RE: Win2003 DC on Win2000 domain
Hi, Unless you have proper procedures for safegaurding this stuff, and legals in place, I would do this all on the customer's premises (or wherever they instruct you to work) on their equipment. They must have a budget for this (otherwise how are they paying you?), and it becomes a cost of part of the project. If someone breaks into their offices and steals a server, that's not your problem then. Now, I have a bunch of commercially sensitive stuff on my laptop (as do most/all of our other consultants). But we have our risk management in place (e.g. Bitlocker-ed laptops, Exchange sync policy enforcement for phones, IRM/RMS, policy documents we have to sign etc), and we have the contractual stuff in place to indemnify us against customer lawsuits (and no doubt the necessary insurance cover as well). Cheers Ken From: Erik Goldoff [egold...@gmail.com] Sent: Wednesday, 8 July 2009 3:54 PM To: NT System Admin Issues Subject: RE: Win2003 DC on Win2000 domain What happens when you tell the customer you’ve made a backup of their whatever and their office burns down a couple days later? You're wy off base here ... there are too many theoreticals ... what happens, if during the upgrade, something goes wrong and the active directory metabase becomes corrupt... they have no internal backups, I don't make a copy, and now they cannot login to their network resources ... I can still be sued for free, and the probability of that scenario happening is much higher than a bus running over my laptop. And if their office burns down, they're gonna need more than the DC image I have, not to mention that I explicitly state the purpose of the backup copy I make, 'to recover if the upgrade process goes wrong' ... period ... I understand your perspective on the situation, but sorry, it just won't fly in the real world dealing with SOHO and Small business sites. Your data center fires is a neat story, but for Soho and Small business, their 'data center' is usually a commandeered closet or corner with a collection of servers ... note that this issue revolves around upgrading from Windows 2000 ??? Not a technilogically current installation, no spare server or desktop hardware, nor OS license to spare. I'm curious as to how you would handle the business continuity planning for a problem with the upgrade ... Erik Goldoff IT Consultant Systems, Networks, Security From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Wednesday, July 08, 2009 1:34 AM To: NT System Admin Issues Subject: RE: Win2003 DC on Win2000 domain Yes pretty much. Here’s another way I’d think of this. What’s your liability insurance got to say about this bonus service? What happens when you tell the customer you’ve made a backup of their whatever and their office burns down a couple days later? Sure you can just restore that bonus backup except your laptop got runover by a bus in between the backup and the fire. A colleague had some wise words for me the first time I did a gig at a legal services customer – “Just remember, they can sue you for free.” Many customers I deal with, offsite backups consist of tapes going in these heavy duty metal boxes with locks on them. The boxes are barcoded or numbered or something and a guy comes to pick them up, signs for them, and the offsite people basically guarantee their safety until you sign for them when they come back. The delivery guy also drops off any locked tape boxes whose retention policies dictate their return as they’ve expired. In the unlikely event of some major crisis, the offsite people are on the nut to get your box of tapes somewhere in some prearranged guaranteed time window. Some customers are also sending stuff live (e.g. replicas on standby hardware) into a 3rd party datacenter designed for this sort of fallback plan (e.g. Sungard). They also have contracts where if their computer room burns down or something the vendor is on the nut to provide K servers of approximate configuration Z in location Y within X hours of notification of the requirement. These vendors have the kind of capacity and capability to deal with something like 9/11 or Katrina if the customer has the action plan to respond. Or perhaps something more simple like the two datacenter fires this past weekend – Seattle and Toronto both had high rise carrier hotel fires. One of them, I forget which, the electrical busing between floors was completely hosed (literally) from what I heard. Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 Active Directory, 4th Ed - http://www.briandesmond.com/ad4/ Microsoft MVP - https://mvp.support.microsoft.com/profile/Brian ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Can't change hidden attribute, nor take ownership, of a file
Give a look at the comparison table of several unlocking programs at http://ccollomb.free.fr/unlocker/ I have used unlocker in cases like yours, and it made the job. Roberto Grippi 2009/7/7 Don Guyer don.gu...@prufoxroach.com No wonder it’s causing an issue, it’s Ed Rendell! J Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com *From:* michael.le...@pha.phila.gov [mailto:michael.le...@pha.phila.gov] *Sent:* Tuesday, July 07, 2009 12:40 PM *To:* NT System Admin Issues *Subject:* Can't change hidden attribute, nor take ownership, of a file Win2003. One of my users seems to have created a file that is name ._x.JPG (I think this may have come from one of my very few Mac users, but I don't know that for certain). Anyway, I see the file in Windows Explorer, and it has an attribute of H (hidden). But I can't seem to change it to be non-hidden. I can't take ownership of the file - clicking Properties shows me only 1 tab - General. There is no Security tab. I have verified that the file system is NTFS. I can not rename the file, either- Cannot rename file: cannot read from source file or disk. (this is the only file this happens on, so I am convinced that the problem is this file, not the disk) From a command prompt, I see the file when I do a dir /a. 04/27/2004 03:44 PM55,554 ._49 Greene Rendell.JPG However, I can not change the attribute. attrib -h * Unable to change attribute - F:\Temp\._49 Greene Rendell.JPG I am unable to take ownership of the file, either, because apparently the file can't be found ... subinacl /file ._49 Greene Rendell.JPG /display=owner ._49 Greene Rendell.JPG - CreateFile Error : 2 The system cannot find the file specified. Elapsed Time: 00 00:00:00 Done:1, Modified0, Failed1, Syntax errors0 Last Done : ._49 Greene Rendell.JPG Last Failed: ._49 Greene Rendell.JPG - CreateFile Error : 2 The system cannot find the file specified. At this point, I am stumped. I can't change attributes, I can't rename, I can't take ownership (thinking that perhaps I could rename it that way). Thoughts? Pointers? Clues? etc -- Michael Leone Network Administrator, ISM Philadelphia Housing Authority 2500 Jackson St Philadelphia, PA 19145 Tel: 215-684-4180 Cell: 215-252-0143 mailto:michael.le...@pha.phila.gov -- Dr. Roberto Grippi ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: New IE zero day exploit in the wild
Same here, we can't roll out IE7 to a specific dept here as the company is looking for 50K just to support it on IE7. The best thing about it is, IE7 was released before we got the application, it'll work in ie7, but not supported. I've had to decline IE7 in wsus just to make sure that it doesn't get installed accidentally. Regards Tony Patton Desktop Operations Cavan Ext 8078 Direct Dial 049 435 2878 email: tony.pat...@quinn-insurance.com Sherry Abercrombie saber...@gmail.com 07/07/2009 17:22 Please respond to NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com To NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com cc Subject Re: New IE zero day exploit in the wild LOL, but isn't it the computer if it's a Macseriously, I do understand. I'm still stuck at IE6 because of two stupid enterprise applications that haven't been officially sanctioned by the mfg to run in IE7 or above. On Tue, Jul 7, 2009 at 11:12 AM, paul chinnery pdw1...@hotmail.com wrote: I know, Sherry. But try to teach that to all the users. I still have a few who think the monitor IS the computer. Date: Tue, 7 Jul 2009 10:54:41 -0500 Subject: Re: New IE zero day exploit in the wild From: saber...@gmail.com To: ntsysadmin@lyris.sunbelt-software.com IE Tabs will work for just about everything IE in FF. On Tue, Jul 7, 2009 at 10:51 AM, paul chinnery pdw1...@hotmail.com wrote: Same here. (I so wish we could use FF but a couple of our apps won't run if we do so I have to be content with using it myself.) Date: Tue, 7 Jul 2009 11:29:13 -0400 Subject: Re: New IE zero day exploit in the wild From: lee.doug...@gmail.com To: ntsysadmin@lyris.sunbelt-software.com Yes, on several XP machines. So far nothing is broken, at least. On Tue, Jul 7, 2009 at 11:17 AM, J Kyo jky...@gmail.com wrote: Curious if anyone has used the Microsoft Fix It from: http://support.microsoft.com/kb/972890. On Mon, Jul 6, 2009 at 6:24 PM, Carl Houseman c.house...@gmail.com wrote: Recommendation from MS is to set the killbits everywhere. http://www.microsoft.com/technet/security/advisory/972890.mspx Carl From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Monday, July 06, 2009 9:06 PM To: NT System Admin Issues Subject: RE: New IE zero day exploit in the wild Seems to be XP / Windows Server 2003 only? Cheers Ken From: Alex Eckelberry [al...@sunbelt-software.com] Sent: Tuesday, 7 July 2009 5:56 AM To: NT System Admin Issues Subject: New IE zero day exploit in the wild Our labs have confirmed this and it is quite nasty. Best bet for now is to set the killbits. Or don't use IE. Some references: Microsoft: http://www.microsoft.com/technet/security/advisory/972890.mspx SANS: http://isc.sans.org/diary.html?storyid=6733 I would take this one quite seriously. Alex Windows Live?: Keep your life in sync. Check it out. -- Sherry Abercrombie Any sufficiently advanced technology is indistinguishable from magic. Arthur C. Clarke Lauren found her dream laptop. Find the PC that?s right for you. -- Sherry Abercrombie Any sufficiently advanced technology is indistinguishable from magic. Arthur C. Clarke http://www.quinn-insurance.com This e-mail is intended only for the addressee named above. The contents should not be copied nor disclosed to any other person. Any views or opinions expressed are solely those of the sender and do not necessarily represent those of QUINN-Insurance, unless otherwise specifically stated . As internet communications are not secure, QUINN-Insurance is not responsible for the contents of this message nor responsible for any change made to this message after it was sent by the original sender. Although virus scanning is used on all inbound and outbound e-mail, we advise you to carry out your own virus check before opening any attachment. We cannot accept liability for any damage sustained as a result of any software viruses. QUINN-Life Direct Limited is regulated by the Financial Regulator. QUINN-Insurance Limited is regulated by the Financial Regulator and regulated by the Financial Services Authority for the conduct of UK business. QUINN-Life Direct Limited is registered in Ireland, registration number 292374 and is a private company limited by shares. QUINN-Insurance Limited is registered in Ireland, registration number 240768 and is a private company limited by shares. Both companies have their head office at Dublin Road, Cavan, Co. Cavan. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: New IE zero day exploit in the wild
PFE32 was a life saver in the day :-) think Notepad++ is now the most used app on my work PC, for text, vbscript, logs regfiles. Regards Tony Patton Desktop Operations Cavan Ext 8078 Direct Dial 049 435 2878 email: tony.pat...@quinn-insurance.com Kurt Buff kurt.b...@gmail.com 07/07/2009 17:41 Please respond to NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com To NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com cc Subject Re: New IE zero day exploit in the wild I'm just pushing out the .reg file in the login script: regedit /s \\fileserver\public\patches\videokillbits.reg The file was easy to create, in a capable editor (not notepad or wordpad) that allows metacharacter search and replace, such as '\n' for CRLF and '\t' for tab. I used the ancient, no-longer-supported PFE32. I really should switch to VIM, I suppose. On Tue, Jul 7, 2009 at 08:40, Eric Wittersheimeric.wittersh...@gmail.com wrote: I'm pushing out the .reg via GP. So far so good. On Tue, Jul 7, 2009 at 10:38 AM, David Lum david@nwea.org wrote: The ?Microsoft fix-it? is an MSI that I am pushing via SMS and is pushing fine (so far just a few test cases have it, but no issues). Beats trying to push out a .REG or something? David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 From: J Kyo [mailto:jky...@gmail.com] Sent: Tuesday, July 07, 2009 8:18 AM To: NT System Admin Issues Subject: Re: New IE zero day exploit in the wild Curious if anyone has used the Microsoft Fix It from: http://support.microsoft.com/kb/972890. On Mon, Jul 6, 2009 at 6:24 PM, Carl Houseman c.house...@gmail.com wrote: Recommendation from MS is to set the killbits everywhere. http://www.microsoft.com/technet/security/advisory/972890.mspx Carl From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Monday, July 06, 2009 9:06 PM To: NT System Admin Issues Subject: RE: New IE zero day exploit in the wild Seems to be XP / Windows Server 2003 only? Cheers Ken From: Alex Eckelberry [al...@sunbelt-software.com] Sent: Tuesday, 7 July 2009 5:56 AM To: NT System Admin Issues Subject: New IE zero day exploit in the wild Our labs have confirmed this and it is quite nasty. Best bet for now is to set the killbits. Or don't use IE. Some references: Microsoft: http://www.microsoft.com/technet/security/advisory/972890.mspx SANS: http://isc.sans.org/diary.html?storyid=6733 I would take this one quite seriously. Alex ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ http://www.quinn-insurance.com This e-mail is intended only for the addressee named above. The contents should not be copied nor disclosed to any other person. Any views or opinions expressed are solely those of the sender and do not necessarily represent those of QUINN-Insurance, unless otherwise specifically stated . As internet communications are not secure, QUINN-Insurance is not responsible for the contents of this message nor responsible for any change made to this message after it was sent by the original sender. Although virus scanning is used on all inbound and outbound e-mail, we advise you to carry out your own virus check before opening any attachment. We cannot accept liability for any damage sustained as a result of any software viruses. QUINN-Life Direct Limited is regulated by the Financial Regulator. QUINN-Insurance Limited is regulated by the Financial Regulator and regulated by the Financial Services Authority for the conduct of UK business. QUINN-Life Direct Limited is registered in Ireland, registration number 292374 and is a private company limited by shares. QUINN-Insurance Limited is registered in Ireland, registration number 240768 and is a private company limited by shares. Both companies have their head office at Dublin Road, Cavan, Co. Cavan. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Import-mailbox duplicate behaviour
Is there a parameter to determine what happens when a dupe is detected ? -- G2 Support Network Support : Online Backups : Server Management Web: www.g2support.com Twitter: g2supporthttp://twitter.com/home?stat...@g2support Newsletter: www.g2support.com/newsletter From: Michael B. Smith [mailto:mich...@owa.smithcons.com] Sent: 08 July 2009 00:34 To: NT System Admin Issues Subject: RE: Import-mailbox duplicate behaviour My advice to you (and all other readers) - don't depend on default behavior. Specify all available parameters. From: Oliver Marshall [oliver.marsh...@g2support.com] Sent: Tuesday, July 07, 2009 4:16 PM To: NT System Admin Issues Subject: Import-mailbox duplicate behaviour Hi gang, Does anyone know what the default behaviour of the import-mailbox powershell command is when importing data in to an existing mailbox? Will duplicates occur if two emails are the same, or will it only import emails that don't already exist? Olly ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Firefox 3.5 Silent Install.
Actually to install FireFox, you just need to be a power user. Full Admin rights are _not_ required. Power User rights provide full control over the Program Files folder, but not full rights to the System32 folder. Most of our users are power users, but VERY few are admins. To get the security patches (updates) out there I download the installer and push it to computers that have older versions of FireFox through SCCM (SMS) as a silent install FireFoxSetup3.5 -ms SCCM can install with system rights. I just haven't found time to push out updates to all the various Add-Ons. On Tue, Jul 7, 2009 at 4:06 PM, Angus Scott-Fleming angu...@geoapps.comwrote: On 5 Jul 2009 at 11:57, Stephen Wimberly wrote: The NTT sounds great, but can a non-admin run it and upgrade any update??? No, you have to be admin to update any program except Chrome, which installs in %APPDATA% and is completely writeable by the user who install it. Now if you had installed Firefox in %APPDATA%, each user would have a separate installation but they could update their own --- and when Chrome or FF gets 0- day-holed, so would their browsers. There are reasons why users can't update applications. I think Frontmotion makes an MSI installer for corporate deployments of Firefox. -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-290-5038 +---+ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Firefox 3.5 Silent Install.
A power user is an admin who hasn't bothered to make themselves an admin - yet. From: Stephen Wimberly [riverside...@gmail.com] Sent: Wednesday, July 08, 2009 7:39 AM To: NT System Admin Issues Subject: Re: Firefox 3.5 Silent Install. Actually to install FireFox, you just need to be a power user. Full Admin rights are _not_ required. Power User rights provide full control over the Program Files folder, but not full rights to the System32 folder. Most of our users are power users, but VERY few are admins. To get the security patches (updates) out there I download the installer and push it to computers that have older versions of FireFox through SCCM (SMS) as a silent install FireFoxSetup3.5 -ms SCCM can install with system rights. I just haven't found time to push out updates to all the various Add-Ons. On Tue, Jul 7, 2009 at 4:06 PM, Angus Scott-Fleming angu...@geoapps.commailto:angu...@geoapps.com wrote: On 5 Jul 2009 at 11:57, Stephen Wimberly wrote: The NTT sounds great, but can a non-admin run it and upgrade any update??? No, you have to be admin to update any program except Chrome, which installs in %APPDATA% and is completely writeable by the user who install it. Now if you had installed Firefox in %APPDATA%, each user would have a separate installation but they could update their own --- and when Chrome or FF gets 0- day-holed, so would their browsers. There are reasons why users can't update applications. I think Frontmotion makes an MSI installer for corporate deployments of Firefox. -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-290-5038 +---+ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Win2003 DC on Win2000 domain
I spent 4 years as a consultant to the SOHO's and I spent most of my time rebuilding systems that were never backed up and had to explain to them that ALL of their work was lost for good. I liked the customers that gave the blank stares, I could do my job without hassle. Then there's the customer that *thinks* they know what's going on because they read semi-technical magazines and question every move you make while on-site, ugh. Thanks, Jake Gardner TTC Network Administrator Ext. 246 -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Wednesday, July 08, 2009 1:21 AM To: NT System Admin Issues Subject: Re: Win2003 DC on Win2000 domain On Wed, Jul 8, 2009 at 12:59 AM, Ken Schaeferk...@adopenstatic.com wrote: I'm going to have to agree with Brian on this. Making a copy of someone's DIT isn't the same as a proper backup. I don't think Brian's questioning your professionalism here - but if I was a customer I'd be quite nervous about this to. You guys have been working for real companies too long. For SOHOs, if you say I'm making a virtual machine of an Active Directory Domain Controller on my laptop; that includes the DIT files. I'll keep it for a few days in case we have trouble you're going to get nothing but blank stares. When you then rephrase it as I'm keeping a copy of important server stuff on my laptop in case we have trouble, you'll get thanked. Remember, a lot of these sorts of places *have no backups at all*. I know that seems incomprehensible to people on this list, but for a lot of really small shops ( 5 people), their disaster recovery plan is chapter 7 bankruptcy liquidation. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ***Teletronics Technology Corporation*** This e-mail is confidential and may also be privileged. If you are not the addressee or authorized by the addressee to receive this e-mail, you may not disclose, copy, distribute, or use this e-mail. If you have received this e-mail in error, please notify the sender immediately by reply e-mail or by telephone at 267-352-2020 and destroy this message and any copies. Thank you. *** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Win2003 DC on Win2000 domain
Budget? Most SOHO's don't have $1 set aside for an IT budget. Just a couple years ago, I had a handful of customers that were still using NT4! I got them quotes for server upgrades and very very simple tape backup or backup-2-ext disk and most of them said no new purchases just fix it. I had one customer that owed my $1200 and I would keep going to his office asking for a check, he finally gave me $600 on a Thursday and on Monday the office was under new management and said my contract/payment had nothing to do with them. At least I got half, grrr. Thanks, Jake Gardner TTC Network Administrator Ext. 246 From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Wednesday, July 08, 2009 2:24 AM To: NT System Admin Issues Subject: RE: Win2003 DC on Win2000 domain Hi, Unless you have proper procedures for safegaurding this stuff, and legals in place, I would do this all on the customer's premises (or wherever they instruct you to work) on their equipment. They must have a budget for this (otherwise how are they paying you?), and it becomes a cost of part of the project. If someone breaks into their offices and steals a server, that's not your problem then. Now, I have a bunch of commercially sensitive stuff on my laptop (as do most/all of our other consultants). But we have our risk management in place (e.g. Bitlocker-ed laptops, Exchange sync policy enforcement for phones, IRM/RMS, policy documents we have to sign etc), and we have the contractual stuff in place to indemnify us against customer lawsuits (and no doubt the necessary insurance cover as well). Cheers Ken From: Erik Goldoff [egold...@gmail.com] Sent: Wednesday, 8 July 2009 3:54 PM To: NT System Admin Issues Subject: RE: Win2003 DC on Win2000 domain What happens when you tell the customer you've made a backup of their whatever and their office burns down a couple days later? You're wy off base here ... there are too many theoreticals ... what happens, if during the upgrade, something goes wrong and the active directory metabase becomes corrupt... they have no internal backups, I don't make a copy, and now they cannot login to their network resources ... I can still be sued for free, and the probability of that scenario happening is much higher than a bus running over my laptop. And if their office burns down, they're gonna need more than the DC image I have, not to mention that I explicitly state the purpose of the backup copy I make, 'to recover if the upgrade process goes wrong' ... period ... I understand your perspective on the situation, but sorry, it just won't fly in the real world dealing with SOHO and Small business sites. Your data center fires is a neat story, but for Soho and Small business, their 'data center' is usually a commandeered closet or corner with a collection of servers ... note that this issue revolves around upgrading from Windows 2000 ??? Not a technilogically current installation, no spare server or desktop hardware, nor OS license to spare. I'm curious as to how you would handle the business continuity planning for a problem with the upgrade ... Erik Goldoff IT Consultant Systems, Networks, Security From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Wednesday, July 08, 2009 1:34 AM To: NT System Admin Issues Subject: RE: Win2003 DC on Win2000 domain Yes pretty much. Here's another way I'd think of this. What's your liability insurance got to say about this bonus service? What happens when you tell the customer you've made a backup of their whatever and their office burns down a couple days later? Sure you can just restore that bonus backup except your laptop got runover by a bus in between the backup and the fire. A colleague had some wise words for me the first time I did a gig at a legal services customer - Just remember, they can sue you for free. Many customers I deal with, offsite backups consist of tapes going in these heavy duty metal boxes with locks on them. The boxes are barcoded or numbered or something and a guy comes to pick them up, signs for them, and the offsite people basically guarantee their safety until you sign for them when they come back. The delivery guy also drops off any locked tape boxes whose retention policies dictate their return as they've expired. In the unlikely event of some major crisis, the offsite people are on the nut to get your box of tapes somewhere in some prearranged guaranteed time window. Some customers are also sending stuff live (e.g. replicas on standby hardware) into a 3rd party datacenter designed for this sort of fallback plan (e.g. Sungard). They also have contracts where if their computer room burns down or something the vendor is on the nut to provide K servers of approximate configuration Z in location Y within X hours of notification of the requirement. These vendors have
RE: New IE zero day exploit in the wild
I use ConText for my script editing. Built in file-compare, color-coding, you can download all kinds of language definitions. Unfortunately it hasn't been updated since 12/2006 http://www.contexteditor.org/ Thanks, Jake Gardner TTC Network Administrator Ext. 246 From: tony patton [mailto:tony.pat...@quinn-insurance.com] Sent: Wednesday, July 08, 2009 3:18 AM To: NT System Admin Issues Subject: Re: New IE zero day exploit in the wild PFE32 was a life saver in the day :-) think Notepad++ is now the most used app on my work PC, for text, vbscript, logs regfiles. Regards Tony Patton Desktop Operations Cavan Ext 8078 Direct Dial 049 435 2878 email: tony.pat...@quinn-insurance.com Kurt Buff kurt.b...@gmail.com 07/07/2009 17:41 Please respond to NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com To NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com cc Subject Re: New IE zero day exploit in the wild I'm just pushing out the .reg file in the login script: regedit /s \\fileserver\public\patches\videokillbits.reg The file was easy to create, in a capable editor (not notepad or wordpad) that allows metacharacter search and replace, such as '\n' for CRLF and '\t' for tab. I used the ancient, no-longer-supported PFE32. I really should switch to VIM, I suppose. On Tue, Jul 7, 2009 at 08:40, Eric Wittersheimeric.wittersh...@gmail.com wrote: I'm pushing out the .reg via GP. So far so good. On Tue, Jul 7, 2009 at 10:38 AM, David Lum david@nwea.org wrote: The Microsoft fix-it is an MSI that I am pushing via SMS and is pushing fine (so far just a few test cases have it, but no issues). Beats trying to push out a .REG or something... David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 From: J Kyo [mailto:jky...@gmail.com mailto:jky...@gmail.com ] Sent: Tuesday, July 07, 2009 8:18 AM To: NT System Admin Issues Subject: Re: New IE zero day exploit in the wild Curious if anyone has used the Microsoft Fix It from: http://support.microsoft.com/kb/972890 http://support.microsoft.com/kb/972890 . On Mon, Jul 6, 2009 at 6:24 PM, Carl Houseman c.house...@gmail.com wrote: Recommendation from MS is to set the killbits everywhere. http://www.microsoft.com/technet/security/advisory/972890.mspx http://www.microsoft.com/technet/security/advisory/972890.mspx Carl From: Ken Schaefer [mailto:k...@adopenstatic.com mailto:k...@adopenstatic.com ] Sent: Monday, July 06, 2009 9:06 PM To: NT System Admin Issues Subject: RE: New IE zero day exploit in the wild Seems to be XP / Windows Server 2003 only? Cheers Ken From: Alex Eckelberry [al...@sunbelt-software.com] Sent: Tuesday, 7 July 2009 5:56 AM To: NT System Admin Issues Subject: New IE zero day exploit in the wild Our labs have confirmed this and it is quite nasty. Best bet for now is to set the killbits. Or don't use IE. Some references: Microsoft: http://www.microsoft.com/technet/security/advisory/972890.mspx http://www.microsoft.com/technet/security/advisory/972890.mspx SANS: http://isc.sans.org/diary.html?storyid=6733 http://isc.sans.org/diary.html?storyid=6733 I would take this one quite seriously. Alex ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ http://www.quinn-insurance.com This e-mail is intended only for the addressee named above. The contents should not be copied nor disclosed to any other person. Any views or opinions expressed are solely those of the sender and do not necessarily represent those of QUINN-Insurance, unless otherwise specifically stated . As internet communications are not secure, QUINN-Insurance is not responsible for the contents of this message nor responsible for any change made to this message after it was sent by the original sender. Although virus scanning is used on all inbound and outbound e-mail, we advise you to carry out your own virus check before opening any attachment. We cannot accept liability for any damage sustained as a result of any software viruses. QUINN-Life Direct Limited is regulated by the Financial Regulator. QUINN-Insurance Limited is regulated by the Financial Regulator and regulated by the Financial Services Authority for the conduct of UK business. QUINN-Life Direct Limited is registered in Ireland, registration number 292374 and is a private company limited by shares. QUINN-Insurance Limited is registered in Ireland, registration number 240768 and is a private
RE: Win2003 DC on Win2000 domain
IMHO... as long as you disclose what you are doing and why you are doing it, and if the both you and the customer are comfortable with it, then I don't see the problem. Businesses that do have DR in place are savvy enough where you won't get blank stares and will voice any objections at the disclosure. I think any business would appreciate a quick restore of services. From: Jake Gardner [mailto:jgard...@ttcdas.com] Sent: Wednesday, July 08, 2009 7:19 AM To: NT System Admin Issues Subject: RE: Win2003 DC on Win2000 domain Budget? Most SOHO's don't have $1 set aside for an IT budget. Just a couple years ago, I had a handful of customers that were still using NT4! I got them quotes for server upgrades and very very simple tape backup or backup-2-ext disk and most of them said no new purchases just fix it. I had one customer that owed my $1200 and I would keep going to his office asking for a check, he finally gave me $600 on a Thursday and on Monday the office was under new management and said my contract/payment had nothing to do with them. At least I got half, grrr. Thanks, Jake Gardner TTC Network Administrator Ext. 246 From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Wednesday, July 08, 2009 2:24 AM To: NT System Admin Issues Subject: RE: Win2003 DC on Win2000 domain Hi, Unless you have proper procedures for safegaurding this stuff, and legals in place, I would do this all on the customer's premises (or wherever they instruct you to work) on their equipment. They must have a budget for this (otherwise how are they paying you?), and it becomes a cost of part of the project. If someone breaks into their offices and steals a server, that's not your problem then. Now, I have a bunch of commercially sensitive stuff on my laptop (as do most/all of our other consultants). But we have our risk management in place (e.g. Bitlocker-ed laptops, Exchange sync policy enforcement for phones, IRM/RMS, policy documents we have to sign etc), and we have the contractual stuff in place to indemnify us against customer lawsuits (and no doubt the necessary insurance cover as well). Cheers Ken From: Erik Goldoff [egold...@gmail.com] Sent: Wednesday, 8 July 2009 3:54 PM To: NT System Admin Issues Subject: RE: Win2003 DC on Win2000 domain What happens when you tell the customer you've made a backup of their whatever and their office burns down a couple days later? You're wy off base here ... there are too many theoreticals ... what happens, if during the upgrade, something goes wrong and the active directory metabase becomes corrupt... they have no internal backups, I don't make a copy, and now they cannot login to their network resources ... I can still be sued for free, and the probability of that scenario happening is much higher than a bus running over my laptop. And if their office burns down, they're gonna need more than the DC image I have, not to mention that I explicitly state the purpose of the backup copy I make, 'to recover if the upgrade process goes wrong' ... period ... I understand your perspective on the situation, but sorry, it just won't fly in the real world dealing with SOHO and Small business sites. Your data center fires is a neat story, but for Soho and Small business, their 'data center' is usually a commandeered closet or corner with a collection of servers ... note that this issue revolves around upgrading from Windows 2000 ??? Not a technilogically current installation, no spare server or desktop hardware, nor OS license to spare. I'm curious as to how you would handle the business continuity planning for a problem with the upgrade ... Erik Goldoff IT Consultant Systems, Networks, Security From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Wednesday, July 08, 2009 1:34 AM To: NT System Admin Issues Subject: RE: Win2003 DC on Win2000 domain Yes pretty much. Here's another way I'd think of this. What's your liability insurance got to say about this bonus service? What happens when you tell the customer you've made a backup of their whatever and their office burns down a couple days later? Sure you can just restore that bonus backup except your laptop got runover by a bus in between the backup and the fire. A colleague had some wise words for me the first time I did a gig at a legal services customer - Just remember, they can sue you for free. Many customers I deal with, offsite backups consist of tapes going in these heavy duty metal boxes with locks on them. The boxes are barcoded or numbered or something and a guy comes to pick them up, signs for them, and the offsite people basically guarantee their safety until you sign for them when they come back. The delivery guy also drops off any locked tape boxes whose retention policies dictate their return as they've expired.
