RE: Win2003 DC on Win2000 domain

[Erik Goldoff]

yep, the log showed no errors, just completed after sch30.ldf and went on
its merry way, never opened sch31.ldf ... no clues or hints as to why ...
at this point it's just a curiosity, got it properly updated with the
sch31.ldf and dcpromo'd the 2003 servers into the AD
 

Erik Goldoff


IT  Consultant

Systems, Networks, & Security 

 

  _  

From: Brian Desmond [mailto:br...@briandesmond.com] 
Sent: Thursday, July 09, 2009 9:49 PM
To: NT System Admin Issues
Subject: RE: Win2003 DC on Win2000 domain



There is an adprep.log - iirc it's in c:\windows\system32\debug\adprep

 

Thanks,

Brian Desmond

br...@briandesmond.com

 

c - 312.731.3132

 

From: Erik Goldoff [mailto:egold...@gmail.com] 
Sent: Thursday, July 09, 2009 8:14 PM
To: NT System Admin Issues
Subject: RE: Win2003 DC on Win2000 domain

 

agreed, but the server drive where the client copied the disk *did* ... just
don't know why adprep skipped it

 


Erik Goldoff


IT  Consultant

Systems, Networks, & Security 

 

 

  _  

From: Brian Desmond [mailto:br...@briandesmond.com] 
Sent: Thursday, July 09, 2009 8:20 PM
To: NT System Admin Issues
Subject: RE: Win2003 DC on Win2000 domain

Disk 1 should not. 

 

Thanks,

Brian Desmond

br...@briandesmond.com

 

c - 312.731.3132

 

Active Directory, 4th Ed -  
http://www.briandesmond.com/ad4/

Microsoft MVP -  
https://mvp.support.microsoft.com/profile/Brian

 

From: Erik Goldoff [mailto:egold...@gmail.com] 
Sent: Thursday, July 09, 2009 7:14 PM
To: NT System Admin Issues
Subject: RE: Win2003 DC on Win2000 domain

 

and just checked, my disk 1 does NOT have a sch31.ldf file on it ... .just
weird ...

 


Erik Goldoff


IT  Consultant

Systems, Networks, & Security 

 

 

  _  

From: Erik Goldoff [mailto:egold...@gmail.com] 
Sent: Thursday, July 09, 2009 8:12 PM
To: NT System Admin Issues
Subject: RE: Win2003 DC on Win2000 domain

I actually did this remotely, the client *said* they copied disk 2 to the
drive, and it *did* include the sch31.ldf file .. but the sch31.ldf file was
NOT included in the processing ...

 


Erik Goldoff


IT  Consultant

Systems, Networks, & Security 

 

 

  _  

From: Free, Bob [mailto:r...@pge.com] 
Sent: Thursday, July 09, 2009 7:05 PM
To: NT System Admin Issues
Subject: RE: Win2003 DC on Win2000 domain

Sorry to pile on late but did you run the ADPREP version from 2003 R2 DISK1?

 

 If so you will get schema version 30, which is just W2K3 without R2. You
want to run the version from DISK 2\ Cmpnents\R2\Adprep  that upgrades the
schema directly to version 31 (R2)

 

 

From: Erik Goldoff [mailto:egold...@gmail.com] 
Sent: Thursday, July 09, 2009 3:22 PM
To: NT System Admin Issues
Subject: RE: Win2003 DC on Win2000 domain

 

ok, this one was wierd ... adprep did not process the sch31.ldf file , so it
set the AD at version 30, but 2003r2 requires AD version 31 ...

 


Erik Goldoff


IT  Consultant

Systems, Networks, & Security 

 

 

 

 

 

 

 

 

 

 


 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Win2003 DC on Win2000 domain

[Brian Desmond]

There is an adprep.log - iirc it's in c:\windows\system32\debug\adprep

Thanks,
Brian Desmond
br...@briandesmond.com

c - 312.731.3132

From: Erik Goldoff [mailto:egold...@gmail.com]
Sent: Thursday, July 09, 2009 8:14 PM
To: NT System Admin Issues
Subject: RE: Win2003 DC on Win2000 domain

agreed, but the server drive where the client copied the disk *did* ... just 
don't know why adprep skipped it

Erik Goldoff

IT  Consultant

Systems, Networks, & Security



From: Brian Desmond [mailto:br...@briandesmond.com]
Sent: Thursday, July 09, 2009 8:20 PM
To: NT System Admin Issues
Subject: RE: Win2003 DC on Win2000 domain
Disk 1 should not.

Thanks,
Brian Desmond
br...@briandesmond.com

c - 312.731.3132

Active Directory, 4th Ed - http://www.briandesmond.com/ad4/
Microsoft MVP - https://mvp.support.microsoft.com/profile/Brian

From: Erik Goldoff [mailto:egold...@gmail.com]
Sent: Thursday, July 09, 2009 7:14 PM
To: NT System Admin Issues
Subject: RE: Win2003 DC on Win2000 domain

and just checked, my disk 1 does NOT have a sch31.ldf file on it ... .just 
weird ...

Erik Goldoff

IT  Consultant

Systems, Networks, & Security



From: Erik Goldoff [mailto:egold...@gmail.com]
Sent: Thursday, July 09, 2009 8:12 PM
To: NT System Admin Issues
Subject: RE: Win2003 DC on Win2000 domain
I actually did this remotely, the client *said* they copied disk 2 to the 
drive, and it *did* include the sch31.ldf file .. but the sch31.ldf file was 
NOT included in the processing ...

Erik Goldoff

IT  Consultant

Systems, Networks, & Security



From: Free, Bob [mailto:r...@pge.com]
Sent: Thursday, July 09, 2009 7:05 PM
To: NT System Admin Issues
Subject: RE: Win2003 DC on Win2000 domain
Sorry to pile on late but did you run the ADPREP version from 2003 R2 DISK1?

 If so you will get schema version 30, which is just W2K3 without R2. You want 
to run the version from DISK 2\ Cmpnents\R2\Adprep  that upgrades the schema 
directly to version 31 (R2)


From: Erik Goldoff [mailto:egold...@gmail.com]
Sent: Thursday, July 09, 2009 3:22 PM
To: NT System Admin Issues
Subject: RE: Win2003 DC on Win2000 domain

ok, this one was wierd ... adprep did not process the sch31.ldf file , so it 
set the AD at version 30, but 2003r2 requires AD version 31 ...

Erik Goldoff

IT  Consultant

Systems, Networks, & Security


















~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Win2003 DC on Win2000 domain

[Erik Goldoff]

agreed, but the server drive where the client copied the disk *did* ... just
don't know why adprep skipped it
 

Erik Goldoff


IT  Consultant

Systems, Networks, & Security 

 

  _  

From: Brian Desmond [mailto:br...@briandesmond.com] 
Sent: Thursday, July 09, 2009 8:20 PM
To: NT System Admin Issues
Subject: RE: Win2003 DC on Win2000 domain



Disk 1 should not. 

 

Thanks,

Brian Desmond

br...@briandesmond.com

 

c - 312.731.3132

 

Active Directory, 4th Ed -  
http://www.briandesmond.com/ad4/

Microsoft MVP -  
https://mvp.support.microsoft.com/profile/Brian

 

From: Erik Goldoff [mailto:egold...@gmail.com] 
Sent: Thursday, July 09, 2009 7:14 PM
To: NT System Admin Issues
Subject: RE: Win2003 DC on Win2000 domain

 

and just checked, my disk 1 does NOT have a sch31.ldf file on it ... .just
weird ...

 


Erik Goldoff


IT  Consultant

Systems, Networks, & Security 

 

 

  _  

From: Erik Goldoff [mailto:egold...@gmail.com] 
Sent: Thursday, July 09, 2009 8:12 PM
To: NT System Admin Issues
Subject: RE: Win2003 DC on Win2000 domain

I actually did this remotely, the client *said* they copied disk 2 to the
drive, and it *did* include the sch31.ldf file .. but the sch31.ldf file was
NOT included in the processing ...

 


Erik Goldoff


IT  Consultant

Systems, Networks, & Security 

 

 

  _  

From: Free, Bob [mailto:r...@pge.com] 
Sent: Thursday, July 09, 2009 7:05 PM
To: NT System Admin Issues
Subject: RE: Win2003 DC on Win2000 domain

Sorry to pile on late but did you run the ADPREP version from 2003 R2 DISK1?

 

 If so you will get schema version 30, which is just W2K3 without R2. You
want to run the version from DISK 2\ Cmpnents\R2\Adprep  that upgrades the
schema directly to version 31 (R2)

 

 

From: Erik Goldoff [mailto:egold...@gmail.com] 
Sent: Thursday, July 09, 2009 3:22 PM
To: NT System Admin Issues
Subject: RE: Win2003 DC on Win2000 domain

 

ok, this one was wierd ... adprep did not process the sch31.ldf file , so it
set the AD at version 30, but 2003r2 requires AD version 31 ...

 


Erik Goldoff


IT  Consultant

Systems, Networks, & Security 

 

 

 

 

 

 


 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Google Voice

[Ken Hoegeman]

I didn't get an invite, but just checked my Grand Central account and it is
now Google Voice

On Thu, Jul 9, 2009 at 2:20 PM, Micheal Espinola Jr <
michealespin...@gmail.com> wrote:

> From what I can ascertain so far, Google Voice is the future benchmark
> for mobile services integration (call history, voicemail, SMS, etc.)
> It is freaking awesome.
>
> Forget Visual Voicemail (VV).  What Google has done here is what the
> next generation services will be like.  And I'm assuming it wont
> require the back-end hardware upgrades that VV does.
>
> --
> ME2
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Win2003 DC on Win2000 domain

[Brian Desmond]

Disk 1 should not.

Thanks,
Brian Desmond
br...@briandesmond.com

c - 312.731.3132

Active Directory, 4th Ed - http://www.briandesmond.com/ad4/
Microsoft MVP - https://mvp.support.microsoft.com/profile/Brian

From: Erik Goldoff [mailto:egold...@gmail.com]
Sent: Thursday, July 09, 2009 7:14 PM
To: NT System Admin Issues
Subject: RE: Win2003 DC on Win2000 domain

and just checked, my disk 1 does NOT have a sch31.ldf file on it ... .just 
weird ...

Erik Goldoff

IT  Consultant

Systems, Networks, & Security



From: Erik Goldoff [mailto:egold...@gmail.com]
Sent: Thursday, July 09, 2009 8:12 PM
To: NT System Admin Issues
Subject: RE: Win2003 DC on Win2000 domain
I actually did this remotely, the client *said* they copied disk 2 to the 
drive, and it *did* include the sch31.ldf file .. but the sch31.ldf file was 
NOT included in the processing ...

Erik Goldoff

IT  Consultant

Systems, Networks, & Security



From: Free, Bob [mailto:r...@pge.com]
Sent: Thursday, July 09, 2009 7:05 PM
To: NT System Admin Issues
Subject: RE: Win2003 DC on Win2000 domain
Sorry to pile on late but did you run the ADPREP version from 2003 R2 DISK1?

 If so you will get schema version 30, which is just W2K3 without R2. You want 
to run the version from DISK 2\ Cmpnents\R2\Adprep  that upgrades the schema 
directly to version 31 (R2)


From: Erik Goldoff [mailto:egold...@gmail.com]
Sent: Thursday, July 09, 2009 3:22 PM
To: NT System Admin Issues
Subject: RE: Win2003 DC on Win2000 domain

ok, this one was wierd ... adprep did not process the sch31.ldf file , so it 
set the AD at version 30, but 2003r2 requires AD version 31 ...

Erik Goldoff

IT  Consultant

Systems, Networks, & Security










~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Win2003 DC on Win2000 domain

[Erik Goldoff]

and just checked, my disk 1 does NOT have a sch31.ldf file on it ... .just
weird ...
 

Erik Goldoff


IT  Consultant

Systems, Networks, & Security 

 

  _  

From: Erik Goldoff [mailto:egold...@gmail.com] 
Sent: Thursday, July 09, 2009 8:12 PM
To: NT System Admin Issues
Subject: RE: Win2003 DC on Win2000 domain


I actually did this remotely, the client *said* they copied disk 2 to the
drive, and it *did* include the sch31.ldf file .. but the sch31.ldf file was
NOT included in the processing ...
 

Erik Goldoff


IT  Consultant

Systems, Networks, & Security 

 

  _  

From: Free, Bob [mailto:r...@pge.com] 
Sent: Thursday, July 09, 2009 7:05 PM
To: NT System Admin Issues
Subject: RE: Win2003 DC on Win2000 domain



Sorry to pile on late but did you run the ADPREP version from 2003 R2 DISK1?

 

 If so you will get schema version 30, which is just W2K3 without R2. You
want to run the version from DISK 2\ Cmpnents\R2\Adprep  that upgrades the
schema directly to version 31 (R2)

 

 

From: Erik Goldoff [mailto:egold...@gmail.com] 
Sent: Thursday, July 09, 2009 3:22 PM
To: NT System Admin Issues
Subject: RE: Win2003 DC on Win2000 domain

 

ok, this one was wierd ... adprep did not process the sch31.ldf file , so it
set the AD at version 30, but 2003r2 requires AD version 31 ...

 


Erik Goldoff


IT  Consultant

Systems, Networks, & Security 

 

 


 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Win2003 DC on Win2000 domain

[Erik Goldoff]

I actually did this remotely, the client *said* they copied disk 2 to the
drive, and it *did* include the sch31.ldf file .. but the sch31.ldf file was
NOT included in the processing ...
 

Erik Goldoff


IT  Consultant

Systems, Networks, & Security 

 

  _  

From: Free, Bob [mailto:r...@pge.com] 
Sent: Thursday, July 09, 2009 7:05 PM
To: NT System Admin Issues
Subject: RE: Win2003 DC on Win2000 domain



Sorry to pile on late but did you run the ADPREP version from 2003 R2 DISK1?

 

 If so you will get schema version 30, which is just W2K3 without R2. You
want to run the version from DISK 2\ Cmpnents\R2\Adprep  that upgrades the
schema directly to version 31 (R2)

 

 

From: Erik Goldoff [mailto:egold...@gmail.com] 
Sent: Thursday, July 09, 2009 3:22 PM
To: NT System Admin Issues
Subject: RE: Win2003 DC on Win2000 domain

 

ok, this one was wierd ... adprep did not process the sch31.ldf file , so it
set the AD at version 30, but 2003r2 requires AD version 31 ...

