1326 or view it in higher resolution on the O'Reilly YouTube channelhttp://www.youtube.com/watch?v=PprstEc6rM8feature=channel_page (Click the HD button on the movie window to view it in high definition.) Please feel free to share it with others. And, to thank you for registering for this webcast, we're offering you a discount code good for 40% off your entire book order from O'Reillyhttp://oreilly.com. Just use the code 4CAST in the shopping cart when you check out to take 40% off your order (our apologies- this discount doesn't work in the UK shopping cart). Here are some titles that may interest you: Active Directory, Fourth Editionhttp://oreilly.com/catalog/9780596520595/ by Brian Desmond, Joe Richards, Robbie Allen, Alistair G. Lowe-Norris By giving you a thorough grounding in Active Directory, this bestselling book teaches you how to design, manage, and maintain an AD infrastructure, whether it's for a small business network or a multinational enterprise with thousands of resources, services, and users. The fourth edition covers Active Directory from Windows 2000 through Windows Server 2008 in an easy-to-understand narrative style. Active Directory Cookbook, Third Editionhttp://oreilly.com/catalog/9780596521103/ by Laura E. Hunter, Robbie Allen When you need practical hands-on support for Active Directory, the updated edition of this Cookbook provides quick solutions to more than 300 problems you might encounter when deploying, administering, and automating Microsoft's network directory service. You'll find recipes for the Lightweight Directory Access Protocol (LDAP), ADAM, multi-master replication, Domain Name System (DNS), Group Policy, the Active Directory Schema, and many other features. This discount code is only valid through May 1, 2009. You may use it more than once, and share it with your family and friends. Thanks again for your interest in O'Reilly webcasts. Visit webcasts.oreilly.comhttp://webcasts.oreilly.com?CMP=EMC-orm_post_wbcst_evtoolkitATT=webcastpg for news about future webcasts. The O'Reilly Webcast Team webc...@oreilly.commailto:webc...@oreilly.com Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 Active Directory, 4th Ed - http://www.briandesmond.com/ad4/ Microsoft MVP - https://mvp.support.microsoft.com/profile/Brian From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Thursday, April 30, 2009 10:59 AM To: NT System Admin Issues Subject: RE: WS2008 R2 Active Directory Webcast - Friday 4/24 Is there a recording of this available anywhere? Joe Heaton Employment Training Panel From: Benjamin Zachary - Lists [mailto:li...@levelfive.us] Sent: Saturday, April 25, 2009 3:31 PM To: NT System Admin Issues Subject: RE: WS2008 R2 Active Directory Webcast - Friday 4/24 Good show Brian, I was in there for a decent part of it, cool stuff! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Forefront
I use it and really like it. I made a simple change to my AD structure to accommodate it and it just works. I've used it for about a year and a half now and have had no viruses or spyware get through. It also has a system health check that runs on all clients which is very nice. It will give you warnings about machines with too many administrator accounts, user accounts without passwords, systems that are too far out of cycle for updates, etc. I really like having all that in one report. TVK From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Thursday, April 30, 2009 9:25 AM To: NT System Admin Issues Subject: Forefront Anyone using Forefront? I have looked at F-Secure (don't like it at all), looking at Kaspersky now (Seems ok so far) but I read up on Forefront and the AD integration and expected way of use and design of the app looks very nice. Thanks, jlc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Forefront
Since there are what 3 different kinds/varieties of Forefront i was unsure of which one you were interested in. It seems okay it updates it catches things the way it interfaces with SCE is the pits (it does not actually talk at all). Reports are all web based you can allow who you want to see what they need to see. Deployment is not straight forward, but you can get help. It was not my first choice but with the economy the way it is I was lucky to not get asked about going with out any AV. Control is handled by GPO. Management server is just for monitoring nothing more really updates are from WSUS or AU. Depends on your needs as to if it will work for you. I was not overly enthused to find out that it required a full SQL install, Express would not work. It is not designed to work with any of the System Center line. It was designed for MOM. Anything specific you want to know? Jon On Thu, Apr 30, 2009 at 12:21 PM, Joseph L. Casale jcas...@activenetwerx.com wrote: I use it for clients. Does that mean you like it? Any pros/cons you can share:) How effective is it, I read one review about the speed of updates and amount of detections is low, but I took that report w/ a grain of salt. jlc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Remote access options
Terminal Server 2008 has the Gateway role for external users. Still clunky compared to Citrix, but much less costly. I have a Citrix farm for external users, and starting to use Terminal Server for internal users. I'd go 100% Citrix if it were not so ridiculously expensive. Tom Miller Engineer, Information Technology Hampton-Newport News Community Services Board 757-788-0528 Erik Goldoff egold...@gmail.com 4/30/2009 12:23 PM You *could* try a quick rollout of Terminal Server, temporary licenses are good for 90 days ( still true I think ) Erik Goldoff IT Consultant Systems, Networks, Security From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Thursday, April 30, 2009 12:17 PM To: NT System Admin Issues Subject: RE: Remote access options That’s more the way I’m leaning as well, don’t want to put more processing load than necessary on the firewall. But, push come to shove, if they demand something within a day or two, VPN would have to be used, as I don’t have the web stuff for Citrix, or an Access Gateway setup. Joe Heaton Employment Training Panel From:Erik Goldoff [mailto:egold...@gmail.com] Sent: Thursday, April 30, 2009 8:46 AM To: NT System Admin Issues Subject: RE: Remote access options my choice to connect a disparate collection of nonstandard home users from their own equipment would be Terminal Server / Citrix , *should* keep your interior network more secure than a VPN tunnel. And not being familiar with your firewall or quantities of tunnels needed, performance may be an issue. If you have large numbers of 3DES or better encrypted tunnels ( large relating to the capabilities of your firewall ) then you could overwhelm the firewall processor and buffers, impacting overall performance and reliability of network connections. RDP/ICA is simply traffic the firewall will process, and not spend time encrypting/decrypting with whatever VPN encryption engine it has Erik Goldoff IT Consultant Systems, Networks, Security From:Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Thursday, April 30, 2009 11:40 AM To: NT System Admin Issues Subject: Remote access options With the “pandemic”, I’ve been tasked with coming up with a plan for remote access, in order to keep the business running, in case of having to have people stay home. So, with that, I’ve decided to ask you guys what you’re using/doing, for teleworking. A couple of options I thought of off the top of my head: 1) VPN – simple, gives the user a good desktop experience. Slow, at least slower than working from your desk. 2) Citrix – same as above, can publish specific apps, or entire desktop if needed. Low bandwidth requirements. I listed those two, as our firewall has built-in VPN capabilities, which we are currently using, and therefore would be the quickest option to implement. We also have Citrix already, although only a single server, running PS 4.0. I know I’d want to implement an Access Gateway, etc with the Citrix option. Thanks, Joe Heaton AISA Employment Training Panel 1100 J Street, 4th Floor Sacramento, CA 95814 (916) 327-5276 jhea...@etp.ca.gov Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Forefront
I was not overly enthused to find out that it required a full SQL install, Express would not work Ouch, that would get expensive... I'll look into this, thanks! jlc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Forefront
Like Tim said it works. I would have liked to wait until Sterling was out but was told to cut costs. So that did not give me any play. For the EDU market Microsoft does make it hard to look elsewhere. I was just not happen that our resellar did not make the SQL requirement clear up front. I have a dual processor license with only 5 user licenses so I had to be creative on how I got all my SQL requirements met. Jon On Thu, Apr 30, 2009 at 12:39 PM, Joseph L. Casale jcas...@activenetwerx.com wrote: I was not overly enthused to find out that it required a full SQL install, Express would not work Ouch, that would get expensive… I’ll look into this, thanks! jlc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Windows Updates fails to connect with Vista
Yes that is what I was getting now I get access denied but everything is working again, go figure. Jon On Thu, Apr 30, 2009 at 11:23 AM, Cameron Cooper ccoo...@aurico.com wrote: Just checked the WSUS server and didn’t find any errors. When you went to your selfupdate site, did you do this in IE? When I type in the site name into IE I receive the following: HTTP Error 404 - File or directory not found. Internet Information Services (IIS) _ *Cameron Cooper* *IT Director - CompTIA A+ Certified* Aurico Reports, Inc Phone: 847-890-4021Fax: 847-255-1896 ccoo...@aurico.com *From:* Jon Harris [mailto:jk.har...@gmail.com] *Sent:* Thursday, April 30, 2009 10:13 AM *To:* NT System Admin Issues *Subject:* Re: Windows Updates fails to connect with Vista I just fixed that issue yesterday myself. I got a clue to the issue from looking up the error codes I found on my WSUS server. Seems the selfupdate site was shutdown. Jon On Thu, Apr 30, 2009 at 10:48 AM, Cameron Cooper ccoo...@aurico.com wrote: Is anyone else out there, with Vista , having problems trying to get to the Windows Updates? When we do we receive Error Code 80072EFD. When looking into that error, it mentions that the update.microsoft.com (and others) needs to be placed into the firewall… which they have been. Disabled VIPRE and the Windows Firewall, restarted the wuauserv and renamed the softwaredistribution folder and still can’t get Vista to update. All our XP machines are able to get to the update site without any problems. Any ideas? _ *Cameron Cooper* *IT Director - CompTIA A+ Certified* Aurico Reports, Inc Phone: 847-890-4021Fax: 847-255-1896 ccoo...@aurico.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Windows Updates fails to connect with Vista