RE: Win2003 DC on Win2000 domain
+1SOHO vs corporate is day-and-night. I support a 17-employee law firm and currently they have no backups that go offsite and I am STILL working on getting them something as simple as Mozy! In fact my biggest client (a local government) is just next week finally going beyond site-to-site (a whopping 1 mile apart) backups. At almost every small shop I've worked with (50 employees) - with the exception of one run by a former IT guy - it has been very difficult to sell the importance of backups that leave the building. If DC's couldn't run on desktop hardware that would be a tough sell too. Password policies? Don't get me started (wait, that's what THEY say). Having said that, I don't take any data off anyone's site that I didn't bring in with me. It's their risk, not mine. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 -Original Message- From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Tuesday, July 07, 2009 10:44 PM To: NT System Admin Issues Subject: RE: Win2003 DC on Win2000 domain Thank You ! Someone that gets it ! The real world versus how it should be. You folks working within a 'real' corporate IT structure don't know how good you have it ( I have been there, too ). You wouldn't believe the number of sites with no disaster recovery plan, or even backups. Of those that do have backups, some have NEVER done a test restore. I have seen too many sites fail because they could not restore from tape some otherwise critical data. And I can assure you that if they do not understand the flaw in keeping login credentials on a postit note on their monitor, nor the flaw in not having a password expiration policy, nor the flaw in letting the owner's child play on the internet with the owner's login that has full privledges, they wouldn't be worried about how my method of protecting them violates 'best practices'. Erik Goldoff IT Consultant Systems, Networks, Security -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Wednesday, July 08, 2009 1:21 AM To: NT System Admin Issues Subject: Re: Win2003 DC on Win2000 domain On Wed, Jul 8, 2009 at 12:59 AM, Ken Schaeferk...@adopenstatic.com wrote: I'm going to have to agree with Brian on this. Making a copy of someone's DIT isn't the same as a proper backup. I don't think Brian's questioning your professionalism here - but if I was a customer I'd be quite nervous about this to. You guys have been working for real companies too long. For SOHOs, if you say I'm making a virtual machine of an Active Directory Domain Controller on my laptop; that includes the DIT files. I'll keep it for a few days in case we have trouble you're going to get nothing but blank stares. When you then rephrase it as I'm keeping a copy of important server stuff on my laptop in case we have trouble, you'll get thanked. Remember, a lot of these sorts of places *have no backups at all*. I know that seems incomprehensible to people on this list, but for a lot of really small shops ( 5 people), their disaster recovery plan is chapter 7 bankruptcy liquidation. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
I'm back...
Thanks to all for helping me with my missing posts yesterday. Turns out there was an issue with Sunbelt. My apologies to all for not following list protocol. From now on I'll contact Sunbelt Support directly. Bill Lambert Windows System Administrator Concuity A healthcare division of Trintech, Inc. Phone 847-941-9206 Fax 847-465-9147 NASDAQ: TTPA The information contained in this e-mail message, including any attached files, is intended only for the personal and confidential use of the recipient(s) named above. If you are not the intended recipient (or authorized to receive information for the recipient) you are hereby notified that you have received this communication in error and that any review, dissemination, distribution, or copying of this message is strictly prohibited. If you have received this communication in error, please contact the sender by reply email and delete all copies of this message. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~image001.gif
RE: Win2003 DC on Win2000 domain
Another thing about many small shops (I consult to SMBs) is that there often isn't any sensitive data in AD. It's a list of user and computer accounts, with little if any personal info put in. A 10 person shop isn't going to bother filling in all the attributes in AD. Sometimes you don't even get last names. :-) I also work for large financials and yes, it would be significantly different in such a case. I think it's important to put in perspective what type of data one might be dealing with in this type of situation. *** Charlie Kaiser charl...@golden-eagle.org Kingman, AZ *** -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Tuesday, July 07, 2009 10:21 PM To: NT System Admin Issues Subject: Re: Win2003 DC on Win2000 domain On Wed, Jul 8, 2009 at 12:59 AM, Ken Schaeferk...@adopenstatic.com wrote: I'm going to have to agree with Brian on this. Making a copy of someone's DIT isn't the same as a proper backup. I don't think Brian's questioning your professionalism here - but if I was a customer I'd be quite nervous about this to. You guys have been working for real companies too long. For SOHOs, if you say I'm making a virtual machine of an Active Directory Domain Controller on my laptop; that includes the DIT files. I'll keep it for a few days in case we have trouble you're going to get nothing but blank stares. When you then rephrase it as I'm keeping a copy of important server stuff on my laptop in case we have trouble, you'll get thanked. Remember, a lot of these sorts of places *have no backups at all*. I know that seems incomprehensible to people on this list, but for a lot of really small shops ( 5 people), their disaster recovery plan is chapter 7 bankruptcy liquidation. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: New IE zero day exploit in the wild
You are correct of course, I stand corrected on my terminology. However, like I said, I have 400 systems and I'd rather not manually look at 400 registries to know I'm covered. The only thing that comes to mind is creating a KiX script that looks for the key values and sends output to a common .CSV file. Dave From: Carl Houseman [mailto:c.house...@gmail.com] Sent: Tuesday, July 07, 2009 2:51 PM To: NT System Admin Issues Subject: RE: New IE zero day exploit in the wild What patch? Killbit workaround is not a patch. Open the registry and look for the registry keys. Carl From: David Lum [mailto:david@nwea.org] Sent: Tuesday, July 07, 2009 5:49 PM To: NT System Admin Issues Subject: RE: New IE zero day exploit in the wild Anyone know how to confirm this patch is applied? Any tools around yet? I'd just as soon not manually check 4 or 5 machines sand assume all 400 are OK...and if I don't have to write my own script to check 'em, all the better... David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: New IE zero day exploit in the wild
If you're comfortable writing in Kix, what's stopping you? I'd do it with for /f + list-of-computers + psexec + reg query. You don't have to look for all of the reg keys, the existence of just 1 means the workaround got installed. Carl From: David Lum [mailto:david@nwea.org] Sent: Wednesday, July 08, 2009 10:24 AM To: NT System Admin Issues Subject: RE: New IE zero day exploit in the wild You are correct of course, I stand corrected on my terminology. However, like I said, I have 400 systems and I'd rather not manually look at 400 registries to know I'm covered. The only thing that comes to mind is creating a KiX script that looks for the key values and sends output to a common .CSV file. Dave From: Carl Houseman [mailto:c.house...@gmail.com] Sent: Tuesday, July 07, 2009 2:51 PM To: NT System Admin Issues Subject: RE: New IE zero day exploit in the wild What patch? Killbit workaround is not a patch. Open the registry and look for the registry keys. Carl From: David Lum [mailto:david@nwea.org] Sent: Tuesday, July 07, 2009 5:49 PM To: NT System Admin Issues Subject: RE: New IE zero day exploit in the wild Anyone know how to confirm this patch is applied? Any tools around yet? I'd just as soon not manually check 4 or 5 machines sand assume all 400 are OK.and if I don't have to write my own script to check 'em, all the better. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: New IE zero day exploit in the wild
I usually just do something like this when pushing something... echo Done \\server\publicshare\%computername%.txt OR echo %computername% \\server\share\listofpcsthatranthescript.txt Thanks, Jake Gardner TTC Network Administrator Ext. 246 From: Carl Houseman [mailto:c.house...@gmail.com] Sent: Wednesday, July 08, 2009 10:41 AM To: NT System Admin Issues Subject: RE: New IE zero day exploit in the wild If you're comfortable writing in Kix, what's stopping you? I'd do it with for /f + list-of-computers + psexec + reg query. You don't have to look for all of the reg keys, the existence of just 1 means the workaround got installed. Carl From: David Lum [mailto:david@nwea.org] Sent: Wednesday, July 08, 2009 10:24 AM To: NT System Admin Issues Subject: RE: New IE zero day exploit in the wild You are correct of course, I stand corrected on my terminology. However, like I said, I have 400 systems and I'd rather not manually look at 400 registries to know I'm covered. The only thing that comes to mind is creating a KiX script that looks for the key values and sends output to a common .CSV file. Dave From: Carl Houseman [mailto:c.house...@gmail.com] Sent: Tuesday, July 07, 2009 2:51 PM To: NT System Admin Issues Subject: RE: New IE zero day exploit in the wild What patch? Killbit workaround is not a patch. Open the registry and look for the registry keys. Carl From: David Lum [mailto:david@nwea.org] Sent: Tuesday, July 07, 2009 5:49 PM To: NT System Admin Issues Subject: RE: New IE zero day exploit in the wild Anyone know how to confirm this patch is applied? Any tools around yet? I'd just as soon not manually check 4 or 5 machines sand assume all 400 are OK...and if I don't have to write my own script to check 'em, all the better... David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ***Teletronics Technology Corporation*** This e-mail is confidential and may also be privileged. If you are not the addressee or authorized by the addressee to receive this e-mail, you may not disclose, copy, distribute, or use this e-mail. If you have received this e-mail in error, please notify the sender immediately by reply e-mail or by telephone at 267-352-2020 and destroy this message and any copies. Thank you. *** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: New IE zero day exploit in the wild
After taking local admin rights away from users my plate is less full. YMMV. On Wed, Jul 8, 2009 at 10:47 AM, Kurt Buff kurt.b...@gmail.com wrote: Yes, unfortunately, all our users are admins. It sucks, but I use it to my advantage when I can. The reason we've not done a GP is because we haven't had the luxury of studying to understand them. Our plates always seem to be full with other things. On Tue, Jul 7, 2009 at 19:04, Ken Schaeferk...@adopenstatic.com wrote: Are all your users admins? Otherwise, how is that logon script going to update HKLM? Machine-based startup script would be better idea, no? Cheers Ken From: Kurt Buff [kurt.b...@gmail.com] Sent: Wednesday, 8 July 2009 2:41 AM To: NT System Admin Issues Subject: Re: New IE zero day exploit in the wild I'm just pushing out the .reg file in the login script: regedit /s \\fileserver\public\patches\videokillbits.reg The file was easy to create, in a capable editor (not notepad or wordpad) that allows metacharacter search and replace, such as '\n' for CRLF and '\t' for tab. I used the ancient, no-longer-supported PFE32. I really should switch to VIM, I suppose. On Tue, Jul 7, 2009 at 08:40, Eric Wittersheimeric.wittersh...@gmail.com wrote: I'm pushing out the .reg via GP. So far so good. On Tue, Jul 7, 2009 at 10:38 AM, David Lum david@nwea.org wrote: The “Microsoft fix-it” is an MSI that I am pushing via SMS and is pushing fine (so far just a few test cases have it, but no issues). Beats trying to push out a .REG or something… David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: New IE zero day exploit in the wild
Question, According to the Microsoft article it looks like you need to add a whole a lot of CSLID's that need the kill bit set, is this what everyone else is doing? So basically adding each one of these CSLID's to a .reg file and then scheduling a bat file to be run at the computer startup like the following? (Call it MSVideofit.bat) :BATFILE Regedit -s MSactiveXVideoFix.reg :MsActiveXVideoFix.reg Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{011B3619-FE63-4814-8A84-15A194CE9CE3}] Compatibility Flags=dword:0400 ETC ETC (Down the list of CLSIDS below) Then set a Group policy with the computer startup script at the root of your domain, and let it rip. (So servers, workstations etc etc get the fix, you can try it at a small OU level and reg query the registry after the system is booted, to verify that it working The following Class Identifiers relate to Microsoft Video ActiveX Control: Class Identifier {011B3619-FE63-4814-8A84-15A194CE9CE3} {0149EEDF-D08F-4142-8D73-D23903D21E90} {0369B4E5-45B6-11D3-B650-00C04F79498E} {0369B4E6-45B6-11D3-B650-00C04F79498E} {055CB2D7-2969-45CD-914B-76890722F112} {0955AC62-BF2E-4CBA-A2B9-A63F772D46CF} {15D6504A-5494-499C-886C-973C9E53B9F1} {1BE49F30-0E1B-11D3-9D8E-00C04F72D980} {1C15D484-911D-11D2-B632-00C04F79498E} {1DF7D126-4050-47F0-A7CF-4C4CA9241333} {2C63E4EB-4CEA-41B8-919C-E947EA19A77C} {334125C0-77E5-11D3-B653-00C04F79498E} {37B0353C-A4C8-11D2-B634-00C04F79498E} {37B03543-A4C8-11D2-B634-00C04F79498E} {37B03544-A4C8-11D2-B634-00C04F79498E} {418008F3-CF67-4668-9628-10DC52BE1D08} {4A5869CF-929D-4040-AE03-FCAFC5B9CD42} {577FAA18-4518-445E-8F70-1473F8CF4BA4} {59DC47A8-116C-11D3-9D8E-00C04F72D980} {7F9CB14D-48E4-43B6-9346-1AEBC39C64D3} {823535A0-0318-11D3-9D8E-00C04F72D980} {8872FF1B-98FA-4D7A-8D93-C9F1055F85BB} {8A674B4C-1F63-11D3-B64C-00C04F79498E} {8A674B4D-1F63-11D3-B64C-00C04F79498E} {9CD64701-BDF3-4D14-8E03-F12983D86664} {9E77AAC4-35E5-42A1-BDC2-8F3FF399847C} {A1A2B1C4-0E3A-11D3-9D8E-00C04F72D980} {A2E3074E-6C3D-11D3-B653-00C04F79498E} {A2E30750-6C3D-11D3-B653-00C04F79498E} {A8DCF3D5-0780-4EF4-8A83-2CFFAACB8ACE} {AD8E510D-217F-409B-8076-29C5E73B98E8} {B0EDF163-910A-11D2-B632-00C04F79498E} {B64016F3-C9A2-4066-96F0-BD9563314726} {BB530C63-D9DF-4B49-9439-63453962E598} {C531D9FD-9685-4028-8B68-6E1232079F1E} {C5702CCC-9B79-11D3-B654-00C04F79498E} {C5702CCD-9B79-11D3-B654-00C04F79498E} {C5702CCE-9B79-11D3-B654-00C04F79498E} {C5702CCF-9B79-11D3-B654-00C04F79498E} {C5702CD0-9B79-11D3-B654-00C04F79498E} {C6B14B32-76AA-4A86-A7AC-5C79AAF58DA7} {CAAFDD83-CEFC-4E3D-BA03-175F17A24F91} {D02AAC50-027E-11D3-9D8E-00C04F72D980} {F9769A06-7ACA-4E39-9CFB-97BB35F0E77E} {FA7C375B-66A7-4280-879D-FD459C84BB02} Note The Class Identifiers and corresponding files where the ActiveX objects are contained are documented in the table above. Replace {----} below with the Class Identifier found in this table. To set the kill bit for a CLSID with a value of {----}, paste the following text in a text editor such as Notepad. Then, save the file by using the .reg file name extension. Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{----}] Compatibility Flags=dword:0400 You can apply this .reg file to individual systems by double-clicking it. You can also apply it across domains by using Group Policy. For more information about Group Policy, visit the following Microsoft Web sites: Please advise, going to be undertaking this shortly, and don't want to screw it up. Z Edward Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + ezi...@lifespan.org Phone:401-639-3505 -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Wednesday, July 08, 2009 10:48 AM To: NT System Admin Issues Subject: Re: New IE zero day exploit in the wild Yes, unfortunately, all our users are admins. It sucks, but I use it to my advantage when I can. The reason we've not done a GP is because we haven't had the luxury of studying to understand them. Our plates always seem to be full with other things. On Tue, Jul 7, 2009 at 19:04, Ken Schaeferk...@adopenstatic.com wrote: Are all your users admins? Otherwise, how is that logon script going to update HKLM? Machine-based startup script would be better idea, no? Cheers Ken From: Kurt Buff [kurt.b...@gmail.com] Sent: Wednesday, 8 July 2009 2:41 AM To: NT System Admin Issues Subject: Re: New IE zero day exploit in the wild I'm just pushing out the .reg file in the login script: regedit /s \\fileserver\public\patches\videokillbits.reg The file was easy to create, in a capable editor (not notepad or
Re: New IE zero day exploit in the wild
I didn't create a batch file I just created a reg file with all the lines like below. Then I created a new GP and applied it to the OU. In the GP I run the reg file in the computer start up script with the /s argument. Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{011B3619-FE63-4814-8A84-15A194CE9CE3}] Compatibility Flags=dword:0400 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0149EEDF-D08F-4142-8D73-D23903D21E90}] Compatibility Flags=dword:0400 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0369B4E5-45B6-11D3-B650-00C04F79498E}] Compatibility Flags=dword:0400 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0369B4E6-45B6-11D3-B650-00C04F79498E}] Compatibility Flags=dword:0400 On Wed, Jul 8, 2009 at 9:56 AM, Ziots, Edward ezi...@lifespan.org wrote: Question, According to the Microsoft article it looks like you need to add a whole a lot of CSLID's that need the kill bit set, is this what everyone else is doing? So basically adding each one of these CSLID's to a .reg file and then scheduling a bat file to be run at the computer startup like the following? (Call it MSVideofit.bat) :BATFILE Regedit -s MSactiveXVideoFix.reg :MsActiveXVideoFix.reg Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{011B3619-FE63-4814-8A84-15A194CE9CE3}] Compatibility Flags=dword:0400 ETC ETC (Down the list of CLSIDS below) Then set a Group policy with the computer startup script at the root of your domain, and let it rip. (So servers, workstations etc etc get the fix, you can try it at a small OU level and reg query the registry after the system is booted, to verify that it working The following Class Identifiers relate to Microsoft Video ActiveX Control: Class Identifier {011B3619-FE63-4814-8A84-15A194CE9CE3} {0149EEDF-D08F-4142-8D73-D23903D21E90} {0369B4E5-45B6-11D3-B650-00C04F79498E} {0369B4E6-45B6-11D3-B650-00C04F79498E} {055CB2D7-2969-45CD-914B-76890722F112} {0955AC62-BF2E-4CBA-A2B9-A63F772D46CF} {15D6504A-5494-499C-886C-973C9E53B9F1} {1BE49F30-0E1B-11D3-9D8E-00C04F72D980} {1C15D484-911D-11D2-B632-00C04F79498E} {1DF7D126-4050-47F0-A7CF-4C4CA9241333} {2C63E4EB-4CEA-41B8-919C-E947EA19A77C} {334125C0-77E5-11D3-B653-00C04F79498E} {37B0353C-A4C8-11D2-B634-00C04F79498E} {37B03543-A4C8-11D2-B634-00C04F79498E} {37B03544-A4C8-11D2-B634-00C04F79498E} {418008F3-CF67-4668-9628-10DC52BE1D08} {4A5869CF-929D-4040-AE03-FCAFC5B9CD42} {577FAA18-4518-445E-8F70-1473F8CF4BA4} {59DC47A8-116C-11D3-9D8E-00C04F72D980} {7F9CB14D-48E4-43B6-9346-1AEBC39C64D3} {823535A0-0318-11D3-9D8E-00C04F72D980} {8872FF1B-98FA-4D7A-8D93-C9F1055F85BB} {8A674B4C-1F63-11D3-B64C-00C04F79498E} {8A674B4D-1F63-11D3-B64C-00C04F79498E} {9CD64701-BDF3-4D14-8E03-F12983D86664} {9E77AAC4-35E5-42A1-BDC2-8F3FF399847C} {A1A2B1C4-0E3A-11D3-9D8E-00C04F72D980} {A2E3074E-6C3D-11D3-B653-00C04F79498E} {A2E30750-6C3D-11D3-B653-00C04F79498E} {A8DCF3D5-0780-4EF4-8A83-2CFFAACB8ACE} {AD8E510D-217F-409B-8076-29C5E73B98E8} {B0EDF163-910A-11D2-B632-00C04F79498E} {B64016F3-C9A2-4066-96F0-BD9563314726} {BB530C63-D9DF-4B49-9439-63453962E598} {C531D9FD-9685-4028-8B68-6E1232079F1E} {C5702CCC-9B79-11D3-B654-00C04F79498E} {C5702CCD-9B79-11D3-B654-00C04F79498E} {C5702CCE-9B79-11D3-B654-00C04F79498E} {C5702CCF-9B79-11D3-B654-00C04F79498E} {C5702CD0-9B79-11D3-B654-00C04F79498E} {C6B14B32-76AA-4A86-A7AC-5C79AAF58DA7} {CAAFDD83-CEFC-4E3D-BA03-175F17A24F91} {D02AAC50-027E-11D3-9D8E-00C04F72D980} {F9769A06-7ACA-4E39-9CFB-97BB35F0E77E} {FA7C375B-66A7-4280-879D-FD459C84BB02} Note The Class Identifiers and corresponding files where the ActiveX objects are contained are documented in the table above. Replace {----} below with the Class Identifier found in this table. To set the kill bit for a CLSID with a value of {----}, paste the following text in a text editor such as Notepad. Then, save the file by using the .reg file name extension. Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{----}] Compatibility Flags=dword:0400 You can apply this .reg file to individual systems by double-clicking it. You can also apply it across domains by using Group Policy. For more information about Group Policy, visit the following Microsoft Web sites: Please advise, going to be undertaking this shortly, and don't want to screw it up. Z Edward Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + ezi...@lifespan.org Phone:401-639-3505 -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent:
Re: Firefox 3.5 Silent Install.