 


Erik Goldoff


IT  Consultant

Systems, Networks, & Security 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Slow DFS connections for windows xp users (and windows 2003)

[Ken Schaefer]

Hi,

a) I don't work for a university. Who I work for is publicly available: 
https://mvp.support.microsoft.com/profile/Ken is one such place you can find 
this information out yourself.

b) Whilst your capture might not show any errors, it also shows time elapsed 
and the types of queries being made. Maybe it would be helpful for us (or 
yourself) to look at *which* parts of the trace are consuming the most amount 
of time

c) It's not semantics - you've identified some symptoms, but we don't know the 
root cause

d) Lastly, this is a free support list. Whilst generally there are people who 
provide good answers to questions here in a cheerful manner, you're not 
entitled by right to that. If you want friendly, attentive technical support 
please open a PSS call with Microsoft. If you don't like the attitude here, 
please feel free to apply for a full refund :-)

Cheers
Ken


From: Steph Balog [validemai...@gmail.com]
Sent: Friday, 10 July 2009 1:34 AM
To: NT System Admin Issues
Subject: RE: Slow DFS connections for windows xp users (and windows 2003)

(quoting Ken below)

Ken (you dont happen to work at a university do you?)

I did use wireshark, I was using wireshark when it was ethereal, and probably 
using it long before most on this list have been working. I HAVE stated the 
issue. Windows XP and 2003 clients are experiencing slow connectivity to shares 
on a windows 2008 server. Regardless of whether it is through dfs or not. 
Windows vista client and windows 7 clients do not.
The issue looks to be a a client one. Perhaps something to do with how the 
OLDER client handle talking smb to the NEWER server. That is the ISSUE KEN. My 
question was if ANYONE has seen such an issue. There is an ISSUE KEN.

And fyi, wireshark did not show me anything but smb traffic being initiated the 
server responding, and then nothing. It didnt show errors, it didnt show drops. 
It is not a network issue, it is not a traffic issue. So again KEN, unless you 
can add something useful to this conversation, please refrain from your 
semantics. And hopefully someone else may have experienced this and can offer 
me some isight.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Dell Small Business sales

[Jim Majorowicz]

Are you using a Partner Direct Team or SB partner?  You should have access to
the team manager.  If your problem is with them, see about contacting their
manager.

 

From: Gene Giannamore [mailto:gene.giannam...@abideinternational.com] 
Sent: Monday, July 06, 2009 4:22 PM
To: NT System Admin Issues
Subject: OT: Dell Small Business sales

 

Need to switch sales team due to irreconcilable differences. Has anyone done
this recently? How? I meet resistance each time I try. 

 

 

 

 

Gene Giannamore

Abide International Inc.

Technical Support

561 1st Street West

Sonoma,Ca.95476

(707) 935-1577Office

(707) 935-9387Fax

(707) 766-4185Cell

gene.giannam...@abideinternational.com

www.abideinternational.com

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: External hard drive for home LAN

[Jim Majorowicz]

The NV+ NAS has a neat little "backup" button on the front that will allow you
to plug in a USB drive into the port of the front of the NAS, hit the button and
it copies everything on the NAS to the USB drive.

-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com] 
Sent: Wednesday, July 01, 2009 1:39 PM
To: NT System Admin Issues
Subject: Re: External hard drive for home LAN

On Wed, Jul 1, 2009 at 3:48 PM, Wulff Jr, Ronald J. wrote:
> While we are on the topic, does anyone have a good solution to backup a home
> NAS style system?

  "Copy to another home NAS style system" seems to be the general
answer.  You can just use Unison or rsync or ROBOCOPY or whatever.
Some of the NAS boxes expose their OS, which let you install/run such
tools natively, which lets you run sync protocols over the wire, which
can speed things up considerably.

  There's something called rsync-snapshot that lets you keep many
snapshots of a filesystem without needing full copies of everything,
but I think it only works for *nix.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: External hard drive for home LAN

[Jim Majorowicz]

I absolutely hate this thing.  I cannot get the Vista driver to work, and the
fact that you have to install a special driver to even see the device is a
little out there.  I prefer the NAS Duo actually.

-Original Message-
From: Peter van Houten [mailto:peter...@gmail.com] 
Sent: Wednesday, July 01, 2009 11:39 AM
To: NT System Admin Issues
Subject: Re: External hard drive for home LAN

http://www.netgear.com/Products/Storage/NetworkStorage/SC101.aspx

Installed with 2 x 500GB drives at clients with no issues whatever.

--
Peter van Houten

On the 01/07/2009 20:21, David Mazzaccaro wrote the following:
> I am looking for a storage device that hangs off the network so 3 PCs
> can use it for storage.
> Primarily to backup digital pics and MP3 files.
> Any recommendations? Or any to stay clear of?
>
> TIA

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: CAL Licensing Question!

[Michael B. Smith]

That is PRECISELY why I recommended he called Microsoft Licensing and document 
the call.

As long as Microsoft has given you a documentable answer, you are freed from 
"penalties". That doesn't mean if they "change their mind" you don't have to 
"true up", but you've given a reasonable effort to find an appropriate answer 
and gotten a specific resolution from the vendor via an authorized 
representative. In most countries - that is sufficient CYA.


From: Ben Scott [mailvor...@gmail.com]
Sent: Thursday, July 09, 2009 3:28 PM
To: NT System Admin Issues
Subject: Re: CAL Licensing Question!

On Thu, Jul 9, 2009 at 7:46 AM, Brian
Clark wrote:
> MS said that putting in 10 Device CALS for the computers in Domain B would
> be enough. Domain A computers/Users accessing Domain B would not need
> additional CAL's as they are accessing SQL Express!

  I'm a little surprised at that.  Microsoft generally takes the hard
line that any access, direct or indirect, via authenticated (NTLM or
Kerb ticket) connection, requires a CAL.

  But then, I've also found the answers vary depending on what random
rep answers the phone.  And this is for their own licensing.
*hurumph*

  In general, unless you have more than 60 clients, I would suggest
just converting all the CALs to per-client and assigning them that
way.  A CAL assigned to a client is good for that client to access to
any server.  A CAL assigned to a server is good for only that server.
The only benefit to that is you can oversubscribe the server's
licenses, i.e., if you have 80 clients but no more than 50 will
connect at one time.

  But unless you worried about a licensing audit, I'd stick with
Microsoft's verbal answer.  It's cheaper.  :)

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Win2003 DC on Win2000 domain

[Free, Bob]

Sorry to pile on late but did you run the ADPREP version from 2003 R2
DISK1?

 

 If so you will get schema version 30, which is just W2K3 without R2.
You want to run the version from DISK 2\ Cmpnents\R2\Adprep  that
upgrades the schema directly to version 31 (R2)

 

 

From: Erik Goldoff [mailto:egold...@gmail.com] 
Sent: Thursday, July 09, 2009 3:22 PM
To: NT System Admin Issues
Subject: RE: Win2003 DC on Win2000 domain

 

ok, this one was wierd ... adprep did not process the sch31.ldf file ,
so it set the AD at version 30, but 2003r2 requires AD version 31 ...

 


Erik Goldoff


IT  Consultant

Systems, Networks, & Security 

 

 



From: Jon Harris [mailto:jk.har...@gmail.com] 
Sent: Thursday, July 09, 2009 10:29 AM
To: NT System Admin Issues
Subject: Re: Win2003 DC on Win2000 domain

Those kind of problems generally turn out bad for me.

 

Jon

On Thu, Jul 9, 2009 at 10:26 AM, Erik Goldoff 
wrote:

h, thinking maybe to move the schema master, GC and other FSMO roles
to the Exchange/DC and try again ...  this one is strange... and I'm
definitely not seeing the problem, that's the problem 

 


Erik Goldoff


IT  Consultant

Systems, Networks, & Security 

 

 



From: Jon Harris [mailto:jk.har...@gmail.com] 

Sent: Thursday, July 09, 2009 10:21 AM 


To: NT System Admin Issues
Subject: Re: Win2003 DC on Win2000 domain

 

They might have other problems that you are not seeing then would be a
guess.  You might try running adprep as the Schema Master user ID again.
Since there is Exchange sitting on a DC you might need to update the
Exchange Schema as well before you can dcpromo a W2k3 server.

 

Jon

On Thu, Jul 9, 2009 at 10:13 AM, Erik Goldoff 
wrote:

Ran the ADPrep last nite around 10pm ... gave it an hour and got this
error ... so logged out, and tried dcpromo again this morning after a
good 8 hours + time for replication to finish, and same error.
Replication status shows all success, no errors

 


Erik Goldoff


IT  Consultant

Systems, Networks, & Security 

 

 



From: Jon Harris [mailto:jk.har...@gmail.com] 

Sent: Thursday, July 09, 2009 10:11 AM 


To: NT System Admin Issues

Subject: Re: Win2003 DC on Win2000 domain

Only when I did not give it enough time to replicate but that was years
ago with the 2k server at sub SP2 and the W2k3 at SP0.

 

Jon

On Thu, Jul 9, 2009 at 10:06 AM, Erik Goldoff 
wrote:

OK, to get back on the topic, this one has taken a weird twist :

 

Ran ADPREP /Forestprep   ( and /domainprep ) on the Win2000 DC (schema
master) with successful completion messages 

 

but running DCPromo on the Win2003 server against this domain errors out
:

 

 

The operation failed because:

 

The Active Directory Installation  Wizard cannot continue
because the forest is not prepared for installing Windows Server 2003.
Use the Adprep command-line tool to prepare both the forest and the
domain ..

 

"The version of the Active Directory schema of the source forest
is not compatible with the version of Active Directory on this
computer."

 

 Three DCs at this site, all show proper replication, event logs show
nothing relevant, attempt to rerun adprep show 

"Forest-wide information has already been updated "

 

Anybody run across this before ???

 

Thanks

 

 


Erik Goldoff


IT  Consultant

Systems, Networks, & Security 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Trend Micro and IE zero day exploit

[Eric Wittersheim]

hmm, makes me wonder if OpenDNS is offering something like this.  I think
I'll take a look.

On Thu, Jul 9, 2009 at 5:07 PM, Devin Meade  wrote:

> FYI - If you have Trend Micro Office Scan and are using the web reputation
> feature, you are covered:
>
> http://us.trendmicro.com/us/threats/microsoft-mpeg-vulnerability/index.html
> "Trend Micro products with Web Reputation technology currently block
> malicious URLs associated with this exploit."
>
> -- Devin
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Win2003 DC on Win2000 domain

[Erik Goldoff]

ok, this one was wierd ... adprep did not process the sch31.ldf file , so it
set the AD at version 30, but 2003r2 requires AD version 31 ...
 

Erik Goldoff


IT  Consultant

Systems, Networks, & Security 

 

  _  

From: Jon Harris [mailto:jk.har...@gmail.com] 
Sent: Thursday, July 09, 2009 10:29 AM
To: NT System Admin Issues
Subject: Re: Win2003 DC on Win2000 domain


Those kind of problems generally turn out bad for me.
 
Jon


On Thu, Jul 9, 2009 at 10:26 AM, Erik Goldoff  wrote:


h, thinking maybe to move the schema master, GC and other FSMO roles to
the Exchange/DC and try again ...  this one is strange... and I'm definitely
not seeing the problem, that's the problem 
 


Erik Goldoff


IT  Consultant

Systems, Networks, & Security 

 

  _  


From: Jon Harris [mailto:jk.har...@gmail.com] 

Sent: Thursday, July 09, 2009 10:21 AM 

To: NT System Admin Issues
Subject: Re: Win2003 DC on Win2000 domain


They might have other problems that you are not seeing then would be a
guess.  You might try running adprep as the Schema Master user ID again.
Since there is Exchange sitting on a DC you might need to update the
Exchange Schema as well before you can dcpromo a W2k3 server.
 
Jon


On Thu, Jul 9, 2009 at 10:13 AM, Erik Goldoff  wrote:


Ran the ADPrep last nite around 10pm ... gave it an hour and got this error
... so logged out, and tried dcpromo again this morning after a good 8 hours
+ time for replication to finish, and same error.  Replication status shows
all success, no errors
 


Erik Goldoff


IT  Consultant

Systems, Networks, & Security 

 

  _  


From: Jon Harris [mailto:jk.har...@gmail.com] 

Sent: Thursday, July 09, 2009 10:11 AM 

To: NT System Admin Issues

Subject: Re: Win2003 DC on Win2000 domain


Only when I did not give it enough time to replicate but that was years ago
with the 2k server at sub SP2 and the W2k3 at SP0.
 
Jon


On Thu, Jul 9, 2009 at 10:06 AM, Erik Goldoff  wrote:


OK, to get back on the topic, this one has taken a weird twist :
 
Ran ADPREP /Forestprep   ( and /domainprep ) on the Win2000 DC (schema
master) with successful completion messages 
 
but running DCPromo on the Win2003 server against this domain errors out :
 
 

The operation failed because:
 
The Active Directory Installation  Wizard cannot continue because the forest
is not prepared for installing Windows Server 2003.  Use the Adprep
command-line tool to prepare both the forest and the domain ..
 
"The version of the Active Directory schema of the source forest is not
compatible with the version of Active Directory on this computer."
 

 Three DCs at this site, all show proper replication, event logs show
nothing relevant, attempt to rerun adprep show 
"Forest-wide information has already been updated "
 
Anybody run across this before ???
 
Thanks
 
 


Erik Goldoff


IT  Consultant

Systems, Networks, & Security 

 



 



 














 



 



 



 


















 



 



 



 










 


 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Trend Micro and IE zero day exploit

[Devin Meade]

FYI - If you have Trend Micro Office Scan and are using the web reputation
feature, you are covered:

http://us.trendmicro.com/us/threats/microsoft-mpeg-vulnerability/index.html
"Trend Micro products with Web Reputation technology currently block
malicious URLs associated with this exploit."

-- Devin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: New IE zero day exploit in the wild

[Steven M. Caesare]

See also: Alec Baldwin in Malice.

-sc

-Original Message-
From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Thursday, July 09, 2009 3:52 PM
To: NT System Admin Issues
Subject: RE: New IE zero day exploit in the wild

+1 (Agreed)

When you tend to play GOD for a living, which basically Dr's do to a certain 
extent ( They have our lives in there capable hands) I guess it can come with 
the territory. Not all of them are this way though. 