Sorry forgot to add look at the permissions on the Virtual directory I were messed up. Fixing those and restarting the server fixed most if not all of the issues. Jon On Thu, Apr 30, 2009 at 12:49 PM, Jon Harris jk.har...@gmail.com wrote: Yes that is what I was getting now I get access denied but everything is working again, go figure. Jon On Thu, Apr 30, 2009 at 11:23 AM, Cameron Cooper ccoo...@aurico.comwrote: Just checked the WSUS server and didn’t find any errors. When you went to your selfupdate site, did you do this in IE? When I type in the site name into IE I receive the following: HTTP Error 404 - File or directory not found. Internet Information Services (IIS) _ *Cameron Cooper* *IT Director - CompTIA A+ Certified* Aurico Reports, Inc Phone: 847-890-4021Fax: 847-255-1896 ccoo...@aurico.com *From:* Jon Harris [mailto:jk.har...@gmail.com] *Sent:* Thursday, April 30, 2009 10:13 AM *To:* NT System Admin Issues *Subject:* Re: Windows Updates fails to connect with Vista I just fixed that issue yesterday myself. I got a clue to the issue from looking up the error codes I found on my WSUS server. Seems the selfupdate site was shutdown. Jon On Thu, Apr 30, 2009 at 10:48 AM, Cameron Cooper ccoo...@aurico.com wrote: Is anyone else out there, with Vista , having problems trying to get to the Windows Updates? When we do we receive Error Code 80072EFD. When looking into that error, it mentions that the update.microsoft.com (and others) needs to be placed into the firewall… which they have been. Disabled VIPRE and the Windows Firewall, restarted the wuauserv and renamed the softwaredistribution folder and still can’t get Vista to update. All our XP machines are able to get to the update site without any problems. Any ideas? _ *Cameron Cooper* *IT Director - CompTIA A+ Certified* Aurico Reports, Inc Phone: 847-890-4021Fax: 847-255-1896 ccoo...@aurico.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: 2003 R2
Maybe you don't have any of the R2 parts added on the ones not showing the R2? Jon On Thu, Apr 30, 2009 at 11:45 AM, Miller Bonnie L. mille...@mukilteo.wednet.edu wrote: Hmm.. that’s interesting as all of my R2 servers display the “R2” part when you run the winver command, but some do NOT list it in the ProductName value under HKLM. From looking at a few, I think it might be the x64 servers that don’t show it… Did one of the other posted scripts work for you? -Bonnie *From:* KenM [mailto:kenmli...@gmail.com] *Sent:* Thursday, April 30, 2009 8:01 AM *To:* NT System Admin Issues *Subject:* Re: 2003 R2 Thanks Bonnie. This will help but I found a better key. The same place you recomended but the productname key give you either Microsoft Windows Server 2003 or Microsoft Windows Server 2003 R2 Thanks for your help, now just need to create a vbs or powershell script to pull this info. On Thu, Apr 30, 2009 at 10:51 AM, Miller Bonnie L. mille...@mukilteo.wednet.edu wrote: I don’t have a non-R2 WS03 server to check right now, but I believe you need to look at the “CSDBuildNumber” value under HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion or HKLM\SOFTWARE\Wow6432node\Microsoft\Windows NT\Currentversion My R2 servers show this minor revision number at 4478. -Bonnie *From:* KenM [mailto:kenmli...@gmail.com] *Sent:* Thursday, April 30, 2009 7:10 AM *To:* NT System Admin Issues *Subject:* 2003 R2 I need to find all 2003 R2 servers in my domain. Is there any easy way of doing this. I am comparing the attributes on a base 2003 and 2003 R2 and do not see any difference. Thanks ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: 2003 R2
No, I do-I'm using those features, FSRM in particular, on one that I'm looking at. I have had every one of our WS03 servers up to R2 for quite a while now. The only difference I see is that the x64 servers don't appear to have R2 in the product name in the registry-strange! From: Jon Harris [mailto:jk.har...@gmail.com] Sent: Thursday, April 30, 2009 9:53 AM To: NT System Admin Issues Subject: Re: 2003 R2 Maybe you don't have any of the R2 parts added on the ones not showing the R2? Jon On Thu, Apr 30, 2009 at 11:45 AM, Miller Bonnie L. mille...@mukilteo.wednet.edumailto:mille...@mukilteo.wednet.edu wrote: Hmm.. that's interesting as all of my R2 servers display the R2 part when you run the winver command, but some do NOT list it in the ProductName value under HKLM. From looking at a few, I think it might be the x64 servers that don't show it... Did one of the other posted scripts work for you? -Bonnie From: KenM [mailto:kenmli...@gmail.commailto:kenmli...@gmail.com] Sent: Thursday, April 30, 2009 8:01 AM To: NT System Admin Issues Subject: Re: 2003 R2 Thanks Bonnie. This will help but I found a better key. The same place you recomended but the productname key give you either Microsoft Windows Server 2003 or Microsoft Windows Server 2003 R2 Thanks for your help, now just need to create a vbs or powershell script to pull this info. On Thu, Apr 30, 2009 at 10:51 AM, Miller Bonnie L. mille...@mukilteo.wednet.edumailto:mille...@mukilteo.wednet.edu wrote: I don't have a non-R2 WS03 server to check right now, but I believe you need to look at the CSDBuildNumber value under HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion or HKLM\SOFTWARE\Wow6432node\Microsoft\Windows NT\Currentversion My R2 servers show this minor revision number at 4478. -Bonnie From: KenM [mailto:kenmli...@gmail.commailto:kenmli...@gmail.com] Sent: Thursday, April 30, 2009 7:10 AM To: NT System Admin Issues Subject: 2003 R2 I need to find all 2003 R2 servers in my domain. Is there any easy way of doing this. I am comparing the attributes on a base 2003 and 2003 R2 and do not see any difference. Thanks ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: DNS issue
Charlie, I developed a similar problem yesterday when I replaced the SMTP proxy on my Watchgaurd X500 with the SMTP filter. With just the proxy enabled, DNS resolves fine. But when I enable the SMTP filter, DNS queries run amok and the firewall logs fill up with DNS traffic. Web browsing slows to a crawl and exchange queues back up. I blame Watchguard, but I haven't been able to find a solution yet other than sticking with the Proxy which has to go for an unrelated reason. Bill -Original Message- From: Charlie Kaiser [mailto:charl...@golden-eagle.org] Sent: Thursday, April 30, 2009 7:22 AM To: NT System Admin Issues Subject: RE: DNS issue Yeah; I saw that one, but it's a client-side setting only. I set that on the Exchange server, but it doesn't affect the DNS server's caching of outside lookups... And that's where the issue lies... *** Charlie Kaiser charl...@golden-eagle.org Kingman, AZ *** -Original Message- From: Jeff Bunting [mailto:bunting.j...@gmail.com] Sent: Thursday, April 30, 2009 6:52 AM To: NT System Admin Issues Subject: Re: DNS issue Here's an article about changing the negative caching: http://windowsitpro.com/article/articleid/48528/controlling-po sitive-and-negative-caching.html Jeff ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Windows Updates fails to connect with Vista
Was able to get Vista and W7 to update once I moved those computers out of the OU used by WSUS. _ Cameron Cooper IT Director - CompTIA A+ Certified Aurico Reports, Inc Phone: 847-890-4021Fax: 847-255-1896 ccoo...@aurico.com mailto:ccoo...@aurico.com From: Jon Harris [mailto:jk.har...@gmail.com] Sent: Thursday, April 30, 2009 11:51 AM To: NT System Admin Issues Subject: Re: Windows Updates fails to connect with Vista Sorry forgot to add look at the permissions on the Virtual directory I were messed up. Fixing those and restarting the server fixed most if not all of the issues. Jon On Thu, Apr 30, 2009 at 12:49 PM, Jon Harris jk.har...@gmail.com wrote: Yes that is what I was getting now I get access denied but everything is working again, go figure. Jon On Thu, Apr 30, 2009 at 11:23 AM, Cameron Cooper ccoo...@aurico.com wrote: Just checked the WSUS server and didn't find any errors. When you went to your selfupdate site, did you do this in IE? When I type in the site name into IE I receive the following: HTTP Error 404 - File or directory not found. Internet Information Services (IIS) _ Cameron Cooper IT Director - CompTIA A+ Certified Aurico Reports, Inc Phone: 847-890-4021Fax: 847-255-1896 ccoo...@aurico.com From: Jon Harris [mailto:jk.har...@gmail.com] Sent: Thursday, April 30, 2009 10:13 AM To: NT System Admin Issues Subject: Re: Windows Updates fails to connect with Vista I just fixed that issue yesterday myself. I got a clue to the issue from looking up the error codes I found on my WSUS server. Seems the selfupdate site was shutdown. Jon On Thu, Apr 30, 2009 at 10:48 AM, Cameron Cooper ccoo...@aurico.com wrote: Is anyone else out there, with Vista , having problems trying to get to the Windows Updates? When we do we receive Error Code 80072EFD. When looking into that error, it mentions that the update.microsoft.com http://update.microsoft.com/ (and others) needs to be placed into the firewall... which they have been. Disabled VIPRE and the Windows Firewall, restarted the wuauserv and renamed the softwaredistribution folder and still can't get Vista to update. All our XP machines are able to get to the update site without any problems. Any ideas? _ Cameron Cooper IT Director - CompTIA A+ Certified Aurico Reports, Inc Phone: 847-890-4021Fax: 847-255-1896 ccoo...@aurico.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Remote access options