Word On Wed, Jul 8, 2009 at 8:00 AM, Michael B. Smith mich...@owa.smithcons.comwrote: A power user is an admin who hasn't bothered to make themselves an admin - yet. -- *From:* Stephen Wimberly [riverside...@gmail.com] *Sent:* Wednesday, July 08, 2009 7:39 AM *To:* NT System Admin Issues *Subject:* Re: Firefox 3.5 Silent Install. Actually to install FireFox, you just need to be a power user. Full Admin rights are _not_ required. Power User rights provide full control over the Program Files folder, but not full rights to the System32 folder. Most of our users are power users, but VERY few are admins. To get the security patches (updates) out there I download the installer and push it to computers that have older versions of FireFox through SCCM (SMS) as a silent install FireFoxSetup3.5 -ms SCCM can install with system rights. I just haven't found time to push out updates to all the various Add-Ons. On Tue, Jul 7, 2009 at 4:06 PM, Angus Scott-Fleming angu...@geoapps.comwrote: On 5 Jul 2009 at 11:57, Stephen Wimberly wrote: The NTT sounds great, but can a non-admin run it and upgrade any update??? No, you have to be admin to update any program except Chrome, which installs in %APPDATA% and is completely writeable by the user who install it. Now if you had installed Firefox in %APPDATA%, each user would have a separate installation but they could update their own --- and when Chrome or FF gets 0- day-holed, so would their browsers. There are reasons why users can't update applications. I think Frontmotion makes an MSI installer for corporate deployments of Firefox. -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-290-5038 +---+ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: New IE zero day exploit in the wild
I was going to, but instead I clicked the fix it myself, and instead of running the .MSI file I downloaded it and pushed it out via SMS. Gotta love SMS...10 minutes of work and 400 systems have the workaround. Yes, that was 46 CLSID's I counted that the .REG file needed. (Excel is your friend if you want to go manually creating a .REG file from their list). Dave -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, July 08, 2009 7:57 AM To: NT System Admin Issues Subject: RE: New IE zero day exploit in the wild Question, According to the Microsoft article it looks like you need to add a whole a lot of CSLID's that need the kill bit set, is this what everyone else is doing? So basically adding each one of these CSLID's to a .reg file and then scheduling a bat file to be run at the computer startup like the following? (Call it MSVideofit.bat) :BATFILE Regedit -s MSactiveXVideoFix.reg :MsActiveXVideoFix.reg Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{011B3619-FE63-4814-8A84-15A194CE9CE3}] Compatibility Flags=dword:0400 ETC ETC (Down the list of CLSIDS below) Then set a Group policy with the computer startup script at the root of your domain, and let it rip. (So servers, workstations etc etc get the fix, you can try it at a small OU level and reg query the registry after the system is booted, to verify that it working The following Class Identifiers relate to Microsoft Video ActiveX Control: Class Identifier {011B3619-FE63-4814-8A84-15A194CE9CE3} {0149EEDF-D08F-4142-8D73-D23903D21E90} {0369B4E5-45B6-11D3-B650-00C04F79498E} {0369B4E6-45B6-11D3-B650-00C04F79498E} {055CB2D7-2969-45CD-914B-76890722F112} {0955AC62-BF2E-4CBA-A2B9-A63F772D46CF} {15D6504A-5494-499C-886C-973C9E53B9F1} {1BE49F30-0E1B-11D3-9D8E-00C04F72D980} {1C15D484-911D-11D2-B632-00C04F79498E} {1DF7D126-4050-47F0-A7CF-4C4CA9241333} {2C63E4EB-4CEA-41B8-919C-E947EA19A77C} {334125C0-77E5-11D3-B653-00C04F79498E} {37B0353C-A4C8-11D2-B634-00C04F79498E} {37B03543-A4C8-11D2-B634-00C04F79498E} {37B03544-A4C8-11D2-B634-00C04F79498E} {418008F3-CF67-4668-9628-10DC52BE1D08} {4A5869CF-929D-4040-AE03-FCAFC5B9CD42} {577FAA18-4518-445E-8F70-1473F8CF4BA4} {59DC47A8-116C-11D3-9D8E-00C04F72D980} {7F9CB14D-48E4-43B6-9346-1AEBC39C64D3} {823535A0-0318-11D3-9D8E-00C04F72D980} {8872FF1B-98FA-4D7A-8D93-C9F1055F85BB} {8A674B4C-1F63-11D3-B64C-00C04F79498E} {8A674B4D-1F63-11D3-B64C-00C04F79498E} {9CD64701-BDF3-4D14-8E03-F12983D86664} {9E77AAC4-35E5-42A1-BDC2-8F3FF399847C} {A1A2B1C4-0E3A-11D3-9D8E-00C04F72D980} {A2E3074E-6C3D-11D3-B653-00C04F79498E} {A2E30750-6C3D-11D3-B653-00C04F79498E} {A8DCF3D5-0780-4EF4-8A83-2CFFAACB8ACE} {AD8E510D-217F-409B-8076-29C5E73B98E8} {B0EDF163-910A-11D2-B632-00C04F79498E} {B64016F3-C9A2-4066-96F0-BD9563314726} {BB530C63-D9DF-4B49-9439-63453962E598} {C531D9FD-9685-4028-8B68-6E1232079F1E} {C5702CCC-9B79-11D3-B654-00C04F79498E} {C5702CCD-9B79-11D3-B654-00C04F79498E} {C5702CCE-9B79-11D3-B654-00C04F79498E} {C5702CCF-9B79-11D3-B654-00C04F79498E} {C5702CD0-9B79-11D3-B654-00C04F79498E} {C6B14B32-76AA-4A86-A7AC-5C79AAF58DA7} {CAAFDD83-CEFC-4E3D-BA03-175F17A24F91} {D02AAC50-027E-11D3-9D8E-00C04F72D980} {F9769A06-7ACA-4E39-9CFB-97BB35F0E77E} {FA7C375B-66A7-4280-879D-FD459C84BB02} Note The Class Identifiers and corresponding files where the ActiveX objects are contained are documented in the table above. Replace {----} below with the Class Identifier found in this table. To set the kill bit for a CLSID with a value of {----}, paste the following text in a text editor such as Notepad. Then, save the file by using the .reg file name extension. Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{----}] Compatibility Flags=dword:0400 You can apply this .reg file to individual systems by double-clicking it. You can also apply it across domains by using Group Policy. For more information about Group Policy, visit the following Microsoft Web sites: Please advise, going to be undertaking this shortly, and don't want to screw it up. Z Edward Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + ezi...@lifespan.org Phone:401-639-3505 -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Wednesday, July 08, 2009 10:48 AM To: NT System Admin Issues Subject: Re: New IE zero day exploit in the wild Yes, unfortunately, all our users are admins. It sucks, but I use it to my advantage when I can. The reason we've not done a GP is because we haven't had the luxury of studying to understand them. Our plates always seem to be full with other things. On Tue, Jul 7, 2009 at 19:04, Ken
RE: New IE zero day exploit in the wild
Nothing really, was just seeing if someone knew about a tool that did this already before I created my script. Dave From: Carl Houseman [mailto:c.house...@gmail.com] Sent: Wednesday, July 08, 2009 7:41 AM To: NT System Admin Issues Subject: RE: New IE zero day exploit in the wild If you're comfortable writing in Kix, what's stopping you? I'd do it with for /f + list-of-computers + psexec + reg query. You don't have to look for all of the reg keys, the existence of just 1 means the workaround got installed. Carl From: David Lum [mailto:david@nwea.org] Sent: Wednesday, July 08, 2009 10:24 AM To: NT System Admin Issues Subject: RE: New IE zero day exploit in the wild You are correct of course, I stand corrected on my terminology. However, like I said, I have 400 systems and I'd rather not manually look at 400 registries to know I'm covered. The only thing that comes to mind is creating a KiX script that looks for the key values and sends output to a common .CSV file. Dave From: Carl Houseman [mailto:c.house...@gmail.com] Sent: Tuesday, July 07, 2009 2:51 PM To: NT System Admin Issues Subject: RE: New IE zero day exploit in the wild What patch? Killbit workaround is not a patch. Open the registry and look for the registry keys. Carl From: David Lum [mailto:david@nwea.org] Sent: Tuesday, July 07, 2009 5:49 PM To: NT System Admin Issues Subject: RE: New IE zero day exploit in the wild Anyone know how to confirm this patch is applied? Any tools around yet? I'd just as soon not manually check 4 or 5 machines sand assume all 400 are OK...and if I don't have to write my own script to check 'em, all the better... David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: New IE zero day exploit in the wild
It appears that's what we're left to do on our own. Not sure why MS couldn't just provide us the .reg file ready-to-use. Or for that matter, a .msi file that works with GP. I tried assigning the msfixit .msi in a group policy, but it didn't install (on Vista anyway, didn't test w/XP after that, it worked under Vista when run interactively). My other idea, a custom .adm file to push the settings out, fell flat because a single policy can't affect multiple reg keys with a single enable/disable choice. If I'm wrong about that I'd love to hear how it's done. Carl -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, July 08, 2009 10:57 AM To: NT System Admin Issues Subject: RE: New IE zero day exploit in the wild Question, According to the Microsoft article it looks like you need to add a whole a lot of CSLID's that need the kill bit set, is this what everyone else is doing? So basically adding each one of these CSLID's to a .reg file and then scheduling a bat file to be run at the computer startup like the following? (Call it MSVideofit.bat) :BATFILE Regedit -s MSactiveXVideoFix.reg :MsActiveXVideoFix.reg Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{011B3619-FE63-4814-8A84-15A194CE9CE3}] Compatibility Flags=dword:0400 ETC ETC (Down the list of CLSIDS below) Then set a Group policy with the computer startup script at the root of your domain, and let it rip. (So servers, workstations etc etc get the fix, you can try it at a small OU level and reg query the registry after the system is booted, to verify that it working The following Class Identifiers relate to Microsoft Video ActiveX Control: Class Identifier {011B3619-FE63-4814-8A84-15A194CE9CE3} {0149EEDF-D08F-4142-8D73-D23903D21E90} {0369B4E5-45B6-11D3-B650-00C04F79498E} {0369B4E6-45B6-11D3-B650-00C04F79498E} {055CB2D7-2969-45CD-914B-76890722F112} {0955AC62-BF2E-4CBA-A2B9-A63F772D46CF} {15D6504A-5494-499C-886C-973C9E53B9F1} {1BE49F30-0E1B-11D3-9D8E-00C04F72D980} {1C15D484-911D-11D2-B632-00C04F79498E} {1DF7D126-4050-47F0-A7CF-4C4CA9241333} {2C63E4EB-4CEA-41B8-919C-E947EA19A77C} {334125C0-77E5-11D3-B653-00C04F79498E} {37B0353C-A4C8-11D2-B634-00C04F79498E} {37B03543-A4C8-11D2-B634-00C04F79498E} {37B03544-A4C8-11D2-B634-00C04F79498E} {418008F3-CF67-4668-9628-10DC52BE1D08} {4A5869CF-929D-4040-AE03-FCAFC5B9CD42} {577FAA18-4518-445E-8F70-1473F8CF4BA4} {59DC47A8-116C-11D3-9D8E-00C04F72D980} {7F9CB14D-48E4-43B6-9346-1AEBC39C64D3} {823535A0-0318-11D3-9D8E-00C04F72D980} {8872FF1B-98FA-4D7A-8D93-C9F1055F85BB} {8A674B4C-1F63-11D3-B64C-00C04F79498E} {8A674B4D-1F63-11D3-B64C-00C04F79498E} {9CD64701-BDF3-4D14-8E03-F12983D86664} {9E77AAC4-35E5-42A1-BDC2-8F3FF399847C} {A1A2B1C4-0E3A-11D3-9D8E-00C04F72D980} {A2E3074E-6C3D-11D3-B653-00C04F79498E} {A2E30750-6C3D-11D3-B653-00C04F79498E} {A8DCF3D5-0780-4EF4-8A83-2CFFAACB8ACE} {AD8E510D-217F-409B-8076-29C5E73B98E8} {B0EDF163-910A-11D2-B632-00C04F79498E} {B64016F3-C9A2-4066-96F0-BD9563314726} {BB530C63-D9DF-4B49-9439-63453962E598} {C531D9FD-9685-4028-8B68-6E1232079F1E} {C5702CCC-9B79-11D3-B654-00C04F79498E} {C5702CCD-9B79-11D3-B654-00C04F79498E} {C5702CCE-9B79-11D3-B654-00C04F79498E} {C5702CCF-9B79-11D3-B654-00C04F79498E} {C5702CD0-9B79-11D3-B654-00C04F79498E} {C6B14B32-76AA-4A86-A7AC-5C79AAF58DA7} {CAAFDD83-CEFC-4E3D-BA03-175F17A24F91} {D02AAC50-027E-11D3-9D8E-00C04F72D980} {F9769A06-7ACA-4E39-9CFB-97BB35F0E77E} {FA7C375B-66A7-4280-879D-FD459C84BB02} Note The Class Identifiers and corresponding files where the ActiveX objects are contained are documented in the table above. Replace {----} below with the Class Identifier found in this table. To set the kill bit for a CLSID with a value of {----}, paste the following text in a text editor such as Notepad. Then, save the file by using the .reg file name extension. Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{----}] Compatibility Flags=dword:0400 You can apply this .reg file to individual systems by double-clicking it. You can also apply it across domains by using Group Policy. For more information about Group Policy, visit the following Microsoft Web sites: Please advise, going to be undertaking this shortly, and don't want to screw it up. Z Edward Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + ezi...@lifespan.org Phone:401-639-3505 -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Wednesday, July 08, 2009 10:48 AM To: NT System Admin Issues Subject: Re: New IE zero day exploit in the wild Yes, unfortunately, all our users are admins. It sucks, but I use it to my advantage when I can. The reason we've not
RE: New IE zero day exploit in the wild
A while back, Jesper Johansson published a VBScript that helps with this. http://msinfluentials.com/blogs/jesper/archive/2006/09/29/Set-KillBit-on-Arbitrary-ActiveX-Controls-with-Group-Policy.aspx It writes a log file in the root of the users C: drive that indicates success or failure or not found. I've got a CMD file that consists of nothing but a bunch of slayocx.vbs commands. .Tim -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, July 08, 2009 7:57 AM To: NT System Admin Issues Subject: RE: New IE zero day exploit in the wild Question, According to the Microsoft article it looks like you need to add a whole a lot of CSLID's that need the kill bit set, is this what everyone else is doing? So basically adding each one of these CSLID's to a .reg file and then scheduling a bat file to be run at the computer startup like the following? (Call it MSVideofit.bat) :BATFILE Regedit -s MSactiveXVideoFix.reg :MsActiveXVideoFix.reg Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{011B3619-FE63-4814-8A84-15A194CE9CE3}] Compatibility Flags=dword:0400 ETC ETC (Down the list of CLSIDS below) Then set a Group policy with the computer startup script at the root of your domain, and let it rip. (So servers, workstations etc etc get the fix, you can try it at a small OU level and reg query the registry after the system is booted, to verify that it working The following Class Identifiers relate to Microsoft Video ActiveX Control: Class Identifier {011B3619-FE63-4814-8A84-15A194CE9CE3} {0149EEDF-D08F-4142-8D73-D23903D21E90} {0369B4E5-45B6-11D3-B650-00C04F79498E} {0369B4E6-45B6-11D3-B650-00C04F79498E} {055CB2D7-2969-45CD-914B-76890722F112} {0955AC62-BF2E-4CBA-A2B9-A63F772D46CF} {15D6504A-5494-499C-886C-973C9E53B9F1} {1BE49F30-0E1B-11D3-9D8E-00C04F72D980} {1C15D484-911D-11D2-B632-00C04F79498E} {1DF7D126-4050-47F0-A7CF-4C4CA9241333} {2C63E4EB-4CEA-41B8-919C-E947EA19A77C} {334125C0-77E5-11D3-B653-00C04F79498E} {37B0353C-A4C8-11D2-B634-00C04F79498E} {37B03543-A4C8-11D2-B634-00C04F79498E} {37B03544-A4C8-11D2-B634-00C04F79498E} {418008F3-CF67-4668-9628-10DC52BE1D08} {4A5869CF-929D-4040-AE03-FCAFC5B9CD42} {577FAA18-4518-445E-8F70-1473F8CF4BA4} {59DC47A8-116C-11D3-9D8E-00C04F72D980} {7F9CB14D-48E4-43B6-9346-1AEBC39C64D3} {823535A0-0318-11D3-9D8E-00C04F72D980} {8872FF1B-98FA-4D7A-8D93-C9F1055F85BB} {8A674B4C-1F63-11D3-B64C-00C04F79498E} {8A674B4D-1F63-11D3-B64C-00C04F79498E} {9CD64701-BDF3-4D14-8E03-F12983D86664} {9E77AAC4-35E5-42A1-BDC2-8F3FF399847C} {A1A2B1C4-0E3A-11D3-9D8E-00C04F72D980} {A2E3074E-6C3D-11D3-B653-00C04F79498E} {A2E30750-6C3D-11D3-B653-00C04F79498E} {A8DCF3D5-0780-4EF4-8A83-2CFFAACB8ACE} {AD8E510D-217F-409B-8076-29C5E73B98E8} {B0EDF163-910A-11D2-B632-00C04F79498E} {B64016F3-C9A2-4066-96F0-BD9563314726} {BB530C63-D9DF-4B49-9439-63453962E598} {C531D9FD-9685-4028-8B68-6E1232079F1E} {C5702CCC-9B79-11D3-B654-00C04F79498E} {C5702CCD-9B79-11D3-B654-00C04F79498E} {C5702CCE-9B79-11D3-B654-00C04F79498E} {C5702CCF-9B79-11D3-B654-00C04F79498E} {C5702CD0-9B79-11D3-B654-00C04F79498E} {C6B14B32-76AA-4A86-A7AC-5C79AAF58DA7} {CAAFDD83-CEFC-4E3D-BA03-175F17A24F91} {D02AAC50-027E-11D3-9D8E-00C04F72D980} {F9769A06-7ACA-4E39-9CFB-97BB35F0E77E} {FA7C375B-66A7-4280-879D-FD459C84BB02} Note The Class Identifiers and corresponding files where the ActiveX objects are contained are documented in the table above. Replace {----} below with the Class Identifier found in this table. To set the kill bit for a CLSID with a value of {--- -}, paste the following text in a text editor such as Notepad. Then, save the file by using the .reg file name extension. Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{----}] Compatibility Flags=dword:0400 You can apply this .reg file to individual systems by double-clicking it. You can also apply it across domains by using Group Policy. For more information about Group Policy, visit the following Microsoft Web sites: Please advise, going to be undertaking this shortly, and don't want to screw it up. Z Edward Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + ezi...@lifespan.org Phone:401-639-3505 -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Wednesday, July 08, 2009 10:48 AM To: NT System Admin Issues Subject: Re: New IE zero day exploit in the wild Yes, unfortunately, all our users are admins. It sucks, but I use it to my advantage when I can. The reason we've not done a GP is because we haven't had the luxury of studying to
RE: New IE zero day exploit in the wild
So basically you are just uploading the reg file to the computer startup script and the command you are invoking is regedit /s name_of_script ? I thought you needed to put a batch file in the computer startup script area to get that to work. Z Edward Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + ezi...@lifespan.org Phone:401-639-3505 From: Eric Wittersheim [mailto:eric.wittersh...@gmail.com] Sent: Wednesday, July 08, 2009 11:03 AM To: NT System Admin Issues Subject: Re: New IE zero day exploit in the wild I didn't create a batch file I just created a reg file with all the lines like below. Then I created a new GP and applied it to the OU. In the GP I run the reg file in the computer start up script with the /s argument. Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{011B3619-FE63-4814-8A84-15A194CE9CE3}] Compatibility Flags=dword:0400 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0149EEDF-D08F-4142-8D73-D23903D21E90}] Compatibility Flags=dword:0400 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0369B4E5-45B6-11D3-B650-00C04F79498E}] Compatibility Flags=dword:0400 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0369B4E6-45B6-11D3-B650-00C04F79498E}] Compatibility Flags=dword:0400 On Wed, Jul 8, 2009 at 9:56 AM, Ziots, Edward ezi...@lifespan.org wrote: Question, According to the Microsoft article it looks like you need to add a whole a lot of CSLID's that need the kill bit set, is this what everyone else is doing? So basically adding each one of these CSLID's to a .reg file and then scheduling a bat file to be run at the computer startup like the following? (Call it MSVideofit.bat) :BATFILE Regedit -s MSactiveXVideoFix.reg :MsActiveXVideoFix.reg Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{011B3619-FE63-4814-8A84-15A194CE9CE3}] Compatibility Flags=dword:0400 ETC ETC (Down the list of CLSIDS below) Then set a Group policy with the computer startup script at the root of your domain, and let it rip. (So servers, workstations etc etc get the fix, you can try it at a small OU level and reg query the registry after the system is booted, to verify that it working The following Class Identifiers relate to Microsoft Video ActiveX Control: Class Identifier {011B3619-FE63-4814-8A84-15A194CE9CE3} {0149EEDF-D08F-4142-8D73-D23903D21E90} {0369B4E5-45B6-11D3-B650-00C04F79498E} {0369B4E6-45B6-11D3-B650-00C04F79498E} {055CB2D7-2969-45CD-914B-76890722F112} {0955AC62-BF2E-4CBA-A2B9-A63F772D46CF} {15D6504A-5494-499C-886C-973C9E53B9F1} {1BE49F30-0E1B-11D3-9D8E-00C04F72D980} {1C15D484-911D-11D2-B632-00C04F79498E} {1DF7D126-4050-47F0-A7CF-4C4CA9241333} {2C63E4EB-4CEA-41B8-919C-E947EA19A77C} {334125C0-77E5-11D3-B653-00C04F79498E} {37B0353C-A4C8-11D2-B634-00C04F79498E} {37B03543-A4C8-11D2-B634-00C04F79498E} {37B03544-A4C8-11D2-B634-00C04F79498E} {418008F3-CF67-4668-9628-10DC52BE1D08} {4A5869CF-929D-4040-AE03-FCAFC5B9CD42} {577FAA18-4518-445E-8F70-1473F8CF4BA4} {59DC47A8-116C-11D3-9D8E-00C04F72D980} {7F9CB14D-48E4-43B6-9346-1AEBC39C64D3} {823535A0-0318-11D3-9D8E-00C04F72D980} {8872FF1B-98FA-4D7A-8D93-C9F1055F85BB} {8A674B4C-1F63-11D3-B64C-00C04F79498E} {8A674B4D-1F63-11D3-B64C-00C04F79498E} {9CD64701-BDF3-4D14-8E03-F12983D86664} {9E77AAC4-35E5-42A1-BDC2-8F3FF399847C} {A1A2B1C4-0E3A-11D3-9D8E-00C04F72D980} {A2E3074E-6C3D-11D3-B653-00C04F79498E} {A2E30750-6C3D-11D3-B653-00C04F79498E} {A8DCF3D5-0780-4EF4-8A83-2CFFAACB8ACE} {AD8E510D-217F-409B-8076-29C5E73B98E8} {B0EDF163-910A-11D2-B632-00C04F79498E} {B64016F3-C9A2-4066-96F0-BD9563314726} {BB530C63-D9DF-4B49-9439-63453962E598} {C531D9FD-9685-4028-8B68-6E1232079F1E} {C5702CCC-9B79-11D3-B654-00C04F79498E} {C5702CCD-9B79-11D3-B654-00C04F79498E} {C5702CCE-9B79-11D3-B654-00C04F79498E} {C5702CCF-9B79-11D3-B654-00C04F79498E} {C5702CD0-9B79-11D3-B654-00C04F79498E} {C6B14B32-76AA-4A86-A7AC-5C79AAF58DA7} {CAAFDD83-CEFC-4E3D-BA03-175F17A24F91} {D02AAC50-027E-11D3-9D8E-00C04F72D980} {F9769A06-7ACA-4E39-9CFB-97BB35F0E77E} {FA7C375B-66A7-4280-879D-FD459C84BB02} Note The Class Identifiers and corresponding files where the ActiveX objects are contained are documented in the table above. Replace {----} below with the Class Identifier found in this table. To set the kill bit for a CLSID with a value of {----}, paste the following text in a text editor such as Notepad. Then, save the file by using the .reg file name extension. Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{----}] Compatibility Flags=dword:0400 You can
Re: New IE zero day exploit in the wild
Ed, I used this page as a guide for what I did. http://blogs.technet.com/askds/archive/2007/08/14/deploying-custom-registry-changes-through-group-policy.aspx But basically you are right on target. Eric On Wed, Jul 8, 2009 at 10:18 AM, Ziots, Edward ezi...@lifespan.org wrote: So basically you are just uploading the reg file to the computer startup script and the command you are invoking is regedit /s name_of_script ? I thought you needed to put a batch file in the computer startup script area to get that to work. Z Edward Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + ezi...@lifespan.org Phone:401-639-3505 -- *From:* Eric Wittersheim [mailto:eric.wittersh...@gmail.com] *Sent:* Wednesday, July 08, 2009 11:03 AM *To:* NT System Admin Issues *Subject:* Re: New IE zero day exploit in the wild I didn't create a batch file I just created a reg file with all the lines like below. Then I created a new GP and applied it to the OU. In the GP I run the reg file in the computer start up script with the /s argument. Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{011B3619-FE63-4814-8A84-15A194CE9CE3}] Compatibility Flags=dword:0400 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0149EEDF-D08F-4142-8D73-D23903D21E90}] Compatibility Flags=dword:0400 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0369B4E5-45B6-11D3-B650-00C04F79498E}] Compatibility Flags=dword:0400 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0369B4E6-45B6-11D3-B650-00C04F79498E}] Compatibility Flags=dword:0400 On Wed, Jul 8, 2009 at 9:56 AM, Ziots, Edward ezi...@lifespan.org wrote: Question, According to the Microsoft article it looks like you need to add a whole a lot of CSLID's that need the kill bit set, is this what everyone else is doing? So basically adding each one of these CSLID's to a .reg file and then scheduling a bat file to be run at the computer startup like the following? (Call it MSVideofit.bat) :BATFILE Regedit -s MSactiveXVideoFix.reg :MsActiveXVideoFix.reg Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{011B3619-FE63-4814-8A84-15A194CE9CE3}] Compatibility Flags=dword:0400 ETC ETC (Down the list of CLSIDS below) Then set a Group policy with the computer startup script at the root of your domain, and let it rip. (So servers, workstations etc etc get the fix, you can try it at a small OU level and reg query the registry after the system is booted, to verify that it working The following Class Identifiers relate to Microsoft Video ActiveX Control: Class Identifier {011B3619-FE63-4814-8A84-15A194CE9CE3} {0149EEDF-D08F-4142-8D73-D23903D21E90} {0369B4E5-45B6-11D3-B650-00C04F79498E} {0369B4E6-45B6-11D3-B650-00C04F79498E} {055CB2D7-2969-45CD-914B-76890722F112} {0955AC62-BF2E-4CBA-A2B9-A63F772D46CF} {15D6504A-5494-499C-886C-973C9E53B9F1} {1BE49F30-0E1B-11D3-9D8E-00C04F72D980} {1C15D484-911D-11D2-B632-00C04F79498E} {1DF7D126-4050-47F0-A7CF-4C4CA9241333} {2C63E4EB-4CEA-41B8-919C-E947EA19A77C} {334125C0-77E5-11D3-B653-00C04F79498E} {37B0353C-A4C8-11D2-B634-00C04F79498E} {37B03543-A4C8-11D2-B634-00C04F79498E} {37B03544-A4C8-11D2-B634-00C04F79498E} {418008F3-CF67-4668-9628-10DC52BE1D08} {4A5869CF-929D-4040-AE03-FCAFC5B9CD42} {577FAA18-4518-445E-8F70-1473F8CF4BA4} {59DC47A8-116C-11D3-9D8E-00C04F72D980} {7F9CB14D-48E4-43B6-9346-1AEBC39C64D3} {823535A0-0318-11D3-9D8E-00C04F72D980} {8872FF1B-98FA-4D7A-8D93-C9F1055F85BB} {8A674B4C-1F63-11D3-B64C-00C04F79498E} {8A674B4D-1F63-11D3-B64C-00C04F79498E} {9CD64701-BDF3-4D14-8E03-F12983D86664} {9E77AAC4-35E5-42A1-BDC2-8F3FF399847C} {A1A2B1C4-0E3A-11D3-9D8E-00C04F72D980} {A2E3074E-6C3D-11D3-B653-00C04F79498E} {A2E30750-6C3D-11D3-B653-00C04F79498E} {A8DCF3D5-0780-4EF4-8A83-2CFFAACB8ACE} {AD8E510D-217F-409B-8076-29C5E73B98E8} {B0EDF163-910A-11D2-B632-00C04F79498E} {B64016F3-C9A2-4066-96F0-BD9563314726} {BB530C63-D9DF-4B49-9439-63453962E598} {C531D9FD-9685-4028-8B68-6E1232079F1E} {C5702CCC-9B79-11D3-B654-00C04F79498E} {C5702CCD-9B79-11D3-B654-00C04F79498E} {C5702CCE-9B79-11D3-B654-00C04F79498E} {C5702CCF-9B79-11D3-B654-00C04F79498E} {C5702CD0-9B79-11D3-B654-00C04F79498E} {C6B14B32-76AA-4A86-A7AC-5C79AAF58DA7} {CAAFDD83-CEFC-4E3D-BA03-175F17A24F91} {D02AAC50-027E-11D3-9D8E-00C04F72D980} {F9769A06-7ACA-4E39-9CFB-97BB35F0E77E} {FA7C375B-66A7-4280-879D-FD459C84BB02} Note The Class Identifiers and corresponding files where the ActiveX objects are contained are documented in the table above. Replace {----} below with the Class Identifier found in this table. To set the kill bit
RE: New IE zero day exploit in the wild
+1, why MS didn't supply a ready-to-use .REG file (it's for HKLM after all) is beyond me. So via GPO fail isn't just me! My .MSI push attempt via GPO to XP didn't work (none of my clients have SMS). An SMS push (day job has SMS) the same .MSI worked fine. Dave -Original Message- From: Carl Houseman [mailto:c.house...@gmail.com] Sent: Wednesday, July 08, 2009 8:14 AM To: NT System Admin Issues Subject: RE: New IE zero day exploit in the wild It appears that's what we're left to do on our own. Not sure why MS couldn't just provide us the .reg file ready-to-use. Or for that matter, a .msi file that works with GP. I tried assigning the msfixit .msi in a group policy, but it didn't install (on Vista anyway, didn't test w/XP after that, it worked under Vista when run interactively). My other idea, a custom .adm file to push the settings out, fell flat because a single policy can't affect multiple reg keys with a single enable/disable choice. If I'm wrong about that I'd love to hear how it's done. Carl -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, July 08, 2009 10:57 AM To: NT System Admin Issues Subject: RE: New IE zero day exploit in the wild Question, According to the Microsoft article it looks like you need to add a whole a lot of CSLID's that need the kill bit set, is this what everyone else is doing? So basically adding each one of these CSLID's to a .reg file and then scheduling a bat file to be run at the computer startup like the following? (Call it MSVideofit.bat) :BATFILE Regedit -s MSactiveXVideoFix.reg :MsActiveXVideoFix.reg Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{011B3619-FE63-4814-8A84-15A194CE9CE3}] Compatibility Flags=dword:0400 ETC ETC (Down the list of CLSIDS below) Then set a Group policy with the computer startup script at the root of your domain, and let it rip. (So servers, workstations etc etc get the fix, you can try it at a small OU level and reg query the registry after the system is booted, to verify that it working The following Class Identifiers relate to Microsoft Video ActiveX Control: Class Identifier {011B3619-FE63-4814-8A84-15A194CE9CE3} {0149EEDF-D08F-4142-8D73-D23903D21E90} {0369B4E5-45B6-11D3-B650-00C04F79498E} {0369B4E6-45B6-11D3-B650-00C04F79498E} {055CB2D7-2969-45CD-914B-76890722F112} {0955AC62-BF2E-4CBA-A2B9-A63F772D46CF} {15D6504A-5494-499C-886C-973C9E53B9F1} {1BE49F30-0E1B-11D3-9D8E-00C04F72D980} {1C15D484-911D-11D2-B632-00C04F79498E} {1DF7D126-4050-47F0-A7CF-4C4CA9241333} {2C63E4EB-4CEA-41B8-919C-E947EA19A77C} {334125C0-77E5-11D3-B653-00C04F79498E} {37B0353C-A4C8-11D2-B634-00C04F79498E} {37B03543-A4C8-11D2-B634-00C04F79498E} {37B03544-A4C8-11D2-B634-00C04F79498E} {418008F3-CF67-4668-9628-10DC52BE1D08} {4A5869CF-929D-4040-AE03-FCAFC5B9CD42} {577FAA18-4518-445E-8F70-1473F8CF4BA4} {59DC47A8-116C-11D3-9D8E-00C04F72D980} {7F9CB14D-48E4-43B6-9346-1AEBC39C64D3} {823535A0-0318-11D3-9D8E-00C04F72D980} {8872FF1B-98FA-4D7A-8D93-C9F1055F85BB} {8A674B4C-1F63-11D3-B64C-00C04F79498E} {8A674B4D-1F63-11D3-B64C-00C04F79498E} {9CD64701-BDF3-4D14-8E03-F12983D86664} {9E77AAC4-35E5-42A1-BDC2-8F3FF399847C} {A1A2B1C4-0E3A-11D3-9D8E-00C04F72D980} {A2E3074E-6C3D-11D3-B653-00C04F79498E} {A2E30750-6C3D-11D3-B653-00C04F79498E} {A8DCF3D5-0780-4EF4-8A83-2CFFAACB8ACE} {AD8E510D-217F-409B-8076-29C5E73B98E8} {B0EDF163-910A-11D2-B632-00C04F79498E} {B64016F3-C9A2-4066-96F0-BD9563314726} {BB530C63-D9DF-4B49-9439-63453962E598} {C531D9FD-9685-4028-8B68-6E1232079F1E} {C5702CCC-9B79-11D3-B654-00C04F79498E} {C5702CCD-9B79-11D3-B654-00C04F79498E} {C5702CCE-9B79-11D3-B654-00C04F79498E} {C5702CCF-9B79-11D3-B654-00C04F79498E} {C5702CD0-9B79-11D3-B654-00C04F79498E} {C6B14B32-76AA-4A86-A7AC-5C79AAF58DA7} {CAAFDD83-CEFC-4E3D-BA03-175F17A24F91} {D02AAC50-027E-11D3-9D8E-00C04F72D980} {F9769A06-7ACA-4E39-9CFB-97BB35F0E77E} {FA7C375B-66A7-4280-879D-FD459C84BB02} Note The Class Identifiers and corresponding files where the ActiveX objects are contained are documented in the table above. Replace {----} below with the Class Identifier found in this table. To set the kill bit for a CLSID with a value of {----}, paste the following text in a text editor such as Notepad. Then, save the file by using the .reg file name extension. Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{----}] Compatibility Flags=dword:0400 You can apply this .reg file to individual systems by double-clicking it. You can also apply it across domains by using Group Policy. For more information about Group Policy, visit the following Microsoft Web sites: Please advise, going to be undertaking this shortly, and don't want to screw