Z

Edward Ziots
Network Engineer
Lifespan Organization
MCSE,MCSA,MCP+I, ME, CCA, Security +, Network +
ezi...@lifespan.org
Phone:401-639-3505

-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com] 
Sent: Thursday, July 09, 2009 3:21 PM
To: NT System Admin Issues
Subject: Re: New IE zero day exploit in the wild

On Thu, Jul 9, 2009 at 8:04 AM, paul chinnery wrote:
> A third of my users are doctors.  I wonder which group is harder to work
> with: engineers or doctors?

  Doctors.  Engineers know they're being arrogant.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Slow DFS connections for windows xp users (and windows 2003)

[Steven M. Caesare]

You do?

 

Then tell us. Or fix it.

 

So far you've only shared _symptoms_.

 

-sc

 

 

On Thu, Jul 9, 2009 at 1:47 PM, Steph Balog 
wrote:

Sorry, one is not helpful when the person you are asking help from has o
deem you "worthy" first. I asked if anyone else has experience this
issue. I know what the root cause is. As I said, there is something
going on with the xp and 2003 clients.

It WORKS FINE on vista and windows 7.

What part of "the issue is consistent only on xp and 2003 clients" is
not sinking in?

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: MSBA 2.1 Error 0x80072ee2 fixed

[Haralson, Joe (GE Comm Fin, non-GE)]

 Thanks to all. I finally got the solution thanks to Bob Free tip about WSUS. I 
ended up performing the following on the boxes with this error:

1. validate that your proxy setting is set . 
2. Made sure I had current Microsoft Update software.
3. Based on your level of Security you will need to add some microsoft trusted 
sites to security trusted section.

Http://download.microsoft.com
https://download.windowsupdate.com
Http://windowsupdate.com
Http://*windowsupdate.microsft.com



-Original Message-
From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Thursday, July 09, 2009 2:50 PM
To: NT System Admin Issues
Subject: RE: MSBA 2.1

You could also, look into using TCPVIEW to look at see if the WU service is 
reaching its destination, or a Packet Sniff. But the err.exe tool is killer, 
its downloadable at download.microsoft.com just query for the following: 

Microsoft Exchange Server Error Code Look-up Tool

Z

Edward Ziots
Network Engineer
Lifespan Organization
MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + ezi...@lifespan.org
Phone:401-639-3505

From: Free, Bob [mailto:r...@pge.com]
Sent: Thursday, July 09, 2009 3:23 PM
To: NT System Admin Issues
Subject: RE: MSBA 2.1

C:\Admin\Util>err 0x80072ee2
# as an HRESULT: Severity: FAILURE (1), Facility: 0x7, Code 0x2ee2 # for hex 
0x2ee2 / decimal 12002 :
  ERROR_INTERNET_TIMEOUT    inetmsg.h
  ERROR_INTERNET_TIMEOUT    wininet.h # 2 
matches found for "0x80072ee2"

Your best friend is probably the newsgroups monitored by the MS employees. 
Google that error and it's fairly common.

>From a NG post by one of the main MBSA dudes at MS-

Since any error reported by MBSA 2.0 in the format "0x" is actually a 
WSUS/Microsoft Update error code, you may want to examine Windows Update to 
ensure it is working as expected.  The following links may be helpful:  
  
http://support.microsoft.com/default.aspx?scid=kb;en-us;836941  
  
http://update.microsoft.com/windowsupdate/v6/showarticle.aspx?articleid=32&ln=en&IsMu=False 
 
  
http://update.microsoft.com/windowsupdate/v6/showarticle.aspx?articleid=48&ln=en&IsMu=False 
 
  
http://www.updatexp.com/0x80072ee2.html  
  
http://www.updatexp.com/0x8007007E.html  
  
 
Doug Neal [MSFT]  
  
d...@online.microsoft.com  



From: Haralson, Joe (GE Comm Fin, non-GE) [mailto:joe.haral...@ge.com]
Sent: Thursday, July 09, 2009 11:06 AM
To: NT System Admin Issues
Subject: RE: MSBA 2.1

Thanks. I have File/Print sharing on . Now receiving the following error:
 
An error occurred while scanning for security updates. (0x80072ee2)


From: Free, Bob [mailto:r...@pge.com]
Sent: Thursday, July 09, 2009 10:16 AM
To: NT System Admin Issues
Subject: RE: MSBA 2.1
>From what I've seen online in the past- File/Print sharing off (no server or 
>workstation service) probably most likely culprit. Also seen it attributed to 
>firewall or other "hardening" configs. 

From-  http://technet.microsoft.com/en-us/security/cc184922.aspx  MBSA 2.1 
Frequently Asked Questions



  Q: Why am I seeing error "Could not resolve the computer name: name. 
Please specify computer name, domain\computer, or an IP address."? 
  
This error is common when scanning based on an IP address range. This is 
because MBSA will convert the range into a list of specific IP addresses for 
that range and attempt to resolve each IP address into the associated NetBIOS 
computer name. When that name resolution cannot be performed because the 
computer is switched off, or the IP address is not in use, this error will be 
returned.
The error can also happen when using a domain name of domain members are not 
accessible on the network, such as a laptop computer roaming outside the 
wireless network, or a desktop computer that has been shut down.
If you specify a DNS fully qualified domain name (FQDN) as the domain to be 
scanned, you will also see these errors. In that case, you need to use the 
NetBIOS compatible domain name.




From: Haralson, Joe (GE Comm Fin, non-GE) [mailto:joe.haral...@ge.com]
Sent: Wednesday, July 08, 2009 8:23 PM
To: NT System Admin Issues
Subject: MSBA 2.1

I'm attempting to use MSBA 2.1 but keep getting errors concerning name 
resolution. Has anyone ran into this issue? I'm using an account that has admin 
rights but when trying to scan a range of addresses I receive name resolution 
errors. Any suggestions? We are having no DNS issues on domain. Nslookup works 
just fine.

Thanks' 
Joe Haralson 
 
 
 
 
 
 
 
 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: New IE zero day exploit in the wild

[Kurt Buff]

No real experience, but you might glean some humor from this:

http://www.phdcomics.com/

On Thu, Jul 9, 2009 at 14:08, Devin Meade wrote:
> Where do your rate Grad School Professors?  Below or above Dr's and/or
> Lawyers (grin)?
>
> On Thu, Jul 9, 2009 at 4:06 PM, Kurt Buff  wrote:
>>
>> Yeah, well...
>>
>> In the medical field, right after doctors, I'd put CCU nurses. Heh.
>>
>> Kurt
>>
>> On Thu, Jul 9, 2009 at 12:27, paul chinnery wrote:
>> > Thanks.  I am so forwarding this to our Clincal Analyst; she's a
>> > licensed RN
>> > who use to work in CCU.
>> >
>> >> Date: Thu, 9 Jul 2009 11:44:54 -0700
>> >> Subject: Re: New IE zero day exploit in the wild
>> >> From: kurt.b...@gmail.com
>> >> To: ntsysadmin@lyris.sunbelt-software.com
>> >>
>> >> Since I don't work with doctors in my capacity of IT geek, I don't
>> >> know for sure. However, I was married to a critical care nurse for 7
>> >> years, and I'll put my money on the doctors.
>> >>
>> >> Heh.
>> >>
>> >> On Thu, Jul 9, 2009 at 05:04, paul chinnery wrote:
>> >> > A third of my users are doctors.  I wonder which group is harder to
>> >> > work
>> >> > with: engineers or doctors?
>> >> >
>> >> >> Date: Wed, 8 Jul 2009 11:51:09 -0700
>> >> >> Subject: Re: New IE zero day exploit in the wild
>> >> >> From: kurt.b...@gmail.com
>> >> >> To: ntsysadmin@lyris.sunbelt-software.com
>> >> >>
>> >> >> Truth. However, there are also political and training issues.
>> >> >>
>> >> >> 1) We haven't, as a company (nor within IT) figured out how to make
>> >> >> our standard apps work under under non-admin accounts. This will
>> >> >> take
>> >> >> time and resources to figure out, and then further time and
>> >> >> resources
>> >> >> to figure out how to "productionise" the application of these
>> >> >> settings
>> >> >> and apply them across the domain, including two offices overseas.
>> >> >>
>> >> >> 2) A large portion of our users are engineers who have a rabid
>> >> >> aversion to the idea that they can't be admins on their own boxes.
>> >> >> I'm
>> >> >> in the (multi-year!) process of simply trying to convince
>> >> >> engineering
>> >> >> managers that none of the staff need two NICs in their boxes - one
>> >> >> for
>> >> >> the production LAN and one for the test/dev LAN.
>> >> >>
>> >> >> 3) The overseas offices are also politically resistant to this idea.
>> >> >>
>> >> >> While I agree that the load would be lessened, and we'd have a much
>> >> >> better managed and more secure environment, this is not a trivial
>> >> >> effort, and at times I despair. But, I persist, and have it as a
>> >> >> goal
>> >> >> to work toward this fiscal year.
>> >> >>
>> >> >> The first step is to get signoff by company management, in the form
>> >> >> of
>> >> >> an actual policy - something of which there are no good examples.
>> >> >> There are practices and recommendations regarding IT, but very
>> >> >> little
>> >> >> in the way of a real IT policy that has been agreed to by
>> >> >> management.
>> >> >>
>> >> >> Kurt
>> >> >>
>> >> >> On Wed, Jul 8, 2009 at 07:52, Jonathan Link
>> >> >> wrote:
>> >> >> > After taking local admin rights away from users my plate is less
>> >> >> > full.
>> >> >> > YMMV.
>> >> >> >
>> >> >> > On Wed, Jul 8, 2009 at 10:47 AM, Kurt Buff 
>> >> >> > wrote:
>> >> >> >>
>> >> >> >> Yes, unfortunately, all our users are admins. It sucks, but I use
>> >> >> >> it
>> >> >> >> to my advantage when I can.
>> >> >> >>
>> >> >> >> The reason we've not done a GP is because we haven't had the
>> >> >> >> luxury
>> >> >> >> of
>> >> >> >> studying to understand them. Our plates always seem to be full
>> >> >> >> with
>> >> >> >> other things.
>> >> >> >>
>> >> >> >> On Tue, Jul 7, 2009 at 19:04, Ken Schaefer
>> >> >> >> wrote:
>> >> >> >> > Are all your users admins? Otherwise, how is that logon script
>> >> >> >> > going
>> >> >> >> > to
>> >> >> >> > update HKLM?
>> >> >> >> >
>> >> >> >> > Machine-based startup script would be better idea, no?
>> >> >> >> >
>> >> >> >> > Cheers
>> >> >> >> > Ken
>> >> >> >> >
>> >> >> >> > 
>> >> >> >> > From: Kurt Buff [kurt.b...@gmail.com]
>> >> >> >> > Sent: Wednesday, 8 July 2009 2:41 AM
>> >> >> >> > To: NT System Admin Issues
>> >> >> >> > Subject: Re: New IE zero day exploit in the wild
>> >> >> >> >
>> >> >> >> > I'm just pushing out the .reg file in the login script:
>> >> >> >> >
>> >> >> >> >     regedit /s \\fileserver\public\patches\videokillbits.reg
>> >> >> >> >
>> >> >> >> > The file was easy to create, in a capable editor (not notepad
>> >> >> >> > or
>> >> >> >> > wordpad) that allows metacharacter search and replace, such as
>> >> >> >> > '\n'
>> >> >> >> > for CRLF and '\t' for tab. I used the ancient,
>> >> >> >> > no-longer-supported
>> >> >> >> > PFE32. I really should switch to VIM, I suppose.
>> >> >> >> >
>> >> >> >> > On Tue, Jul 7, 2009 at 08:40, Eric
>> >> >> >> > Wittersheim wrote:
>> >> >> >> >> I'm pushing out the .reg via GP.  So far so goo

Re: New IE zero day exploit in the wild

[Devin Meade]

Where do your rate Grad School Professors?  Below or above Dr's and/or
Lawyers (grin)?

On Thu, Jul 9, 2009 at 4:06 PM, Kurt Buff  wrote:

> Yeah, well...
>
> In the medical field, right after doctors, I'd put CCU nurses. Heh.
>
> Kurt
>
> On Thu, Jul 9, 2009 at 12:27, paul chinnery wrote:
> > Thanks.  I am so forwarding this to our Clincal Analyst; she's a licensed
> RN
> > who use to work in CCU.
> >
> >> Date: Thu, 9 Jul 2009 11:44:54 -0700
> >> Subject: Re: New IE zero day exploit in the wild
> >> From: kurt.b...@gmail.com
> >> To: ntsysadmin@lyris.sunbelt-software.com
> >>
> >> Since I don't work with doctors in my capacity of IT geek, I don't
> >> know for sure. However, I was married to a critical care nurse for 7
> >> years, and I'll put my money on the doctors.
> >>
> >> Heh.
> >>
> >> On Thu, Jul 9, 2009 at 05:04, paul chinnery wrote:
> >> > A third of my users are doctors.  I wonder which group is harder to
> work
> >> > with: engineers or doctors?
> >> >
> >> >> Date: Wed, 8 Jul 2009 11:51:09 -0700
> >> >> Subject: Re: New IE zero day exploit in the wild
> >> >> From: kurt.b...@gmail.com
> >> >> To: ntsysadmin@lyris.sunbelt-software.com
> >> >>
> >> >> Truth. However, there are also political and training issues.
> >> >>
> >> >> 1) We haven't, as a company (nor within IT) figured out how to make
> >> >> our standard apps work under under non-admin accounts. This will take
> >> >> time and resources to figure out, and then further time and resources
> >> >> to figure out how to "productionise" the application of these
> settings
> >> >> and apply them across the domain, including two offices overseas.
> >> >>
> >> >> 2) A large portion of our users are engineers who have a rabid
> >> >> aversion to the idea that they can't be admins on their own boxes.
> I'm
> >> >> in the (multi-year!) process of simply trying to convince engineering
> >> >> managers that none of the staff need two NICs in their boxes - one
> for
> >> >> the production LAN and one for the test/dev LAN.
> >> >>
> >> >> 3) The overseas offices are also politically resistant to this idea.
> >> >>
> >> >> While I agree that the load would be lessened, and we'd have a much
> >> >> better managed and more secure environment, this is not a trivial
> >> >> effort, and at times I despair. But, I persist, and have it as a goal
> >> >> to work toward this fiscal year.
> >> >>
> >> >> The first step is to get signoff by company management, in the form
> of
> >> >> an actual policy - something of which there are no good examples.
> >> >> There are practices and recommendations regarding IT, but very little
> >> >> in the way of a real IT policy that has been agreed to by management.
> >> >>
> >> >> Kurt
> >> >>
> >> >> On Wed, Jul 8, 2009 at 07:52, Jonathan Link
> >> >> wrote:
> >> >> > After taking local admin rights away from users my plate is less
> >> >> > full.
> >> >> > YMMV.
> >> >> >
> >> >> > On Wed, Jul 8, 2009 at 10:47 AM, Kurt Buff 
> >> >> > wrote:
> >> >> >>
> >> >> >> Yes, unfortunately, all our users are admins. It sucks, but I use
> it
> >> >> >> to my advantage when I can.
> >> >> >>
> >> >> >> The reason we've not done a GP is because we haven't had the
> luxury
> >> >> >> of
> >> >> >> studying to understand them. Our plates always seem to be full
> with
> >> >> >> other things.
> >> >> >>
> >> >> >> On Tue, Jul 7, 2009 at 19:04, Ken Schaefer
> >> >> >> wrote:
> >> >> >> > Are all your users admins? Otherwise, how is that logon script
> >> >> >> > going
> >> >> >> > to
> >> >> >> > update HKLM?
> >> >> >> >
> >> >> >> > Machine-based startup script would be better idea, no?
> >> >> >> >
> >> >> >> > Cheers
> >> >> >> > Ken
> >> >> >> >
> >> >> >> > 
> >> >> >> > From: Kurt Buff [kurt.b...@gmail.com]
> >> >> >> > Sent: Wednesday, 8 July 2009 2:41 AM
> >> >> >> > To: NT System Admin Issues
> >> >> >> > Subject: Re: New IE zero day exploit in the wild
> >> >> >> >
> >> >> >> > I'm just pushing out the .reg file in the login script:
> >> >> >> >
> >> >> >> > regedit /s \\fileserver\public\patches\videokillbits.reg
> >> >> >> >
> >> >> >> > The file was easy to create, in a capable editor (not notepad or
> >> >> >> > wordpad) that allows metacharacter search and replace, such as
> >> >> >> > '\n'
> >> >> >> > for CRLF and '\t' for tab. I used the ancient,
> no-longer-supported
> >> >> >> > PFE32. I really should switch to VIM, I suppose.
> >> >> >> >
> >> >> >> > On Tue, Jul 7, 2009 at 08:40, Eric
> >> >> >> > Wittersheim wrote:
> >> >> >> >> I'm pushing out the .reg via GP.  So far so good.
> >> >> >> >>
> >> >> >> >> On Tue, Jul 7, 2009 at 10:38 AM, David Lum  >
> >> >> >> >> wrote:
> >> >> >> >>>
> >> >> >> >>> The “Microsoft fix-it” is an MSI that I am pushing via SMS and
> >> >> >> >>> is
> >> >> >> >>> pushing
> >> >> >> >>> fine (so far just a few test cases have it, but no issues).
> >> >> >> >>> Beats
> >> >> >> >>> trying to
> >> >> >> >>> push out a .REG or something…
> >

Re: New IE zero day exploit in the wild

[Kurt Buff]

Yeah, well...

In the medical field, right after doctors, I'd put CCU nurses. Heh.

Kurt

On Thu, Jul 9, 2009 at 12:27, paul chinnery wrote:
> Thanks.  I am so forwarding this to our Clincal Analyst; she's a licensed RN
> who use to work in CCU.
>
>> Date: Thu, 9 Jul 2009 11:44:54 -0700
>> Subject: Re: New IE zero day exploit in the wild
>> From: kurt.b...@gmail.com
>> To: ntsysadmin@lyris.sunbelt-software.com
>>
>> Since I don't work with doctors in my capacity of IT geek, I don't
>> know for sure. However, I was married to a critical care nurse for 7
>> years, and I'll put my money on the doctors.
>>
>> Heh.
>>
>> On Thu, Jul 9, 2009 at 05:04, paul chinnery wrote:
>> > A third of my users are doctors.  I wonder which group is harder to work
>> > with: engineers or doctors?
>> >
>> >> Date: Wed, 8 Jul 2009 11:51:09 -0700
>> >> Subject: Re: New IE zero day exploit in the wild
>> >> From: kurt.b...@gmail.com
>> >> To: ntsysadmin@lyris.sunbelt-software.com
>> >>
>> >> Truth. However, there are also political and training issues.
>> >>
>> >> 1) We haven't, as a company (nor within IT) figured out how to make
>> >> our standard apps work under under non-admin accounts. This will take
>> >> time and resources to figure out, and then further time and resources
>> >> to figure out how to "productionise" the application of these settings
>> >> and apply them across the domain, including two offices overseas.
>> >>
>> >> 2) A large portion of our users are engineers who have a rabid
>> >> aversion to the idea that they can't be admins on their own boxes. I'm
>> >> in the (multi-year!) process of simply trying to convince engineering
>> >> managers that none of the staff need two NICs in their boxes - one for
>> >> the production LAN and one for the test/dev LAN.
>> >>
>> >> 3) The overseas offices are also politically resistant to this idea.
>> >>
>> >> While I agree that the load would be lessened, and we'd have a much
>> >> better managed and more secure environment, this is not a trivial
>> >> effort, and at times I despair. But, I persist, and have it as a goal
>> >> to work toward this fiscal year.
>> >>
>> >> The first step is to get signoff by company management, in the form of
>> >> an actual policy - something of which there are no good examples.
>> >> There are practices and recommendations regarding IT, but very little
>> >> in the way of a real IT policy that has been agreed to by management.
>> >>
>> >> Kurt
>> >>
>> >> On Wed, Jul 8, 2009 at 07:52, Jonathan Link
>> >> wrote:
>> >> > After taking local admin rights away from users my plate is less
>> >> > full.
>> >> > YMMV.
>> >> >
>> >> > On Wed, Jul 8, 2009 at 10:47 AM, Kurt Buff 
>> >> > wrote:
>> >> >>
>> >> >> Yes, unfortunately, all our users are admins. It sucks, but I use it
>> >> >> to my advantage when I can.
>> >> >>
>> >> >> The reason we've not done a GP is because we haven't had the luxury
>> >> >> of
>> >> >> studying to understand them. Our plates always seem to be full with
>> >> >> other things.
>> >> >>
>> >> >> On Tue, Jul 7, 2009 at 19:04, Ken Schaefer
>> >> >> wrote:
>> >> >> > Are all your users admins? Otherwise, how is that logon script
>> >> >> > going
>> >> >> > to
>> >> >> > update HKLM?
>> >> >> >
>> >> >> > Machine-based startup script would be better idea, no?
>> >> >> >
>> >> >> > Cheers
>> >> >> > Ken
>> >> >> >
>> >> >> > 
>> >> >> > From: Kurt Buff [kurt.b...@gmail.com]
>> >> >> > Sent: Wednesday, 8 July 2009 2:41 AM
>> >> >> > To: NT System Admin Issues
>> >> >> > Subject: Re: New IE zero day exploit in the wild
>> >> >> >
>> >> >> > I'm just pushing out the .reg file in the login script:
>> >> >> >
>> >> >> >     regedit /s \\fileserver\public\patches\videokillbits.reg
>> >> >> >
>> >> >> > The file was easy to create, in a capable editor (not notepad or
>> >> >> > wordpad) that allows metacharacter search and replace, such as
>> >> >> > '\n'
>> >> >> > for CRLF and '\t' for tab. I used the ancient, no-longer-supported
>> >> >> > PFE32. I really should switch to VIM, I suppose.
>> >> >> >
>> >> >> > On Tue, Jul 7, 2009 at 08:40, Eric
>> >> >> > Wittersheim wrote:
>> >> >> >> I'm pushing out the .reg via GP.  So far so good.
>> >> >> >>
>> >> >> >> On Tue, Jul 7, 2009 at 10:38 AM, David Lum 
>> >> >> >> wrote:
>> >> >> >>>
>> >> >> >>> The “Microsoft fix-it” is an MSI that I am pushing via SMS and
>> >> >> >>> is
>> >> >> >>> pushing
>> >> >> >>> fine (so far just a few test cases have it, but no issues).
>> >> >> >>> Beats
>> >> >> >>> trying to
>> >> >> >>> push out a .REG or something…
>> >> >> >>>
>> >> >> >>>
>> >> >> >>>
>> >> >> >>> David Lum // SYSTEMS ENGINEER
>> >> >> >>> NORTHWEST EVALUATION ASSOCIATION
>> >> >> >>> (Desk) 971.222.1025 // (Cell) 503.267.9764
>> >> >> >>>
>> >> >> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> >> >> > ~   ~
>> >> >> >
>> >> >> >
>> >> >>
>> >> >> ~ Fi

Re: Slow DFS connections for windows xp users (and windows 2003)

[Russ]

We are having issues with navigating shares using DFS as well.  This is our
situation -- XP clients as we move through the different shares (open
folder, or especially going back and then opening another folder) will just
lock up for 5-30 seconds.  A few windows 7 clients we have do not have this
issue at all.  We have 2008 and 2003 targets, and it doesn't matter which
you are hitting, you will see these delays.  The DFS root servers are 2003.


I've put a trace on the workstations and I see a bunch of NT Create AndX
Requests to \pathname:{hash}:$DATA, then to
\pathname:Docf_\005SummaryInformation:$DATA, and
\pathname:\005SummaryInformation:$DATA, along with other pathnames along
those same lines, which are responded with: Error:
STATUS_OBJECT_NAME_NOT_FOUND.  I don't see this behavior under Windows 7,
and I don't see this when just browsing directly to the share without going
through DFS.  It will do this while it is timing out, then just seems to be
fine for a little while, then it will do it again, seemingly on another
random location.



On Thu, Jul 9, 2009 at 11:28 AM, Webb, Brian (Corp)
wrote:

> Sorry Steph, all you have described is a small set of symptoms.  The
> symptoms you describe could have a very large set of possible causes.
> Several people have given you suggestions as to things you might want to
> look at for a cause and you have done nothing but yell at them.  Not a
> good way to get help.  I expect there are a few spam filters being set
> to reject your messages as I type.
>
> I do have one suggestion that your network traces might be helpful in
> looking at, and that is to check the packet size on the packets being
> sent back an forth.  Vista and 2008 ramp up the packet sizes pretty
> quickly while XP and 2003 take a while.  How big are the files you are
> trying to access?
>
>
> -Brian
>
>
> -Original Message-
> From: Steph Balog [mailto:validemai...@gmail.com]
> Sent: Thursday, July 09, 2009 12:47 PM
> To: NT System Admin Issues
> Subject: Re: Slow DFS connections for windows xp users (and windows
> 2003)
>
> Sorry, one is not helpful when the person you are asking help from has o
> deem you "worthy" first. I asked if anyone else has experience this
> issue. I know what the root cause is. As I said, there is something
> going on with the xp and 2003 clients.
>
> It WORKS FINE on vista and windows 7.
>
> What part of "the issue is consistent only on xp and 2003 clients" is
> not sinking in?
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>   ~
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: OT: fiber for PACS

[Ben Scott]

On Thu, Jul 9, 2009 at 8:48 AM, paul chinnery wrote:
> For those of you with 'fiber' experience, is 62.5 good enough for digital
> images or would it be better to go with 50?

  It depends on the technology.  I assume we're talking Ethernet (IEEE
802.3)?  If so, it doesn't matter that you're working with digital
images.  Data is data, as far as Ethernet is concerned.  Different
vendors give different ratings for their equipment -- some pledge
longer distances, given the right conditions.  It depends more on
available optical bandwidth and signal strength loss than the actual
diameter of the fiber.  In other words, pay attention to connector
care and good-quality installation.

HP has info for their SFP mGBIC modules, which should also illustrate
what's involved:

http://www.hp.com/rnd/support/faqs/mini-GBICs.htm#question16

  For the most part, the smaller diameter 50 nanometer (vs 65 nm) just
gets you longer distances.  But not that much longer.  To really go
long distance, you need to use single-mode fiber instead.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: New IE zero day exploit in the wild

[John Aldrich]

Well, my doctor doesn't have an IT guy on staff (he works in a group
practice) and he doesn't know squat about computers and freely admits it.
:-) I've offered to help him out a time or two, but so far, no nibbles... I
think maybe he's afraid of my fees. ;-)




-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com] 
Sent: Thursday, July 09, 2009 3:21 PM
To: NT System Admin Issues
Subject: Re: New IE zero day exploit in the wild

On Thu, Jul 9, 2009 at 8:04 AM, paul chinnery wrote:
> A third of my users are doctors.  I wonder which group is harder to work
> with: engineers or doctors?

  Doctors.  Engineers know they're being arrogant.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


Checked by AVG - www.avg.com 
Version: 8.5.387 / Virus Database: 270.13.8/2227 - Release Date: 07/09/09
05:55:00

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Network Topology Software

[Daniel Rodriguez]

Hmmm... I have the PCLinusOS Distro installed on my laptop and I am also
running the OSE Virtual Environment with Windows XP Pro... Guess can get the
best of both, perhaps?

On Thu, Jul 9, 2009 at 2:58 PM, Kurt Buff  wrote:

> NetDisco will do this using CDP/LLDP discovery, plus a whole lot more.
>
> But, it requires FreeBSD/Linux to run, and it's more a network
> management app than just a network mapper.
>
> I love it though.
>
> On Thu, Jul 9, 2009 at 06:40, Daniel Rodriguez wrote:
> > Question:
> >
> > Is there any software available that will 'show' what is connected on the
> > network, graphically? Something that looks like Packet Tracer, but self
> > discovery.
> >
> >
> >
> >
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: New IE zero day exploit in the wild

[Ziots, Edward]

+1 (Agreed)

When you tend to play GOD for a living, which basically Dr's do to a certain 
extent ( They have our lives in there capable hands) I guess it can come with 
the territory. Not all of them are this way though. 

Z

Edward Ziots
Network Engineer
Lifespan Organization
MCSE,MCSA,MCP+I, ME, CCA, Security +, Network +
ezi...@lifespan.org
Phone:401-639-3505

-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com] 
Sent: Thursday, July 09, 2009 3:21 PM
To: NT System Admin Issues
Subject: Re: New IE zero day exploit in the wild

On Thu, Jul 9, 2009 at 8:04 AM, paul chinnery wrote:
> A third of my users are doctors.  I wonder which group is harder to work
> with: engineers or doctors?