Our firewall allows for a relatively simple ssl connection, which then grants access to a TS server. Very simple to deploy and use, and (I think) more secure than a hole straight through to a TS server on network or DMZ. On Thu, Apr 30, 2009 at 11:37 AM, Tom Miller tmil...@hnncsb.org wrote: Terminal Server 2008 has the Gateway role for external users. Still clunky compared to Citrix, but much less costly. I have a Citrix farm for external users, and starting to use Terminal Server for internal users. I'd go 100% Citrix if it were not so ridiculously expensive. Tom Miller Engineer, Information Technology Hampton-Newport News Community Services Board 757-788-0528 Erik Goldoff egold...@gmail.com 4/30/2009 12:23 PM You *could* try a quick rollout of Terminal Server, temporary licenses are good for 90 days ( still true I think ) Erik Goldoff *IT Consultant* *Systems, Networks, Security * -- *From:* Joe Heaton [mailto:jhea...@etp.ca.gov] *Sent:* Thursday, April 30, 2009 12:17 PM *To:* NT System Admin Issues *Subject:* RE: Remote access options That’s more the way I’m leaning as well, don’t want to put more processing load than necessary on the firewall. But, push come to shove, if they demand something within a day or two, VPN would have to be used, as I don’t have the web stuff for Citrix, or an Access Gateway setup. Joe Heaton Employment Training Panel *From:* Erik Goldoff [mailto:egold...@gmail.com] *Sent:* Thursday, April 30, 2009 8:46 AM *To:* NT System Admin Issues *Subject:* RE: Remote access options my choice to connect a disparate collection of nonstandard home users from their own equipment would be Terminal Server / Citrix , *should* keep your interior network more secure than a VPN tunnel. And not being familiar with your firewall or quantities of tunnels needed, performance may be an issue. If you have large numbers of 3DES or better encrypted tunnels ( large relating to the capabilities of your firewall ) then you could overwhelm the firewall processor and buffers, impacting overall performance and reliability of network connections. RDP/ICA is simply traffic the firewall will process, and not spend time encrypting/decrypting with whatever VPN encryption engine it has Erik Goldoff *IT Consultant* *Systems, Networks, Security * -- *From:* Joe Heaton [mailto:jhea...@etp.ca.gov] *Sent:* Thursday, April 30, 2009 11:40 AM *To:* NT System Admin Issues *Subject:* Remote access options With the “pandemic”, I’ve been tasked with coming up with a plan for remote access, in order to keep the business running, in case of having to have people stay home. So, with that, I’ve decided to ask you guys what you’re using/doing, for teleworking. A couple of options I thought of off the top of my head: 1) VPN – simple, gives the user a good desktop experience. Slow, at least slower than working from your desk. 2) Citrix – same as above, can publish specific apps, or entire desktop if needed. Low bandwidth requirements. I listed those two, as our firewall has built-in VPN capabilities, which we are currently using, and therefore would be the quickest option to implement. We also have Citrix already, although only a single server, running PS 4.0. I know I’d want to implement an Access Gateway, etc with the Citrix option. Thanks, Joe Heaton AISA Employment Training Panel 1100 J Street, 4th Floor Sacramento, CA 95814 (916) 327-5276 jhea...@etp.ca.gov Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Windows Updates fails to connect with Vista
That just means it is a WSUS issue. Go back and check within IIS that the virtual directory has the correct permissions and that it is not shutdown for some reason. I did find references to some WSUS client and server diagnosictics on the Microsoft site but would never would have even looked if Event ID had not told me they existed. They did help me find and fix my issue. Jon On Thu, Apr 30, 2009 at 1:23 PM, Cameron Cooper ccoo...@aurico.com wrote: Was able to get Vista and W7 to update once I moved those computers out of the OU used by WSUS. _ *Cameron Cooper* *IT Director - CompTIA A+ Certified* Aurico Reports, Inc Phone: 847-890-4021Fax: 847-255-1896 ccoo...@aurico.com *From:* Jon Harris [mailto:jk.har...@gmail.com] *Sent:* Thursday, April 30, 2009 11:51 AM *To:* NT System Admin Issues *Subject:* Re: Windows Updates fails to connect with Vista Sorry forgot to add look at the permissions on the Virtual directory I were messed up. Fixing those and restarting the server fixed most if not all of the issues. Jon On Thu, Apr 30, 2009 at 12:49 PM, Jon Harris jk.har...@gmail.com wrote: Yes that is what I was getting now I get access denied but everything is working again, go figure. Jon On Thu, Apr 30, 2009 at 11:23 AM, Cameron Cooper ccoo...@aurico.com wrote: Just checked the WSUS server and didn’t find any errors. When you went to your selfupdate site, did you do this in IE? When I type in the site name into IE I receive the following: HTTP Error 404 - File or directory not found. Internet Information Services (IIS) _ *Cameron Cooper* *IT Director - CompTIA A+ Certified* Aurico Reports, Inc Phone: 847-890-4021Fax: 847-255-1896 ccoo...@aurico.com *From:* Jon Harris [mailto:jk.har...@gmail.com] *Sent:* Thursday, April 30, 2009 10:13 AM *To:* NT System Admin Issues *Subject:* Re: Windows Updates fails to connect with Vista I just fixed that issue yesterday myself. I got a clue to the issue from looking up the error codes I found on my WSUS server. Seems the selfupdate site was shutdown. Jon On Thu, Apr 30, 2009 at 10:48 AM, Cameron Cooper ccoo...@aurico.com wrote: Is anyone else out there, with Vista , having problems trying to get to the Windows Updates? When we do we receive Error Code 80072EFD. When looking into that error, it mentions that the update.microsoft.com (and others) needs to be placed into the firewall… which they have been. Disabled VIPRE and the Windows Firewall, restarted the wuauserv and renamed the softwaredistribution folder and still can’t get Vista to update. All our XP machines are able to get to the update site without any problems. Any ideas? _ *Cameron Cooper* *IT Director - CompTIA A+ Certified* Aurico Reports, Inc Phone: 847-890-4021Fax: 847-255-1896 ccoo...@aurico.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: DNS issue
Hi Bill. We're going to try this today (method 2) and see what happens... http://support.microsoft.com/kb/828263 Seems like it attacks the problem from the server side... This is the DNS server-based change I was looking for... *** Charlie Kaiser charl...@golden-eagle.org Kingman, AZ *** -Original Message- From: Bill Songstad (WCUL) [mailto:administra...@waleague.org] Sent: Thursday, April 30, 2009 10:21 AM To: NT System Admin Issues Subject: RE: DNS issue Charlie, I developed a similar problem yesterday when I replaced the SMTP proxy on my Watchgaurd X500 with the SMTP filter. With just the proxy enabled, DNS resolves fine. But when I enable the SMTP filter, DNS queries run amok and the firewall logs fill up with DNS traffic. Web browsing slows to a crawl and exchange queues back up. I blame Watchguard, but I haven't been able to find a solution yet other than sticking with the Proxy which has to go for an unrelated reason. Bill ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Windows Updates fails to connect with Vista
What should the settings be? Here's what our is set to now... _ Cameron Cooper IT Director - CompTIA A+ Certified Aurico Reports, Inc Phone: 847-890-4021Fax: 847-255-1896 ccoo...@aurico.com mailto:ccoo...@aurico.com From: Jon Harris [mailto:jk.har...@gmail.com] Sent: Thursday, April 30, 2009 12:29 PM To: NT System Admin Issues Subject: Re: Windows Updates fails to connect with Vista That just means it is a WSUS issue. Go back and check within IIS that the virtual directory has the correct permissions and that it is not shutdown for some reason. I did find references to some WSUS client and server diagnosictics on the Microsoft site but would never would have even looked if Event ID had not told me they existed. They did help me find and fix my issue. Jon On Thu, Apr 30, 2009 at 1:23 PM, Cameron Cooper ccoo...@aurico.com wrote: Was able to get Vista and W7 to update once I moved those computers out of the OU used by WSUS. _ Cameron Cooper IT Director - CompTIA A+ Certified Aurico Reports, Inc Phone: 847-890-4021Fax: 847-255-1896 ccoo...@aurico.com From: Jon Harris [mailto:jk.har...@gmail.com] Sent: Thursday, April 30, 2009 11:51 AM To: NT System Admin Issues Subject: Re: Windows Updates fails to connect with Vista Sorry forgot to add look at the permissions on the Virtual directory I were messed up. Fixing those and restarting the server fixed most if not all of the issues. Jon On Thu, Apr 30, 2009 at 12:49 PM, Jon Harris jk.har...@gmail.com wrote: Yes that is what I was getting now I get access denied but everything is working again, go figure. Jon On Thu, Apr 30, 2009 at 11:23 AM, Cameron Cooper ccoo...@aurico.com wrote: Just checked the WSUS server and didn't find any errors. When you went to your selfupdate site, did you do this in IE? When I type in the site name into IE I receive the following: HTTP Error 404 - File or directory not found. Internet Information Services (IIS) _ Cameron Cooper IT Director - CompTIA A+ Certified Aurico Reports, Inc Phone: 847-890-4021Fax: 847-255-1896 ccoo...@aurico.com From: Jon Harris [mailto:jk.har...@gmail.com] Sent: Thursday, April 30, 2009 10:13 AM To: NT System Admin Issues Subject: Re: Windows Updates fails to connect with Vista I just fixed that issue yesterday myself. I got a clue to the issue from looking up the error codes I found on my WSUS server. Seems the selfupdate site was shutdown. Jon On Thu, Apr 30, 2009 at 10:48 AM, Cameron Cooper ccoo...@aurico.com wrote: Is anyone else out there, with Vista , having problems trying to get to the Windows Updates? When we do we receive Error Code 80072EFD. When looking into that error, it mentions that the update.microsoft.com http://update.microsoft.com/ (and others) needs to be placed into the firewall... which they have been. Disabled VIPRE and the Windows Firewall, restarted the wuauserv and renamed the softwaredistribution folder and still can't get Vista to update. All our XP machines are able to get to the update site without any problems. Any ideas? _ Cameron Cooper IT Director - CompTIA A+ Certified Aurico Reports, Inc Phone: 847-890-4021Fax: 847-255-1896 ccoo...@aurico.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~image001.png
RE: Remote access options