RE: New IE zero day exploit in the wild
Couple of questions about this: Where does the slayocx.vbs (that gets called by your .cmd file) live? Is it trivial to change the log location from SystemDrive to a network share? (LogFileName = WshEnv(SystemDrive) \SlayOCX.log) Thanks, RS -Original Message- From: Tim Evans [mailto:tev...@sparling.com] Sent: Wednesday, July 08, 2009 11:18 AM To: NT System Admin Issues Subject: RE: New IE zero day exploit in the wild A while back, Jesper Johansson published a VBScript that helps with this. http://msinfluentials.com/blogs/jesper/archive/2006/09/29/Set-KillBit-on-Arbitrary-ActiveX-Controls-with-Group-Policy.aspx It writes a log file in the root of the users C: drive that indicates success or failure or not found. I've got a CMD file that consists of nothing but a bunch of slayocx.vbs commands. .Tim -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, July 08, 2009 7:57 AM To: NT System Admin Issues Subject: RE: New IE zero day exploit in the wild Question, According to the Microsoft article it looks like you need to add a whole a lot of CSLID's that need the kill bit set, is this what everyone else is doing? So basically adding each one of these CSLID's to a .reg file and then scheduling a bat file to be run at the computer startup like the following? (Call it MSVideofit.bat) :BATFILE Regedit -s MSactiveXVideoFix.reg :MsActiveXVideoFix.reg Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{011B3619-FE63-4814-8A84-15A194CE9CE3}] Compatibility Flags=dword:0400 ETC ETC (Down the list of CLSIDS below) Then set a Group policy with the computer startup script at the root of your domain, and let it rip. (So servers, workstations etc etc get the fix, you can try it at a small OU level and reg query the registry after the system is booted, to verify that it working The following Class Identifiers relate to Microsoft Video ActiveX Control: Class Identifier {011B3619-FE63-4814-8A84-15A194CE9CE3} {0149EEDF-D08F-4142-8D73-D23903D21E90} {0369B4E5-45B6-11D3-B650-00C04F79498E} {0369B4E6-45B6-11D3-B650-00C04F79498E} {055CB2D7-2969-45CD-914B-76890722F112} {0955AC62-BF2E-4CBA-A2B9-A63F772D46CF} {15D6504A-5494-499C-886C-973C9E53B9F1} {1BE49F30-0E1B-11D3-9D8E-00C04F72D980} {1C15D484-911D-11D2-B632-00C04F79498E} {1DF7D126-4050-47F0-A7CF-4C4CA9241333} {2C63E4EB-4CEA-41B8-919C-E947EA19A77C} {334125C0-77E5-11D3-B653-00C04F79498E} {37B0353C-A4C8-11D2-B634-00C04F79498E} {37B03543-A4C8-11D2-B634-00C04F79498E} {37B03544-A4C8-11D2-B634-00C04F79498E} {418008F3-CF67-4668-9628-10DC52BE1D08} {4A5869CF-929D-4040-AE03-FCAFC5B9CD42} {577FAA18-4518-445E-8F70-1473F8CF4BA4} {59DC47A8-116C-11D3-9D8E-00C04F72D980} {7F9CB14D-48E4-43B6-9346-1AEBC39C64D3} {823535A0-0318-11D3-9D8E-00C04F72D980} {8872FF1B-98FA-4D7A-8D93-C9F1055F85BB} {8A674B4C-1F63-11D3-B64C-00C04F79498E} {8A674B4D-1F63-11D3-B64C-00C04F79498E} {9CD64701-BDF3-4D14-8E03-F12983D86664} {9E77AAC4-35E5-42A1-BDC2-8F3FF399847C} {A1A2B1C4-0E3A-11D3-9D8E-00C04F72D980} {A2E3074E-6C3D-11D3-B653-00C04F79498E} {A2E30750-6C3D-11D3-B653-00C04F79498E} {A8DCF3D5-0780-4EF4-8A83-2CFFAACB8ACE} {AD8E510D-217F-409B-8076-29C5E73B98E8} {B0EDF163-910A-11D2-B632-00C04F79498E} {B64016F3-C9A2-4066-96F0-BD9563314726} {BB530C63-D9DF-4B49-9439-63453962E598} {C531D9FD-9685-4028-8B68-6E1232079F1E} {C5702CCC-9B79-11D3-B654-00C04F79498E} {C5702CCD-9B79-11D3-B654-00C04F79498E} {C5702CCE-9B79-11D3-B654-00C04F79498E} {C5702CCF-9B79-11D3-B654-00C04F79498E} {C5702CD0-9B79-11D3-B654-00C04F79498E} {C6B14B32-76AA-4A86-A7AC-5C79AAF58DA7} {CAAFDD83-CEFC-4E3D-BA03-175F17A24F91} {D02AAC50-027E-11D3-9D8E-00C04F72D980} {F9769A06-7ACA-4E39-9CFB-97BB35F0E77E} {FA7C375B-66A7-4280-879D-FD459C84BB02} Note The Class Identifiers and corresponding files where the ActiveX objects are contained are documented in the table above. Replace {----} below with the Class Identifier found in this table. To set the kill bit for a CLSID with a value of {--- -}, paste the following text in a text editor such as Notepad. Then, save the file by using the .reg file name extension. Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{----}] Compatibility Flags=dword:0400 You can apply this .reg file to individual systems by double-clicking it. You can also apply it across domains by using Group Policy. For more information about Group Policy, visit the following Microsoft Web sites: Please advise, going to be undertaking this shortly, and don't want to screw it up. Z Edward Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP+I, ME, CCA, Security +,
Re: New IE zero day exploit in the wild
FixIt was only for XP and 2003 machines not Vista, or did you not read all the way to the bottom of the article? It is possible I missed something though. Jon On Wed, Jul 8, 2009 at 11:13 AM, Carl Houseman c.house...@gmail.com wrote: It appears that's what we're left to do on our own. Not sure why MS couldn't just provide us the .reg file ready-to-use. Or for that matter, a .msi file that works with GP. I tried assigning the msfixit .msi in a group policy, but it didn't install (on Vista anyway, didn't test w/XP after that, it worked under Vista when run interactively). My other idea, a custom .adm file to push the settings out, fell flat because a single policy can't affect multiple reg keys with a single enable/disable choice. If I'm wrong about that I'd love to hear how it's done. Carl -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, July 08, 2009 10:57 AM To: NT System Admin Issues Subject: RE: New IE zero day exploit in the wild Question, According to the Microsoft article it looks like you need to add a whole a lot of CSLID's that need the kill bit set, is this what everyone else is doing? So basically adding each one of these CSLID's to a .reg file and then scheduling a bat file to be run at the computer startup like the following? (Call it MSVideofit.bat) :BATFILE Regedit -s MSactiveXVideoFix.reg :MsActiveXVideoFix.reg Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{011B3619-FE63-4814-8A84-15A194CE9CE3}] Compatibility Flags=dword:0400 ETC ETC (Down the list of CLSIDS below) Then set a Group policy with the computer startup script at the root of your domain, and let it rip. (So servers, workstations etc etc get the fix, you can try it at a small OU level and reg query the registry after the system is booted, to verify that it working The following Class Identifiers relate to Microsoft Video ActiveX Control: Class Identifier {011B3619-FE63-4814-8A84-15A194CE9CE3} {0149EEDF-D08F-4142-8D73-D23903D21E90} {0369B4E5-45B6-11D3-B650-00C04F79498E} {0369B4E6-45B6-11D3-B650-00C04F79498E} {055CB2D7-2969-45CD-914B-76890722F112} {0955AC62-BF2E-4CBA-A2B9-A63F772D46CF} {15D6504A-5494-499C-886C-973C9E53B9F1} {1BE49F30-0E1B-11D3-9D8E-00C04F72D980} {1C15D484-911D-11D2-B632-00C04F79498E} {1DF7D126-4050-47F0-A7CF-4C4CA9241333} {2C63E4EB-4CEA-41B8-919C-E947EA19A77C} {334125C0-77E5-11D3-B653-00C04F79498E} {37B0353C-A4C8-11D2-B634-00C04F79498E} {37B03543-A4C8-11D2-B634-00C04F79498E} {37B03544-A4C8-11D2-B634-00C04F79498E} {418008F3-CF67-4668-9628-10DC52BE1D08} {4A5869CF-929D-4040-AE03-FCAFC5B9CD42} {577FAA18-4518-445E-8F70-1473F8CF4BA4} {59DC47A8-116C-11D3-9D8E-00C04F72D980} {7F9CB14D-48E4-43B6-9346-1AEBC39C64D3} {823535A0-0318-11D3-9D8E-00C04F72D980} {8872FF1B-98FA-4D7A-8D93-C9F1055F85BB} {8A674B4C-1F63-11D3-B64C-00C04F79498E} {8A674B4D-1F63-11D3-B64C-00C04F79498E} {9CD64701-BDF3-4D14-8E03-F12983D86664} {9E77AAC4-35E5-42A1-BDC2-8F3FF399847C} {A1A2B1C4-0E3A-11D3-9D8E-00C04F72D980} {A2E3074E-6C3D-11D3-B653-00C04F79498E} {A2E30750-6C3D-11D3-B653-00C04F79498E} {A8DCF3D5-0780-4EF4-8A83-2CFFAACB8ACE} {AD8E510D-217F-409B-8076-29C5E73B98E8} {B0EDF163-910A-11D2-B632-00C04F79498E} {B64016F3-C9A2-4066-96F0-BD9563314726} {BB530C63-D9DF-4B49-9439-63453962E598} {C531D9FD-9685-4028-8B68-6E1232079F1E} {C5702CCC-9B79-11D3-B654-00C04F79498E} {C5702CCD-9B79-11D3-B654-00C04F79498E} {C5702CCE-9B79-11D3-B654-00C04F79498E} {C5702CCF-9B79-11D3-B654-00C04F79498E} {C5702CD0-9B79-11D3-B654-00C04F79498E} {C6B14B32-76AA-4A86-A7AC-5C79AAF58DA7} {CAAFDD83-CEFC-4E3D-BA03-175F17A24F91} {D02AAC50-027E-11D3-9D8E-00C04F72D980} {F9769A06-7ACA-4E39-9CFB-97BB35F0E77E} {FA7C375B-66A7-4280-879D-FD459C84BB02} Note The Class Identifiers and corresponding files where the ActiveX objects are contained are documented in the table above. Replace {----} below with the Class Identifier found in this table. To set the kill bit for a CLSID with a value of {----}, paste the following text in a text editor such as Notepad. Then, save the file by using the .reg file name extension. Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{----}] Compatibility Flags=dword:0400 You can apply this .reg file to individual systems by double-clicking it. You can also apply it across domains by using Group Policy. For more information about Group Policy, visit the following Microsoft Web sites: Please advise, going to be undertaking this shortly, and don't want to screw it up. Z Edward Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + ezi...@lifespan.org Phone:401-639-3505
RE: Enterprise password management
We actually use this. Reasonably priced, does a good job for securely storing passwords. You can set up groups and permissions fairly similar to what you would see with share and ntfs permissions. There is even a bit for storing personal passwords. Just don't expect it to change your passwords for you . . . Thanks, James Winzenz Subject: Enterprise password management Date: Mon, 6 Jul 2009 09:13:09 +0100 From: mark.kel...@confused.com To: ntsysadmin@lyris.sunbelt-software.com Our environment has grown over the past year and we have many new usernames and passwords to access our test and development environment. Not a fan of people having them all written down on scraps of paper littered around their desks. I am looking for an application that I can deploy that will allow specific users access to specific lists of usernames and passwords to get their job done. Web based with a SQL backend would be best as I would not like to have to deploy any apps to client machines. I found this through Google: http://www.enterprise-password-safe.com/ It looks pretty good but want to run the idea by the list and see if anyone else has deployed something similar. Thanks, Mark ** This email is sent for and on behalf of Inspop.com Limited ** Authorised and regulated by the Financial Services Authority. Registration no. 310635. Inspop.com Limited [also trading as Confused.com] is registered in England and Wales at 2nd Floor, Friary House, Greyfriars Road, Cardiff, CF10 3AE [Reg. No. 03857130]. Any opinions expressed in this email are those of the individual and not necessarily the company. This email and any files transmitted with it, including replies and forwarded copies [which may contain alterations] subsequently transmitted from the Company, are confidential and solely for the use of the intended recipient. It may contain material protected by attorney-client privilege. If you are not the intended recipient or the person responsible for delivering to the intended recipient, be advised that you have received this email in error and that any use is strictly prohibited. If you have received this email in error please notify the Information Security Officer by telephone on +44 [0] 29 2043 4372. Please then delete this email and destroy any copies of it. This email has been swept for viruses before leaving our system. Security Warning: Please note that this email has been created in the knowledge that Internet email is not a 100% secure communications medium. We advise that you understand and accept this lack of security when emailing us. Viruses: Although we have taken steps to ensure that this email and any attachments are free from any virus, we advise that in keeping with good computing practice the recipient should ensure they are actually virus free. We may monitor the content of E-mails sent and received via our network for viruses or unauthorised use and for other lawful business purposes. This e-mail has been scanned for all viruses by Messagelabs. The service is powered by MessageLabs. _ Windows Live™ SkyDrive™: Get 25 GB of free online storage. http://windowslive.com/online/skydrive?ocid=TXT_TAGLM_WL_SD_25GB_062009 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Internet
We are having some sites come up, others not. Anyone else experiencing this? I heard that some government sites were down recently, today others are down. At least for us here at the Museum. Anyone else seeing this? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: New IE zero day exploit in the wild
I have it (and the cmd file that calls it) in the netlogon share on my DC's. Here is a sample line form the CMD file: %SystemRoot%\system32\cscript /nologo %logonserver%\netlogon\SlayOCX.vbs -k 011B3619-FE63-4814-8A84-15A194CE9CE3 -l I guess I forgot to mention the best part about this script is that you can undo the killbit by changing the -k parameter to -r so you have a simple way to undo it if you want. .Tim -Original Message- From: Richard Stovall [mailto:richard.stov...@researchdata.com] Sent: Wednesday, July 08, 2009 8:47 AM To: NT System Admin Issues Subject: RE: New IE zero day exploit in the wild Couple of questions about this: Where does the slayocx.vbs (that gets called by your .cmd file) live? Is it trivial to change the log location from SystemDrive to a network share? (LogFileName = WshEnv(SystemDrive) \SlayOCX.log) Thanks, RS -Original Message- From: Tim Evans [mailto:tev...@sparling.com] Sent: Wednesday, July 08, 2009 11:18 AM To: NT System Admin Issues Subject: RE: New IE zero day exploit in the wild A while back, Jesper Johansson published a VBScript that helps with this. http://msinfluentials.com/blogs/jesper/archive/2006/09/29/Set-KillBit- on-Arbitrary-ActiveX-Controls-with-Group-Policy.aspx It writes a log file in the root of the users C: drive that indicates success or failure or not found. I've got a CMD file that consists of nothing but a bunch of slayocx.vbs commands. .Tim -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, July 08, 2009 7:57 AM To: NT System Admin Issues Subject: RE: New IE zero day exploit in the wild Question, According to the Microsoft article it looks like you need to add a whole a lot of CSLID's that need the kill bit set, is this what everyone else is doing? So basically adding each one of these CSLID's to a .reg file and then scheduling a bat file to be run at the computer startup like the following? (Call it MSVideofit.bat) :BATFILE Regedit -s MSactiveXVideoFix.reg :MsActiveXVideoFix.reg Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{011B3619-FE63-4814-8A84-15A194CE9CE3}] Compatibility Flags=dword:0400 ETC ETC (Down the list of CLSIDS below) Then set a Group policy with the computer startup script at the root of your domain, and let it rip. (So servers, workstations etc etc get the fix, you can try it at a small OU level and reg query the registry after the system is booted, to verify that it working The following Class Identifiers relate to Microsoft Video ActiveX Control: Class Identifier {011B3619-FE63-4814-8A84-15A194CE9CE3} {0149EEDF-D08F-4142-8D73-D23903D21E90} {0369B4E5-45B6-11D3-B650-00C04F79498E} {0369B4E6-45B6-11D3-B650-00C04F79498E} {055CB2D7-2969-45CD-914B-76890722F112} {0955AC62-BF2E-4CBA-A2B9-A63F772D46CF} {15D6504A-5494-499C-886C-973C9E53B9F1} {1BE49F30-0E1B-11D3-9D8E-00C04F72D980} {1C15D484-911D-11D2-B632-00C04F79498E} {1DF7D126-4050-47F0-A7CF-4C4CA9241333} {2C63E4EB-4CEA-41B8-919C-E947EA19A77C} {334125C0-77E5-11D3-B653-00C04F79498E} {37B0353C-A4C8-11D2-B634-00C04F79498E} {37B03543-A4C8-11D2-B634-00C04F79498E} {37B03544-A4C8-11D2-B634-00C04F79498E} {418008F3-CF67-4668-9628-10DC52BE1D08} {4A5869CF-929D-4040-AE03-FCAFC5B9CD42} {577FAA18-4518-445E-8F70-1473F8CF4BA4} {59DC47A8-116C-11D3-9D8E-00C04F72D980} {7F9CB14D-48E4-43B6-9346-1AEBC39C64D3} {823535A0-0318-11D3-9D8E-00C04F72D980} {8872FF1B-98FA-4D7A-8D93-C9F1055F85BB} {8A674B4C-1F63-11D3-B64C-00C04F79498E} {8A674B4D-1F63-11D3-B64C-00C04F79498E} {9CD64701-BDF3-4D14-8E03-F12983D86664} {9E77AAC4-35E5-42A1-BDC2-8F3FF399847C} {A1A2B1C4-0E3A-11D3-9D8E-00C04F72D980} {A2E3074E-6C3D-11D3-B653-00C04F79498E} {A2E30750-6C3D-11D3-B653-00C04F79498E} {A8DCF3D5-0780-4EF4-8A83-2CFFAACB8ACE} {AD8E510D-217F-409B-8076-29C5E73B98E8} {B0EDF163-910A-11D2-B632-00C04F79498E} {B64016F3-C9A2-4066-96F0-BD9563314726} {BB530C63-D9DF-4B49-9439-63453962E598} {C531D9FD-9685-4028-8B68-6E1232079F1E} {C5702CCC-9B79-11D3-B654-00C04F79498E} {C5702CCD-9B79-11D3-B654-00C04F79498E} {C5702CCE-9B79-11D3-B654-00C04F79498E} {C5702CCF-9B79-11D3-B654-00C04F79498E} {C5702CD0-9B79-11D3-B654-00C04F79498E} {C6B14B32-76AA-4A86-A7AC-5C79AAF58DA7} {CAAFDD83-CEFC-4E3D-BA03-175F17A24F91} {D02AAC50-027E-11D3-9D8E-00C04F72D980} {F9769A06-7ACA-4E39-9CFB-97BB35F0E77E} {FA7C375B-66A7-4280-879D-FD459C84BB02} Note The Class Identifiers and corresponding files where the ActiveX objects are contained are documented in the table above. Replace {----} below with the Class Identifier found in this table. To set the kill bit for a CLSID with a value of {---
Re: Internet
I'm in Alexandria. I was having some intermitent trouble getting to symantec yesterday. I work for a gov't agency, but don't know if it was related to the reports that I've seen today. We aren't affiliated with any of the agencies I've seen listed so far. On Wed, Jul 8, 2009 at 12:00 PM, Holstrom, Don dholst...@nbm.org wrote: We are having some sites come up, others not. Anyone else experiencing this? I heard that some government sites were down recently, today others are down. At least for us here at the Museum. Anyone else seeing this? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Internet
No problems here (Connecticut). You can try this: Www.Downforeveryoneorjustme.com -Original Message- From: Holstrom, Don [mailto:dholst...@nbm.org] Sent: Wednesday, July 08, 2009 12:01 PM To: NT System Admin Issues Subject: Internet We are having some sites come up, others not. Anyone else experiencing this? I heard that some government sites were down recently, today others are down. At least for us here at the Museum. Anyone else seeing this? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: New IE zero day exploit in the wild
I generally dump startup script components into \\dcname\netlogon. When referencing that location in a path or script, use \\domain.com\SysVol\domain.com\scripts Carl -Original Message- From: Richard Stovall [mailto:richard.stov...@researchdata.com] Sent: Wednesday, July 08, 2009 11:47 AM To: NT System Admin Issues Subject: RE: New IE zero day exploit in the wild Couple of questions about this: Where does the slayocx.vbs (that gets called by your .cmd file) live? Is it trivial to change the log location from SystemDrive to a network share? (LogFileName = WshEnv(SystemDrive) \SlayOCX.log) Thanks, RS -Original Message- From: Tim Evans [mailto:tev...@sparling.com] Sent: Wednesday, July 08, 2009 11:18 AM To: NT System Admin Issues Subject: RE: New IE zero day exploit in the wild A while back, Jesper Johansson published a VBScript that helps with this. http://msinfluentials.com/blogs/jesper/archive/2006/09/29/Set-KillBit-on-Arb itrary-ActiveX-Controls-with-Group-Policy.aspx It writes a log file in the root of the users C: drive that indicates success or failure or not found. I've got a CMD file that consists of nothing but a bunch of slayocx.vbs commands. .Tim -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, July 08, 2009 7:57 AM To: NT System Admin Issues Subject: RE: New IE zero day exploit in the wild Question, According to the Microsoft article it looks like you need to add a whole a lot of CSLID's that need the kill bit set, is this what everyone else is doing? So basically adding each one of these CSLID's to a .reg file and then scheduling a bat file to be run at the computer startup like the following? (Call it MSVideofit.bat) :BATFILE Regedit -s MSactiveXVideoFix.reg :MsActiveXVideoFix.reg Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{011B3619-FE63-4814-8A84-15A194CE9CE3}] Compatibility Flags=dword:0400 ETC ETC (Down the list of CLSIDS below) Then set a Group policy with the computer startup script at the root of your domain, and let it rip. (So servers, workstations etc etc get the fix, you can try it at a small OU level and reg query the registry after the system is booted, to verify that it working The following Class Identifiers relate to Microsoft Video ActiveX Control: Class Identifier {011B3619-FE63-4814-8A84-15A194CE9CE3} {0149EEDF-D08F-4142-8D73-D23903D21E90} {0369B4E5-45B6-11D3-B650-00C04F79498E} {0369B4E6-45B6-11D3-B650-00C04F79498E} {055CB2D7-2969-45CD-914B-76890722F112} {0955AC62-BF2E-4CBA-A2B9-A63F772D46CF} {15D6504A-5494-499C-886C-973C9E53B9F1} {1BE49F30-0E1B-11D3-9D8E-00C04F72D980} {1C15D484-911D-11D2-B632-00C04F79498E} {1DF7D126-4050-47F0-A7CF-4C4CA9241333} {2C63E4EB-4CEA-41B8-919C-E947EA19A77C} {334125C0-77E5-11D3-B653-00C04F79498E} {37B0353C-A4C8-11D2-B634-00C04F79498E} {37B03543-A4C8-11D2-B634-00C04F79498E} {37B03544-A4C8-11D2-B634-00C04F79498E} {418008F3-CF67-4668-9628-10DC52BE1D08} {4A5869CF-929D-4040-AE03-FCAFC5B9CD42} {577FAA18-4518-445E-8F70-1473F8CF4BA4} {59DC47A8-116C-11D3-9D8E-00C04F72D980} {7F9CB14D-48E4-43B6-9346-1AEBC39C64D3} {823535A0-0318-11D3-9D8E-00C04F72D980} {8872FF1B-98FA-4D7A-8D93-C9F1055F85BB} {8A674B4C-1F63-11D3-B64C-00C04F79498E} {8A674B4D-1F63-11D3-B64C-00C04F79498E} {9CD64701-BDF3-4D14-8E03-F12983D86664} {9E77AAC4-35E5-42A1-BDC2-8F3FF399847C} {A1A2B1C4-0E3A-11D3-9D8E-00C04F72D980} {A2E3074E-6C3D-11D3-B653-00C04F79498E} {A2E30750-6C3D-11D3-B653-00C04F79498E} {A8DCF3D5-0780-4EF4-8A83-2CFFAACB8ACE} {AD8E510D-217F-409B-8076-29C5E73B98E8} {B0EDF163-910A-11D2-B632-00C04F79498E} {B64016F3-C9A2-4066-96F0-BD9563314726} {BB530C63-D9DF-4B49-9439-63453962E598} {C531D9FD-9685-4028-8B68-6E1232079F1E} {C5702CCC-9B79-11D3-B654-00C04F79498E} {C5702CCD-9B79-11D3-B654-00C04F79498E} {C5702CCE-9B79-11D3-B654-00C04F79498E} {C5702CCF-9B79-11D3-B654-00C04F79498E} {C5702CD0-9B79-11D3-B654-00C04F79498E} {C6B14B32-76AA-4A86-A7AC-5C79AAF58DA7} {CAAFDD83-CEFC-4E3D-BA03-175F17A24F91} {D02AAC50-027E-11D3-9D8E-00C04F72D980} {F9769A06-7ACA-4E39-9CFB-97BB35F0E77E} {FA7C375B-66A7-4280-879D-FD459C84BB02} Note The Class Identifiers and corresponding files where the ActiveX objects are contained are documented in the table above. Replace {----} below with the Class Identifier found in this table. To set the kill bit for a CLSID with a value of {--- -}, paste the following text in a text editor such as Notepad. Then, save the file by using the .reg file name extension. Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{----}] Compatibility Flags=dword:0400 You can apply this .reg file to
RE: New IE zero day exploit in the wild
My mistake, I actually did the testing under XP, and David Lum just confirmed in a separate post it doesn't work under XP. Carl From: Jon Harris [mailto:jk.har...@gmail.com] Sent: Wednesday, July 08, 2009 11:50 AM To: NT System Admin Issues Subject: Re: New IE zero day exploit in the wild FixIt was only for XP and 2003 machines not Vista, or did you not read all the way to the bottom of the article? It is possible I missed something though. Jon On Wed, Jul 8, 2009 at 11:13 AM, Carl Houseman c.house...@gmail.com wrote: It appears that's what we're left to do on our own. Not sure why MS couldn't just provide us the .reg file ready-to-use. Or for that matter, a .msi file that works with GP. I tried assigning the msfixit .msi in a group policy, but it didn't install (on Vista anyway, didn't test w/XP after that, it worked under Vista when run interactively). My other idea, a custom .adm file to push the settings out, fell flat because a single policy can't affect multiple reg keys with a single enable/disable choice. If I'm wrong about that I'd love to hear how it's done. Carl -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, July 08, 2009 10:57 AM To: NT System Admin Issues Subject: RE: New IE zero day exploit in the wild Question, According to the Microsoft article it looks like you need to add a whole a lot of CSLID's that need the kill bit set, is this what everyone else is doing? So basically adding each one of these CSLID's to a .reg file and then scheduling a bat file to be run at the computer startup like the following? (Call it MSVideofit.bat) :BATFILE Regedit -s MSactiveXVideoFix.reg :MsActiveXVideoFix.reg Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{011B3619-FE63-4814-8A84-15A194CE9CE3}] Compatibility Flags=dword:0400 ETC ETC (Down the list of CLSIDS below) Then set a Group policy with the computer startup script at the root of your domain, and let it rip. (So servers, workstations etc etc get the fix, you can try it at a small OU level and reg query the registry after the system is booted, to verify that it working The following Class Identifiers relate to Microsoft Video ActiveX Control: Class Identifier {011B3619-FE63-4814-8A84-15A194CE9CE3} {0149EEDF-D08F-4142-8D73-D23903D21E90} {0369B4E5-45B6-11D3-B650-00C04F79498E} {0369B4E6-45B6-11D3-B650-00C04F79498E} {055CB2D7-2969-45CD-914B-76890722F112} {0955AC62-BF2E-4CBA-A2B9-A63F772D46CF} {15D6504A-5494-499C-886C-973C9E53B9F1} {1BE49F30-0E1B-11D3-9D8E-00C04F72D980} {1C15D484-911D-11D2-B632-00C04F79498E} {1DF7D126-4050-47F0-A7CF-4C4CA9241333} {2C63E4EB-4CEA-41B8-919C-E947EA19A77C} {334125C0-77E5-11D3-B653-00C04F79498E} {37B0353C-A4C8-11D2-B634-00C04F79498E} {37B03543-A4C8-11D2-B634-00C04F79498E} {37B03544-A4C8-11D2-B634-00C04F79498E} {418008F3-CF67-4668-9628-10DC52BE1D08} {4A5869CF-929D-4040-AE03-FCAFC5B9CD42} {577FAA18-4518-445E-8F70-1473F8CF4BA4} {59DC47A8-116C-11D3-9D8E-00C04F72D980} {7F9CB14D-48E4-43B6-9346-1AEBC39C64D3} {823535A0-0318-11D3-9D8E-00C04F72D980} {8872FF1B-98FA-4D7A-8D93-C9F1055F85BB} {8A674B4C-1F63-11D3-B64C-00C04F79498E} {8A674B4D-1F63-11D3-B64C-00C04F79498E} {9CD64701-BDF3-4D14-8E03-F12983D86664} {9E77AAC4-35E5-42A1-BDC2-8F3FF399847C} {A1A2B1C4-0E3A-11D3-9D8E-00C04F72D980} {A2E3074E-6C3D-11D3-B653-00C04F79498E} {A2E30750-6C3D-11D3-B653-00C04F79498E} {A8DCF3D5-0780-4EF4-8A83-2CFFAACB8ACE} {AD8E510D-217F-409B-8076-29C5E73B98E8} {B0EDF163-910A-11D2-B632-00C04F79498E} {B64016F3-C9A2-4066-96F0-BD9563314726} {BB530C63-D9DF-4B49-9439-63453962E598} {C531D9FD-9685-4028-8B68-6E1232079F1E} {C5702CCC-9B79-11D3-B654-00C04F79498E} {C5702CCD-9B79-11D3-B654-00C04F79498E} {C5702CCE-9B79-11D3-B654-00C04F79498E} {C5702CCF-9B79-11D3-B654-00C04F79498E} {C5702CD0-9B79-11D3-B654-00C04F79498E} {C6B14B32-76AA-4A86-A7AC-5C79AAF58DA7} {CAAFDD83-CEFC-4E3D-BA03-175F17A24F91} {D02AAC50-027E-11D3-9D8E-00C04F72D980} {F9769A06-7ACA-4E39-9CFB-97BB35F0E77E} {FA7C375B-66A7-4280-879D-FD459C84BB02} Note The Class Identifiers and corresponding files where the ActiveX objects are contained are documented in the table above. Replace {----} below with the Class Identifier found in this table. To set the kill bit for a CLSID with a value of {----}, paste the following text in a text editor such as Notepad. Then, save the file by using the .reg file name extension. Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{----}] Compatibility Flags=dword:0400 You can apply this .reg file to individual systems by double-clicking it. You can also apply it across domains by using Group Policy. For more information about Group Policy, visit the following Microsoft Web sites: Please advise, going to be undertaking this
RE: Cyberattack?