  Doctors.  Engineers know they're being arrogant.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: New IE zero day exploit in the wild

[Ziots, Edward]

I am beating my TAM and his MGR over the head right now, trying to find
out if the ACTIVE X 0 day is going to be included in next Tuesdays
patches, for his sake he better hope so, or there is going to be some
hate-mail coming his way. 

 

Z

 

Edward Ziots

Network Engineer

Lifespan Organization

MCSE,MCSA,MCP+I, ME, CCA, Security +, Network +

ezi...@lifespan.org

Phone:401-639-3505



From: paul chinnery [mailto:pdw1...@hotmail.com] 
Sent: Thursday, July 09, 2009 3:27 PM
To: NT System Admin Issues
Subject: RE: New IE zero day exploit in the wild

 

Thanks.  I am so forwarding this to our Clincal Analyst; she's a
licensed RN who use to work in CCU.

> Date: Thu, 9 Jul 2009 11:44:54 -0700
> Subject: Re: New IE zero day exploit in the wild
> From: kurt.b...@gmail.com
> To: ntsysadmin@lyris.sunbelt-software.com
> 
> Since I don't work with doctors in my capacity of IT geek, I don't
> know for sure. However, I was married to a critical care nurse for 7
> years, and I'll put my money on the doctors.
> 
> Heh.
> 
> On Thu, Jul 9, 2009 at 05:04, paul chinnery
wrote:
> > A third of my users are doctors.  I wonder which group is harder to
work
> > with: engineers or doctors?
> >
> >> Date: Wed, 8 Jul 2009 11:51:09 -0700
> >> Subject: Re: New IE zero day exploit in the wild
> >> From: kurt.b...@gmail.com
> >> To: ntsysadmin@lyris.sunbelt-software.com
> >>
> >> Truth. However, there are also political and training issues.
> >>
> >> 1) We haven't, as a company (nor within IT) figured out how to make
> >> our standard apps work under under non-admin accounts. This will
take
> >> time and resources to figure out, and then further time and
resources
> >> to figure out how to "productionise" the application of these
settings
> >> and apply them across the domain, including two offices overseas.
> >>
> >> 2) A large portion of our users are engineers who have a rabid
> >> aversion to the idea that they can't be admins on their own boxes.
I'm
> >> in the (multi-year!) process of simply trying to convince
engineering
> >> managers that none of the staff need two NICs in their boxes - one
for
> >> the production LAN and one for the test/dev LAN.
> >>
> >> 3) The overseas offices are also politically resistant to this
idea.
> >>
> >> While I agree that the load would be lessened, and we'd have a much
> >> better managed and more secure environment, this is not a trivial
> >> effort, and at times I despair. But, I persist, and have it as a
goal
> >> to work toward this fiscal year.
> >>
> >> The first step is to get signoff by company management, in the form
of
> >> an actual policy - something of which there are no good examples.
> >> There are practices and recommendations regarding IT, but very
little
> >> in the way of a real IT policy that has been agreed to by
management.
> >>
> >> Kurt
> >>
> >> On Wed, Jul 8, 2009 at 07:52, Jonathan
Link
> >> wrote:
> >> > After taking local admin rights away from users my plate is less
full.
> >> > YMMV.
> >> >
> >> > On Wed, Jul 8, 2009 at 10:47 AM, Kurt Buff 
wrote:
> >> >>
> >> >> Yes, unfortunately, all our users are admins. It sucks, but I
use it
> >> >> to my advantage when I can.
> >> >>
> >> >> The reason we've not done a GP is because we haven't had the
luxury of
> >> >> studying to understand them. Our plates always seem to be full
with
> >> >> other things.
> >> >>
> >> >> On Tue, Jul 7, 2009 at 19:04, Ken Schaefer
wrote:
> >> >> > Are all your users admins? Otherwise, how is that logon script
going
> >> >> > to
> >> >> > update HKLM?
> >> >> >
> >> >> > Machine-based startup script would be better idea, no?
> >> >> >
> >> >> > Cheers
> >> >> > Ken
> >> >> >
> >> >> > 
> >> >> > From: Kurt Buff [kurt.b...@gmail.com]
> >> >> > Sent: Wednesday, 8 July 2009 2:41 AM
> >> >> > To: NT System Admin Issues
> >> >> > Subject: Re: New IE zero day exploit in the wild
> >> >> >
> >> >> > I'm just pushing out the .reg file in the login script:
> >> >> >
> >> >> > regedit /s \\fileserver\public\patches\videokillbits.reg
> >> >> >
> >> >> > The file was easy to create, in a capable editor (not notepad
or
> >> >> > wordpad) that allows metacharacter search and replace, such as
'\n'
> >> >> > for CRLF and '\t' for tab. I used the ancient,
no-longer-supported
> >> >> > PFE32. I really should switch to VIM, I suppose.
> >> >> >
> >> >> > On Tue, Jul 7, 2009 at 08:40, Eric
> >> >> > Wittersheim wrote:
> >> >> >> I'm pushing out the .reg via GP.  So far so good.
> >> >> >>
> >> >> >> On Tue, Jul 7, 2009 at 10:38 AM, David Lum

> >> >> >> wrote:
> >> >> >>>
> >> >> >>> The "Microsoft fix-it" is an MSI that I am pushing via SMS
and is
> >> >> >>> pushing
> >> >> >>> fine (so far just a few test cases have it, but no issues).
Beats
> >> >> >>> trying to
> >> >> >>> push out a .REG or something...
> >> >> >>>
> >> >> >>>
> >> >> >>>
> >> >> >>> David Lum // SYSTEMS ENGINEER
> >> >> >>> NORTHWEST EVALUATION ASSOCIATION
>

RE: MSBA 2.1

[Ziots, Edward]

You could also, look into using TCPVIEW to look at see if the WU service is 
reaching its destination, or a Packet Sniff. But the err.exe tool is killer, 
its downloadable at download.microsoft.com just query for the following: 

Microsoft Exchange Server Error Code Look-up Tool

Z

Edward Ziots
Network Engineer
Lifespan Organization
MCSE,MCSA,MCP+I, ME, CCA, Security +, Network +
ezi...@lifespan.org
Phone:401-639-3505

From: Free, Bob [mailto:r...@pge.com] 
Sent: Thursday, July 09, 2009 3:23 PM
To: NT System Admin Issues
Subject: RE: MSBA 2.1

C:\Admin\Util>err 0x80072ee2
# as an HRESULT: Severity: FAILURE (1), Facility: 0x7, Code 0x2ee2
# for hex 0x2ee2 / decimal 12002 :
  ERROR_INTERNET_TIMEOUT    inetmsg.h
  ERROR_INTERNET_TIMEOUT    wininet.h
# 2 matches found for "0x80072ee2"

Your best friend is probably the newsgroups monitored by the MS employees. 
Google that error and it's fairly common.

>From a NG post by one of the main MBSA dudes at MS-

Since any error reported by MBSA 2.0 in the format "0x" is actually    
a WSUS/Microsoft Update error code, you may want to examine Windows Update    
to ensure it is working as expected.  The following links may be helpful:  
  
http://support.microsoft.com/default.aspx?scid=kb;en-us;836941  
  
http://update.microsoft.com/windowsupdate/v6/showarticle.aspx?articleid=32&ln=en&IsMu=False 
 
  
http://update.microsoft.com/windowsupdate/v6/showarticle.aspx?articleid=48&ln=en&IsMu=False 
 
  
http://www.updatexp.com/0x80072ee2.html  
  
http://www.updatexp.com/0x8007007E.html  
  
 
Doug Neal [MSFT]  
  
d...@online.microsoft.com  



From: Haralson, Joe (GE Comm Fin, non-GE) [mailto:joe.haral...@ge.com] 
Sent: Thursday, July 09, 2009 11:06 AM
To: NT System Admin Issues
Subject: RE: MSBA 2.1

Thanks. I have File/Print sharing on . Now receiving the following error:
 
An error occurred while scanning for security updates. (0x80072ee2)


From: Free, Bob [mailto:r...@pge.com] 
Sent: Thursday, July 09, 2009 10:16 AM
To: NT System Admin Issues
Subject: RE: MSBA 2.1
>From what I've seen online in the past- File/Print sharing off (no server or 
>workstation service) probably most likely culprit. Also seen it attributed to 
>firewall or other "hardening" configs. 

From-  http://technet.microsoft.com/en-us/security/cc184922.aspx  MBSA 2.1 
Frequently Asked Questions



  Q: Why am I seeing error "Could not resolve the computer name: name. 
Please specify computer name, domain\computer, or an IP address."? 
  
This error is common when scanning based on an IP address range. This is 
because MBSA will convert the range into a list of specific IP addresses for 
that range and attempt to resolve each IP address into the associated NetBIOS 
computer name. When that name resolution cannot be performed because the 
computer is switched off, or the IP address is not in use, this error will be 
returned.
The error can also happen when using a domain name of domain members are not 
accessible on the network, such as a laptop computer roaming outside the 
wireless network, or a desktop computer that has been shut down.
If you specify a DNS fully qualified domain name (FQDN) as the domain to be 
scanned, you will also see these errors. In that case, you need to use the 
NetBIOS compatible domain name.




From: Haralson, Joe (GE Comm Fin, non-GE) [mailto:joe.haral...@ge.com] 
Sent: Wednesday, July 08, 2009 8:23 PM
To: NT System Admin Issues
Subject: MSBA 2.1

I'm attempting to use MSBA 2.1 but keep getting errors concerning name 
resolution. Has anyone ran into this issue? I'm using an account that has admin 
rights but when trying to scan a range of addresses I receive name resolution 
errors. Any suggestions? We are having no DNS issues on domain. Nslookup works 
just fine.

Thanks' 
Joe Haralson 
 
 
 
 
 
 
 
 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: New IE zero day exploit in the wild

[Jonathan Link]

They would call it precise.

On Thu, Jul 9, 2009 at 3:21 PM, Ben Scott  wrote:

> On Thu, Jul 9, 2009 at 8:04 AM, paul chinnery wrote:
> > A third of my users are doctors.  I wonder which group is harder to work
> > with: engineers or doctors?
>
>  Doctors.  Engineers know they're being arrogant.
>
> -- Ben
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: CAL Licensing Question!

[Ben Scott]

On Thu, Jul 9, 2009 at 7:46 AM, Brian
Clark wrote:
> MS said that putting in 10 Device CALS for the computers in Domain B would
> be enough. Domain A computers/Users accessing Domain B would not need
> additional CAL's as they are accessing SQL Express!

  I'm a little surprised at that.  Microsoft generally takes the hard
line that any access, direct or indirect, via authenticated (NTLM or
Kerb ticket) connection, requires a CAL.

  But then, I've also found the answers vary depending on what random
rep answers the phone.  And this is for their own licensing.
*hurumph*

  In general, unless you have more than 60 clients, I would suggest
just converting all the CALs to per-client and assigning them that
way.  A CAL assigned to a client is good for that client to access to
any server.  A CAL assigned to a server is good for only that server.
The only benefit to that is you can oversubscribe the server's
licenses, i.e., if you have 80 clients but no more than 50 will
connect at one time.

  But unless you worried about a licensing audit, I'd stick with
Microsoft's verbal answer.  It's cheaper.  :)

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: New IE zero day exploit in the wild

[paul chinnery]

Thanks.  I am so forwarding this to our Clincal Analyst; she's a licensed RN 
who use to work in CCU.

> Date: Thu, 9 Jul 2009 11:44:54 -0700
> Subject: Re: New IE zero day exploit in the wild
> From: kurt.b...@gmail.com
> To: ntsysadmin@lyris.sunbelt-software.com
> 
> Since I don't work with doctors in my capacity of IT geek, I don't
> know for sure. However, I was married to a critical care nurse for 7
> years, and I'll put my money on the doctors.
> 
> Heh.
> 
> On Thu, Jul 9, 2009 at 05:04, paul chinnery wrote:
> > A third of my users are doctors.  I wonder which group is harder to work
> > with: engineers or doctors?
> >
> >> Date: Wed, 8 Jul 2009 11:51:09 -0700
> >> Subject: Re: New IE zero day exploit in the wild
> >> From: kurt.b...@gmail.com
> >> To: ntsysadmin@lyris.sunbelt-software.com
> >>
> >> Truth. However, there are also political and training issues.
> >>
> >> 1) We haven't, as a company (nor within IT) figured out how to make
> >> our standard apps work under under non-admin accounts. This will take
> >> time and resources to figure out, and then further time and resources
> >> to figure out how to "productionise" the application of these settings
> >> and apply them across the domain, including two offices overseas.
> >>
> >> 2) A large portion of our users are engineers who have a rabid
> >> aversion to the idea that they can't be admins on their own boxes. I'm
> >> in the (multi-year!) process of simply trying to convince engineering
> >> managers that none of the staff need two NICs in their boxes - one for
> >> the production LAN and one for the test/dev LAN.
> >>
> >> 3) The overseas offices are also politically resistant to this idea.
> >>
> >> While I agree that the load would be lessened, and we'd have a much
> >> better managed and more secure environment, this is not a trivial
> >> effort, and at times I despair. But, I persist, and have it as a goal
> >> to work toward this fiscal year.
> >>
> >> The first step is to get signoff by company management, in the form of
> >> an actual policy - something of which there are no good examples.
> >> There are practices and recommendations regarding IT, but very little
> >> in the way of a real IT policy that has been agreed to by management.
> >>
> >> Kurt
> >>
> >> On Wed, Jul 8, 2009 at 07:52, Jonathan Link
> >> wrote:
> >> > After taking local admin rights away from users my plate is less full.
> >> > YMMV.
> >> >
> >> > On Wed, Jul 8, 2009 at 10:47 AM, Kurt Buff  wrote:
> >> >>
> >> >> Yes, unfortunately, all our users are admins. It sucks, but I use it
> >> >> to my advantage when I can.
> >> >>
> >> >> The reason we've not done a GP is because we haven't had the luxury of
> >> >> studying to understand them. Our plates always seem to be full with
> >> >> other things.
> >> >>
> >> >> On Tue, Jul 7, 2009 at 19:04, Ken Schaefer wrote:
> >> >> > Are all your users admins? Otherwise, how is that logon script going
> >> >> > to
> >> >> > update HKLM?
> >> >> >
> >> >> > Machine-based startup script would be better idea, no?
> >> >> >
> >> >> > Cheers
> >> >> > Ken
> >> >> >
> >> >> > 
> >> >> > From: Kurt Buff [kurt.b...@gmail.com]
> >> >> > Sent: Wednesday, 8 July 2009 2:41 AM
> >> >> > To: NT System Admin Issues
> >> >> > Subject: Re: New IE zero day exploit in the wild
> >> >> >
> >> >> > I'm just pushing out the .reg file in the login script:
> >> >> >
> >> >> > regedit /s \\fileserver\public\patches\videokillbits.reg
> >> >> >
> >> >> > The file was easy to create, in a capable editor (not notepad or
> >> >> > wordpad) that allows metacharacter search and replace, such as '\n'
> >> >> > for CRLF and '\t' for tab. I used the ancient, no-longer-supported
> >> >> > PFE32. I really should switch to VIM, I suppose.
> >> >> >
> >> >> > On Tue, Jul 7, 2009 at 08:40, Eric
> >> >> > Wittersheim wrote:
> >> >> >> I'm pushing out the .reg via GP.  So far so good.
> >> >> >>
> >> >> >> On Tue, Jul 7, 2009 at 10:38 AM, David Lum 
> >> >> >> wrote:
> >> >> >>>
> >> >> >>> The “Microsoft fix-it” is an MSI that I am pushing via SMS and is
> >> >> >>> pushing
> >> >> >>> fine (so far just a few test cases have it, but no issues). Beats
> >> >> >>> trying to
> >> >> >>> push out a .REG or something…
> >> >> >>>
> >> >> >>>
> >> >> >>>
> >> >> >>> David Lum // SYSTEMS ENGINEER
> >> >> >>> NORTHWEST EVALUATION ASSOCIATION
> >> >> >>> (Desk) 971.222.1025 // (Cell) 503.267.9764
> >> >> >>>
> >> >> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> >> >> > ~   ~
> >> >> >
> >> >> >
> >> >>
> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> >> >> ~   ~
> >> >>
> >> >
> >> >
> >> >
> >> >
> >>
> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> >> ~  ~
> >>
> >
> > 

Re: CAL Licensing Question!