I was tasked with providing secure remote access for all the users in a 20 person office two years ago when bird flu was all the rage. Budget: $0.00. Requirement: Easy for even dummies. Secure. Solution: existing VPN access through the firewall, using realvnc on windows desktops. (RDP wasn't an option due to Linux and Mac clients at the user's homes). Users were required to submit screenshots of up-to-date AV, firewalls, and MS patches prior to access every 30 days. Result: Not all that easy for dummies. VPN client software was difficult for some. Screenshot tracking was a pain. Came in on budget. VNC sucks compared to RDP. Improvement and current solution: RDP over a SonicWall SSL device with networking disabled on the device and RDP connections locked down preventing redirecting of resources. This is super easy for the user. No software to install. They have no extra password to remember as the SSL device authenticates against AD (though that isn't a requirement for those who hate the idea of anything accessing AD from the perimeter). Any internet ready computer will do. Mac, Linux, Whatever. No more screenshots since the users can't tunnel beyond the SSL device. The SonicWall device was a little non-intuitive to set up for me. Total cost $1700. Money well spent even on that super tight budget. Remote productivity alone justifies the $1700. Not sure how many users the device/bandwidth can effectively handle in this configuration, but so far everyone reports a huge performance boost over the previous solution. Of course, if you have a terminal server already and citrix et at, then this cheap solution might not be as good as what you can build with those tools. I couldn't say. But it might work for some of the lurkers from smaller shops with little budgets. Bill . From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Thursday, April 30, 2009 8:40 AM To: NT System Admin Issues Subject: Remote access options With the pandemic, I've been tasked with coming up with a plan for remote access, in order to keep the business running, in case of having to have people stay home. So, with that, I've decided to ask you guys what you're using/doing, for teleworking. A couple of options I thought of off the top of my head: 1) VPN - simple, gives the user a good desktop experience. Slow, at least slower than working from your desk. 2) Citrix - same as above, can publish specific apps, or entire desktop if needed. Low bandwidth requirements. I listed those two, as our firewall has built-in VPN capabilities, which we are currently using, and therefore would be the quickest option to implement. We also have Citrix already, although only a single server, running PS 4.0. I know I'd want to implement an Access Gateway, etc with the Citrix option. Thanks, Joe Heaton AISA Employment Training Panel 1100 J Street, 4th Floor Sacramento, CA 95814 (916) 327-5276 jhea...@etp.ca.gov ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Windows Updates fails to connect with Vista
Never mind that last email... just noticed in the settings that the user account wasn't right. _ Cameron Cooper IT Director - CompTIA A+ Certified Aurico Reports, Inc Phone: 847-890-4021Fax: 847-255-1896 ccoo...@aurico.com mailto:ccoo...@aurico.com From: Cameron Cooper [mailto:ccoo...@aurico.com] Sent: Thursday, April 30, 2009 1:02 PM To: NT System Admin Issues Subject: RE: Windows Updates fails to connect with Vista What should the settings be? Here's what our is set to now... _ Cameron Cooper IT Director - CompTIA A+ Certified Aurico Reports, Inc Phone: 847-890-4021Fax: 847-255-1896 ccoo...@aurico.com From: Jon Harris [mailto:jk.har...@gmail.com] Sent: Thursday, April 30, 2009 12:29 PM To: NT System Admin Issues Subject: Re: Windows Updates fails to connect with Vista That just means it is a WSUS issue. Go back and check within IIS that the virtual directory has the correct permissions and that it is not shutdown for some reason. I did find references to some WSUS client and server diagnosictics on the Microsoft site but would never would have even looked if Event ID had not told me they existed. They did help me find and fix my issue. Jon On Thu, Apr 30, 2009 at 1:23 PM, Cameron Cooper ccoo...@aurico.com wrote: Was able to get Vista and W7 to update once I moved those computers out of the OU used by WSUS. _ Cameron Cooper IT Director - CompTIA A+ Certified Aurico Reports, Inc Phone: 847-890-4021Fax: 847-255-1896 ccoo...@aurico.com From: Jon Harris [mailto:jk.har...@gmail.com] Sent: Thursday, April 30, 2009 11:51 AM To: NT System Admin Issues Subject: Re: Windows Updates fails to connect with Vista Sorry forgot to add look at the permissions on the Virtual directory I were messed up. Fixing those and restarting the server fixed most if not all of the issues. Jon On Thu, Apr 30, 2009 at 12:49 PM, Jon Harris jk.har...@gmail.com wrote: Yes that is what I was getting now I get access denied but everything is working again, go figure. Jon On Thu, Apr 30, 2009 at 11:23 AM, Cameron Cooper ccoo...@aurico.com wrote: Just checked the WSUS server and didn't find any errors. When you went to your selfupdate site, did you do this in IE? When I type in the site name into IE I receive the following: HTTP Error 404 - File or directory not found. Internet Information Services (IIS) _ Cameron Cooper IT Director - CompTIA A+ Certified Aurico Reports, Inc Phone: 847-890-4021Fax: 847-255-1896 ccoo...@aurico.com From: Jon Harris [mailto:jk.har...@gmail.com] Sent: Thursday, April 30, 2009 10:13 AM To: NT System Admin Issues Subject: Re: Windows Updates fails to connect with Vista I just fixed that issue yesterday myself. I got a clue to the issue from looking up the error codes I found on my WSUS server. Seems the selfupdate site was shutdown. Jon On Thu, Apr 30, 2009 at 10:48 AM, Cameron Cooper ccoo...@aurico.com wrote: Is anyone else out there, with Vista , having problems trying to get to the Windows Updates? When we do we receive Error Code 80072EFD. When looking into that error, it mentions that the update.microsoft.com http://update.microsoft.com/ (and others) needs to be placed into the firewall... which they have been. Disabled VIPRE and the Windows Firewall, restarted the wuauserv and renamed the softwaredistribution folder and still can't get Vista to update. All our XP machines are able to get to the update site without any problems. Any ideas? _ Cameron Cooper IT Director - CompTIA A+ Certified Aurico Reports, Inc Phone: 847-890-4021Fax: 847-255-1896 ccoo...@aurico.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~image001.png
RE: Remote access options
IMHO, Citrix is a great answer for remote users in a contingency like this. Roll out of new apps is pretty quick and you don't have to go worry about rolling out and app to a remote desktop. From: Bill Songstad (WCUL) [mailto:administra...@waleague.org] Sent: Thursday, April 30, 2009 2:05 PM To: NT System Admin Issues Subject: RE: Remote access options I was tasked with providing secure remote access for all the users in a 20 person office two years ago when bird flu was all the rage. Budget: $0.00. Requirement: Easy for even dummies. Secure. Solution: existing VPN access through the firewall, using realvnc on windows desktops. (RDP wasn't an option due to Linux and Mac clients at the user's homes). Users were required to submit screenshots of up-to-date AV, firewalls, and MS patches prior to access every 30 days. Result: Not all that easy for dummies. VPN client software was difficult for some. Screenshot tracking was a pain. Came in on budget. VNC sucks compared to RDP. Improvement and current solution: RDP over a SonicWall SSL device with networking disabled on the device and RDP connections locked down preventing redirecting of resources. This is super easy for the user. No software to install. They have no extra password to remember as the SSL device authenticates against AD (though that isn't a requirement for those who hate the idea of anything accessing AD from the perimeter). Any internet ready computer will do. Mac, Linux, Whatever. No more screenshots since the users can't tunnel beyond the SSL device. The SonicWall device was a little non-intuitive to set up for me. Total cost $1700. Money well spent even on that super tight budget. Remote productivity alone justifies the $1700. Not sure how many users the device/bandwidth can effectively handle in this configuration, but so far everyone reports a huge performance boost over the previous solution. Of course, if you have a terminal server already and citrix et at, then this cheap solution might not be as good as what you can build with those tools. I couldn't say. But it might work for some of the lurkers from smaller shops with little budgets. Bill . From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Thursday, April 30, 2009 8:40 AM To: NT System Admin Issues Subject: Remote access options With the pandemic, I've been tasked with coming up with a plan for remote access, in order to keep the business running, in case of having to have people stay home. So, with that, I've decided to ask you guys what you're using/doing, for teleworking. A couple of options I thought of off the top of my head: 1) VPN - simple, gives the user a good desktop experience. Slow, at least slower than working from your desk. 2) Citrix - same as above, can publish specific apps, or entire desktop if needed. Low bandwidth requirements. I listed those two, as our firewall has built-in VPN capabilities, which we are currently using, and therefore would be the quickest option to implement. We also have Citrix already, although only a single server, running PS 4.0. I know I'd want to implement an Access Gateway, etc with the Citrix option. Thanks, Joe Heaton AISA Employment Training Panel 1100 J Street, 4th Floor Sacramento, CA 95814 (916) 327-5276 jhea...@etp.ca.gov ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
DFS issues
My CFO and one of my accounting people are complaining about some strange behavior of disappearing / reappearing files starting about the time we implemented DFS. Now, as far as I can tell from looking at the folders on the two DFS servers, the files are there on both servers. I'm NOT looking at the share I'm looking at the actual drives where those shares are mounted and both servers appear to have the same files. Any suggestions? Is there a DFS log file to indicate problems synching the shares? John-AldrichTile-Tools ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~image001.jpgimage002.jpg
Re: DFS issues
Offline files? On Thu, Apr 30, 2009 at 2:31 PM, John Aldrich jaldr...@blueridgecarpet.comwrote: My CFO and one of my accounting people are complaining about some strange behavior of “disappearing / reappearing” files starting about the time we implemented DFS. Now, as far as I can tell from looking at the folders on the two DFS servers, the files are there on both servers. I’m NOT looking at the “share” I’m looking at the actual drives where those shares are mounted and both servers appear to have the same files. Any suggestions? Is there a DFS log file to indicate problems synching the shares? [image: John-Aldrich][image: Tile-Tools] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~image002.jpgimage001.jpg
RE: DFS issues