Nothing yet, but I am sure its coming and quickly. Z Edward Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + ezi...@lifespan.org Phone:401-639-3505 From: David [mailto:blazer...@gmail.com] Sent: Wednesday, July 08, 2009 12:36 PM To: NT System Admin Issues Subject: Cyberattack? I'm watching the SANS diary (http://isc.sans.org/diary.html), and it seems we may be starting to see some effects from these attacks slopping over into the commercial world -- unable to get email to/from several known good websites. Anyone seeing similar behavior? -- David _ I have a photographic memory. It's just that some of the film is out of date, and some is double-exposed. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: New IE zero day exploit in the wild
+1 Phillip Partipilo Parametric Solutions Inc. Jupiter, Florida (561) 747-6107 _ From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Wednesday, July 08, 2009 10:53 AM To: NT System Admin Issues Subject: Re: New IE zero day exploit in the wild After taking local admin rights away from users my plate is less full. YMMV. On Wed, Jul 8, 2009 at 10:47 AM, Kurt Buff kurt.b...@gmail.com wrote: Yes, unfortunately, all our users are admins. It sucks, but I use it to my advantage when I can. The reason we've not done a GP is because we haven't had the luxury of studying to understand them. Our plates always seem to be full with other things. On Tue, Jul 7, 2009 at 19:04, Ken Schaeferk...@adopenstatic.com wrote: Are all your users admins? Otherwise, how is that logon script going to update HKLM? Machine-based startup script would be better idea, no? Cheers Ken From: Kurt Buff [kurt.b...@gmail.com] Sent: Wednesday, 8 July 2009 2:41 AM To: NT System Admin Issues Subject: Re: New IE zero day exploit in the wild I'm just pushing out the .reg file in the login script: regedit /s \\fileserver\public\patches\videokillbits.reg The file was easy to create, in a capable editor (not notepad or wordpad) that allows metacharacter search and replace, such as '\n' for CRLF and '\t' for tab. I used the ancient, no-longer-supported PFE32. I really should switch to VIM, I suppose. On Tue, Jul 7, 2009 at 08:40, Eric Wittersheimeric.wittersh...@gmail.com wrote: I'm pushing out the .reg via GP. So far so good. On Tue, Jul 7, 2009 at 10:38 AM, David Lum david@nwea.org wrote: The Microsoft fix-it is an MSI that I am pushing via SMS and is pushing fine (so far just a few test cases have it, but no issues). Beats trying to push out a .REG or something. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ _ If this email is spam, report it here: http://www.OnlyMyEmail.com/ReportSpam http://www.onlymyemail.com/view/?action=reportSpamId=ODEzNjQ6OTI2MTkwNzgwO nBqcEBwc25ldC5jb20%3D THIS ELECTRONIC MESSAGE AND ANY ATTACHMENTS ARE CONFIDENTIAL AND PROPRIETARY PROPERTY OF THE SENDER. THE INFORMATION IS INTENDED FOR USE BY THE ADDRESSEE ONLY. ANY OTHER INTERCEPTION, COPYING, ACCESSING, OR DISCLOSURE OF THIS MESSAGE IS PROHIBITED. IF YOU HAVE RECEIVED THIS MESSAGE IN ERROR, PLEASE IMMEDIATELY NOTIFY THE SENDER AND DELETE THIS MAIL AND ALL ATTACHMENTS. DO NOT FORWARD THIS MESSAGE WITHOUT PERMISSION OF THE SENDER. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: New IE zero day exploit in the wild
+2 Jon On Wed, Jul 8, 2009 at 1:16 PM, Phillip Partipilo p...@psnet.com wrote: +1 Phillip Partipilo Parametric Solutions Inc. Jupiter, Florida (561) 747-6107 -- *From:* Jonathan Link [mailto:jonathan.l...@gmail.com] *Sent:* Wednesday, July 08, 2009 10:53 AM *To:* NT System Admin Issues *Subject:* Re: New IE zero day exploit in the wild After taking local admin rights away from users my plate is less full. YMMV. On Wed, Jul 8, 2009 at 10:47 AM, Kurt Buff kurt.b...@gmail.com wrote: Yes, unfortunately, all our users are admins. It sucks, but I use it to my advantage when I can. The reason we've not done a GP is because we haven't had the luxury of studying to understand them. Our plates always seem to be full with other things. On Tue, Jul 7, 2009 at 19:04, Ken Schaeferk...@adopenstatic.com wrote: Are all your users admins? Otherwise, how is that logon script going to update HKLM? Machine-based startup script would be better idea, no? Cheers Ken From: Kurt Buff [kurt.b...@gmail.com] Sent: Wednesday, 8 July 2009 2:41 AM To: NT System Admin Issues Subject: Re: New IE zero day exploit in the wild I'm just pushing out the .reg file in the login script: regedit /s \\fileserver\public\patches\videokillbits.reg The file was easy to create, in a capable editor (not notepad or wordpad) that allows metacharacter search and replace, such as '\n' for CRLF and '\t' for tab. I used the ancient, no-longer-supported PFE32. I really should switch to VIM, I suppose. On Tue, Jul 7, 2009 at 08:40, Eric Wittersheimeric.wittersh...@gmail.com wrote: I'm pushing out the .reg via GP. So far so good. On Tue, Jul 7, 2009 at 10:38 AM, David Lum david@nwea.org wrote: The “Microsoft fix-it” is an MSI that I am pushing via SMS and is pushing fine (so far just a few test cases have it, but no issues). Beats trying to push out a .REG or something… David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ -- If this email is spam, report it here: http://www.OnlyMyEmail.com/ReportSpamhttp://www.onlymyemail.com/view/?action=reportSpamId=ODEzNjQ6OTI2MTkwNzgwOnBqcEBwc25ldC5jb20%3D THIS ELECTRONIC MESSAGE AND ANY ATTACHMENTS ARE CONFIDENTIAL AND PROPRIETARY PROPERTY OF THE SENDER. THE INFORMATION IS INTENDED FOR USE BY THE ADDRESSEE ONLY. ANY OTHER INTERCEPTION, COPYING, ACCESSING, OR DISCLOSURE OF THIS MESSAGE IS PROHIBITED. IF YOU HAVE RECEIVED THIS MESSAGE IN ERROR, PLEASE IMMEDIATELY NOTIFY THE SENDER AND DELETE THIS MAIL AND ALL ATTACHMENTS. DO NOT FORWARD THIS MESSAGE WITHOUT PERMISSION OF THE SENDER. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Cyberattack?
Actually, reading the news articles attributed to in the diary, it's been ongoing and sustained since July 4th. On Wed, Jul 8, 2009 at 12:52 PM, Ziots, Edward ezi...@lifespan.org wrote: Nothing yet, but I am sure its coming and quickly. Z Edward Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + ezi...@lifespan.org Phone:401-639-3505 -- *From:* David [mailto:blazer...@gmail.com] *Sent:* Wednesday, July 08, 2009 12:36 PM *To:* NT System Admin Issues *Subject:* Cyberattack? I'm watching the SANS diary (http://isc.sans.org/diary.html), and it seems we may be starting to see some effects from these attacks slopping over into the commercial world -- unable to get email to/from several known good websites. Anyone seeing similar behavior? -- David _ I have a photographic memory. It's just that some of the film is out of date, and some is double-exposed. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Win2003 DC on Win2000 domain
Passwords are very much so sensitive data. Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 -Original Message- From: Charlie Kaiser [mailto:charl...@golden-eagle.org] Sent: Wednesday, July 08, 2009 8:42 AM To: NT System Admin Issues Subject: RE: Win2003 DC on Win2000 domain Another thing about many small shops (I consult to SMBs) is that there often isn't any sensitive data in AD. It's a list of user and computer accounts, with little if any personal info put in. A 10 person shop isn't going to bother filling in all the attributes in AD. Sometimes you don't even get last names. :-) I also work for large financials and yes, it would be significantly different in such a case. I think it's important to put in perspective what type of data one might be dealing with in this type of situation. *** Charlie Kaiser charl...@golden-eagle.org Kingman, AZ *** -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Tuesday, July 07, 2009 10:21 PM To: NT System Admin Issues Subject: Re: Win2003 DC on Win2000 domain On Wed, Jul 8, 2009 at 12:59 AM, Ken Schaeferk...@adopenstatic.com wrote: I'm going to have to agree with Brian on this. Making a copy of someone's DIT isn't the same as a proper backup. I don't think Brian's questioning your professionalism here - but if I was a customer I'd be quite nervous about this to. You guys have been working for real companies too long. For SOHOs, if you say I'm making a virtual machine of an Active Directory Domain Controller on my laptop; that includes the DIT files. I'll keep it for a few days in case we have trouble you're going to get nothing but blank stares. When you then rephrase it as I'm keeping a copy of important server stuff on my laptop in case we have trouble, you'll get thanked. Remember, a lot of these sorts of places *have no backups at all*. I know that seems incomprehensible to people on this list, but for a lot of really small shops ( 5 people), their disaster recovery plan is chapter 7 bankruptcy liquidation. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Phones
Ugh, my bad, I have a bad habit of reading too fast and missing key bits. :) That's a bummer about being locked into those choices. I did use SSH on the pearl. Had to create a lot of customized entries in the dictionary for the cmds, but it wasn't a big deal. I think a Full QWERTY is better for that type of App, but that's just me. You're choices being limited, are all very different. I would think about what type of connectivity you have to your office. BES, EAS? And that might help you make your decision. Both the Jack and the iPhone are 3G. That too me, would be an important factor. Thanks, - JB From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Wednesday, July 08, 2009 9:29 AM To: NT System Admin Issues Subject: RE: Phones Well, Fido sucks crap and offers like 5 phones? Canada... So my only options are the listed ones, sigh... I am expected to spend hours of my own fuggin time on a pc, but my company can't just *buy* me a phone that allows me to work conveniently. Don't even get me started :( So as lame as a Pearl is, you ssh'ed on it (I might be stuck with that one)? I might go for the normal iPhone 3G if I can, at least its moderately cool. jlc From: Barsodi.John [mailto:john.bars...@igt.com] Sent: Wednesday, July 08, 2009 10:23 AM To: NT System Admin Issues Subject: RE: Phones I picked up the Pearl the day it dropped on Tmobile in 2006, ran that phone into the ground until I upgraded this past November to a Storm and Bold. Seeing that you have the iPhone, why is the Bold not an option? If you can swing it, get the Bold. I've used a few ssh clients on the BB platform and they are fine. There are free ones and paid for ones. I liked a paid for version of Rove's SSH client - not sure if they sell just the SSH client by itself anymore. Thanks, - JB From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Wednesday, July 08, 2009 9:19 AM To: NT System Admin Issues Subject: Phones As a result of working with Fido and a super cheap company, I need a new phone from the list of possible ones handed to me. I need an ssh client and PIX vpn access, the only options I have are a Samsung Jack, Blackberry Pearl, or iPhone 3G (not the new one). Anyone got any experiences with these and can suggest caveats? Although I have used an iPhone before, I haven't used an ssh client on one, how shitty would that be? Thanks! jlc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Win2003 DC on Win2000 domain
When they have them. Passwords, that is. I think it's great that you work in/with an organization with rigorous IT processes. Not all of us do. Not all of us have the luxury of consulting engagements where the business owner understands IT and demands rigorous processes. However, and I'll be blunt, you seem to be preaching to the choir. I'll stipulate that you're right, enterprises, no matter the size should care about all the facets of IT as it relates to their business. I would ask that you respect the fact that there are owners out there who don't care, because they're too busy running their business, and the consultant/tech is there to fix the problem. Could more be done? Sure, but it's an iterative process. Just like your organizations's processes didn't get where they are now overnight, so to is client education. Educational theory holds that you need to show someone how to do something at least three different times, in three different ways to get true understanding. And on top of that, all these things cost money, and with small business owners, cash flow is KING. -Jonathan On Wed, Jul 8, 2009 at 1:31 PM, Brian Desmond br...@briandesmond.comwrote: Passwords are very much so sensitive data. Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 -Original Message- From: Charlie Kaiser [mailto:charl...@golden-eagle.org] Sent: Wednesday, July 08, 2009 8:42 AM To: NT System Admin Issues Subject: RE: Win2003 DC on Win2000 domain Another thing about many small shops (I consult to SMBs) is that there often isn't any sensitive data in AD. It's a list of user and computer accounts, with little if any personal info put in. A 10 person shop isn't going to bother filling in all the attributes in AD. Sometimes you don't even get last names. :-) I also work for large financials and yes, it would be significantly different in such a case. I think it's important to put in perspective what type of data one might be dealing with in this type of situation. *** Charlie Kaiser charl...@golden-eagle.org Kingman, AZ *** -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Tuesday, July 07, 2009 10:21 PM To: NT System Admin Issues Subject: Re: Win2003 DC on Win2000 domain On Wed, Jul 8, 2009 at 12:59 AM, Ken Schaeferk...@adopenstatic.com wrote: I'm going to have to agree with Brian on this. Making a copy of someone's DIT isn't the same as a proper backup. I don't think Brian's questioning your professionalism here - but if I was a customer I'd be quite nervous about this to. You guys have been working for real companies too long. For SOHOs, if you say I'm making a virtual machine of an Active Directory Domain Controller on my laptop; that includes the DIT files. I'll keep it for a few days in case we have trouble you're going to get nothing but blank stares. When you then rephrase it as I'm keeping a copy of important server stuff on my laptop in case we have trouble, you'll get thanked. Remember, a lot of these sorts of places *have no backups at all*. I know that seems incomprehensible to people on this list, but for a lot of really small shops ( 5 people), their disaster recovery plan is chapter 7 bankruptcy liquidation. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Phones
I don't like ssh on the iphone, but that's because I don't care to type a whole lot on it. I still want a BT keyboard! On Wed, Jul 8, 2009 at 1:44 PM, Barsodi.John john.bars...@igt.com wrote: Ugh, my bad, I have a bad habit of reading too fast and missing key bits. J That’s a bummer about being locked into those choices. I did use SSH on the pearl. Had to create a lot of customized entries in the dictionary for the cmds, but it wasn’t a big deal. I think a Full QWERTY is better for that type of App, but that’s just me. You’re choices being limited, are all very different. I would think about what type of connectivity you have to your office. BES, EAS? And that might help you make your decision. Both the Jack and the iPhone are 3G. That too me, would be an important factor. Thanks, - JB *From:* Joseph L. Casale [mailto:jcas...@activenetwerx.com] *Sent:* Wednesday, July 08, 2009 9:29 AM *To:* NT System Admin Issues *Subject:* RE: Phones Well, Fido sucks crap and offers like 5 phones? Canada… So my only options are the listed ones, sigh… I am expected to spend hours of my own fuggin time on a pc, but my company can’t just **buy** me a phone that allows me to work conveniently. Don’t even get me started L So as lame as a Pearl is, you ssh’ed on it (I might be stuck with that one)? I might go for the normal iPhone 3G if I can, at least its moderately cool. jlc *From:* Barsodi.John [mailto:john.bars...@igt.com] *Sent:* Wednesday, July 08, 2009 10:23 AM *To:* NT System Admin Issues *Subject:* RE: Phones I picked up the Pearl the day it dropped on Tmobile in 2006, ran that phone into the ground until I upgraded this past November to a Storm and Bold. Seeing that you have the iPhone, why is the Bold not an option? If you can swing it, get the Bold. I’ve used a few ssh clients on the BB platform and they are fine. There are free ones and paid for ones. I liked a paid for version of Rove’s SSH client – not sure if they sell just the SSH client by itself anymore. Thanks, - JB *From:* Joseph L. Casale [mailto:jcas...@activenetwerx.com] *Sent:* Wednesday, July 08, 2009 9:19 AM *To:* NT System Admin Issues *Subject:* Phones As a result of working with Fido and a super cheap company, I need a new phone “from the list of possible ones” handed to me. I need an ssh client and PIX vpn access, the only options I have are a Samsung Jack, Blackberry Pearl, or iPhone 3G (not the new one). Anyone got any experiences with these and can suggest caveats? Although I have used an iPhone before, I haven’t used an ssh client on one, how shitty would that be? Thanks! jlc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
re: Slow DFS connections for windows xp users (and windows 2003)
Come on guys, a little bit of help? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Firefox 3.5 Silent Install.