[Ben Scott]

On Thu, Jul 9, 2009 at 8:22 AM, Mike Semon wrote:
> The best way to do this is to setup your Terminal Server Cals ...

  When did he mention Terminal Server?

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: MSBA 2.1

[Free, Bob]

C:\Admin\Util>err 0x80072ee2

# as an HRESULT: Severity: FAILURE (1), Facility: 0x7, Code 0x2ee2

# for hex 0x2ee2 / decimal 12002 :

  ERROR_INTERNET_TIMEOUT
inetmsg.h

  ERROR_INTERNET_TIMEOUT
wininet.h

# 2 matches found for "0x80072ee2"

 

Your best friend is probably the newsgroups monitored by the MS
employees. Google that error and it's fairly common.

 

>From a NG post by one of the main MBSA dudes at MS-

 

Since any error reported by MBSA 2.0 in the format "0x" is
actually

a WSUS/Microsoft Update error code, you may want to examine Windows
Update

to ensure it is working as expected.  The following links may be
helpful:  

  

http://support.microsoft.com/default.aspx?scid=kb;en-us;836941  

  

http://update.microsoft.com/windowsupdate/v6/showarticle.aspx?articleid=
32&ln=en&IsMu=False  

  

http://update.microsoft.com/windowsupdate/v6/showarticle.aspx?articleid=
48&ln=en&IsMu=False  

  

http://www.updatexp.com/0x80072ee2.html  

  

http://www.updatexp.com/0x8007007E.html  

  

 

Doug Neal [MSFT]  

  

d...@online.microsoft.com  

 

 

 

From: Haralson, Joe (GE Comm Fin, non-GE) [mailto:joe.haral...@ge.com] 
Sent: Thursday, July 09, 2009 11:06 AM
To: NT System Admin Issues
Subject: RE: MSBA 2.1

 

Thanks. I have File/Print sharing on . Now receiving the following
error:

 

An error occurred while scanning for security updates. (0x80072ee2)

 



From: Free, Bob [mailto:r...@pge.com] 
Sent: Thursday, July 09, 2009 10:16 AM
To: NT System Admin Issues
Subject: RE: MSBA 2.1

>From what I've seen online in the past- File/Print sharing off (no
server or workstation service) probably most likely culprit. Also seen
it attributed to firewall or other "hardening" configs. 

 

From-  http://technet.microsoft.com/en-us/security/cc184922.aspx  MBSA
2.1 Frequently Asked Questions

 

 

 

   Q: Why am I seeing error "Could not resolve the computer name:
name. Please specify computer name, domain\computer, or an IP address."?


  

This error is common when scanning based on an IP address range. This is
because MBSA will convert the range into a list of specific IP addresses
for that range and attempt to resolve each IP address into the
associated NetBIOS computer name. When that name resolution cannot be
performed because the computer is switched off, or the IP address is not
in use, this error will be returned.

The error can also happen when using a domain name of domain members are
not accessible on the network, such as a laptop computer roaming outside
the wireless network, or a desktop computer that has been shut down.

If you specify a DNS fully qualified domain name (FQDN) as the domain to
be scanned, you will also see these errors. In that case, you need to
use the NetBIOS compatible domain name.

 

 

 

 

From: Haralson, Joe (GE Comm Fin, non-GE) [mailto:joe.haral...@ge.com] 
Sent: Wednesday, July 08, 2009 8:23 PM
To: NT System Admin Issues
Subject: MSBA 2.1

 

I'm attempting to use MSBA 2.1 but keep getting errors concerning name
resolution. Has anyone ran into this issue? I'm using an account that
has admin rights but when trying to scan a range of addresses I receive
name resolution errors. Any suggestions? We are having no DNS issues on
domain. Nslookup works just fine.

 

Thanks' 
Joe Haralson 

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~<>

Re: Server 2008 fail/ My fail?

[Jonathan Link]

I wasn't suggesting you change those, I was wanting you to verify your
permissions.
You're going to need apply to subfolders otherwise the profile won't be
created correctly.  But what permissions are you applying?

On Thu, Jul 9, 2009 at 2:50 PM, Owens, Michael
wrote:

>  oooh ok my bad-- I do have the apply to folders and subfolders set.
>  --
>  *From:* Jonathan Link [mailto:jonathan.l...@gmail.com]
> *Sent:* Thursday, July 09, 2009 1:20 PM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Server 2008 fail/ My fail?
>
>   No, I meant NTFS permissions.  I noticed in one of your first emails
> that you were adjusting ntfs permissions (Security Tab).  So, what are the
> ntfs permissions on that parent folder?  Do you have the Apply to Folders,
> subfolders and files enabled?
>
> What happens if you try and create a file manually (for both admin and
> not), really seems like it's a permissions issue that needs to be sorted
> out.
>
> On Thu, Jul 9, 2009 at 10:37 AM, Owens, Michael <
> michael.ow...@dys.ohio.gov> wrote:
>
>>  Do you mean to the share? Example, my path is \\stuctx07\profiles$
>>
>>
>> Profiles$ did not grant write access tot he user... I just changed it. The
>> strange thing - it was working... I did not change the permissions.
>> After changing them to allow the users right access... it was still a no
>> go. The Admin cannot create a profile either.
>>
>>
>> However here is my caveot- I want the admins unaffected by the GPO for
>> these machines- when I log on they pull down the GPO. I had it working a
>> while back - but I recreated the GPO and I cant figure out the deligations
>> tab.
>>
>> Mike
>>
>>  --
>>  *From:* Jonathan Link [mailto:jonathan.l...@gmail.com]
>> *Sent:* Thursday, July 09, 2009 10:13 AM
>>
>> *To:* NT System Admin Issues
>> *Subject:* Re: Server 2008 fail/ My fail?
>>
>>   I'd see if an admin account could create a profile.  Double check the
>> permissions on the parent folder, of course.  You had been adjusting
>> permissions before I advised verifying the GPO setting, you might want to
>> verify the permissions will still allow users to create files and folders...
>>
>> On Thu, Jul 9, 2009 at 9:47 AM, Owens, Michael <
>> michael.ow...@dys.ohio.gov> wrote:
>>
>>>  Ok - I just tried that option - and now it wont create the roaming
>>> profile at first log on. Did I do something wrong?
>>>
>>> Thanks,
>>> Mike
>>>
>>>  --
>>> *From:* Jonathan Link [mailto:jonathan.l...@gmail.com]
>>> *Sent:* Tuesday, July 07, 2009 4:42 PM
>>>
>>> *To:* NT System Admin Issues
>>> *Subject:* Re: Server 2008 fail/ My fail?
>>>
>>>   Did you adjust the GPO?
>>> Administrative Templates\System\User Profiles
>>>
>>> "Add the Administrators security group to roaming user profiles"
>>>
>>>
>>> On Tue, Jul 7, 2009 at 2:12 PM, Owens, Michael <
>>> michael.ow...@dys.ohio.gov> wrote:
>>>
  Heres what is going on.

 I have a share, that TS profiles get created on. Only that account has
 access to them, and system. For some reason it takes away administrators - 
 I
 would like to add a group, to the parent folder, to propogate to all child
 objects created. Does that make sense?

  --
 *From:* Jon Harris [mailto:jk.har...@gmail.com]
 *Sent:* Tuesday, July 07, 2009 1:46 PM
 *To:* NT System Admin Issues
 *Subject:* Re: Server 2008 fail/ My fail?

   I have been doing that for the last week while I move from 2003 to
 2008.  Look at the Security Tab bottom Advanced then Edit then Edit again
 then Apply To.  Will this not work or do you want to Add a
 group/person/etc.  If you are adding then the second Edit should be Add
 instead.

 Jon

 On Tue, Jul 7, 2009 at 1:38 PM, Owens, Michael <
 michael.ow...@dys.ohio.gov> wrote:

>  Does anyone know why they got rid of the option to "replace
> permission entries on all child objects with entries shown here that apply
> to child objects?" Or did they move it?
>
> --
> This message, and any response to it, may constitute a public record
> and
> thus may be publicly available to anyone who requests it in accordance
> with Chapter 149 of the Ohio Revised Code.
>
>
>
>
>
>





 --
 This message, and any response to it, may constitute a public record and
 thus may be publicly available to anyone who requests it in accordance
 with Chapter 149 of the Ohio Revised Code.






>>>
>>>
>>>
>>>
>>>
>>> --
>>> This message, and any response to it, may constitute a public record and
>>> thus may be publicly available to anyone who requests it in accordance
>>> with Chapter 149 of the Ohio Revised Code.
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>>
>>
>>
>> --

Re: New IE zero day exploit in the wild

[Ben Scott]

On Thu, Jul 9, 2009 at 8:04 AM, paul chinnery wrote:
> A third of my users are doctors.  I wonder which group is harder to work
> with: engineers or doctors?

  Doctors.  Engineers know they're being arrogant.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Network Topology Software

[Kurt Buff]

NetDisco will do this using CDP/LLDP discovery, plus a whole lot more.

But, it requires FreeBSD/Linux to run, and it's more a network
management app than just a network mapper.

I love it though.

On Thu, Jul 9, 2009 at 06:40, Daniel Rodriguez wrote:
> Question:
>
> Is there any software available that will 'show' what is connected on the
> network, graphically? Something that looks like Packet Tracer, but self
> discovery.
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Server 2008 fail/ My fail?

[Owens, Michael]

oooh ok my bad-- I do have the apply to folders and subfolders set.

From: Jonathan Link [mailto:jonathan.l...@gmail.com]
Sent: Thursday, July 09, 2009 1:20 PM
To: NT System Admin Issues
Subject: Re: Server 2008 fail/ My fail?

No, I meant NTFS permissions.  I noticed in one of your first emails that you 
were adjusting ntfs permissions (Security Tab).  So, what are the ntfs 
permissions on that parent folder?  Do you have the Apply to Folders, 
subfolders and files enabled?

What happens if you try and create a file manually (for both admin and not), 
really seems like it's a permissions issue that needs to be sorted out.

On Thu, Jul 9, 2009 at 10:37 AM, Owens, Michael 
mailto:michael.ow...@dys.ohio.gov>> wrote:
Do you mean to the share? Example, my path is \\stuctx07\profiles$


Profiles$ did not grant write access tot he user... I just changed it. The 
strange thing - it was working... I did not change the permissions.
After changing them to allow the users right access... it was still a no go. 
The Admin cannot create a profile either.


However here is my caveot- I want the admins unaffected by the GPO for these 
machines- when I log on they pull down the GPO. I had it working a while back - 
but I recreated the GPO and I cant figure out the deligations tab.

Mike


From: Jonathan Link 
[mailto:jonathan.l...@gmail.com]
Sent: Thursday, July 09, 2009 10:13 AM

To: NT System Admin Issues
Subject: Re: Server 2008 fail/ My fail?

I'd see if an admin account could create a profile.  Double check the 
permissions on the parent folder, of course.  You had been adjusting 
permissions before I advised verifying the GPO setting, you might want to 
verify the permissions will still allow users to create files and folders...

On Thu, Jul 9, 2009 at 9:47 AM, Owens, Michael 
mailto:michael.ow...@dys.ohio.gov>> wrote:
Ok - I just tried that option - and now it wont create the roaming profile at 
first log on. Did I do something wrong?

Thanks,
Mike


From: Jonathan Link 
[mailto:jonathan.l...@gmail.com]
Sent: Tuesday, July 07, 2009 4:42 PM

To: NT System Admin Issues
Subject: Re: Server 2008 fail/ My fail?

Did you adjust the GPO?
Administrative Templates\System\User Profiles

"Add the Administrators security group to roaming user profiles"


On Tue, Jul 7, 2009 at 2:12 PM, Owens, Michael 
mailto:michael.ow...@dys.ohio.gov>> wrote:
Heres what is going on.

I have a share, that TS profiles get created on. Only that account has access 
to them, and system. For some reason it takes away administrators - I would 
like to add a group, to the parent folder, to propogate to all child objects 
created. Does that make sense?


From: Jon Harris [mailto:jk.har...@gmail.com]
Sent: Tuesday, July 07, 2009 1:46 PM
To: NT System Admin Issues
Subject: Re: Server 2008 fail/ My fail?