Disregard that question. I looked on the server and saw the log files in the event viewer. However, I do have a question - how much space do I need to make sure I have available for staging of DFS? Our primary server was getting low on disk space until I deleted some backup files in the multi-gigabyte range. Now we have about 120 Gigs free on the server. About how much do I need to keep available? John-AldrichTile-Tools From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Thursday, April 30, 2009 2:31 PM To: NT System Admin Issues Subject: DFS issues My CFO and one of my accounting people are complaining about some strange behavior of disappearing / reappearing files starting about the time we implemented DFS. Now, as far as I can tell from looking at the folders on the two DFS servers, the files are there on both servers. I'm NOT looking at the share I'm looking at the actual drives where those shares are mounted and both servers appear to have the same files. Any suggestions? Is there a DFS log file to indicate problems synching the shares? John-AldrichTile-Tools No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.323 / Virus Database: 270.12.8/2086 - Release Date: 04/30/09 06:01:00 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~image001.jpgimage002.jpg
RE: DFS issues
Don't think so. I think it may have had to do with low drive space on the primary server. I have corrected that issue and am crossing my fingers and hoping that it's fixed. J I did notice some issues in the log file about errors synching with the secondary server. Shouldn't be an issue since it's on a Gigabit link, unless there was a power outage or something that killed the secondary server's network access (secondary server is on a UPS, the network switch it's on is not.) John-AldrichTile-Tools From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Thursday, April 30, 2009 2:41 PM To: NT System Admin Issues Subject: Re: DFS issues Offline files? On Thu, Apr 30, 2009 at 2:31 PM, John Aldrich jaldr...@blueridgecarpet.com wrote: My CFO and one of my accounting people are complaining about some strange behavior of disappearing / reappearing files starting about the time we implemented DFS. Now, as far as I can tell from looking at the folders on the two DFS servers, the files are there on both servers. I'm NOT looking at the share I'm looking at the actual drives where those shares are mounted and both servers appear to have the same files. Any suggestions? Is there a DFS log file to indicate problems synching the shares? John-AldrichTile-Tools No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.323 / Virus Database: 270.12.8/2086 - Release Date: 04/30/09 06:01:00 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~image001.jpgimage002.jpg
Re: DFS issues
Sizing the staging directory really depends on the rate of replication. Is the majority of data dynamic or static? To give you an example, we host user home directories and terminal service roaming profiles on a group of DFS servers. The primay target server for each site is allocated 600GB for data. The staging directories, located on separate disks, are allocated 300GB. Free space on the Staging partitions is hovering around 50-60GB, so in our case, the staging partition was accurately sized at about 50% of the data partition. YMMV. - Sean On Thu, Apr 30, 2009 at 10:45 AM, John Aldrich jaldr...@blueridgecarpet.com wrote: Disregard that question. I looked on the server and saw the log files in the event viewer. However, I do have a question – how much space do I need to make sure I have available for “staging” of DFS? Our primary server was getting low on disk space until I deleted some backup files in the multi-gigabyte range. Now we have about 120 Gigs free on the server. About how much do I need to keep available? [image: John-Aldrich][image: Tile-Tools] *From:* John Aldrich [mailto:jaldr...@blueridgecarpet.com] *Sent:* Thursday, April 30, 2009 2:31 PM *To:* NT System Admin Issues *Subject:* DFS issues My CFO and one of my accounting people are complaining about some strange behavior of “disappearing / reappearing” files starting about the time we implemented DFS. Now, as far as I can tell from looking at the folders on the two DFS servers, the files are there on both servers. I’m NOT looking at the “share” I’m looking at the actual drives where those shares are mounted and both servers appear to have the same files. Any suggestions? Is there a DFS log file to indicate problems synching the shares? [image: John-Aldrich][image: Tile-Tools] No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.323 / Virus Database: 270.12.8/2086 - Release Date: 04/30/09 06:01:00 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~image001.jpgimage002.jpg
RE: DFS issues
Well, I don't believe we specified a DFS replication quota, but the server is set for about 660 MB per share (two shares.) The disk space used is about 279 Gigabytes on one share and about the same on the second share. John-AldrichTile-Tools From: Sean Martin [mailto:seanmarti...@gmail.com] Sent: Thursday, April 30, 2009 3:06 PM To: NT System Admin Issues Subject: Re: DFS issues Sizing the staging directory really depends on the rate of replication. Is the majority of data dynamic or static? To give you an example, we host user home directories and terminal service roaming profiles on a group of DFS servers. The primay target server for each site is allocated 600GB for data. The staging directories, located on separate disks, are allocated 300GB. Free space on the Staging partitions is hovering around 50-60GB, so in our case, the staging partition was accurately sized at about 50% of the data partition. YMMV. - Sean On Thu, Apr 30, 2009 at 10:45 AM, John Aldrich jaldr...@blueridgecarpet.com wrote: Disregard that question. I looked on the server and saw the log files in the event viewer. However, I do have a question - how much space do I need to make sure I have available for staging of DFS? Our primary server was getting low on disk space until I deleted some backup files in the multi-gigabyte range. Now we have about 120 Gigs free on the server. About how much do I need to keep available? John-AldrichTile-Tools From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Thursday, April 30, 2009 2:31 PM To: NT System Admin Issues Subject: DFS issues My CFO and one of my accounting people are complaining about some strange behavior of disappearing / reappearing files starting about the time we implemented DFS. Now, as far as I can tell from looking at the folders on the two DFS servers, the files are there on both servers. I'm NOT looking at the share I'm looking at the actual drives where those shares are mounted and both servers appear to have the same files. Any suggestions? Is there a DFS log file to indicate problems synching the shares? John-AldrichTile-Tools No virus found in this incoming message. Checked by AVG - www.avg.com http://www.avg.com/ Version: 8.5.323 / Virus Database: 270.12.8/2086 - Release Date: 04/30/09 06:01:00 No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.323 / Virus Database: 270.12.8/2086 - Release Date: 04/30/09 06:01:00 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~image001.jpgimage002.jpg
Re: Remote access options
TS 2008, Gateway Role, is over SSL only. I set up a nat on my firewall and https only to the gateway server and that's all you need to do (other than configuring the Gateway role, getting a certificate for the farm, blah blah blah.) Jeff Brown 2jbr...@gmail.com 4/30/2009 1:29 PM Our firewall allows for a relatively simple ssl connection, which then grants access to a TS server. Very simple to deploy and use, and (I think) more secure than a hole straight through to a TS server on network or DMZ. On Thu, Apr 30, 2009 at 11:37 AM, Tom Miller tmil...@hnncsb.org wrote: Terminal Server 2008 has the Gateway role for external users. Still clunky compared to Citrix, but much less costly. I have a Citrix farm for external users, and starting to use Terminal Server for internal users. I'd go 100% Citrix if it were not so ridiculously expensive. Tom Miller Engineer, Information Technology Hampton-Newport News Community Services Board 757-788-0528 Erik Goldoff egold...@gmail.com 4/30/2009 12:23 PM You *could* try a quick rollout of Terminal Server, temporary licenses are good for 90 days ( still true I think ) Erik Goldoff ITConsultant Systems, Networks, Security From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Thursday, April 30, 2009 12:17 PM To: NT System Admin Issues Subject: RE: Remote access options That’s more the way I’m leaning as well, don’t want to put more processing load than necessary on the firewall. But, push come to shove, if they demand something within a day or two, VPN would have to be used, as I don’t have the web stuff for Citrix, or an Access Gateway setup. Joe Heaton Employment Training Panel From:Erik Goldoff [mailto:egold...@gmail.com] Sent: Thursday, April 30, 2009 8:46 AM To: NT System Admin Issues Subject: RE: Remote access options my choice to connect a disparate collection of nonstandard home users from their own equipment would be Terminal Server / Citrix , *should* keep your interior network more secure than a VPN tunnel. And not being familiar with your firewall or quantities of tunnels needed, performance may be an issue. If you have large numbers of 3DES or better encrypted tunnels ( large relating to the capabilities of your firewall ) then you could overwhelm the firewall processor and buffers, impacting overall performance and reliability of network connections. RDP/ICA is simply traffic the firewall will process, and not spend time encrypting/decrypting with whatever VPN encryption engine it has Erik Goldoff IT Consultant Systems, Networks, Security From:Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Thursday, April 30, 2009 11:40 AM To: NT System Admin Issues Subject: Remote access options With the “pandemic”, I’ve been tasked with coming up with a plan for remote access, in order to keep the business running, in case of having to have people stay home. So, with that, I’ve decided to ask you guys what you’re using/doing, for teleworking. A couple of options I thought of off the top of my head: 1)VPN – simple, gives the user a good desktop experience. Slow, at least slower than working from your desk. 2)Citrix – same as above, can publish specific apps, or entire desktop if needed. Low bandwidth requirements. I listed those two, as our firewall has built-in VPN capabilities, which we are currently using, and therefore would be the quickest option to implement. We also have Citrix already, although only a single server, running PS 4.0. I know I’d want to implement an Access Gateway, etc with the Citrix option. Thanks, Joe Heaton AISA Employment Training Panel 1100 J Street, 4th Floor Sacramento, CA 95814 (916) 327-5276 jhea...@etp.ca.gov Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Remote access options