On Wed, Jul 8, 2009 at 8:00 AM, Michael B. Smithmich...@owa.smithcons.com wrote: A power user is an admin who hasn't bothered to make themselves an admin - yet. MBS beat me to it. In particular, Power Users defeat most of the security defenses against even accidental malware infection. Anything that gets in can infect all the Windows stuff kept under Program Files. That's stuff that will get used by Explorer on login. So any admin who logins will immediately finish the system compromise. I don't see the point in Power User. Never have. Might as well just give 'em full admin rights. Less problematic and doesn't give you a false sense of security. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: GPO to block chrome.exe
If you are talking about a software restriction policy value that you've added, it will only block the ability to run chrome.exe out of that location you've specified-it does not filter out the actual file from existing on the system. The hash block is also going to only work on that specific version, and you could run into versioning issues as upgrades are released. WS03 R2 or higher has File server resource manager (part of the R2 quota tools), which can be used to add file screens, but that won't work on a local workstation (it's possible they've added something with Vista and up that I'm not aware of-probably worth searching). If these are roaming profiles, FSRM file screens could prevent it saving back to the server, but we've had all sorts of grief with that type of setup-you're better off blocking the installation application or locking down rights to install in the first place. If that's not an option, you might be looking for something third party. -Bonnie From: David Lum [mailto:david@nwea.org] Sent: Tuesday, July 07, 2009 10:53 AM To: NT System Admin Issues Subject: GPO to block chrome.exe I have a GPO with a path value blocking %userprofile%\Local Settings\Application Data\Google\Chrome\Application\chrome.exe, but it doesn't seem to be working. Running the modeling wizard I see the GPO is applied to the correct system. I also see chrome.exe seems to exist in all sorts of Local Settings\Temp\chrome_ locations, what's up w/ that? I also have a hash value block of the .EXE (well, one version of them) in the same GPO. I need to block the app (please don't get me started at blocking the install on the first place...one step at a time here). Ideas? David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Measure Cell Phone Strength (Without the Phone)
We may be tasked with measuring cell phone signal strength (dB) of multiple carriers within many buildings, in many cities. Apart from buying a cell phone from each carrier, and shipping it to each site, I would like to see if there are any options you guys may have heard of or tested. I will be contacting a few carriers as well to see if there is any commercial equipment/software available. I'm sure they have some site survey equipment; if it's available to the private sector is the key. TIA Sam Cayze Information Technology Administrator ROLLOUTS ONSITE * ON DEMAND 952.279.6218...Direct Dial 612.386.3946...Mobile 877.471.6495...eFax www.Rollouts.com blocked::http://www.Rollouts.com www.e-Technicians.net http://www.e-technicians.net/ CONFIDENTIALITY NOTICE: This email and any attachment(s) are intended only for the designated recipient(s). Rollouts Incorporated prohibits use, distribution or transmittal by or to an unintended recipient without Rollouts' express written approval. If you are not the intended recipient, please delete this email and notify Rollouts. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: GPO to block chrome.exe
Block the download location on the firewall (Not the best, but it will help). From: Miller Bonnie L. [mailto:mille...@mukilteo.wednet.edu] Sent: Wednesday, July 08, 2009 1:14 PM To: NT System Admin Issues Subject: RE: GPO to block chrome.exe If you are talking about a software restriction policy value that you've added, it will only block the ability to run chrome.exe out of that location you've specified-it does not filter out the actual file from existing on the system. The hash block is also going to only work on that specific version, and you could run into versioning issues as upgrades are released. WS03 R2 or higher has File server resource manager (part of the R2 quota tools), which can be used to add file screens, but that won't work on a local workstation (it's possible they've added something with Vista and up that I'm not aware of-probably worth searching). If these are roaming profiles, FSRM file screens could prevent it saving back to the server, but we've had all sorts of grief with that type of setup-you're better off blocking the installation application or locking down rights to install in the first place. If that's not an option, you might be looking for something third party. -Bonnie From: David Lum [mailto:david@nwea.org] Sent: Tuesday, July 07, 2009 10:53 AM To: NT System Admin Issues Subject: GPO to block chrome.exe I have a GPO with a path value blocking %userprofile%\Local Settings\Application Data\Google\Chrome\Application\chrome.exe, but it doesn't seem to be working. Running the modeling wizard I see the GPO is applied to the correct system. I also see chrome.exe seems to exist in all sorts of Local Settings\Temp\chrome_ locations, what's up w/ that? I also have a hash value block of the .EXE (well, one version of them) in the same GPO. I need to block the app (please don't get me started at blocking the install on the first place...one step at a time here). Ideas? David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Win2003 DC on Win2000 domain
On Wed, Jul 8, 2009 at 2:23 AM, Ken Schaeferk...@adopenstatic.com wrote: I would do this all on the customer's premises ... on their equipment. A big part of SOHO consulting is that they don't have the equipment needed. They're basically renting it from the consultant. They don't have the budget for dedicated stuff. Most of the time, they don't have an IT budget at all. IT gets leftovers. If a failure or need means operations halt, then they go to Staples and buy the cheapest thing they can find to slap a band-aid over it and continue limping along. They don't have stand-by equipment, or spare equipment. Quite often, what they have is not in good repair. I used to do this kind of consulting. 4.5 years ago, one was a company of maybe 50 people. Their primary server was running Netware 4.x and had a RAID-5 array with one disk missing -- i.e., degraded, no longer fault tolerant. Their tape drive had long since quit. They didn't see the problem, wouldn't spend to upgrade it. That's the typical environment we're dealing with here. They must have a budget for this (otherwise how are they paying you?) ... Typically out of general or contingency funds. Sometimes not even that -- like others, I've been stiffed by SOHOs before. It's part of that market. And while you might threaten it, you don't actually hire collections for a $200 bill. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Win2003 DC on Win2000 domain
Assuming there's anything behind them. Also, a password loss can be mitigated in seconds at no cost (call the boss, say have all 4 people change their pw now). It's about risk management, not risk prevention. Small businesses do not work the same as larger enterprises. What is a huge risk for a larger company can be immaterial for a small business and vice versa. A consultant's role is to interface with the business management and determine appropriate measures. I don't believe one can make blanket statements about what is appropriate or not for any particular business... I'm a big fan of appropriate security, and my systems/infrastructure design incorporates it from the start. But there's a limit to how secure a small business wants and/or needs to be. Or can afford to be... *** Charlie Kaiser charl...@golden-eagle.org Kingman, AZ *** -Original Message- From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Wednesday, July 08, 2009 10:32 AM To: NT System Admin Issues Subject: RE: Win2003 DC on Win2000 domain Passwords are very much so sensitive data. Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 -Original Message- From: Charlie Kaiser [mailto:charl...@golden-eagle.org] Sent: Wednesday, July 08, 2009 8:42 AM To: NT System Admin Issues Subject: RE: Win2003 DC on Win2000 domain Another thing about many small shops (I consult to SMBs) is that there often isn't any sensitive data in AD. It's a list of user and computer accounts, with little if any personal info put in. A 10 person shop isn't going to bother filling in all the attributes in AD. Sometimes you don't even get last names. :-) I also work for large financials and yes, it would be significantly different in such a case. I think it's important to put in perspective what type of data one might be dealing with in this type of situation. *** Charlie Kaiser charl...@golden-eagle.org Kingman, AZ *** -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Tuesday, July 07, 2009 10:21 PM To: NT System Admin Issues Subject: Re: Win2003 DC on Win2000 domain On Wed, Jul 8, 2009 at 12:59 AM, Ken Schaeferk...@adopenstatic.com wrote: I'm going to have to agree with Brian on this. Making a copy of someone's DIT isn't the same as a proper backup. I don't think Brian's questioning your professionalism here - but if I was a customer I'd be quite nervous about this to. You guys have been working for real companies too long. For SOHOs, if you say I'm making a virtual machine of an Active Directory Domain Controller on my laptop; that includes the DIT files. I'll keep it for a few days in case we have trouble you're going to get nothing but blank stares. When you then rephrase it as I'm keeping a copy of important server stuff on my laptop in case we have trouble, you'll get thanked. Remember, a lot of these sorts of places *have no backups at all*. I know that seems incomprehensible to people on this list, but for a lot of really small shops ( 5 people), their disaster recovery plan is chapter 7 bankruptcy liquidation. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Phones
+1 BT keyboard for all smart phones Gene Giannamore Abide International Inc. Technical Support 561 1st Street West Sonoma,Ca.95476 (707) 935-1577Office (707) 935-9387Fax (707) 766-4185Cell gene.giannam...@abideinternational.com www.abideinternational.com -Original Message- From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Wednesday, July 08, 2009 10:53 AM To: NT System Admin Issues Subject: Re: Phones I don't like ssh on the iphone, but that's because I don't care to type a whole lot on it. I still want a BT keyboard! On Wed, Jul 8, 2009 at 1:44 PM, Barsodi.John john.bars...@igt.com wrote: Ugh, my bad, I have a bad habit of reading too fast and missing key bits. J That's a bummer about being locked into those choices. I did use SSH on the pearl. Had to create a lot of customized entries in the dictionary for the cmds, but it wasn't a big deal. I think a Full QWERTY is better for that type of App, but that's just me. You're choices being limited, are all very different. I would think about what type of connectivity you have to your office. BES, EAS? And that might help you make your decision. Both the Jack and the iPhone are 3G. That too me, would be an important factor. Thanks, - JB From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Wednesday, July 08, 2009 9:29 AM To: NT System Admin Issues Subject: RE: Phones Well, Fido sucks crap and offers like 5 phones? Canada... So my only options are the listed ones, sigh... I am expected to spend hours of my own fuggin time on a pc, but my company can't just *buy* me a phone that allows me to work conveniently. Don't even get me started L So as lame as a Pearl is, you ssh'ed on it (I might be stuck with that one)? I might go for the normal iPhone 3G if I can, at least its moderately cool. jlc From: Barsodi.John [mailto:john.bars...@igt.com] Sent: Wednesday, July 08, 2009 10:23 AM To: NT System Admin Issues Subject: RE: Phones I picked up the Pearl the day it dropped on Tmobile in 2006, ran that phone into the ground until I upgraded this past November to a Storm and Bold. Seeing that you have the iPhone, why is the Bold not an option? If you can swing it, get the Bold. I've used a few ssh clients on the BB platform and they are fine. There are free ones and paid for ones. I liked a paid for version of Rove's SSH client - not sure if they sell just the SSH client by itself anymore. Thanks, - JB From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Wednesday, July 08, 2009 9:19 AM To: NT System Admin Issues Subject: Phones As a result of working with Fido and a super cheap company, I need a new phone from the list of possible ones handed to me. I need an ssh client and PIX vpn access, the only options I have are a Samsung Jack, Blackberry Pearl, or iPhone 3G (not the new one). Anyone got any experiences with these and can suggest caveats? Although I have used an iPhone before, I haven't used an ssh client on one, how shitty would that be? Thanks! jlc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Phones
Ok, there's a KB for the Pearl. I think I will get that, Fido is all sold out of iPhones anyway, sigh... Thanks for the insight guys! jlc -Original Message- From: Gene Giannamore [mailto:gene.giannam...@abideinternational.com] Sent: Wednesday, July 08, 2009 12:33 PM To: NT System Admin Issues Subject: RE: Phones +1 BT keyboard for all smart phones Gene Giannamore Abide International Inc. Technical Support 561 1st Street West Sonoma,Ca.95476 (707) 935-1577Office (707) 935-9387Fax (707) 766-4185Cell gene.giannam...@abideinternational.com www.abideinternational.com -Original Message- From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Wednesday, July 08, 2009 10:53 AM To: NT System Admin Issues Subject: Re: Phones I don't like ssh on the iphone, but that's because I don't care to type a whole lot on it. I still want a BT keyboard! On Wed, Jul 8, 2009 at 1:44 PM, Barsodi.John john.bars...@igt.com wrote: Ugh, my bad, I have a bad habit of reading too fast and missing key bits. J That's a bummer about being locked into those choices. I did use SSH on the pearl. Had to create a lot of customized entries in the dictionary for the cmds, but it wasn't a big deal. I think a Full QWERTY is better for that type of App, but that's just me. You're choices being limited, are all very different. I would think about what type of connectivity you have to your office. BES, EAS? And that might help you make your decision. Both the Jack and the iPhone are 3G. That too me, would be an important factor. Thanks, - JB From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Wednesday, July 08, 2009 9:29 AM To: NT System Admin Issues Subject: RE: Phones Well, Fido sucks crap and offers like 5 phones? Canada... So my only options are the listed ones, sigh... I am expected to spend hours of my own fuggin time on a pc, but my company can't just *buy* me a phone that allows me to work conveniently. Don't even get me started L So as lame as a Pearl is, you ssh'ed on it (I might be stuck with that one)? I might go for the normal iPhone 3G if I can, at least its moderately cool. jlc From: Barsodi.John [mailto:john.bars...@igt.com] Sent: Wednesday, July 08, 2009 10:23 AM To: NT System Admin Issues Subject: RE: Phones I picked up the Pearl the day it dropped on Tmobile in 2006, ran that phone into the ground until I upgraded this past November to a Storm and Bold. Seeing that you have the iPhone, why is the Bold not an option? If you can swing it, get the Bold. I've used a few ssh clients on the BB platform and they are fine. There are free ones and paid for ones. I liked a paid for version of Rove's SSH client - not sure if they sell just the SSH client by itself anymore. Thanks, - JB From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Wednesday, July 08, 2009 9:19 AM To: NT System Admin Issues Subject: Phones As a result of working with Fido and a super cheap company, I need a new phone from the list of possible ones handed to me. I need an ssh client and PIX vpn access, the only options I have are a Samsung Jack, Blackberry Pearl, or iPhone 3G (not the new one). Anyone got any experiences with these and can suggest caveats? Although I have used an iPhone before, I haven't used an ssh client on one, how shitty would that be? Thanks! jlc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: GPO to block chrome.exe
Yeah, I was afraid that all that was the case. Servers are not R2, no roaming profiles, so I am largely out of luck unless I want to do more work than is really worthwhile at the moment. From: Miller Bonnie L. [mailto:mille...@mukilteo.wednet.edu] Sent: Wednesday, July 08, 2009 11:14 AM To: NT System Admin Issues Subject: RE: GPO to block chrome.exe If you are talking about a software restriction policy value that you've added, it will only block the ability to run chrome.exe out of that location you've specified-it does not filter out the actual file from existing on the system. The hash block is also going to only work on that specific version, and you could run into versioning issues as upgrades are released. WS03 R2 or higher has File server resource manager (part of the R2 quota tools), which can be used to add file screens, but that won't work on a local workstation (it's possible they've added something with Vista and up that I'm not aware of-probably worth searching). If these are roaming profiles, FSRM file screens could prevent it saving back to the server, but we've had all sorts of grief with that type of setup-you're better off blocking the installation application or locking down rights to install in the first place. If that's not an option, you might be looking for something third party. -Bonnie From: David Lum [mailto:david@nwea.org] Sent: Tuesday, July 07, 2009 10:53 AM To: NT System Admin Issues Subject: GPO to block chrome.exe I have a GPO with a path value blocking %userprofile%\Local Settings\Application Data\Google\Chrome\Application\chrome.exe, but it doesn't seem to be working. Running the modeling wizard I see the GPO is applied to the correct system. I also see chrome.exe seems to exist in all sorts of Local Settings\Temp\chrome_ locations, what's up w/ that? I also have a hash value block of the .EXE (well, one version of them) in the same GPO. I need to block the app (please don't get me started at blocking the install on the first place...one step at a time here). Ideas? David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: New IE zero day exploit in the wild
Truth. However, there are also political and training issues. 1) We haven't, as a company (nor within IT) figured out how to make our standard apps work under under non-admin accounts. This will take time and resources to figure out, and then further time and resources to figure out how to productionise the application of these settings and apply them across the domain, including two offices overseas. 2) A large portion of our users are engineers who have a rabid aversion to the idea that they can't be admins on their own boxes. I'm in the (multi-year!) process of simply trying to convince engineering managers that none of the staff need two NICs in their boxes - one for the production LAN and one for the test/dev LAN. 3) The overseas offices are also politically resistant to this idea. While I agree that the load would be lessened, and we'd have a much better managed and more secure environment, this is not a trivial effort, and at times I despair. But, I persist, and have it as a goal to work toward this fiscal year. The first step is to get signoff by company management, in the form of an actual policy - something of which there are no good examples. There are practices and recommendations regarding IT, but very little in the way of a real IT policy that has been agreed to by management. Kurt On Wed, Jul 8, 2009 at 07:52, Jonathan Linkjonathan.l...@gmail.com wrote: After taking local admin rights away from users my plate is less full. YMMV. On Wed, Jul 8, 2009 at 10:47 AM, Kurt Buff kurt.b...@gmail.com wrote: Yes, unfortunately, all our users are admins. It sucks, but I use it to my advantage when I can. The reason we've not done a GP is because we haven't had the luxury of studying to understand them. Our plates always seem to be full with other things. On Tue, Jul 7, 2009 at 19:04, Ken Schaeferk...@adopenstatic.com wrote: Are all your users admins? Otherwise, how is that logon script going to update HKLM? Machine-based startup script would be better idea, no? Cheers Ken From: Kurt Buff [kurt.b...@gmail.com] Sent: Wednesday, 8 July 2009 2:41 AM To: NT System Admin Issues Subject: Re: New IE zero day exploit in the wild I'm just pushing out the .reg file in the login script: regedit /s \\fileserver\public\patches\videokillbits.reg The file was easy to create, in a capable editor (not notepad or wordpad) that allows metacharacter search and replace, such as '\n' for CRLF and '\t' for tab. I used the ancient, no-longer-supported PFE32. I really should switch to VIM, I suppose. On Tue, Jul 7, 2009 at 08:40, Eric Wittersheimeric.wittersh...@gmail.com wrote: I'm pushing out the .reg via GP. So far so good. On Tue, Jul 7, 2009 at 10:38 AM, David Lum david@nwea.org wrote: The “Microsoft fix-it” is an MSI that I am pushing via SMS and is pushing fine (so far just a few test cases have it, but no issues). Beats trying to push out a .REG or something… David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Phones
On Wed, Jul 8, 2009 at 11:18 AM, Joseph L. Casalejcas...@activenetwerx.com wrote: As a result of working with Fido and a super cheap company, I need a new phone “from the list of possible ones” handed to me. I need an ssh client and PIX vpn access, the only options I have are a Samsung Jack, Blackberry Pearl, or iPhone 3G (not the new one). There's a couple guys here in my office that use the iPhone to connect via the built-in Cisco VPN client. I had them test it with the vCenter Mobile (VMWare management for mobile devices) and it worked perfectly. Some other guys use an ssh client on their iPhones and are happy with it. I have a Bold myself, and while it is nice, I can't get the bloody VPN to work. On top of that, the VPN profile is tied to a wifi profile, where the iPhone can do VPN over the 3G network. So even if it did work, 90% of the time that I'm away from computer access I wouldn't be able to use it. A bit pointless. I'd worry that the Pearl would be in the same boat with the Bold on VPN access. Seth ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Phones
Hrm, I sent email to a CCIE I know... Hopefully he has some insight! jlc -Original Message- From: S Conn. [mailto:sysadminli...@gmail.com] Sent: Wednesday, July 08, 2009 12:54 PM To: NT System Admin Issues Subject: Re: Phones On Wed, Jul 8, 2009 at 11:18 AM, Joseph L. Casalejcas...@activenetwerx.com wrote: As a result of working with Fido and a super cheap company, I need a new phone from the list of possible ones handed to me. I need an ssh client and PIX vpn access, the only options I have are a Samsung Jack, Blackberry Pearl, or iPhone 3G (not the new one). There's a couple guys here in my office that use the iPhone to connect via the built-in Cisco VPN client. I had them test it with the vCenter Mobile (VMWare management for mobile devices) and it worked perfectly. Some other guys use an ssh client on their iPhones and are happy with it. I have a Bold myself, and while it is nice, I can't get the bloody VPN to work. On top of that, the VPN profile is tied to a wifi profile, where the iPhone can do VPN over the 3G network. So even if it did work, 90% of the time that I'm away from computer access I wouldn't be able to use it. A bit pointless. I'd worry that the Pearl would be in the same boat with the Bold on VPN access. Seth ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: New IE zero day exploit in the wild
We're going through something similar right now. Although, not everyone is a local admin, there are enough of them to cause additional workload on the field techs. We also have a few thousand Sales Agents who are allowed to bring in their home laptops and connect to the network. That's another battle altogether.. Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Wednesday, July 08, 2009 2:51 PM To: NT System Admin Issues Subject: Re: New IE zero day exploit in the wild Truth. However, there are also political and training issues. 1) We haven't, as a company (nor within IT) figured out how to make our standard apps work under under non-admin accounts. This will take time and resources to figure out, and then further time and resources to figure out how to productionise the application of these settings and apply them across the domain, including two offices overseas. 2) A large portion of our users are engineers who have a rabid aversion to the idea that they can't be admins on their own boxes. I'm in the (multi-year!) process of simply trying to convince engineering managers that none of the staff need two NICs in their boxes - one for the production LAN and one for the test/dev LAN. 3) The overseas offices are also politically resistant to this idea. While I agree that the load would be lessened, and we'd have a much better managed and more secure environment, this is not a trivial effort, and at times I despair. But, I persist, and have it as a goal to work toward this fiscal year. The first step is to get signoff by company management, in the form of an actual policy - something of which there are no good examples. There are practices and recommendations regarding IT, but very little in the way of a real IT policy that has been agreed to by management. Kurt On Wed, Jul 8, 2009 at 07:52, Jonathan Linkjonathan.l...@gmail.com wrote: After taking local admin rights away from users my plate is less full. YMMV. On Wed, Jul 8, 2009 at 10:47 AM, Kurt Buff kurt.b...@gmail.com wrote: Yes, unfortunately, all our users are admins. It sucks, but I use it to my advantage when I can. The reason we've not done a GP is because we haven't had the luxury of studying to understand them. Our plates always seem to be full with other things. On Tue, Jul 7, 2009 at 19:04, Ken Schaeferk...@adopenstatic.com wrote: Are all your users admins? Otherwise, how is that logon script going to update HKLM? Machine-based startup script would be better idea, no? Cheers Ken From: Kurt Buff [kurt.b...@gmail.com] Sent: Wednesday, 8 July 2009 2:41 AM To: NT System Admin Issues Subject: Re: New IE zero day exploit in the wild I'm just pushing out the .reg file in the login script: �� regedit /s \\fileserver\public\patches\videokillbits.reg The file was easy to create, in a capable editor (not notepad or wordpad) that allows metacharacter search and replace, such as '\n' for CRLF and '\t' for tab. I used the ancient, no-longer-supported PFE32. I really should switch to VIM, I suppose. On Tue, Jul 7, 2009 at 08:40, Eric Wittersheimeric.wittersh...@gmail.com wrote: I'm pushing out the .reg via GP. ��So far so good. On Tue, Jul 7, 2009 at 10:38 AM, David Lum david@nwea.org wrote: The ���Microsoft fix-i is an MSI that I am pushing via SMS and is pushing fine (so far just a few test cases have it, but no issues). Beats trying to push out a .REG or something��� David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/���~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/�� ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Phones
I've got an iPhone 3G for sale.. :) Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com -Original Message- From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Wednesday, July 08, 2009 2:46 PM To: NT System Admin Issues Subject: RE: Phones Ok, there's a KB for the Pearl. I think I will get that, Fido is all sold out of iPhones anyway, sigh... Thanks for the insight guys! jlc -Original Message- From: Gene Giannamore [mailto:gene.giannam...@abideinternational.com] Sent: Wednesday, July 08, 2009 12:33 PM To: NT System Admin Issues Subject: RE: Phones +1 BT keyboard for all smart phones Gene Giannamore Abide International Inc. Technical Support 561 1st Street West Sonoma,Ca.95476 (707) 935-1577Office (707) 935-9387Fax (707) 766-4185Cell gene.giannam...@abideinternational.com www.abideinternational.com -Original Message- From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Wednesday, July 08, 2009 10:53 AM To: NT System Admin Issues Subject: Re: Phones I don't like ssh on the iphone, but that's because I don't care to type a whole lot on it. I still want a BT keyboard! On Wed, Jul 8, 2009 at 1:44 PM, Barsodi.John john.bars...@igt.com wrote: Ugh, my bad, I have a bad habit of reading too fast and missing key bits. J That's a bummer about being locked into those choices. I did use SSH on the pearl. Had to create a lot of customized entries in the dictionary for the cmds, but it wasn't a big deal. I think a Full QWERTY is better for that type of App, but that's just me. You're choices being limited, are all very different. I would think about what type of connectivity you have to your office. BES, EAS? And that might help you make your decision. Both the Jack and the iPhone are 3G. That too me, would be an important factor. Thanks, - JB From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Wednesday, July 08, 2009 9:29 AM To: NT System Admin Issues Subject: RE: Phones Well, Fido sucks crap and offers like 5 phones? Canada... So my only options are the listed ones, sigh... I am expected to spend hours of my own fuggin time on a pc, but my company can't just *buy* me a phone that allows me to work conveniently. Don't even get me started L So as lame as a Pearl is, you ssh'ed on it (I might be stuck with that one)? I might go for the normal iPhone 3G if I can, at least its moderately cool. jlc From: Barsodi.John [mailto:john.bars...@igt.com] Sent: Wednesday, July 08, 2009 10:23 AM To: NT System Admin Issues Subject: RE: Phones I picked up the Pearl the day it dropped on Tmobile in 2006, ran that phone into the ground until I upgraded this past November to a Storm and Bold. Seeing that you have the iPhone, why is the Bold not an option? If you can swing it, get the Bold. I've used a few ssh clients on the BB platform and they are fine. There are free ones and paid for ones. I liked a paid for version of Rove's SSH client - not sure if they sell just the SSH client by itself anymore. Thanks, - JB From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Wednesday, July 08, 2009 9:19 AM To: NT System Admin Issues Subject: Phones As a result of working with Fido and a super cheap company, I need a new phone from the list of possible ones handed to me. I need an ssh client and PIX vpn access, the only options I have are a Samsung Jack, Blackberry Pearl, or iPhone 3G (not the new one). Anyone got any experiences with these and can suggest caveats? Although I have used an iPhone before, I haven't used an ssh client on one, how shitty would that be? Thanks! jlc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: New IE zero day exploit in the wild
I took that list of CLSIDs, and used PFE32 to search and replace '{' with '[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{' I then did a search and replace of '}' with '}]\nCompatibility Flags=dword:0400' Note the \n at the beginning - in PFE32 this is a special character for the newline. Fix up the bit at the beginning with the line: Windows Registry Editor Version 5.00 and then save the file off, and you're good to go. Kurt On Wed, Jul 8, 2009 at 07:56, Ziots, Edwardezi...@lifespan.org wrote: Question, According to the Microsoft article it looks like you need to add a whole a lot of CSLID's that need the kill bit set, is this what everyone else is doing? So basically adding each one of these CSLID's to a .reg file and then scheduling a bat file to be run at the computer startup like the following? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Slow DFS connections for windows xp users (and windows 2003)
We are an XP only organization on the desktop. We have 2 Win2k3 servers where we use DFS to mirror the data between them. We found that there were significant issues with trying to access the DFS location from the desktops -- data was not replicated consistently between the two servers, so we still have DFS running, but only access the data on one server. It was too much of a headache to try and access it from a random server. -Original Message- From: Steph Balog [mailto:validemai...@gmail.com] Sent: Wednesday, July 08, 2009 1:55 PM To: NT System Admin Issues Subject: re: Slow DFS connections for windows xp users (and windows 2003) Come on guys, a little bit of help? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ Checked by AVG - www.avg.com Version: 8.5.387 / Virus Database: 270.13.8/2224 - Release Date: 07/08/09 05:53:00 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Phones
Yes, it does. And has since March '08. http://blogs.cisco.com/news/comments/apple_iphone_enterprise_ready_with_cisco_vpn/ IT was probably a consequence of the settlement between Apple and Cisco regarding the iPhone trademark. On Wed, Jul 8, 2009 at 3:25 PM, Sherry Abercrombie saber...@gmail.comwrote: iPhones have built-in Cisco VPN? That just might give my manager the justification he needs to get us one. That and the fact that the CEO is getting one and my manager is already letting them know we don't have one so therefore are not familiar enough with them to provide necessary support. On Wed, Jul 8, 2009 at 1:53 PM, S Conn. sysadminli...@gmail.com wrote: On Wed, Jul 8, 2009 at 11:18 AM, Joseph L. Casalejcas...@activenetwerx.com wrote: As a result of working with Fido and a super cheap company, I need a new phone “from the list of possible ones” handed to me. I need an ssh client and PIX vpn access, the only options I have are a Samsung Jack, Blackberry Pearl, or iPhone 3G (not the new one). There's a couple guys here in my office that use the iPhone to connect via the built-in Cisco VPN client. I had them test it with the vCenter Mobile (VMWare management for mobile devices) and it worked perfectly. Some other guys use an ssh client on their iPhones and are happy with it. I have a Bold myself, and while it is nice, I can't get the bloody VPN to work. On top of that, the VPN profile is tied to a wifi profile, where the iPhone can do VPN over the 3G network. So even if it did work, 90% of the time that I'm away from computer access I wouldn't be able to use it. A bit pointless. I'd worry that the Pearl would be in the same boat with the Bold on VPN access. Seth ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ -- Sherry Abercrombie Any sufficiently advanced technology is indistinguishable from magic. Arthur C. Clarke ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Phones
I've had one since 1st Gen. Used to carry a company-issued BB and my iPhone, but recently ditched the BB and carry just the iPhone now. Our CEO bought a 3GS and is ga-ga for it. Soon afterwards I heard we are most likely ditching the BES and BBs and going with iPhones across the company. How good/bad that will be, I don't know. But, in today's economy (especially real estate) it doesn't surprise me. Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com mailto:don.gu...@prufoxroach.com From: Sherry Abercrombie [mailto:saber...@gmail.com] Sent: Wednesday, July 08, 2009 3:25 PM To: NT System Admin Issues Subject: Re: Phones iPhones have built-in Cisco VPN? That just might give my manager the justification he needs to get us one. That and the fact that the CEO is getting one and my manager is already letting them know we don't have one so therefore are not familiar enough with them to provide necessary support. On Wed, Jul 8, 2009 at 1:53 PM, S Conn. sysadminli...@gmail.com wrote: On Wed, Jul 8, 2009 at 11:18 AM, Joseph L. Casalejcas...@activenetwerx.com wrote: As a result of working with Fido and a super cheap company, I need a new phone from the list of possible ones handed to me. I need an ssh client and PIX vpn access, the only options I have are a Samsung Jack, Blackberry Pearl, or iPhone 3G (not the new one). There's a couple guys here in my office that use the iPhone to connect via the built-in Cisco VPN client. I had them test it with the vCenter Mobile (VMWare management for mobile devices) and it worked perfectly. Some other guys use an ssh client on their iPhones and are happy with it. I have a Bold myself, and while it is nice, I can't get the bloody VPN to work. On top of that, the VPN profile is tied to a wifi profile, where the iPhone can do VPN over the 3G network. So even if it did work, 90% of the time that I'm away from computer access I wouldn't be able to use it. A bit pointless. I'd worry that the Pearl would be in the same boat with the Bold on VPN access. Seth ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ -- Sherry Abercrombie Any sufficiently advanced technology is indistinguishable from magic. Arthur C. Clarke ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Phones