I have been doing that for the last week while I move from 2003 to 2008.  Look 
at the Security Tab bottom Advanced then Edit then Edit again then Apply To.  
Will this not work or do you want to Add a group/person/etc.  If you are adding 
then the second Edit should be Add instead.

Jon

On Tue, Jul 7, 2009 at 1:38 PM, Owens, Michael 
mailto:michael.ow...@dys.ohio.gov>> wrote:
Does anyone know why they got rid of the option to "replace permission entries 
on all child objects with entries shown here that apply to child objects?" Or 
did they move it?


This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.











This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.











This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.











This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.











This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: New IE zero day exploit in the wild

[Kurt Buff]

Since I don't work with doctors in my capacity of IT geek, I don't
know for sure. However, I was married to a critical care nurse for 7
years, and I'll put my money on the doctors.

Heh.

On Thu, Jul 9, 2009 at 05:04, paul chinnery wrote:
> A third of my users are doctors.  I wonder which group is harder to work
> with: engineers or doctors?
>
>> Date: Wed, 8 Jul 2009 11:51:09 -0700
>> Subject: Re: New IE zero day exploit in the wild
>> From: kurt.b...@gmail.com
>> To: ntsysadmin@lyris.sunbelt-software.com
>>
>> Truth. However, there are also political and training issues.
>>
>> 1) We haven't, as a company (nor within IT) figured out how to make
>> our standard apps work under under non-admin accounts. This will take
>> time and resources to figure out, and then further time and resources
>> to figure out how to "productionise" the application of these settings
>> and apply them across the domain, including two offices overseas.
>>
>> 2) A large portion of our users are engineers who have a rabid
>> aversion to the idea that they can't be admins on their own boxes. I'm
>> in the (multi-year!) process of simply trying to convince engineering
>> managers that none of the staff need two NICs in their boxes - one for
>> the production LAN and one for the test/dev LAN.
>>
>> 3) The overseas offices are also politically resistant to this idea.
>>
>> While I agree that the load would be lessened, and we'd have a much
>> better managed and more secure environment, this is not a trivial
>> effort, and at times I despair. But, I persist, and have it as a goal
>> to work toward this fiscal year.
>>
>> The first step is to get signoff by company management, in the form of
>> an actual policy - something of which there are no good examples.
>> There are practices and recommendations regarding IT, but very little
>> in the way of a real IT policy that has been agreed to by management.
>>
>> Kurt
>>
>> On Wed, Jul 8, 2009 at 07:52, Jonathan Link
>> wrote:
>> > After taking local admin rights away from users my plate is less full.
>> > YMMV.
>> >
>> > On Wed, Jul 8, 2009 at 10:47 AM, Kurt Buff  wrote:
>> >>
>> >> Yes, unfortunately, all our users are admins. It sucks, but I use it
>> >> to my advantage when I can.
>> >>
>> >> The reason we've not done a GP is because we haven't had the luxury of
>> >> studying to understand them. Our plates always seem to be full with
>> >> other things.
>> >>
>> >> On Tue, Jul 7, 2009 at 19:04, Ken Schaefer wrote:
>> >> > Are all your users admins? Otherwise, how is that logon script going
>> >> > to
>> >> > update HKLM?
>> >> >
>> >> > Machine-based startup script would be better idea, no?
>> >> >
>> >> > Cheers
>> >> > Ken
>> >> >
>> >> > 
>> >> > From: Kurt Buff [kurt.b...@gmail.com]
>> >> > Sent: Wednesday, 8 July 2009 2:41 AM
>> >> > To: NT System Admin Issues
>> >> > Subject: Re: New IE zero day exploit in the wild
>> >> >
>> >> > I'm just pushing out the .reg file in the login script:
>> >> >
>> >> >     regedit /s \\fileserver\public\patches\videokillbits.reg
>> >> >
>> >> > The file was easy to create, in a capable editor (not notepad or
>> >> > wordpad) that allows metacharacter search and replace, such as '\n'
>> >> > for CRLF and '\t' for tab. I used the ancient, no-longer-supported
>> >> > PFE32. I really should switch to VIM, I suppose.
>> >> >
>> >> > On Tue, Jul 7, 2009 at 08:40, Eric
>> >> > Wittersheim wrote:
>> >> >> I'm pushing out the .reg via GP.  So far so good.
>> >> >>
>> >> >> On Tue, Jul 7, 2009 at 10:38 AM, David Lum 
>> >> >> wrote:
>> >> >>>
>> >> >>> The “Microsoft fix-it” is an MSI that I am pushing via SMS and is
>> >> >>> pushing
>> >> >>> fine (so far just a few test cases have it, but no issues). Beats
>> >> >>> trying to
>> >> >>> push out a .REG or something…
>> >> >>>
>> >> >>>
>> >> >>>
>> >> >>> David Lum // SYSTEMS ENGINEER
>> >> >>> NORTHWEST EVALUATION ASSOCIATION
>> >> >>> (Desk) 971.222.1025 // (Cell) 503.267.9764
>> >> >>>
>> >> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> >> > ~   ~
>> >> >
>> >> >
>> >>
>> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> >> ~   ~
>> >>
>> >
>> >
>> >
>> >
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~  ~
>>
>
> 
> Insert movie times and more without leaving Hotmail®. See how.
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: 800B0100 error on W2K8

[Miller Bonnie L .]

What was the last patch you installed on this server?

I went through a similar issue on a Hyper-V guest server I was rebuilding from 
scratch, and I was not very far into the build when it happened.  I found the 
same stuff on google pointing at updates, but no specific solution.  So, I 
finally started rolling back patches a few at a time, since it was such a new 
build, and a similar build process on another server had gone just fine.  Found 
it pretty quick, and it in my case, it turned out to be IE8--the one thing that 
had changed since the earlier build that worked.  On this server, if I install 
IE8, it breaks adding/removing roles and features--remove IE8 and it works 
again.

Haven't actually found a reason yet, and it hasn't happened on other 
servers--just this one.  Things unique to this server are that it is a Hyper-V 
guest on WS08 Standard x64 running AD Domain services, DNS, and WiNS.  It is 
the only DC we have virtualized so far--still in the shallow end on our 
virtualization/SAN project.  I've since patched it with SP2, but have not tried 
putting IE8 back on.

-Bonnie 

-Original Message-
From: Charlie Kaiser [mailto:charl...@golden-eagle.org] 
Sent: Wednesday, July 08, 2009 3:16 PM
To: NT System Admin Issues
Subject: 800B0100 error on W2K8

W2K8 x64 standard SP1. 
Unable to change features in server manager; fails with 800B0100 error. 
Research pointed towards windows update.
I've rerun WU, and get a repeated failure on KB951847, also with 800B0100. 
Additional symptoms include nothing listed under installed updates in CP, 
although there is an update history in WU. I'm running NOD32 AV, and have 
tried the fixes with AV disabled also.

I've downloaded the 947821 util and ran it several times. Same result each 
time; runs, completes, but the CheckSUR.log still contains this entry:

=
Checking System Update Readiness.
Binary Version 6.0.6001.22375
Package Version 5.0
2009-07-07 17:50

Checking Deployment Packages

Checking Package Manifests and catalogs.

Checking package watchlist.

Checking component watchlist.

Checking packages.
(f) CBS MUM 
Missing 0x0002
servicing\packages\Package_for_KB948610_server_0~31bf3856ad364e35~amd64~~6.0
.6001.2123.mum  
(f) CBS MUM 
Missing 0x0002
servicing\packages\Package_for_KB948610_server~31bf3856ad364e35~amd64~~6.0.6
001.2123.mum
(f) CBS MUM 
Missing 0x0002
servicing\packages\Package_for_KB948610~31bf3856ad364e35~amd64~~6.0.6001.212
3.mum   

Checking component store
Summary:
Seconds executed: 380
 Found 3 errors
  CBS MUM Missing Total Count: 3
=

How can I fix this? It appears to be a common problem with no obvious 
solutions yet, at least not that I've found. Posted to the MS newsgroups
with no replies yet. Anyone got any ideas? Thanks.

***
Charlie Kaiser
charl...@golden-eagle.org
Kingman, AZ
*** 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Network Topology Software

[John Aldrich]

SpiceWorks will do that. It’s free. J

 

John-AldrichTile-Tools

 

From: Daniel Rodriguez [mailto:drod...@gmail.com] 
Sent: Thursday, July 09, 2009 9:41 AM
To: NT System Admin Issues
Subject: Network Topology Software

 

Question:

 

Is there any software available that will 'show' what is connected on the 
network, graphically? Something that looks like Packet Tracer, but self 
discovery. 

 

 

Checked by AVG - www.avg.com
Version: 8.5.387 / Virus Database: 270.13.8/2227 - Release Date: 07/09/09 
05:55:00


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~<><>

RE: Slow DFS connections for windows xp users (and windows 2003)

[Webb, Brian (Corp)]

Sorry Steph, all you have described is a small set of symptoms.  The
symptoms you describe could have a very large set of possible causes.
Several people have given you suggestions as to things you might want to
look at for a cause and you have done nothing but yell at them.  Not a
good way to get help.  I expect there are a few spam filters being set
to reject your messages as I type.

I do have one suggestion that your network traces might be helpful in
looking at, and that is to check the packet size on the packets being
sent back an forth.  Vista and 2008 ramp up the packet sizes pretty
quickly while XP and 2003 take a while.  How big are the files you are
trying to access?


-Brian


-Original Message-
From: Steph Balog [mailto:validemai...@gmail.com] 
Sent: Thursday, July 09, 2009 12:47 PM
To: NT System Admin Issues
Subject: Re: Slow DFS connections for windows xp users (and windows
2003)

Sorry, one is not helpful when the person you are asking help from has o
deem you "worthy" first. I asked if anyone else has experience this
issue. I know what the root cause is. As I said, there is something
going on with the xp and 2003 clients.

It WORKS FINE on vista and windows 7. 

What part of "the issue is consistent only on xp and 2003 clients" is
not sinking in?
~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Slow DFS connections for windows xp users (and windows 2003)

[Kelsey, John]

I see similar delays with DFS here.  Accessing through the server share
directly works fine, going through DFS sees delays up to 4 or 5 seconds.

2008 DCs running on various flavors of IBM x-series servers
The file servers where the shares reside are all IBM blades, dual proc,
4GB of RAM, gigabit conneciton, etc.

I haven't tried it with Vista/Win7 to see if there is a difference or
not here.

So I'm curious if you find anything!


***
John C. Kelsey
DuBois Regional Medical Center
(:  814.375.3073  
*:   jckel...@drmc.org 
***


-Original Message-
From: Steph Balog [mailto:validemai...@gmail.com] 
Sent: Thursday, July 09, 2009 14:17
To: NT System Admin Issues
Subject: Re: Slow DFS connections for windows xp users (and windows
2003)


This was not directed at you jon. It was for the other guy sitting there
acting as if Ken was right to sit there marginalizing my issue the way
he did.

And the hardware are two dell 2950's. Direct scsi storage. It really is
not a hardware issue at all as I repeat, the vista and windows 7 clients
do not experience the problem. ~ Finally, powerful endpoint security
that ISN'T a resource hog! ~ ~
  ~
This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they are addressed. If 
you have received this email in error please notify the system manager. This 
message contains confidential information and is intended only for the 
individual named. If you are not the named addressee you should not 
disseminate, distribute or copy this e-mail.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Google Voice

[Micheal Espinola Jr]

>From what I can ascertain so far, Google Voice is the future benchmark
for mobile services integration (call history, voicemail, SMS, etc.)
It is freaking awesome.

Forget Visual Voicemail (VV).  What Google has done here is what the
next generation services will be like.  And I'm assuming it wont
require the back-end hardware upgrades that VV does.

--
ME2

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Slow DFS connections for windows xp users (and windows 2003)

[Steph Balog]

This was not directed at you jon. It was for the other guy sitting there acting 
as if Ken was right to sit there marginalizing my issue the way he did.

And the hardware are two dell 2950's. Direct scsi storage. It really is not a 
hardware issue at all as I repeat, the vista and windows 7 clients do not 
experience the problem.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: MSBA 2.1

[Haralson, Joe (GE Comm Fin, non-GE)]

Thanks. I have File/Print sharing on . Now receiving the following
error:
 
An error occurred while scanning for security updates. (0x80072ee2)



From: Free, Bob [mailto:r...@pge.com] 
Sent: Thursday, July 09, 2009 10:16 AM
To: NT System Admin Issues
Subject: RE: MSBA 2.1



>From what I've seen online in the past- File/Print sharing off (no
server or workstation service) probably most likely culprit. Also seen
it attributed to firewall or other "hardening" configs. 

 

From-  http://technet.microsoft.com/en-us/security/cc184922.aspx  MBSA
2.1 Frequently Asked Questions

 

 

 

   Q: Why am I seeing error "Could not resolve the computer name:
name. Please specify computer name, domain\computer, or an IP address."?


   

This error is common when scanning based on an IP address range. This is
because MBSA will convert the range into a list of specific IP addresses
for that range and attempt to resolve each IP address into the
associated NetBIOS computer name. When that name resolution cannot be
performed because the computer is switched off, or the IP address is not
in use, this error will be returned.

The error can also happen when using a domain name of domain members are
not accessible on the network, such as a laptop computer roaming outside
the wireless network, or a desktop computer that has been shut down.

If you specify a DNS fully qualified domain name (FQDN) as the domain to
be scanned, you will also see these errors. In that case, you need to
use the NetBIOS compatible domain name.

 

 

 

 

From: Haralson, Joe (GE Comm Fin, non-GE) [mailto:joe.haral...@ge.com] 
Sent: Wednesday, July 08, 2009 8:23 PM
To: NT System Admin Issues
Subject: MSBA 2.1

 

I'm attempting to use MSBA 2.1 but keep getting errors concerning name
resolution. Has anyone ran into this issue? I'm using an account that
has admin rights but when trying to scan a range of addresses I receive
name resolution errors. Any suggestions? We are having no DNS issues on
domain. Nslookup works just fine.

 

Thanks' 
Joe Haralson 

 

 

 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~<>

Re: Slow DFS connections for windows xp users (and windows 2003)

[Jonathan Link]

Wow.