�s really easy to set up and works quite well in my experience. There are only a couple of potential gotchas that I found. 1) Each TS Gateway user or device requires a TS CAL. 2) Wildcard certs work fine, but you need to have XP SPs RDP client on XP, or Service Pack 1 on Vista. I dot think you can download the Vista SP1 RDP client by itself. From: Tom Miller [mailto:tmil...@hnncsb.org] Sent: Thursday, April 30, 2009 3:39 PM To: NT System Admin Issues Subject: Re: Remote access options TS 2008, Gateway Role, is over SSL only. I set up a nat on my firewall and https only to the gateway server and that's all you need to do (other than configuring the Gateway role, getting a certificate for the farm, blah blah blah.) Jeff Brown 2jbr...@gmail.com 4/30/2009 1:29 PM Our firewall allows for a relatively simple ssl connection, which then grants access to a TS server. Very simple to deploy and use, and (I think) more secure than a hole straight through to a TS server on network or DMZ. On Thu, Apr 30, 2009 at 11:37 AM, Tom Miller tmil...@hnncsb.org wrote: Terminal Server 2008 has the Gateway role for external users. Still clunky compared to Citrix, but much less costly. I have a Citrix farm for external users, and starting to use Terminal Server for internal users. I'd go 100% Citrix if it were not so ridiculously expensive. Tom Miller Engineer, Information Technology Hampton-Newport News Community Services Board 757-788-0528 Erik Goldoff egold...@gmail.com 4/30/2009 12:23 PM You *could* try a quick rollout of Terminal Server, temporary licenses are good for 90 days ( still true I think ) Erik Goldoff IT Consultant Systems, Networks, Security From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Thursday, April 30, 2009 12:17 PM To: NT System Admin Issues Subject: RE: Remote access options That���s more the way m leaning as well, d�t want to put more processing load than necessary on the firewall. But, push come to shove, if they demand something within a day or two, VPN would have to be used, as I dot have the web stuff for Citrix, or an Access Gateway setup. Joe Heaton Employment Training Panel From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Thursday, April 30, 2009 8:46 AM To: NT System Admin Issues Subject: RE: Remote access options my choice to connect a disparate collection of nonstandard home users from their own equipment would be Terminal Server / Citrix , *should* keep your interior network more secure than a VPN tunnel. And not being familiar with your firewall or quantities of tunnels needed, performance may be an issue. If you have large numbers of 3DES or better encrypted tunnels ( large relating to the capabilities of your firewall ) then you could overwhelm the firewall processor and buffers, impacting overall performance and reliability of network connections. RDP/ICA is simply traffic the firewall will process, and not spend time encrypting/decrypting with whatever VPN encryption engine it has Erik Goldoff IT Consultant Systems, Networks, Security From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Thursday, April 30, 2009 11:40 AM To: NT System Admin Issues Subject: Remote access options With the ���pandem�,�ve been tasked with coming up with a plan for remote access, in order to keep the business running, in case of having to have people stay home. So, with that, I���ve decided to ask you guys what y�re using/doing, for teleworking. A couple of options I thought of off the top of my head: 1) VPN ��� simple, gives the user a good desktop experience. Slow, at least slower than working from your desk. 2) Citrix same as above, can publish specific apps, or entire desktop if needed. Low bandwidth requirements. I listed those two, as our firewall has built-in VPN capabilities, which we are currently using, and therefore would be the quickest option to implement. We also have Citrix already, although only a single server, running PS 4.0. I know I���d want to implement an Access Gateway, etc with the Citrix option. Thanks, Joe Heaton AISA Employment Training Panel 1100 J Street, 4th Floor Sacramento, CA 95814 (916) 327-5276 jhea...@etp.ca.gov Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is
RE: Remote access options
Apostrophes munched again... For a wildcard cert on the TS Gateway server to work, you need the RDP client from XP SP3 (which is available as a standalone download), or the client needs Vista SP1. The updated RDP client for Vista isn't available by itself. From: Richard Stovall [mailto:richard.stov...@researchdata.com] Sent: Thursday, April 30, 2009 3:51 PM To: NT System Admin Issues Subject: RE: Remote access options Its really easy to set up and works quite well in my experience. There are only a couple of potential gotchas that I found. 1) Each TS Gateway user or device requires a TS CAL. 2) Wildcard certs work fine, but you need to have XP SPs RDP client on XP, or Service Pack 1 on Vista I dont think you can download the Vista SP1 RDP client by itself. From: Tom Miller [mailto:tmil...@hnncsb.org] Sent: Thursday, April 30, 2009 3:39 PM To: NT System Admin Issues Subject: Re: Remote access options TS 2008, Gateway Role, is over SSL onl�� I set up a nat on my firewall and https only to the gateway server and that's all you need to do (other than configuring the Gateway role, getting a certificate for the farm, blah blah blah.)�� Jeff Brown 2jbr...@gmail.com 4/30/2009 1:29 PM Our firewall allows for a relatively simple ssl connection, which then grants access to a TS server. Very simple to deploy and use, and (I think) more secure than a hole straight through to a TS server on network or DMZ. On Thu, Apr 30, 2009 at 11:37 AM, Tom Miller tmil...@hnncsb.org wrote: Terminal Server 2008 has the Gateway role for external users. Still clunky compared to Citrix, but much less costly. I have a Citrix farm for external users, and starting to use Terminal Server for internal users. I'd go 100% Citrix if it were not so ridiculously expensive. Tom Miller Engineer, Information Technology Hampton-Newport News Community Services Board 757-788-0528 Erik Goldoff egold...@gmail.com 4/30/2009 12:23 PM You *could* try a quick rollout of Terminal Server, temporary licenses are good for 90 days ( still true I think ) Erik Goldoff IT Consultant Systems, Networks, Security From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Thursday, April 30, 2009 12:17 PM To: NT System Admin Issues Subject: RE: Remote access options Thats more the waym leaning as well, dont want to put more processing load than necessary on the firewall. But, push come to shove, if they demand something within a day or two, VPN would have to be used, as I dot have the web stuff for Citrix, or an Access Gateway setup. Joe Heaton Employment Training Panel From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Thursday, April 30, 2009 8:46 AM To: NT System Admin Issues Subject: RE: Remote access options my choice to connect a disparate collection of nonstandard home users from their own equipment would be Terminal Server / Citrix , *should* keep your interior network more secure than a VPN tunnel. And not being familiar with your firewall or quantities of tunnels needed, performance may be an issue. If you have large numbers of 3DES or better encrypted tunnels ( large relating to the capabilities of your firewall ) then you could overwhelm the firewall processor and buffers, impacting overall performance and reliability of network connections. RDP/ICA is simply traffic the firewall will process, and not spend time encrypting/decrypting with whatever VPN encryption engine it has Erik Goldoff IT Consultant Systems, Networks, Security From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Thursday, April 30, 2009 11:40 AM To: NT System Admin Issues Subject: Remote access options With thepandemi, ve been tasked with coming up with a plan for remote access, in order to keep the business running, in case of having to have people stay home. So, with that, ve decided to ask you guys what youre using/doing, for teleworking. A couple of options I thought of off the top of my head: 1) VPN simple, gives the user a good desktop experience. Slow, at least slower than working from your desk. 2) Citrix same as above, can publish specific apps, or entire desktop if needed. Low bandwidth requirements. I listed those two, as our firewall has built-in VPN capabilities, which we are currently using, and therefore would be the quickest option to implement. We also have Citrix already, although only a single server, running PS 4.0. I know Id want to implement an Access Gateway, etc with the Citrix option. Thanks, Joe Heaton AISA Employment Training Panel 1100 J Street, 4th Floor Sacramento, CA 95814 (916) 327-5276 jhea...@etp.ca.gov pr�� p��� �� pr�� Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If
Re: Spam filters
Maia Mailguard. Install it on a FreeBSD box running Postfix and clamav, make it your mail gateway, and you've got a cheap and incredibly effective spam/AV killer. On Wed, Apr 29, 2009 at 08:08, Jay Dale jd...@xpresstel.com wrote: Hey guys, I am a pretty new customer of VIPRE and like what I’ve seen so far. Sold it to a couple of small customers with no complaints as of yet. My question is regarding email spam filtering. I know a lot of you VIPRE users perhaps are using Ninja, which I’m assuming is server-based. For years I have been using Katharion, which is similar to Postini as an offsite-based filter. I’m just curious as to what you guys prefer when it comes to these kinds of apps, or if you prefer appliance-based filtering. Thanks, Jay Jay Dale • I.T. Director Xpresstel, Inc • Telecom I.T. Solutions 8515 Jackrabbit Rd• Ste T• Houston, TX 77095 Office: 281-856-8335 • Fax: 281-856-8399 http://www.xpresstel.com THE INFORMATION CONTAINED IN THIS TRANSMISSION IS A PRIVILEGED FIRM-CLIENT COMMUNICATION, WORK PRODUCT AND/OR CONFIDENTIAL COMMUNICATION OF INFORMATION INTENDED FOR THE USE OF THE INDIVIDUAL OR ENTITY NAMED ABOVE. IF THE READER OF THIS MESSAGE IS NOT THE INTENDED RECIPIENT, YOU ARE HEREBY NOTIFIED THAT ANY DISSEMINATION, DISTRIBUTION OR COPYING OF THIS COMMUNICATION IS STRICTLY PROHIBITED. IF YOU HAVE RECEIVED THIS EMAIL IN ERROR, PLEASE IMMEDIATELY SEND A REPLY AND DELETE THE EMAIL PROMPTLY. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Forefront