Thanks for that link Jonathan, it has just recently been decided that we will be ditching our Nortel VPN other network stuff in favor of Cisco, so that has suddenly become the buzz-word around here, so when I saw this mentioned, I naturally am very interested. It would probably make our manager very happy to know that the on-call person could vpn from wherever they are work on stuff.. Cisco equipment just started arriving this week. On Wed, Jul 8, 2009 at 2:30 PM, Jonathan Link jonathan.l...@gmail.comwrote: Yes, it does. And has since March '08. http://blogs.cisco.com/news/comments/apple_iphone_enterprise_ready_with_cisco_vpn/ IT was probably a consequence of the settlement between Apple and Cisco regarding the iPhone trademark. On Wed, Jul 8, 2009 at 3:25 PM, Sherry Abercrombie saber...@gmail.comwrote: iPhones have built-in Cisco VPN? That just might give my manager the justification he needs to get us one. That and the fact that the CEO is getting one and my manager is already letting them know we don't have one so therefore are not familiar enough with them to provide necessary support. On Wed, Jul 8, 2009 at 1:53 PM, S Conn. sysadminli...@gmail.com wrote: On Wed, Jul 8, 2009 at 11:18 AM, Joseph L. Casalejcas...@activenetwerx.com wrote: As a result of working with Fido and a super cheap company, I need a new phone “from the list of possible ones” handed to me. I need an ssh client and PIX vpn access, the only options I have are a Samsung Jack, Blackberry Pearl, or iPhone 3G (not the new one). There's a couple guys here in my office that use the iPhone to connect via the built-in Cisco VPN client. I had them test it with the vCenter Mobile (VMWare management for mobile devices) and it worked perfectly. Some other guys use an ssh client on their iPhones and are happy with it. I have a Bold myself, and while it is nice, I can't get the bloody VPN to work. On top of that, the VPN profile is tied to a wifi profile, where the iPhone can do VPN over the 3G network. So even if it did work, 90% of the time that I'm away from computer access I wouldn't be able to use it. A bit pointless. I'd worry that the Pearl would be in the same boat with the Bold on VPN access. Seth ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ -- Sherry Abercrombie Any sufficiently advanced technology is indistinguishable from magic. Arthur C. Clarke -- Sherry Abercrombie Any sufficiently advanced technology is indistinguishable from magic. Arthur C. Clarke ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Phones
iPhones have built-in Cisco VPN? That just might give my manager the justification he needs to get us one. That and the fact that the CEO is getting one and my manager is already letting them know we don't have one so therefore are not familiar enough with them to provide necessary support. On Wed, Jul 8, 2009 at 1:53 PM, S Conn. sysadminli...@gmail.com wrote: On Wed, Jul 8, 2009 at 11:18 AM, Joseph L. Casalejcas...@activenetwerx.com wrote: As a result of working with Fido and a super cheap company, I need a new phone “from the list of possible ones” handed to me. I need an ssh client and PIX vpn access, the only options I have are a Samsung Jack, Blackberry Pearl, or iPhone 3G (not the new one). There's a couple guys here in my office that use the iPhone to connect via the built-in Cisco VPN client. I had them test it with the vCenter Mobile (VMWare management for mobile devices) and it worked perfectly. Some other guys use an ssh client on their iPhones and are happy with it. I have a Bold myself, and while it is nice, I can't get the bloody VPN to work. On top of that, the VPN profile is tied to a wifi profile, where the iPhone can do VPN over the 3G network. So even if it did work, 90% of the time that I'm away from computer access I wouldn't be able to use it. A bit pointless. I'd worry that the Pearl would be in the same boat with the Bold on VPN access. Seth ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ -- Sherry Abercrombie Any sufficiently advanced technology is indistinguishable from magic. Arthur C. Clarke ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: GPO to block chrome.exe
David- After I made that comment yesterday about google not necessarily giving end users the final say because they had offered some administrative tools for enterprises to control the toolbar in the past, and seeing Bonnies's comment about blocking the installer I got curious and went to look if those tools were still available and if they had offered anything else for all the apps that have appeared since I used the toobar template for our GPO 3 or more years ago so I googled google J. Turns out they still have the original Enterprise kit for toolbar and do have some later stuff for the newer apps. Toolbar Enterprise Guide http://desktop.google.com/enterprise/adminguide.html http://desktop.google.com/enterprise/adminguide.html (can't verify the url but that's what our websense is blocking so I think it still good) Installer/Updater http://www.google.com/support/installer/bin/answer.py?hl=enanswer=14616 4 http://www.google.com/support/installer/bin/answer.py?hl=enanswer=1461 64 Google provides an Administrative Template that defines policies for Google Update/Google Installer. You can apply Google Update policies by loading the Administrative Template into the Group Policy Editor of your choice. IIRC- One thing that could be done with the toolbar was to block the CLSID of the installer itself, we implemented that with the GPO and some rules in websense and the security guys were happy with the solution. There may have been one other element to the solution as it was quite some time and my recollection is fuzzy ago but the end result was that the toolbar was blocked to their satisfaction. I don't know how comprehensive the newer one is but I did see chrome mentioned in a cursory glance. C:\DATA\GPO\ADMfindstr /I chrome * GoogleUpdate.adm:CATEGORY !!Cat_GoogleChrome GoogleUpdate.adm:EXPLAIN !!Explain_InstallGoogleChrome GoogleUpdate.adm:EXPLAIN !!Explain_AutoUpdateGoogleChrome GoogleUpdate.adm:END CATEGORY ; Google Chrome GoogleUpdate.adm:Cat_GoogleChrome=Google Chrome GoogleUpdate.adm:; Google Chrome GoogleUpdate.adm:Explain_InstallGoogleChrome=Specifies whether Google Chrome can be installed using Google Update/Google Installer.\ /snip From: David Lum [mailto:david@nwea.org] Sent: Wednesday, July 08, 2009 11:46 AM To: NT System Admin Issues Subject: RE: GPO to block chrome.exe Yeah, I was afraid that all that was the case. Servers are not R2, no roaming profiles, so I am largely out of luck unless I want to do more work than is really worthwhile at the moment. From: Miller Bonnie L. [mailto:mille...@mukilteo.wednet.edu] Sent: Wednesday, July 08, 2009 11:14 AM To: NT System Admin Issues Subject: RE: GPO to block chrome.exe If you are talking about a software restriction policy value that you've added, it will only block the ability to run chrome.exe out of that location you've specified-it does not filter out the actual file from existing on the system. The hash block is also going to only work on that specific version, and you could run into versioning issues as upgrades are released. WS03 R2 or higher has File server resource manager (part of the R2 quota tools), which can be used to add file screens, but that won't work on a local workstation (it's possible they've added something with Vista and up that I'm not aware of-probably worth searching). If these are roaming profiles, FSRM file screens could prevent it saving back to the server, but we've had all sorts of grief with that type of setup-you're better off blocking the installation application or locking down rights to install in the first place. If that's not an option, you might be looking for something third party. -Bonnie From: David Lum [mailto:david@nwea.org] Sent: Tuesday, July 07, 2009 10:53 AM To: NT System Admin Issues Subject: GPO to block chrome.exe I have a GPO with a path value blocking %userprofile%\Local Settings\Application Data\Google\Chrome\Application\chrome.exe, but it doesn't seem to be working. Running the modeling wizard I see the GPO is applied to the correct system. I also see chrome.exe seems to exist in all sorts of Local Settings\Temp\chrome_ locations, what's up w/ that? I also have a hash value block of the .EXE (well, one version of them) in the same GPO. I need to block the app (please don't get me started at blocking the install on the first place...one step at a time here). Ideas? David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: GPO to block chrome.exe
Thanks Bob! Dave From: Free, Bob [mailto:r...@pge.com] Sent: Wednesday, July 08, 2009 1:38 PM To: NT System Admin Issues Subject: RE: GPO to block chrome.exe David- After I made that comment yesterday about google not necessarily giving end users the final say because they had offered some administrative tools for enterprises to control the toolbar in the past, and seeing Bonnies's comment about blocking the installer I got curious and went to look if those tools were still available and if they had offered anything else for all the apps that have appeared since I used the toobar template for our GPO 3 or more years ago so I googled google :). Turns out they still have the original Enterprise kit for toolbar and do have some later stuff for the newer apps. Toolbar Enterprise Guide http://desktop.google.com/enterprise/adminguide.html (can't verify the url but that's what our websense is blocking so I think it still good) Installer/Updater http://www.google.com/support/installer/bin/answer.py?hl=enanswer=146164 Google provides an Administrative Template that defines policies for Google Update/Google Installer. You can apply Google Update policies by loading the Administrative Template into the Group Policy Editor of your choice. IIRC- One thing that could be done with the toolbar was to block the CLSID of the installer itself, we implemented that with the GPO and some rules in websense and the security guys were happy with the solution. There may have been one other element to the solution as it was quite some time and my recollection is fuzzy ago but the end result was that the toolbar was blocked to their satisfaction. I don't know how comprehensive the newer one is but I did see chrome mentioned in a cursory glance. C:\DATA\GPO\ADMfindstr /I chrome * GoogleUpdate.adm:CATEGORY !!Cat_GoogleChrome GoogleUpdate.adm:EXPLAIN !!Explain_InstallGoogleChrome GoogleUpdate.adm:EXPLAIN !!Explain_AutoUpdateGoogleChrome GoogleUpdate.adm:END CATEGORY ; Google Chrome GoogleUpdate.adm:Cat_GoogleChrome=Google Chrome GoogleUpdate.adm:; Google Chrome GoogleUpdate.adm:Explain_InstallGoogleChrome=Specifies whether Google Chrome can be installed using Google Update/Google Installer.\ /snip From: David Lum [mailto:david@nwea.org] Sent: Wednesday, July 08, 2009 11:46 AM To: NT System Admin Issues Subject: RE: GPO to block chrome.exe Yeah, I was afraid that all that was the case. Servers are not R2, no roaming profiles, so I am largely out of luck unless I want to do more work than is really worthwhile at the moment. From: Miller Bonnie L. [mailto:mille...@mukilteo.wednet.edu] Sent: Wednesday, July 08, 2009 11:14 AM To: NT System Admin Issues Subject: RE: GPO to block chrome.exe If you are talking about a software restriction policy value that you've added, it will only block the ability to run chrome.exe out of that location you've specified-it does not filter out the actual file from existing on the system. The hash block is also going to only work on that specific version, and you could run into versioning issues as upgrades are released. WS03 R2 or higher has File server resource manager (part of the R2 quota tools), which can be used to add file screens, but that won't work on a local workstation (it's possible they've added something with Vista and up that I'm not aware of-probably worth searching). If these are roaming profiles, FSRM file screens could prevent it saving back to the server, but we've had all sorts of grief with that type of setup-you're better off blocking the installation application or locking down rights to install in the first place. If that's not an option, you might be looking for something third party. -Bonnie From: David Lum [mailto:david@nwea.org] Sent: Tuesday, July 07, 2009 10:53 AM To: NT System Admin Issues Subject: GPO to block chrome.exe I have a GPO with a path value blocking %userprofile%\Local Settings\Application Data\Google\Chrome\Application\chrome.exe, but it doesn't seem to be working. Running the modeling wizard I see the GPO is applied to the correct system. I also see chrome.exe seems to exist in all sorts of Local Settings\Temp\chrome_ locations, what's up w/ that? I also have a hash value block of the .EXE (well, one version of them) in the same GPO. I need to block the app (please don't get me started at blocking the install on the first place...one step at a time here). Ideas? David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Google size limits
I was thinking in the past I'd had attachments in my Gmail that were well in excess of 5MB, but that seems to be about the current limit for inbound to Gmail today. Does that sound right? -- David _ Republics are created by the virtue, public spirit, and intelligence of the citizens. They fall when the wise are banished from the public councils, because they dare to be honest, and the profligate are rewarded, because they flatter the people, in order to betray them. Justice Joseph Story, U.S. Supreme Ct. 1811-1845 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Google size limits
Must be the switch out of Beta ;-) From: David [mailto:blazer...@gmail.com] Sent: Wednesday, July 08, 2009 2:26 PM To: NT System Admin Issues Subject: Google size limits I was thinking in the past I'd had attachments in my Gmail that were well in excess of 5MB, but that seems to be about the current limit for inbound to Gmail today. Does that sound right? -- David _ Republics are created by the virtue, public spirit, and intelligence of the citizens. They fall when the wise are banished from the public councils, because they dare to be honest, and the profligate are rewarded, because they flatter the people, in order to betray them. Justice Joseph Story, U.S. Supreme Ct. 1811-1845 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Google size limits
They just increased it from 20 to 25 the other day. You can store larger files in your draft folders for an ad-hoc file transfer method in a pinch FYI ;) Sam From: David Lum [mailto:david@nwea.org] Sent: Wednesday, July 08, 2009 4:30 PM To: NT System Admin Issues Subject: RE: Google size limits Must be the switch out of Beta ;-) From: David [mailto:blazer...@gmail.com] Sent: Wednesday, July 08, 2009 2:26 PM To: NT System Admin Issues Subject: Google size limits I was thinking in the past I'd had attachments in my Gmail that were well in excess of 5MB, but that seems to be about the current limit for inbound to Gmail today. Does that sound right? -- David _ Republics are created by the virtue, public spirit, and intelligence of the citizens. They fall when the wise are banished from the public councils, because they dare to be honest, and the profligate are rewarded, because they flatter the people, in order to betray them. Justice Joseph Story, U.S. Supreme Ct. 1811-1845 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Google size limits
Ah, I withdraw the objection. It just took about an hour for Google to show an 8M file I'd sent.maybe they intentionally slow the big files down. Thx. On Wed, Jul 8, 2009 at 2:29 PM, David Lum david@nwea.org wrote: Must be the switch out of Beta ;-) *From:* David [mailto:blazer...@gmail.com] *Sent:* Wednesday, July 08, 2009 2:26 PM *To:* NT System Admin Issues *Subject:* Google size limits I was thinking in the past I'd had attachments in my Gmail that were well in excess of 5MB, but that seems to be about the current limit for inbound to Gmail today. Does that sound right? -- David _ Republics are created by the virtue, public spirit, and intelligence of the citizens. They fall when the wise are banished from the public councils, because they dare to be honest, and the profligate are rewarded, because they flatter the people, in order to betray them. Justice Joseph Story, U.S. Supreme Ct. 1811-1845 -- David _ Republics are created by the virtue, public spirit, and intelligence of the citizens. They fall when the wise are banished from the public councils, because they dare to be honest, and the profligate are rewarded, because they flatter the people, in order to betray them. Justice Joseph Story, U.S. Supreme Ct. 1811-1845 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Google size limits
Ah, great idea. Appreciate it! On Wed, Jul 8, 2009 at 2:35 PM, Sam Cayze sam.ca...@rollouts.com wrote: They just increased it from 20 to 25 the other day. You can store larger files in your draft folders for an ad-hoc file transfer method in a pinch FYI ;) Sam -- *From:* David Lum [mailto:david@nwea.org] *Sent:* Wednesday, July 08, 2009 4:30 PM *To:* NT System Admin Issues *Subject:* RE: Google size limits Must be the switch out of Beta ;-) *From:* David [mailto:blazer...@gmail.com] *Sent:* Wednesday, July 08, 2009 2:26 PM *To:* NT System Admin Issues *Subject:* Google size limits I was thinking in the past I'd had attachments in my Gmail that were well in excess of 5MB, but that seems to be about the current limit for inbound to Gmail today. Does that sound right? -- David _ Republics are created by the virtue, public spirit, and intelligence of the citizens. They fall when the wise are banished from the public councils, because they dare to be honest, and the profligate are rewarded, because they flatter the people, in order to betray them. Justice Joseph Story, U.S. Supreme Ct. 1811-1845 -- David _ Republics are created by the virtue, public spirit, and intelligence of the citizens. They fall when the wise are banished from the public councils, because they dare to be honest, and the profligate are rewarded, because they flatter the people, in order to betray them. Justice Joseph Story, U.S. Supreme Ct. 1811-1845 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Google size limits
As they should... From: David [mailto:blazer...@gmail.com] Sent: Wednesday, July 08, 2009 4:42 PM To: NT System Admin Issues Subject: Re: Google size limits Ah, I withdraw the objection. It just took about an hour for Google to show an 8M file I'd sent.maybe they intentionally slow the big files down. Thx. On Wed, Jul 8, 2009 at 2:29 PM, David Lum david@nwea.org wrote: Must be the switch out of Beta ;-) From: David [mailto:blazer...@gmail.com] Sent: Wednesday, July 08, 2009 2:26 PM To: NT System Admin Issues Subject: Google size limits I was thinking in the past I'd had attachments in my Gmail that were well in excess of 5MB, but that seems to be about the current limit for inbound to Gmail today. Does that sound right? -- David _ Republics are created by the virtue, public spirit, and intelligence of the citizens. They fall when the wise are banished from the public councils, because they dare to be honest, and the profligate are rewarded, because they flatter the people, in order to betray them. Justice Joseph Story, U.S. Supreme Ct. 1811-1845 -- David _ Republics are created by the virtue, public spirit, and intelligence of the citizens. They fall when the wise are banished from the public councils, because they dare to be honest, and the profligate are rewarded, because they flatter the people, in order to betray them. Justice Joseph Story, U.S. Supreme Ct. 1811-1845 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
800B0100 error on W2K8
W2K8 x64 standard SP1. Unable to change features in server manager; fails with 800B0100 error. Research pointed towards windows update. I've rerun WU, and get a repeated failure on KB951847, also with 800B0100. Additional symptoms include nothing listed under installed updates in CP, although there is an update history in WU. I'm running NOD32 AV, and have tried the fixes with AV disabled also. I've downloaded the 947821 util and ran it several times. Same result each time; runs, completes, but the CheckSUR.log still contains this entry: = Checking System Update Readiness. Binary Version 6.0.6001.22375 Package Version 5.0 2009-07-07 17:50 Checking Deployment Packages Checking Package Manifests and catalogs. Checking package watchlist. Checking component watchlist. Checking packages. (f) CBS MUM Missing 0x0002 servicing\packages\Package_for_KB948610_server_0~31bf3856ad364e35~amd64~~6.0 .6001.2123.mum (f) CBS MUM Missing 0x0002 servicing\packages\Package_for_KB948610_server~31bf3856ad364e35~amd64~~6.0.6 001.2123.mum (f) CBS MUM Missing 0x0002 servicing\packages\Package_for_KB948610~31bf3856ad364e35~amd64~~6.0.6001.212 3.mum Checking component store Summary: Seconds executed: 380 Found 3 errors CBS MUM Missing Total Count: 3 = How can I fix this? It appears to be a common problem with no obvious solutions yet, at least not that I've found. Posted to the MS newsgroups with no replies yet. Anyone got any ideas? Thanks. *** Charlie Kaiser charl...@golden-eagle.org Kingman, AZ *** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
OT: Google Voice
Anyone else get an invite yet? Looks pretty cool so far... -- ME2 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Slow DFS connections for windows xp users (and windows 2003)
The replication works fine in windows 2008. Is just the xp desktops are slow talking to them. Anyone? Please? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Win2003 DC on Win2000 domain
With all due respect Brian, You're applying MLB practice to a SOHO perspective. Even those of us in the SMB space understand the service Erik is doing here. Owners of small companies will not see the value in your perspective only the cost. Those of us that cater to the smaller business will do everything in our power to protect our clients from themselves. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Tuesday, July 07, 2009 10:34 PM To: NT System Admin Issues Subject: RE: Win2003 DC on Win2000 domain Yes pretty much. Here's another way I'd think of this. What's your liability insurance got to say about this bonus service? What happens when you tell the customer you've made a backup of their whatever and their office burns down a couple days later? Sure you can just restore that bonus backup except your laptop got runover by a bus in between the backup and the fire. A colleague had some wise words for me the first time I did a gig at a legal services customer - Just remember, they can sue you for free. Many customers I deal with, offsite backups consist of tapes going in these heavy duty metal boxes with locks on them. The boxes are barcoded or numbered or something and a guy comes to pick them up, signs for them, and the offsite people basically guarantee their safety until you sign for them when they come back. The delivery guy also drops off any locked tape boxes whose retention policies dictate their return as they've expired. In the unlikely event of some major crisis, the offsite people are on the nut to get your box of tapes somewhere in some prearranged guaranteed time window. Some customers are also sending stuff live (e.g. replicas on standby hardware) into a 3rd party datacenter designed for this sort of fallback plan (e.g. Sungard). They also have contracts where if their computer room burns down or something the vendor is on the nut to provide K servers of approximate configuration Z in location Y within X hours of notification of the requirement. These vendors have the kind of capacity and capability to deal with something like 9/11 or Katrina if the customer has the action plan to respond. Or perhaps something more simple like the two datacenter fires this past weekend - Seattle and Toronto both had high rise carrier hotel fires. One of them, I forget which, the electrical busing between floors was completely hosed (literally) from what I heard. Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 Active Directory, 4th Ed - http://www.briandesmond.com/ad4/ http://www.briandesmond.com/ad4/ Microsoft MVP - https://mvp.support.microsoft.com/profile/Brian https://mvp.support.microsoft.com/profile/Brian From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Tuesday, July 07, 2009 11:59 PM To: NT System Admin Issues Subject: RE: Win2003 DC on Win2000 domain Erik, I'm going to have to agree with Brian on this. Making a copy of someone's DIT isn't the same as a proper backup. I don't think Brian's questioning your professionalism here - but if I was a customer I'd be quite nervous about this to. The type of clients that Brian works with don't need consultants to take offsite backups for them :-) Cheers Ken _ From: Erik Goldoff [egold...@gmail.com] Sent: Wednesday, 8 July 2009 6:39 AM To: NT System Admin Issues Subject: RE: Win2003 DC on Win2000 domain You're entitled to your opinion ... but from my experience, providing and offsite backup at my expense ( zero charge if not needed ) is a very VALUABLE service to most of these small businesses. And I *NEVER* do this without fully informing the client, so they always have right of refusal. Most have no idea about proper business continuity planning, and don't think ahead on how to get the business runnining again after a network shutdown. That said, I think your characterization of 'walking off with a copy' a bit harsh, it's not like I'm stealing a copy for my own benefit, selling to black hats, or putting them at extended risk. I would hope, given YOUR background, that you already have fallback plans in place, and it would not be necessary for ME to cover your behind like I do for many of my clients that don't know any better. Erik Goldoff IT Consultant Systems, Networks, Security _ From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Tuesday, July 07, 2009 2:39 PM To: NT System Admin Issues Subject: RE: Win2003 DC on Win2000 domain IMO a network security engineer would know better than to take copies of sensitive customer data like that. Put it this way, if you were on my payroll and I found out you were walking off with a copy of my DIT you'd be shown the door straight away. Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 Active Directory, 4th Ed - http://www.briandesmond.com/ad4/ http://www.briandesmond.com/ad4/ Microsoft MVP -
RE: Google Voice
I'm interested in trying it but it looks like they don't have any 808 numbers so that significantly limits its usefulness to me. Ben M. Schorr Chief Executive Officer __ Roland Schorr Tower www.rolandschorr.com b...@rolandschorr.com Twitter: http://www.twitter.com/bschorr -Original Message- From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Wednesday, July 08, 2009 12:26 PM To: NT System Admin Issues Subject: OT: Google Voice Anyone else get an invite yet? Looks pretty cool so far... -- ME2 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Win2003 DC on Win2000 domain
Just seems like you're taking an awful lot of risk personally for your customer. I've actually believe it or not spent time working with a bunch of SMBs. I guess I got the smart bunch of customers because I've always been able to convince them to do the right thing. Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 From: Jim Majorowicz [mailto:jmajorow...@gmail.com] Sent: Wednesday, July 08, 2009 5:33 PM To: NT System Admin Issues Subject: RE: Win2003 DC on Win2000 domain With all due respect Brian, You're applying MLB practice to a SOHO perspective. Even those of us in the SMB space understand the service Erik is doing here. Owners of small companies will not see the value in your perspective only the cost. Those of us that cater to the smaller business will do everything in our power to protect our clients from themselves. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Tuesday, July 07, 2009 10:34 PM To: NT System Admin Issues Subject: RE: Win2003 DC on Win2000 domain Yes pretty much. Here's another way I'd think of this. What's your liability insurance got to say about this bonus service? What happens when you tell the customer you've made a backup of their whatever and their office burns down a couple days later? Sure you can just restore that bonus backup except your laptop got runover by a bus in between the backup and the fire. A colleague had some wise words for me the first time I did a gig at a legal services customer - Just remember, they can sue you for free. Many customers I deal with, offsite backups consist of tapes going in these heavy duty metal boxes with locks on them. The boxes are barcoded or numbered or something and a guy comes to pick them up, signs for them, and the offsite people basically guarantee their safety until you sign for them when they come back. The delivery guy also drops off any locked tape boxes whose retention policies dictate their return as they've expired. In the unlikely event of some major crisis, the offsite people are on the nut to get your box of tapes somewhere in some prearranged guaranteed time window. Some customers are also sending stuff live (e.g. replicas on standby hardware) into a 3rd party datacenter designed for this sort of fallback plan (e.g. Sungard). They also have contracts where if their computer room burns down or something the vendor is on the nut to provide K servers of approximate configuration Z in location Y within X hours of notification of the requirement. These vendors have the kind of capacity and capability to deal with something like 9/11 or Katrina if the customer has the action plan to respond. Or perhaps something more simple like the two datacenter fires this past weekend - Seattle and Toronto both had high rise carrier hotel fires. One of them, I forget which, the electrical busing between floors was completely hosed (literally) from what I heard. Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 Active Directory, 4th Ed - http://www.briandesmond.com/ad4/ Microsoft MVP - https://mvp.support.microsoft.com/profile/Brian From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Tuesday, July 07, 2009 11:59 PM To: NT System Admin Issues Subject: RE: Win2003 DC on Win2000 domain Erik, I'm going to have to agree with Brian on this. Making a copy of someone's DIT isn't the same as a proper backup. I don't think Brian's questioning your professionalism here - but if I was a customer I'd be quite nervous about this to. The type of clients that Brian works with don't need consultants to take offsite backups for them :-) Cheers Ken From: Erik Goldoff [egold...@gmail.com] Sent: Wednesday, 8 July 2009 6:39 AM To: NT System Admin Issues Subject: RE: Win2003 DC on Win2000 domain You're entitled to your opinion ... but from my experience, providing and offsite backup at my expense ( zero charge if not needed ) is a very VALUABLE service to most of these small businesses. And I *NEVER* do this without fully informing the client, so they always have right of refusal. Most have no idea about proper business continuity planning, and don't think ahead on how to get the business runnining again after a network shutdown. That said, I think your characterization of 'walking off with a copy' a bit harsh, it's not like I'm stealing a copy for my own benefit, selling to black hats, or putting them at extended risk. I would hope, given YOUR background, that you already have fallback plans in place, and it would not be necessary for ME to cover your behind like I do for many of my clients that don't know any better. Erik Goldoff IT Consultant Systems, Networks, Security From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Tuesday, July 07, 2009 2:39 PM To: NT System Admin Issues Subject: RE: Win2003 DC on Win2000 domain IMO a network security engineer would know better
RE: Google Voice
Some of the Grand Central feature were better. Like the ability to cause someone you do not like to hear this number has been disconnected jingle, or some other custom greeting. -- Mike Gill -Original Message- From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Wednesday, July 08, 2009 3:26 PM To: NT System Admin Issues Subject: OT: Google Voice Anyone else get an invite yet? Looks pretty cool so far... -- ME2 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Win2003 DC on Win2000 domain
I'm sure a business would appreciate a quick restore of services. There is no argument there. Would the business also appreciate it if your laptop was stolen and potentially sensitive information was in the hands of someone unscrupulous? We've had consultants literally held up at gun point and their laptops taken. It does happen. Cheers Ken From: Maglinger, Paul [pmaglin...@scvl.com] Sent: Wednesday, 8 July 2009 10:48 PM To: NT System Admin Issues Subject: RE: Win2003 DC on Win2000 domain IMHO... as long as you disclose what you are doing and why you are doing it, and if the both you and the customer are comfortable with it, then I don't see the problem. Businesses that do have DR in place are savvy enough where you won't get blank stares and will voice any objections at the disclosure. I think any business would appreciate a quick restore of services. From: Jake Gardner [mailto:jgard...@ttcdas.com] Sent: Wednesday, July 08, 2009 7:19 AM To: NT System Admin Issues Subject: RE: Win2003 DC on Win2000 domain Budget? Most SOHO's don't have $1 set aside for an IT budget. Just a couple years ago, I had a handful of customers that were still using NT4! I got them quotes for server upgrades and very very simple tape backup or backup-2-ext disk and most of them said no new purchases just fix it. I had one customer that owed my $1200 and I would keep going to his office asking for a check, he finally gave me $600 on a Thursday and on Monday the office was under new management and said my contract/payment had nothing to do with them. At least I got half, grrr. Thanks, Jake Gardner TTC Network Administrator Ext. 246 From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Wednesday, July 08, 2009 2:24 AM To: NT System Admin Issues Subject: RE: Win2003 DC on Win2000 domain Hi, Unless you have proper procedures for safegaurding this stuff, and legals in place, I would do this all on the customer's premises (or wherever they instruct you to work) on their equipment. They must have a budget for this (otherwise how are they paying you?), and it becomes a cost of part of the project. If someone breaks into their offices and steals a server, that's not your problem then. Now, I have a bunch of commercially sensitive stuff on my laptop (as do most/all of our other consultants). But we have our risk management in place (e.g. Bitlocker-ed laptops, Exchange sync policy enforcement for phones, IRM/RMS, policy documents we have to sign etc), and we have the contractual stuff in place to indemnify us against customer lawsuits (and no doubt the necessary insurance cover as well). Cheers Ken From: Erik Goldoff [egold...@gmail.com] Sent: Wednesday, 8 July 2009 3:54 PM To: NT System Admin Issues Subject: RE: Win2003 DC on Win2000 domain What happens when you tell the customer you’ve made a backup of their whatever and their office burns down a couple days later? You're wy off base here ... there are too many theoreticals ... what happens, if during the upgrade, something goes wrong and the active directory metabase becomes corrupt... they have no internal backups, I don't make a copy, and now they cannot login to their network resources ... I can still be sued for free, and the probability of that scenario happening is much higher than a bus running over my laptop. And if their office burns down, they're gonna need more than the DC image I have, not to mention that I explicitly state the purpose of the backup copy I make, 'to recover if the upgrade process goes wrong' ... period ... I understand your perspective on the situation, but sorry, it just won't fly in the real world dealing with SOHO and Small business sites. Your data center fires is a neat story, but for Soho and Small business, their 'data center' is usually a commandeered closet or corner with a collection of servers ... note that this issue revolves around upgrading from Windows 2000 ??? Not a technilogically current installation, no spare server or desktop hardware, nor OS license to spare. I'm curious as to how you would handle the business continuity planning for a problem with the upgrade ... Erik Goldoff IT Consultant Systems, Networks, Security From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Wednesday, July 08, 2009 1:34 AM To: NT System Admin Issues Subject: RE: Win2003 DC on Win2000 domain Yes pretty much. Here’s another way I’d think of this. What’s your liability insurance got to say about this bonus service? What happens when you tell the customer you’ve made a backup of their whatever and their office burns down a couple days later? Sure you can just restore that bonus backup except your laptop got runover by a bus in between the backup and the fire. A colleague had some wise words for me the