I was just not happen that our resellar did not make the SQL requirement clear up front. I am just reading the installation Guide and it suggests: SQL Server 2005 Standard Edition (and above), SQL Server 2005 Express Edition, or SQL Server 2000 You have more than 2000 users? I saw somewhere that 2000 users was the limit I think for Express... That would make this cheap? $100.00 per console, and $13.00 per client. jlc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Forefront
Doesn't Express have a 4GB database size limit? Might want to factor that in as well. From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Thursday, April 30, 2009 4:52 PM To: NT System Admin Issues Subject: RE: Forefront I was just not happen that our resellar did not make the SQL requirement clear up front. I am just reading the installation Guide and it suggests: SQL Server 2005 Standard Edition (and above), SQL Server 2005 Express Edition, or SQL Server 2000 You have more than 2000 users? I saw somewhere that 2000 users was the limit I think for Express... That would make this cheap? $100.00 per console, and $13.00 per client. jlc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Forefront
My 2pennies worth: As I have to deal with SQL quite often, I find this page quite helpful when comparing 2005 features: http://www.microsoft.com/Sqlserver/2005/en/us/compare-features.aspx The main things that I look at between express and full versions are CPU/RAM recognization, database size limitations, and ability to run maintenance plans in SQL (which aren't included with express). Sincerely, Eric Hanna Lead Enterprise Technical Services Specialist Sunbelt Software From: Richard Stovall [mailto:richard.stov...@researchdata.com] Sent: Thursday, April 30, 2009 4:57 PM To: NT System Admin Issues Subject: RE: Forefront Doesn't Express have a 4GB database size limit? Might want to factor that in as well. From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Thursday, April 30, 2009 4:52 PM To: NT System Admin Issues Subject: RE: Forefront I was just not happen that our resellar did not make the SQL requirement clear up front. I am just reading the installation Guide and it suggests: SQL Server 2005 Standard Edition (and above), SQL Server 2005 Express Edition, or SQL Server 2000 You have more than 2000 users? I saw somewhere that 2000 users was the limit I think for Express... That would make this cheap? $100.00 per console, and $13.00 per client. jlc ... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Forefront
The big difference you'll find with Forefront (and most of the System Center products also) is the limited capabilities of Reporting Services in Express edition. There is an add-on for SQL Express that allows for better SRS ability than what you get out of the box. (Unfortunately its name slips my mind at the moment.) TVK From: Eric Hanna [mailto:eri...@sunbelt-software.com] Sent: Thursday, April 30, 2009 4:04 PM To: NT System Admin Issues Subject: RE: Forefront My 2pennies worth: As I have to deal with SQL quite often, I find this page quite helpful when comparing 2005 features: http://www.microsoft.com/Sqlserver/2005/en/us/compare-features.aspx The main things that I look at between express and full versions are CPU/RAM recognization, database size limitations, and ability to run maintenance plans in SQL (which aren't included with express). Sincerely, Eric Hanna Lead Enterprise Technical Services Specialist Sunbelt Software From: Richard Stovall [mailto:richard.stov...@researchdata.com] Sent: Thursday, April 30, 2009 4:57 PM To: NT System Admin Issues Subject: RE: Forefront Doesn't Express have a 4GB database size limit? Might want to factor that in as well. From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Thursday, April 30, 2009 4:52 PM To: NT System Admin Issues Subject: RE: Forefront I was just not happen that our resellar did not make the SQL requirement clear up front. I am just reading the installation Guide and it suggests: SQL Server 2005 Standard Edition (and above), SQL Server 2005 Express Edition, or SQL Server 2000 You have more than 2000 users? I saw somewhere that 2000 users was the limit I think for Express... That would make this cheap? $100.00 per console, and $13.00 per client. jlc ... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Remote access options
On Thu, Apr 30, 2009 at 2:05 PM, Bill Songstad (WCUL) administra...@waleague.org wrote: Solution: existing VPN access through the firewall, using realvnc on windows desktops. (RDP wasn’t an option due to Linux and Mac clients at the user’s homes). FYI, there are several RDP client implementations available for Mac, Linux, and Unix. I use rdesktop from home (Linux) to work (Win 2000 and XP) all the time, and have for years. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Remote access options
Please forgive the thread hijack... I've had a question in my head for weeks. Never thought to ask it here. Duh. Is there a good Mac OS X solution for remoting from one Mac into another? Something like RDP for Macs, I guess? I'm not looking for VNC, etc. I'm really looking for the ability to take over a Mac session completely. Thanks, RS -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Thursday, April 30, 2009 5:17 PM To: NT System Admin Issues Subject: Re: Remote access options On Thu, Apr 30, 2009 at 2:05 PM, Bill Songstad (WCUL) administra...@waleague.org wrote: Solution: existing VPN access through the firewall, using realvnc on windows desktops. (RDP wasn't an option due to Linux and Mac clients at the user's homes). FYI, there are several RDP client implementations available for Mac, Linux, and Unix. I use rdesktop from home (Linux) to work (Win 2000 and XP) all the time, and have for years. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Remote access options
On Thu, Apr 30, 2009 at 11:39 AM, Joe Heaton jhea...@etp.ca.gov wrote: With the “pandemic”, I’ve been tasked with coming up with a plan for remote access, in order to keep the business running, in case of having to have people stay home. Really, there are two high-level problems here: P1. Getting secure network transport from the field to the office P2. Running stuff that doesn't play nice over a WAN The solution to P1 should address: P1a. Protecting the transport from sniffing P1b. Authenticating the user and/or computer in the field P1c. Protecting the office network from bad things that might be on the client The reason P2 comes into play is that a lot of stuff seems to assume your network will have a 20 ms RTT. That isn't the case for most Internet connections. Unfortunately, that lot of stuff includes Windows Explorer and Microsoft Office. Browsing a file share over an Internet link is typically painfully slow. One category of solutions to P1 are VPNs. Technologically speaking, there's not much difference between an IPsec VPN and an SSL VPN. The latter just typically include some kind of Java applet or ActiveX control that automatically installs via a web page. Pondering the wisdom or folly of automatically distributing your secure remote access solution via a web browser to a random computer is left as an exercise for the reader. Solving P1a is pretty much a no-brainer these days. Lots of good crypto out there. The hard part is securing the endpoint (P1b and P1c), which is outside the encryption tunnel. For P1b, whether you want passwords or strong authentication (certificates, OTP fobs, etc.) is up to you. In this day and age, I really think passwords are too weak for remote access for all but the smallest of organizations. But a lot of places still use them for remote access, because doing more means more work, and security is usually seen as something to get around, rather than something that should be embraced. For P1c: Any kind of VPN tunnel (SSL, IPsec, OpenVPN, etc.) can be controlled with a firewall. If you're not strongly managing your VPN clients, this is highly recommended. For example, allow only RDP (TCP/3389) through the VPN tunnel to your network. As an additional measure for P1c, some remote access packages also include software which is supposed to make sure the client is clean, i.e., has up-to-date anti-virus or whatever. I don't trust these things. I've seen way too many home computers swarming with malware but which AV software said was fine. My opinion; others disagree; YMMV. For P1, we use OpenVPN (free). We only allow company-owned, strongly-managed computers to connect via VPN. X.509 public key certificates are used to authenticate client computers. It works pretty well -- for P1. Does nothing for P2. There are two general approaches to P2: Remote control or WAN acceleration. Remote control means things like RDP, VNC, etc. You bypass the slowness by running the software on the LAN and shipping the display over the WAN. If there are a bunch of desktop PCs on the LAN, and the field computers can use those, you're in good shape. Our big problem is that many of the people who want remote access are using their company laptop, so there's nothing to RDP to. Sometimes they can use desktop PCs. I want to get a dedicated Terminal Server but no budget so far. :-( Citrix is essentially a solution to P1 and P2 packaged up in the same product. They use the remote control method for P2, obviously. WAN acceleration does some kind of magic at the network layer to fool things into working faster. I've read several accounts that say the good ones really do work. The problem is they're fiercely expensive. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: DFS issues
On Thu, Apr 30, 2009 at 2:45 PM, John Aldrich jaldr...@blueridgecarpet.com wrote: However, I do have a question – how much space do I need to make sure I have available for “staging” of DFS? I believe it's basically the size of the changed files that haven't finished replicating yet. So it depends on how much changed data you expect to have queued up, which in turn depends on much data churn you have and how fast the replication can run. Not sure how DFS-R plays into things. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Windows Internal Database on SBS
look at the created databases to decide. however, in general, the two you name are the only ones involved. From: Jonathan Link [jonathan.l...@gmail.com] Sent: Thursday, April 30, 2009 11:07 AM To: NT System Admin Issues Subject: Windows Internal Database on SBS My estemed predecessor in his infinite wisdom decided to install everything for SBS all at one time and all on the system volume. He left me with an aborted installation of Sharepoint and WSUS which I've finally gotten around to cleaning up. I've since removed WSUS and Sharepoint from the server, but left the Windows Internal Database (WID) alone. Is it safe to delete WID now that WSUS and Sharepoint are no longer on the server or are there other services which SBS has that rely on it? Thanks, Jonathan ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Remote access options
How many remote staff are you contemplating? The SonicWall SSL VPN 2000 appliance I just implemented works really well, and allows you to publish a TS server, or the staff's own desktops, or specific web sites, etc. SonicWall recommends 40-50 max, but license is unlimited, and it's easy to set up, and pretty darn cheap. I chose not to, but you can set it to authenticate against AD. Kurt On Thu, Apr 30, 2009 at 08:39, Joe Heaton jhea...@etp.ca.gov wrote: With the “pandemic”, I’ve been tasked with coming up with a plan for remote access, in order to keep the business running, in case of having to have people stay home. So, with that, I’ve decided to ask you guys what you’re using/doing, for teleworking. A couple of options I thought of off the top of my head: 1) VPN – simple, gives the user a good desktop experience. Slow, at least slower than working from your desk. 2) Citrix – same as above, can publish specific apps, or entire desktop if needed. Low bandwidth requirements. I listed those two, as our firewall has built-in VPN capabilities, which we are currently using, and therefore would be the quickest option to implement. We also have Citrix already, although only a single server, running PS 4.0. I know I’d want to implement an Access Gateway, etc with the Citrix option. Thanks, Joe Heaton AISA Employment Training Panel 1100 J Street, 4th Floor Sacramento, CA 95814 (916) 327-5276 jhea...@etp.ca.gov ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Remote access options
Nice assessment Ben. Sent from my hand held... -Original Message- From: Ben Scott mailvor...@gmail.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: 4/30/09 5:37 PM Subject: Re: Remote access options On Thu, Apr 30, 2009 at 11:39 AM, Joe Heaton jhea...@etp.ca.gov wrote: With the “pandemic”, I’ve been tasked with coming up with a plan for remote access, in order to keep the business running, in case of having to have people stay home. Really, there are two high-level problems here: P1. Getting secure network transport from the field to the office P2. Running stuff that doesn't play nice over a WAN The solution to P1 should address: P1a. Protecting the transport from sniffing P1b. Authenticating the user and/or computer in the field P1c. Protecting the office network from bad things that might be on the client The reason P2 comes into play is that a lot of stuff seems to assume your network will have a 20 ms RTT. That isn't the case for most Internet connections. Unfortunately, that lot of stuff includes Windows Explorer and Microsoft Office. Browsing a file share over an Internet link is typically painfully slow. One category of solutions to P1 are VPNs. Technologically speaking, there's not much difference between an IPsec VPN and an SSL VPN. The latter just typically include some kind of Java applet or ActiveX control that automatically installs via a web page. Pondering the wisdom or folly of automatically distributing your secure remote access solution via a web browser to a random computer is left as an exercise for the reader. Solving P1a is pretty much a no-brainer these days. Lots of good crypto out there. The hard part is securing the endpoint (P1b and P1c), which is outside the encryption tunnel. For P1b, whether you want passwords or strong authentication (certificates, OTP fobs, etc.) is up to you. In this day and age, I really think passwords are too weak for remote access for all but the smallest of organizations. But a lot of places still use them for remote access, because doing more means more work, and security is usually seen as something to get around, rather than something that should be embraced. For P1c: Any kind of VPN tunnel (SSL, IPsec, OpenVPN, etc.) can be controlled with a firewall. If you're not strongly managing your VPN clients, this is highly recommended. For example, allow only RDP (TCP/3389) through the VPN tunnel to your network. As an additional measure for P1c, some remote access packages also include software which is supposed to make sure the client is clean, i.e., has up-to-date anti-virus or whatever. I don't trust these things. I've seen way too many home computers swarming with malware but which AV software said was fine. My opinion; others disagree; YMMV. For P1, we use OpenVPN (free). We only allow company-owned, strongly-managed computers to connect via VPN. X.509 public key certificates are used to authenticate client computers. It works pretty well -- for P1. Does nothing for P2. There are two general approaches to P2: Remote control or WAN acceleration. Remote control means things like RDP, VNC, etc. You bypass the slowness by running the software on the LAN and shipping the display over the WAN. If there are a bunch of desktop PCs on the LAN, and the field computers can use those, you're in good shape. Our big problem is that many of the people who want remote access are using their company laptop, so there's nothing to RDP to. Sometimes they can use desktop PCs. I want to get a dedicated Terminal Server but no budget so far. :-( Citrix is essentially a solution to P1 and P2 packaged up in the same product. They use the remote control method for P2, obviously. WAN acceleration does some kind of magic at the network layer to fool things into working faster. I've read several accounts that say the good ones really do work. The problem is they're fiercely expensive. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Windows Internal Database on SBS
Thanks for the confirmation. I did look at the databases, and WSUS and Sharepoint were the only ones I saw, so I did go ahead and remove it before I took the server down for some planned down time this evening. On Thu, Apr 30, 2009 at 6:17 PM, Michael B. Smith mich...@owa.smithcons.com wrote: look at the created databases to decide. however, in general, the two you name are the only ones involved. -- *From:* Jonathan Link [jonathan.l...@gmail.com] *Sent:* Thursday, April 30, 2009 11:07 AM *To:* NT System Admin Issues *Subject:* Windows Internal Database on SBS My estemed predecessor in his infinite wisdom decided to install everything for SBS all at one time and all on the system volume. He left me with an aborted installation of Sharepoint and WSUS which I've finally gotten around to cleaning up. I've since removed WSUS and Sharepoint from the server, but left the Windows Internal Database (WID) alone. Is it safe to delete WID now that WSUS and Sharepoint are no longer on the server or are there other services which SBS has that rely on it? Thanks, Jonathan ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Remote access options
Hi Richard, Built-in Screen Sharing is one option, though I have only had luck with it if machines are close by (read, same subnet). VNC access is also built-in. I use Chicken of the VNC as a client to remote to other Mac workstations. As an alternative to these free options, have a look at Timbuktu Pro. hth, Andrew. On Thu, Apr 30, 2009 at 5:30 PM, Richard Stovall richard.stov...@researchdata.com wrote: Please forgive the thread hijack... I've had a question in my head for weeks. Never thought to ask it here. Duh. Is there a good Mac OS X solution for remoting from one Mac into another? Something like RDP for Macs, I guess? I'm not looking for VNC, etc. I'm really looking for the ability to take over a Mac session completely. Thanks, RS -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Thursday, April 30, 2009 5:17 PM To: NT System Admin Issues Subject: Re: Remote access options On Thu, Apr 30, 2009 at 2:05 PM, Bill Songstad (WCUL) administra...@waleague.org wrote: Solution: existing VPN access through the firewall, using realvnc on windows desktops. (RDP wasn't an option due to Linux and Mac clients at the user's homes). FYI, there are several RDP client implementations available for Mac, Linux, and Unix. I use rdesktop from home (Linux) to work (Win 2000 and XP) all the time, and have for years. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Remote access options
Agreed, but not an inexpensive solution to say the least ... and I'm guessing that as a government agency, they no longer have an unlimited budget Erik Goldoff IT Consultant Systems, Networks, Security _ From: Louis, Joe [mailto:jlo...@guardianalarm.com] Sent: Thursday, April 30, 2009 2:11 PM To: NT System Admin Issues Subject: RE: Remote access options IMHO, Citrix is a great answer for remote users in a contingency like this. Roll out of new apps is pretty quick and you don't have to go worry about rolling out and app to a remote desktop. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Remote access options
The Screen Sharing is powered by Bonjour, which is a non-routable protocol. There is Apple Remote Desktop, but I*think* that only comes on an X Serve. From: Andrew Laya [mailto:andrew.l...@gmail.com] Sent: Thursday, April 30, 2009 5:20 PM To: NT System Admin Issues Subject: Re: Remote access options Hi Richard, Built-in Screen Sharing is one option, though I have only had luck with it if machines are close by (read, same subnet). VNC access is also built-in. I use Chicken of the VNC as a client to remote to other Mac workstations. As an alternative to these free options, have a look at Timbuktu Pro. hth, Andrew. On Thu, Apr 30, 2009 at 5:30 PM, Richard Stovall richard.stov...@researchdata.commailto:richard.stov...@researchdata.com wrote: Please forgive the thread hijack... I've had a question in my head for weeks. Never thought to ask it here. Duh. Is there a good Mac OS X solution for remoting from one Mac into another? Something like RDP for Macs, I guess? I'm not looking for VNC, etc. I'm really looking for the ability to take over a Mac session completely. Thanks, RS -Original Message- From: Ben Scott [mailto:mailvor...@gmail.commailto:mailvor...@gmail.com] Sent: Thursday, April 30, 2009 5:17 PM To: NT System Admin Issues Subject: Re: Remote access options On Thu, Apr 30, 2009 at 2:05 PM, Bill Songstad (WCUL) administra...@waleague.orgmailto:administra...@waleague.org wrote: Solution: existing VPN access through the firewall, using realvnc on windows desktops. (RDP wasn't an option due to Linux and Mac clients at the user's homes). FYI, there are several RDP client implementations available for Mac, Linux, and Unix. I use rdesktop from home (Linux) to work (Win 2000 and XP) all the time, and have for years. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