RE: Google Voice
Looks like you can still do this by editing the Groups settings, but you have to create and upload the message yourself. If they ever provide invites to give out I'll let y'all know. RS -Original Message- From: Mike Gill [mailto:lis...@canbyfoursquare.com] Sent: Wednesday, July 08, 2009 8:15 PM To: NT System Admin Issues Subject: RE: Google Voice Some of the Grand Central feature were better. Like the ability to cause someone you do not like to hear this number has been disconnected jingle, or some other custom greeting. -- Mike Gill -Original Message- From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Wednesday, July 08, 2009 3:26 PM To: NT System Admin Issues Subject: OT: Google Voice Anyone else get an invite yet? Looks pretty cool so far... -- ME2 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Win2003 DC on Win2000 domain
I did SMB consulting for a while and it made me CRY. I have seen everything you guys have mentioned and more. Anti-Virus? We don't need that, we have a firewall. And the company I worked for still chose to work with that SMB, because that SMB actually paid their bills. Basically, for that customer, and MANY others, we told them their options, but ended up designing a solution that fit the budget, never best practices. And I HATED it. So I left. I went into the corporate world. I started working for a large dot com that is on the Fortune 100 list. I said to my self There is no way these guys don't get it, this is going to be awesome. Guess what? They don't get it. Backups - what backups? At least now I am actually running NTbackups, before I got there AD was not even being backed up.. Exchange was backed up as a brick. I fixed that too. Never mind that all 15 storage groups are in use and each storage group is over 100 Gigs. I cant even begin to imagine what it would be like to restore it. Weeks of downtime. So I am leaving. I am going back to being a consultant. When I went into my second interview, the owner was talking to me about how he had to fire one of his largest accounts that week. Yes, the company fired the client. Why? Because he made a recommendation about the clients information security, backups, and the client refuses to take the advice. He doesn't want the client to come back at him if something bad happens, and tries to blame his company. Nor does he want to be in an I told you so situation. I am optimistic about this new job. The moral of this story is that we can choose our clients that we do business with, but someone out there will always take the job. Personally, I hate doing things half assed and working with clients that always want to half ass it, or run with no policies, or no AV, or just a Linksys for a firewall makes me angry. I personally feel that any company with a semi-realistic budget can afford a solution that is best practices. It takes a good consultant to cater to that customer. The amount of money we billed that poor schlub for hand removing viruses and reloading machines could have been spent 5 times over on a solid AV solution. But my boss liked the billable hours and never made a graph to show that they spent $800 on virus removal last month when Symantec cost $400 (I made those numbers up, but you guys get the idea) . And sometimes the client just won't listen. And that is when its time to let the client go. Offsite backup? Most of the companies I have worked for in the past go to the bank, get a safe deposit box and have them take the tapes to the bank with them. Fed-Ex is AlWAYS there, send the tapes somewhere FED-Ex, even if it's the owners house. Is Fed-Exing the taps to the owners house the best idea ever - no. Does it meet the needs of off site DR- defiantly (and its relativity cheap). Again - risk vs reward. I hope I made some sense there and didn't go to far off on a rant. And back on topic, somewhat, is it just me, or would anyone else just not want another domain controller existing, but turned off for 3 or 4 days. In my head I see clients trying to authenticate against it (its still in DNS) and the other DCs trying to replicate to it, its not there. To me that just kinda seems like a bad idea, but maybe I am off base here. Jeremy From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Wednesday, July 08, 2009 17:13 To: NT System Admin Issues Subject: RE: Win2003 DC on Win2000 domain I'm sure a business would appreciate a quick restore of services. There is no argument there. Would the business also appreciate it if your laptop was stolen and potentially sensitive information was in the hands of someone unscrupulous? We've had consultants literally held up at gun point and their laptops taken. It does happen. Cheers Ken From: Maglinger, Paul [pmaglin...@scvl.com] Sent: Wednesday, 8 July 2009 10:48 PM To: NT System Admin Issues Subject: RE: Win2003 DC on Win2000 domain IMHO... as long as you disclose what you are doing and why you are doing it, and if the both you and the customer are comfortable with it, then I don't see the problem. Businesses that do have DR in place are savvy enough where you won't get blank stares and will voice any objections at the disclosure. I think any business would appreciate a quick restore of services. From: Jake Gardner [mailto:jgard...@ttcdas.com] Sent: Wednesday, July 08, 2009 7:19 AM To: NT System Admin Issues Subject: RE: Win2003 DC on Win2000 domain Budget? Most SOHO's don't have $1 set aside for an IT budget. Just a couple years ago, I had a handful of customers that were still using NT4! I got them quotes for server upgrades and very very simple tape backup or backup-2-ext disk and most of them said no new purchases just fix it. I had one
RE: Win2003 DC on Win2000 domain
Most of my customers are SMBs. I've walked away from a LOT of business over the years, primarily for the reason you mentioned. I won't work for a company that refuses to take even the most basic steps to take care of themselves. They can find someone that charges half my rate and spends three or four times the amount of time cleaning viruses, reinstalling workstations and servers, and saying sorry, can't restore that, it wasn't backed up. Does this make me a prima donna? Nope. It makes me someone that takes pride in the work I put my name on. From: Jeremy Anderson [jer...@mapiadmin.net] Sent: Wednesday, July 08, 2009 8:44 PM To: NT System Admin Issues Subject: RE: Win2003 DC on Win2000 domain I did SMB consulting for a while and it made me CRY. I have seen everything you guys have mentioned and more. Anti-Virus? We don’t need that, we have a firewall. And the company I worked for still chose to work with that SMB, because that SMB actually paid their bills. Basically, for that customer, and MANY others, we told them their options, but ended up designing a solution that fit the budget, never best practices. And I HATED it. So I left. I went into the corporate world. I started working for a large dot com that is on the Fortune 100 list. I said to my self “There is no way these guys don’t get it, this is going to be awesome.” Guess what? They don’t get it. Backups – what backups? At least now I am actually running NTbackups, before I got there AD was not even being backed up.. Exchange was backed up as a brick. I fixed that too. Never mind that all 15 storage groups are in use and each storage group is over 100 Gigs. I cant even begin to imagine what it would be like to restore it. Weeks of downtime. So I am leaving. I am going back to being a consultant. When I went into my second interview, the owner was talking to me about how he had to fire one of his largest accounts that week. Yes, the company fired the client. Why? Because he made a recommendation about the clients information security, backups, and the client refuses to take the advice. He doesn’t want the client to come back at him if something bad happens, and tries to blame his company. Nor does he want to be in an “I told you so” situation. I am optimistic about this new job. The moral of this story is that we can choose our clients that we do business with, but someone out there will always take the job. Personally, I hate doing things half assed and working with clients that always want to half ass it, or run with no policies, or no AV, or just a Linksys for a firewall makes me angry. I personally feel that any company with a semi-realistic budget can afford a solution that is “best practices”. It takes a good consultant to cater to that customer. The amount of money we billed that poor schlub for hand removing viruses and reloading machines could have been spent 5 times over on a solid AV solution. But my boss liked the billable hours and never made a graph to show that they spent $800 on virus removal last month when Symantec cost $400 (I made those numbers up, but you guys get the idea) . And sometimes the client just won’t listen. And that is when its time to let the client go. Offsite backup? Most of the companies I have worked for in the past go to the bank, get a safe deposit box and have them take the tapes to the bank with them. Fed-Ex is AlWAYS there, send the tapes somewhere FED-Ex, even if it’s the owners house. Is Fed-Exing the taps to the owners house the best idea ever – no. Does it meet the needs of off site DR- defiantly (and its relativity cheap). Again – risk vs reward. I hope I made some sense there and didn’t go to far off on a rant. And back on topic, somewhat, is it just me, or would anyone else just not want another domain controller existing, but turned off for 3 or 4 days. In my head I see clients trying to authenticate against it (its still in DNS) and the other DCs trying to replicate to it, its not there. To me that just kinda seems like a bad idea, but maybe I am off base here. Jeremy From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Wednesday, July 08, 2009 17:13 To: NT System Admin Issues Subject: RE: Win2003 DC on Win2000 domain I'm sure a business would appreciate a quick restore of services. There is no argument there. Would the business also appreciate it if your laptop was stolen and potentially sensitive information was in the hands of someone unscrupulous? We've had consultants literally held up at gun point and their laptops taken. It does happen. Cheers Ken From: Maglinger, Paul [pmaglin...@scvl.com] Sent: Wednesday, 8 July 2009 10:48 PM To: NT System Admin Issues Subject: RE: Win2003 DC on Win2000 domain IMHO... as long as you disclose what you are doing and why you are doing it, and if the both you and the customer are
Virtualization Webinar July 16
NT list homies, See below, yours truly is doing stufflet me know if you have any questions. Shook To view this email as a web page, go here.http://cl.exct.net/?qs=d635d83ca702e2b03541a2d570dfc650f920b926249afe1700bdf1806263b8de [http://www.peak10.com/email-templates/images/CLT_virtualization_0709_header.jpg] Peak 10 Webinar Event Thursday, July 16, 2009 You are cordially invited to join Peak 10 for this informative technology presentation discussing the current differences between various virtualization options. As a companion to our recent Engineering Series Event detailing virtualization implementation, Andy Shook, Sr. Solutions Engineer for Peak 10, will be giving a presentation titled Virtualization: Deciphering the Playing Field, outlining a comparison of various virtualization platforms such as VMware, Microsoft Hyper V, Virtual Iron and Xen. He will provide insight as to why organizations create multiple virtualization options and will engage participants to share their experience with each platform. Reserve Your Spot Now! [http://www.peak10.com/email-templates/images/registernow.png]http://cl.exct.net/?qs=abdfaccb2a878f293fa308b86ba1074ba77a898c806892e2801a3c6543a47428 When: Thursday, July 16, 2009 Time: 11:30 a.m. to 1:00 p.m. Where: This is an Online Event Participation information will be sent after registering. [http://www.peak10.com/email-templates/images/P10_invite_footer.png] This email was sent by: Peak 10, Inc. 8910 Lenox Pointe Drive, Suite B, Charlotte, NC, 28273-3432, USA We respect your right to privacy - view our policyhttp://cl.exct.net/?qs=abdfaccb2a878f29a7409925651ee678057221c65a40b6a133b09e469daa90af [http://www.exacttarget.com/gfx/newpoweredby.gif]http://cl.exct.net/?qs=3670476ade4848253930cea5d32625e959e91fbf81c5d445a1410dea7aa25917 Unsubscribehttp://cl.exct.net/?qs=3670476ade484825f8e97fb9b952f162768af9f5b2528e60e1597ebe325e655b ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Slow DFS connections for windows xp users (and windows 2003)
We had A siliar situation which I put down to slow interoffice links. We ended up mapping to local server shares based on IP detection in scripting and not using the DFS share HTH Des -Original Message- From: Steph Balog [mailto:validemai...@gmail.com] Sent: Thursday, 9 July 2009 8:29 AM To: NT System Admin Issues Subject: RE: Slow DFS connections for windows xp users (and windows 2003) The replication works fine in windows 2008. Is just the xp desktops are slow talking to them. Anyone? Please? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ Email has been scanned for viruses by Altman Technologies' email management service - www.altman.co.uk/emailsystems ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Google Voice
Not yet. Did you get one? When? -- Bob Fronk ���Please print only��as needed. -Original Message- From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Wednesday, July 08, 2009 6:26 PM To: NT System Admin Issues Subject: OT: Google Voice Anyone else get an invite yet? Looks pretty cool so far... -- ME2 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Slow DFS connections for windows xp users (and windows 2003)
What steps have you already tried to diagnose the underlying problem/root cause? Cheers Ken From: Steph Balog [validemai...@gmail.com] Sent: Thursday, 9 July 2009 3:54 AM To: NT System Admin Issues Subject: re: Slow DFS connections for windows xp users (and windows 2003) Come on guys, a little bit of help? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Win2003 DC on Win2000 domain
Another viewpoint is that even the SMBs with a non-existent IT budget need IT services, too. The challenge for the consultant is to provide the best value for the dollar and to recommend an overall plan that will meet the client's needs. If the client won't/can't implement the plan, should the client be abandoned to fend for themselves? Or, like a dysfunctional F1000 company, should they be assisted day by day to keep them above water? While best practices and logical designs and phased implementations are great, they're just not always possible. And we need to be able to determine what our tolerance for outside-the-box administration is. I've found that the SMBs that don't/can't/won't adhere to our level of best practices often look at computers as a barely tolerable necessary evil. I have a bicycle shop as a client. His PC went down; bad HD. I was able to recover the data for him and he was appreciative (even paid the bill) but when it was still uncertain, he told me he could do without it if he had to. He'd have to reinventory and would lose some information, but it wouldn't put him out of business; he could still order parts and sell stuff to his customers. The computer just made it easier when it worked. My point is that we look at computers and their tangents much differently than many of our clients do. It's a challenge to see it through their eyes sometimes and develop a solution that's good enough for them, not necessarily for us. I'd love to be in a situation where the boss could fire the clients that didn't dovetail with his/my standards. But in today's economy, that luxury isn't always available. You've found a great niche. Need any more consultants? LOL... But you are correct; some clients just aren't worth it and need to be dropped. That checkpoint varies from place to place and from IT shop to IT shop... Good discussion... Oh; and on the DC offline? Just set it up as a replication partner but not an authentication DC; a warm spare if you like... Set replication to a week or something and put it in its own site where no auth traffic will get to it... *** Charlie Kaiser charl...@golden-eagle.org Kingman, AZ *** -Original Message- From: Jeremy Anderson [mailto:jer...@mapiadmin.net] Sent: Wednesday, July 08, 2009 5:44 PM To: NT System Admin Issues Subject: RE: Win2003 DC on Win2000 domain I did SMB consulting for a while and it made me CRY. I have seen everything you guys have mentioned and more. Anti-Virus? We don't need that, we have a firewall. And the company I worked for still chose to work with that SMB, because that SMB actually paid their bills. Basically, for that customer, and MANY others, we told them their options, but ended up designing a solution that fit the budget, never best practices. And I HATED it. So I left. I went into the corporate world. I started working for a large dot com that is on the Fortune 100 list. I said to my self There is no way these guys don't get it, this is going to be awesome. Guess what? They don't get it. Backups - what backups? At least now I am actually running NTbackups, before I got there AD was not even being backed up.. Exchange was backed up as a brick. I fixed that too. Never mind that all 15 storage groups are in use and each storage group is over 100 Gigs. I cant even begin to imagine what it would be like to restore it. Weeks of downtime. So I am leaving. I am going back to being a consultant. When I went into my second interview, the owner was talking to me about how he had to fire one of his largest accounts that week. Yes, the company fired the client. Why? Because he made a recommendation about the clients information security, backups, and the client refuses to take the advice. He doesn't want the client to come back at him if something bad happens, and tries to blame his company. Nor does he want to be in an I told you so situation. I am optimistic about this new job. The moral of this story is that we can choose our clients that we do business with, but someone out there will always take the job. Personally, I hate doing things half assed and working with clients that always want to half ass it, or run with no policies, or no AV, or just a Linksys for a firewall makes me angry. I personally feel that any company with a semi-realistic budget can afford a solution that is best practices. It takes a good consultant to cater to that customer. The amount of money we billed that poor schlub for hand removing viruses and reloading machines could have been spent 5 times over on a solid AV solution. But my boss liked the billable hours and never made a graph to show that they spent $800 on virus removal last month when Symantec cost $400 (I made those numbers up, but you guys get the idea) . And sometimes the client just won't
RE: Virtualization Webinar July 16
I'm down. Is there a virtual heckling option for this webinar? -sc From: Andy Shook [mailto:andy.sh...@peak10.com] Sent: Wednesday, July 08, 2009 8:59 PM To: NT System Admin Issues Subject: Virtualization Webinar July 16 NT list homies, See below, yours truly is doing stufflet me know if you have any questions. Shook To view this email as a web page, go here. http://cl.exct.net/?qs=d635d83ca702e2b03541a2d570dfc650f920b926249afe17 00bdf1806263b8de http://www.peak10.com/email-templates/images/CLT_virtualization_0709_he ader.jpg Peak 10 Webinar Event Thursday, July 16, 2009 You are cordially invited to join Peak 10 for this informative technology presentation discussing the current differences between various virtualization options. As a companion to our recent Engineering Series Event detailing virtualization implementation, Andy Shook, Sr. Solutions Engineer for Peak 10, will be giving a presentation titled Virtualization: Deciphering the Playing Field, outlining a comparison of various virtualization platforms such as VMware, Microsoft Hyper V, Virtual Iron and Xen. He will provide insight as to why organizations create multiple virtualization options and will engage participants to share their experience with each platform. Reserve Your Spot Now! http://cl.exct.net/?qs=abdfaccb2a878f293fa308b86ba1074ba77a898c806892e2 801a3c6543a47428 When: Thursday, July 16, 2009 Time: 11:30 a.m. to 1:00 p.m. Where: This is an Online Event Participation information will be sent after registering. http://www.peak10.com/email-templates/images/P10_invite_footer.png http://cl.exct.net/open.aspx?ffcb10-fe901577766403787d-fe1d12717c670075 721d73-fef31d7176620d-fefe1671776202-fe2c107276620078741373-ffcf14 This email was sent by: Peak 10, Inc. 8910 Lenox Pointe Drive, Suite B, Charlotte, NC, 28273-3432, USA We respect your right to privacy - view our policy http://cl.exct.net/?qs=abdfaccb2a878f29a7409925651ee678057221c65a40b6a1 33b09e469daa90af http://cl.exct.net/?qs=3670476ade4848253930cea5d32625e959e91fbf81c5d445 a1410dea7aa25917 Unsubscribe http://cl.exct.net/?qs=3670476ade484825f8e97fb9b952f162768af9f5b2528e60 e1597ebe325e655b ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Slow DFS connections for windows xp users (and windows 2003)
Even connect directly to the server via the fqdn or ip does the same thing. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Slow DFS connections for windows xp users (and windows 2003)
I have applied hotfixes related to the problem, tried connecting via ip and fqdn rather than through the dfs namespace, rebooted the server, turned of smb2, turned down security features in the local security policy. And nothing. Again, the key here is the vista boxes, windows 2008 clients, windows 7 client all have 0 problems. It is just the xp and 2003 (older) clients. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Slow DFS connections for windows xp users (and windows 2003)
During the time when the xp and 2003 clients sit there, it locks the explorer process up too. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Slow DFS connections for windows xp users (and windows 2003)
Hi, Can you please include the posts that you are replying to, so that we can follow the conversation? From what I can see below what you have done below is change settings, which may or may not be, related to your problem. The question I asked was what have you done to determine the underlying problem/root cause? (what logs have you captured? network traces? etc) Cheers Ken From: Steph Balog [validemai...@gmail.com] Sent: Thursday, 9 July 2009 12:06 PM To: NT System Admin Issues Subject: RE: Slow DFS connections for windows xp users (and windows 2003) I have applied hotfixes related to the problem, tried connecting via ip and fqdn rather than through the dfs namespace, rebooted the server, turned of smb2, turned down security features in the local security policy. And nothing. Again, the key here is the vista boxes, windows 2008 clients, windows 7 client all have 0 problems. It is just the xp and 2003 (older) clients. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Win2003 DC on Win2000 domain
Oh; and on the DC offline? Just set it up as a replication partner but not an authentication DC; a warm spare if you like... Set replication to a week or something and put it in its own site where no auth traffic will get to it... Can't really do that per se. You can twiddle with DNS registration to get close but the only way you're truly going to get that is with a firewall. Also even with a repl interval of 1 week there are things that will get through that. Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 -Original Message- From: Charlie Kaiser [mailto:charl...@golden-eagle.org] Sent: Wednesday, July 08, 2009 8:17 PM To: NT System Admin Issues Subject: RE: Win2003 DC on Win2000 domain Another viewpoint is that even the SMBs with a non-existent IT budget need IT services, too. The challenge for the consultant is to provide the best value for the dollar and to recommend an overall plan that will meet the client's needs. If the client won't/can't implement the plan, should the client be abandoned to fend for themselves? Or, like a dysfunctional F1000 company, should they be assisted day by day to keep them above water? While best practices and logical designs and phased implementations are great, they're just not always possible. And we need to be able to determine what our tolerance for outside-the-box administration is. I've found that the SMBs that don't/can't/won't adhere to our level of best practices often look at computers as a barely tolerable necessary evil. I have a bicycle shop as a client. His PC went down; bad HD. I was able to recover the data for him and he was appreciative (even paid the bill) but when it was still uncertain, he told me he could do without it if he had to. He'd have to reinventory and would lose some information, but it wouldn't put him out of business; he could still order parts and sell stuff to his customers. The computer just made it easier when it worked. My point is that we look at computers and their tangents much differently than many of our clients do. It's a challenge to see it through their eyes sometimes and develop a solution that's good enough for them, not necessarily for us. I'd love to be in a situation where the boss could fire the clients that didn't dovetail with his/my standards. But in today's economy, that luxury isn't always available. You've found a great niche. Need any more consultants? LOL... But you are correct; some clients just aren't worth it and need to be dropped. That checkpoint varies from place to place and from IT shop to IT shop... Good discussion... Oh; and on the DC offline? Just set it up as a replication partner but not an authentication DC; a warm spare if you like... Set replication to a week or something and put it in its own site where no auth traffic will get to it... *** Charlie Kaiser charl...@golden-eagle.org Kingman, AZ *** -Original Message- From: Jeremy Anderson [mailto:jer...@mapiadmin.net] Sent: Wednesday, July 08, 2009 5:44 PM To: NT System Admin Issues Subject: RE: Win2003 DC on Win2000 domain I did SMB consulting for a while and it made me CRY. I have seen everything you guys have mentioned and more. Anti-Virus? We don't need that, we have a firewall. And the company I worked for still chose to work with that SMB, because that SMB actually paid their bills. Basically, for that customer, and MANY others, we told them their options, but ended up designing a solution that fit the budget, never best practices. And I HATED it. So I left. I went into the corporate world. I started working for a large dot com that is on the Fortune 100 list. I said to my self There is no way these guys don't get it, this is going to be awesome. Guess what? They don't get it. Backups - what backups? At least now I am actually running NTbackups, before I got there AD was not even being backed up.. Exchange was backed up as a brick. I fixed that too. Never mind that all 15 storage groups are in use and each storage group is over 100 Gigs. I cant even begin to imagine what it would be like to restore it. Weeks of downtime. So I am leaving. I am going back to being a consultant. When I went into my second interview, the owner was talking to me about how he had to fire one of his largest accounts that week. Yes, the company fired the client. Why? Because he made a recommendation about the clients information security, backups, and the client refuses to take the advice. He doesn't want the client to come back at him if something bad happens, and tries to blame his company. Nor does he want to be in an I told you so situation. I am optimistic about this new job. The moral of this story is that we can choose our clients that we do business with, but someone out there will always take the job. Personally, I hate doing things half assed and working with clients that always want to half ass it,
RE: Slow DFS connections for windows xp users (and windows 2003)
(quoted below Ken) That is just it, there is nothing showing in the event logs indicating any errors. And the network traces are pointless. Pinging and Traceroutes onl send icmp requests to endpoints (ping) or the hops along the route (tracert). We are talking smb and rpc. Running dfsdiags shows no issues, AGAIN, there are no issues with vista, 2008 or windows 7 clients. It is ONLY locking up and being slow with xp clients and windows 2003 clients. So please, if anyone has seen this issue, it would be very very greatly appreciated to share what you have seen and/or ddi to fix the issue. Hi, Can you please include the posts that you are replying to, so that we can follow the conversation? From what I can see below what you have done below is change settings, which may or may not be, related to your problem. The question I asked was what have you done to determine the underlying problem/root cause? (what logs have you captured? network traces? etc) Cheers Ken From: Steph Balog [validemai...@gmail.com] Sent: Thursday, 9 July 2009 12:06 PM To: NT System Admin Issues Subject: RE: Slow DFS connections for windows xp users (and windows 2003) I have applied hotfixes related to the problem, tried connecting via ip and fqdn rather than through the dfs namespace, rebooted the server, turned of smb2, turned down security features in the local security policy. And nothing. Again, the key here is the vista boxes, windows 2008 clients, windows 7 client all have 0 problems. It is just the xp and 2003 (older) clients. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Win2003 DC on Win2000 domain
I know its not actually a 'lot of work - but it sounds like a lot of work just for a VM that I might never use. IMO - but I am just kinda gutsy like that (maybe a weakness) and I personally would just bring up the new DCs, forestprep, domainprep, move the FSMOS, let it set for a day, and then dcpromo down the old ones.. -Original Message- From: Charlie Kaiser [mailto:charl...@golden-eagle.org] Sent: Wednesday, July 08, 2009 6:17 PM To: NT System Admin Issues Subject: RE: Win2003 DC on Win2000 domain ... Oh; and on the DC offline? Just set it up as a replication partner but not an authentication DC; a warm spare if you like... Set replication to a week or something and put it in its own site where no auth traffic will get to it... *** Charlie Kaiser charl...@golden-eagle.org Kingman, AZ *** -Original Message- From: Jeremy Anderson [mailto:jer...@mapiadmin.net] Sent: Wednesday, July 08, 2009 5:44 PM To: NT System Admin Issues Subject: RE: Win2003 DC on Win2000 domain I did SMB consulting for a while and it made me CRY. I have seen everything you guys have mentioned and more. Anti-Virus? We don't need that, we have a firewall. And the company I worked for still chose to work with that SMB, because that SMB actually paid their bills. Basically, for that customer, and MANY others, we told them their options, but ended up designing a solution that fit the budget, never best practices. And I HATED it. So I left. I went into the corporate world. I started working for a large dot com that is on the Fortune 100 list. I said to my self There is no way these guys don't get it, this is going to be awesome. Guess what? They don't get it. Backups - what backups? At least now I am actually running NTbackups, before I got there AD was not even being backed up.. Exchange was backed up as a brick. I fixed that too. Never mind that all 15 storage groups are in use and each storage group is over 100 Gigs. I cant even begin to imagine what it would be like to restore it. Weeks of downtime. So I am leaving. I am going back to being a consultant. When I went into my second interview, the owner was talking to me about how he had to fire one of his largest accounts that week. Yes, the company fired the client. Why? Because he made a recommendation about the clients information security, backups, and the client refuses to take the advice. He doesn't want the client to come back at him if something bad happens, and tries to blame his company. Nor does he want to be in an I told you so situation. I am optimistic about this new job. The moral of this story is that we can choose our clients that we do business with, but someone out there will always take the job. Personally, I hate doing things half assed and working with clients that always want to half ass it, or run with no policies, or no AV, or just a Linksys for a firewall makes me angry. I personally feel that any company with a semi-realistic budget can afford a solution that is best practices. It takes a good consultant to cater to that customer. The amount of money we billed that poor schlub for hand removing viruses and reloading machines could have been spent 5 times over on a solid AV solution. But my boss liked the billable hours and never made a graph to show that they spent $800 on virus removal last month when Symantec cost $400 (I made those numbers up, but you guys get the idea) . And sometimes the client just won't listen. And that is when its time to let the client go. Offsite backup? Most of the companies I have worked for in the past go to the bank, get a safe deposit box and have them take the tapes to the bank with them. Fed-Ex is AlWAYS there, send the tapes somewhere FED-Ex, even if it's the owners house. Is Fed-Exing the taps to the owners house the best idea ever - no. Does it meet the needs of off site DR- defiantly (and its relativity cheap). Again - risk vs reward. I hope I made some sense there and didn't go to far off on a rant. And back on topic, somewhat, is it just me, or would anyone else just not want another domain controller existing, but turned off for 3 or 4 days. In my head I see clients trying to authenticate against it (its still in DNS) and the other DCs trying to replicate to it, its not there. To me that just kinda seems like a bad idea, but maybe I am off base here. Jeremy From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Wednesday, July 08, 2009 17:13 To: NT System Admin Issues Subject: RE: Win2003 DC on Win2000 domain I'm sure a business would appreciate a quick restore of services. There is no argument there. Would the business also appreciate it if your laptop was stolen and
MSBA 2.1
I'm attempting to use MSBA 2.1 but keep getting errors concerning name resolution. Has anyone ran into this issue? I'm using an account that has admin rights but when trying to scan a range of addresses I receive name resolution errors. Any suggestions? We are having no DNS issues on domain. Nslookup works just fine. Thanks' Joe Haralson ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Slow DFS connections for windows xp users (and windows 2003)
There is no fix for the issue, because you haven't worked out what the issue is yet. I don't know why you think a network trace is useless. It will show the actual SMB traffic (including errors, resets and so forth). It has nothing to do with tracert or ping (don't know why you threw that in). www.wireshark.org - get this and get a packet capture from one of your affected clients. Cheers Ken From: Steph Balog [validemai...@gmail.com] Sent: Thursday, 9 July 2009 12:53 PM To: NT System Admin Issues Subject: RE: Slow DFS connections for windows xp users (and windows 2003) (quoted below Ken) That is just it, there is nothing showing in the event logs indicating any errors. And the network traces are pointless. Pinging and Traceroutes onl send icmp requests to endpoints (ping) or the hops along the route (tracert). We are talking smb and rpc. Running dfsdiags shows no issues, AGAIN, there are no issues with vista, 2008 or windows 7 clients. It is ONLY locking up and being slow with xp clients and windows 2003 clients. So please, if anyone has seen this issue, it would be very very greatly appreciated to share what you have seen and/or ddi to fix the issue. Hi, Can you please include the posts that you are replying to, so that we can follow the conversation? From what I can see below what you have done below is change settings, which may or may not be, related to your problem. The question I asked was what have you done to determine the underlying problem/root cause? (what logs have you captured? network traces? etc) Cheers Ken From: Steph Balog [validemai...@gmail.com] Sent: Thursday, 9 July 2009 12:06 PM To: NT System Admin Issues Subject: RE: Slow DFS connections for windows xp users (and windows 2003) I have applied hotfixes related to the problem, tried connecting via ip and fqdn rather than through the dfs namespace, rebooted the server, turned of smb2, turned down security features in the local security policy. And nothing. Again, the key here is the vista boxes, windows 2008 clients, windows 7 client all have 0 problems. It is just the xp and 2003 (older) clients. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~