On Thu, Jul 9, 2009 at 1:47 PM, Steph Balog  wrote:

> Sorry, one is not helpful when the person you are asking help from has o
> deem you "worthy" first. I asked if anyone else has experience this issue. I
> know what the root cause is. As I said, there is something going on with the
> xp and 2003 clients.
>
> It WORKS FINE on vista and windows 7.
>
> What part of "the issue is consistent only on xp and 2003 clients" is not
> sinking in?
>  ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Slow DFS connections for windows xp users (and windows 2003)

[Steph Balog]

Sorry, one is not helpful when the person you are asking help from has o deem 
you "worthy" first. I asked if anyone else has experience this issue. I know 
what the root cause is. As I said, there is something going on with the xp and 
2003 clients.

It WORKS FINE on vista and windows 7. 

What part of "the issue is consistent only on xp and 2003 clients" is not 
sinking in?
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Slow DFS connections for windows xp users (and windows 2003)

[Jonathan Link]

We had a Buffalo Terrastation, which was shared through DFS, performance was
horrible when accessed through DFS, but reasonable when accessed directly.
So...maybe it would be good to know what hardware is serving up the actual
storage?
-Jonathan

On Thu, Jul 9, 2009 at 12:09 PM, Richard Stovall <
richard.stov...@researchdata.com> wrote:

>  Just for giggles, what happens if you copy to/from and admin share such
> as \\server\c$ instead of a defined file share?
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Network Topology Software

[Daniel Rodriguez]

Thanks, Paul.

I knew that someone had mentioned it on this list awhile ago but I couldn't

On Thu, Jul 9, 2009 at 10:27 AM, Maglinger, Paul wrote:

>  Solarwinds had a freeby version of LanSurveyor Express at one time that
> would work with Visio 2007.
>
>  --
> *From:* Daniel Rodriguez [mailto:drod...@gmail.com]
> *Sent:* Thursday, July 09, 2009 8:41 AM
> *To:* NT System Admin Issues
> *Subject:* Network Topology Software
>
>  Question:
>
> Is there any software available that will 'show' what is connected on the
> network, graphically? Something that looks like Packet Tracer, but self
> discovery.
>
>
>
>
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Server 2008 fail/ My fail?

[Jonathan Link]

No, I meant NTFS permissions.  I noticed in one of your first emails that
you were adjusting ntfs permissions (Security Tab).  So, what are the ntfs
permissions on that parent folder?  Do you have the Apply to Folders,
subfolders and files enabled?

What happens if you try and create a file manually (for both admin and not),
really seems like it's a permissions issue that needs to be sorted out.

On Thu, Jul 9, 2009 at 10:37 AM, Owens, Michael
wrote:

>  Do you mean to the share? Example, my path is \\stuctx07\profiles$
>
>
> Profiles$ did not grant write access tot he user... I just changed it. The
> strange thing - it was working... I did not change the permissions.
> After changing them to allow the users right access... it was still a no
> go. The Admin cannot create a profile either.
>
>
> However here is my caveot- I want the admins unaffected by the GPO for
> these machines- when I log on they pull down the GPO. I had it working a
> while back - but I recreated the GPO and I cant figure out the deligations
> tab.
>
> Mike
>
>  --
>  *From:* Jonathan Link [mailto:jonathan.l...@gmail.com]
> *Sent:* Thursday, July 09, 2009 10:13 AM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Server 2008 fail/ My fail?
>
>   I'd see if an admin account could create a profile.  Double check the
> permissions on the parent folder, of course.  You had been adjusting
> permissions before I advised verifying the GPO setting, you might want to
> verify the permissions will still allow users to create files and folders...
>
> On Thu, Jul 9, 2009 at 9:47 AM, Owens, Michael  > wrote:
>
>>  Ok - I just tried that option - and now it wont create the roaming
>> profile at first log on. Did I do something wrong?
>>
>> Thanks,
>> Mike
>>
>>  --
>> *From:* Jonathan Link [mailto:jonathan.l...@gmail.com]
>> *Sent:* Tuesday, July 07, 2009 4:42 PM
>>
>> *To:* NT System Admin Issues
>> *Subject:* Re: Server 2008 fail/ My fail?
>>
>>   Did you adjust the GPO?
>> Administrative Templates\System\User Profiles
>>
>> "Add the Administrators security group to roaming user profiles"
>>
>>
>> On Tue, Jul 7, 2009 at 2:12 PM, Owens, Michael <
>> michael.ow...@dys.ohio.gov> wrote:
>>
>>>  Heres what is going on.
>>>
>>> I have a share, that TS profiles get created on. Only that account has
>>> access to them, and system. For some reason it takes away administrators - I
>>> would like to add a group, to the parent folder, to propogate to all child
>>> objects created. Does that make sense?
>>>
>>>  --
>>> *From:* Jon Harris [mailto:jk.har...@gmail.com]
>>> *Sent:* Tuesday, July 07, 2009 1:46 PM
>>> *To:* NT System Admin Issues
>>> *Subject:* Re: Server 2008 fail/ My fail?
>>>
>>>   I have been doing that for the last week while I move from 2003 to
>>> 2008.  Look at the Security Tab bottom Advanced then Edit then Edit again
>>> then Apply To.  Will this not work or do you want to Add a
>>> group/person/etc.  If you are adding then the second Edit should be Add
>>> instead.
>>>
>>> Jon
>>>
>>> On Tue, Jul 7, 2009 at 1:38 PM, Owens, Michael <
>>> michael.ow...@dys.ohio.gov> wrote:
>>>
  Does anyone know why they got rid of the option to "replace permission
 entries on all child objects with entries shown here that apply to child
 objects?" Or did they move it?

 --
 This message, and any response to it, may constitute a public record and
 thus may be publicly available to anyone who requests it in accordance
 with Chapter 149 of the Ohio Revised Code.






>>>
>>>
>>>
>>>
>>>
>>> --
>>> This message, and any response to it, may constitute a public record and
>>> thus may be publicly available to anyone who requests it in accordance
>>> with Chapter 149 of the Ohio Revised Code.
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>>
>>
>>
>> --
>> This message, and any response to it, may constitute a public record and
>> thus may be publicly available to anyone who requests it in accordance
>> with Chapter 149 of the Ohio Revised Code.
>>
>>
>>
>>
>>
>>
>
>
>
>
>
> --
> This message, and any response to it, may constitute a public record and
> thus may be publicly available to anyone who requests it in accordance
> with Chapter 149 of the Ohio Revised Code.
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Remote Access policy

[Don Guyer]

Joe,

 

Replied offline. It's not spectacular, but should point
in the right direction.

 

Don Guyer

Systems Engineer - Information Services

Prudential, Fox & Roach/Trident Group

431 W. Lancaster Avenue

Devon, PA 19333

Direct: (610) 993-3299

Fax: (610) 650-5306

don.gu...@prufoxroach.com  

 

From: Joe Heaton [mailto:jhea...@etp.ca.gov] 
Sent: Thursday, July 09, 2009 12:27 PM
To: NT System Admin Issues
Subject: Remote Access policy

 

Does anyone have a decent remote access policy they could share with me?
I'm tasked to create one, in the next couple of weeks, and I'm not sure
of verbage.  I'd appreciate any help you guys could offer on this.

 

Thanks,

 

Joe Heaton

AISA

Employment Training Panel

1100 J Street, 4th Floor

Sacramento, CA  95814

(916) 327-5276

jhea...@etp.ca.gov

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: fiber for PACS

[paul chinnery]

Super.  Thanks, Kim.

Subject: RE: fiber for PACS
Date: Thu, 9 Jul 2009 11:44:15 -0500
From: k...@colonialsavings.com
To: ntsysadmin@lyris.sunbelt-software.com



















Ok, I have a little chart here that says
62.5 multimode will carry 10Gb for 35 meters, and 1Gb for 300 meters with an
850nm laser, or 550 meters with a 1300 nm laser

10Gb for 300 meters would be over 10-Gb
fiber at 50/125 (first number is strand diameter, second is cladding diameter)

I’m getting that info from a CXTEC
catalog.  You might go to www.cxtec.com
to look at their fiber stuff.  Talk to Brian Nuzzo if you decide to call
them.

 









From: paul chinnery
[mailto:pdw1...@hotmail.com] 

Sent: Thursday, July 09, 2009
11:30 AM

To: NT System Admin Issues

Subject: RE: fiber for PACS



 

Thanks. Distance is less 200 feet
and it'll be plugged into a Cisco 2960. That switch will then run fiber down to
our data center.











Subject: RE: fiber for PACS

Date: Thu, 9 Jul 2009 10:38:07 -0500

From: k...@colonialsavings.com

To: ntsysadmin@lyris.sunbelt-software.com



Paul, the specs for the fiber you use will
depend mainly on what distances you have to cover, what speeds you need to run,
and what your switches or other network devices support.  Your switch
vendor will have info about the size, mode (single mode, multimode), distance,
etc, and you can google fiber specs for more info as well.

 









From: paul chinnery
[mailto:pdw1...@hotmail.com] 

Sent: Thursday, July 09, 2009 7:48
AM

To: NT System Admin Issues

Subject: OT: fiber for PACS



 

Installing a new imaging center
and the MI Supervisor is asking about fiber run.  We've been running mm,
62.5 throughout the organization. 

For those of you with 'fiber' experience, is 62.5 good enough for digital
images or would it be better to go with 50?  

I've read that 62.5 is too small for the newer 40 gig that is coming out this
year.  I've also read that it's even too small for 10 gig but one vendor I
talked to said they had rolled out 10 gig using 62.5.







Windows Live™ SkyDrive™: Get 25 GB of free
online storage. Get
it on your BlackBerry or iPhone. 

 

 

 

 

 







Windows Live™: Keep your life in sync. Check it out. 

 

 


 



 


_
Insert movie times and more without leaving Hotmail®. 
http://windowslive.com/Tutorial/Hotmail/QuickAdd?ocid=TXT_TAGLM_WL_HM_Tutorial_QuickAdd_062009
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: fiber for PACS

[Kim Longenbaugh]

Ok, I have a little chart here that says 62.5 multimode will carry 10Gb
for 35 meters, and 1Gb for 300 meters with an 850nm laser, or 550 meters
with a 1300 nm laser

10Gb for 300 meters would be over 10-Gb fiber at 50/125 (first number is
strand diameter, second is cladding diameter)

I'm getting that info from a CXTEC catalog.  You might go to
www.cxtec.com   to look at their fiber stuff.
Talk to Brian Nuzzo if you decide to call them.

 



From: paul chinnery [mailto:pdw1...@hotmail.com] 
Sent: Thursday, July 09, 2009 11:30 AM
To: NT System Admin Issues
Subject: RE: fiber for PACS

 

Thanks. Distance is less 200 feet and it'll be plugged into a Cisco
2960. That switch will then run fiber down to our data center.





Subject: RE: fiber for PACS
Date: Thu, 9 Jul 2009 10:38:07 -0500
From: k...@colonialsavings.com
To: ntsysadmin@lyris.sunbelt-software.com

Paul, the specs for the fiber you use will depend mainly on what
distances you have to cover, what speeds you need to run, and what your
switches or other network devices support.  Your switch vendor will have
info about the size, mode (single mode, multimode), distance, etc, and
you can google fiber specs for more info as well.

 



From: paul chinnery [mailto:pdw1...@hotmail.com] 
Sent: Thursday, July 09, 2009 7:48 AM
To: NT System Admin Issues
Subject: OT: fiber for PACS

 

Installing a new imaging center and the MI Supervisor is asking about
fiber run.  We've been running mm, 62.5 throughout the organization. 
For those of you with 'fiber' experience, is 62.5 good enough for
digital images or would it be better to go with 50?  
I've read that 62.5 is too small for the newer 40 gig that is coming out
this year.  I've also read that it's even too small for 10 gig but one
vendor I talked to said they had rolled out 10 gig using 62.5.



Windows Live(tm) SkyDrive(tm): Get 25 GB of free online storage. Get it
on your BlackBerry or iPhone.
  

 

 

 

 

 



Windows Live(tm): Keep your life in sync. Check it out.
  

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: fiber for PACS

[paul chinnery]

Thanks. Distance is less 200 feet and it'll be plugged into a Cisco 2960. That 
switch will then run fiber down to our data center.


Subject: RE: fiber for PACS
Date: Thu, 9 Jul 2009 10:38:07 -0500
From: k...@colonialsavings.com
To: ntsysadmin@lyris.sunbelt-software.com



















Paul, the specs for the fiber you use will
depend mainly on what distances you have to cover, what speeds you need to run,
and what your switches or other network devices support.  Your switch vendor
will have info about the size, mode (single mode, multimode), distance, etc,
and you can google fiber specs for more info as well.

 









From: paul chinnery
[mailto:pdw1...@hotmail.com] 

Sent: Thursday, July 09, 2009 7:48
AM

To: NT System Admin Issues

Subject: OT: fiber for PACS



 

Installing a new imaging center
and the MI Supervisor is asking about fiber run.  We've been running mm,
62.5 throughout the organization. 

For those of you with 'fiber' experience, is 62.5 good enough for digital
images or would it be better to go with 50?  

I've read that 62.5 is too small for the newer 40 gig that is coming out this
year.  I've also read that it's even too small for 10 gig but one vendor I
talked to said they had rolled out 10 gig using 62.5.







Windows Live™ SkyDrive™: Get 25 GB of free online storage.
Get it on your BlackBerry or iPhone. 

 

 


 



 


_
Windows Live™: Keep your life in sync. 
http://windowslive.com/explore?ocid=TXT_TAGLM_WL_BR_life_in_synch_062009
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Remote Access policy

[Joe Heaton]

Does anyone have a decent remote access policy they could share with me?
I'm tasked to create one, in the next couple of weeks, and I'm not sure
of verbage.  I'd appreciate any help you guys could offer on this.

 

Thanks,

 

Joe Heaton

AISA

Employment Training Panel

1100 J Street, 4th Floor

Sacramento, CA  95814

(916) 327-5276

jhea...@etp.ca.gov

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Slow DFS connections for windows xp users (and windows 2003)

[Richard Stovall]

Just for giggles, what happens if you copy to/from and admin share such
as \\server\c$   instead of a defined file share?


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Slow DFS connections for windows xp users (and windows 2003)

[Kevin Lundy]

Wow.  Way to insult one of the most knowledgeble, and helpful,  contributors
to this list.

You keep saying it is DFS, but then you state that connecting to the FQDN or
IP does the same thing.  So yes, semantics is important.  If you see the
problem via FQDN you are bypassing DFS.  So the problem is not DFS.

Ken is right - there is no "fix" until the underlying root cause is
identified.

On Thu, Jul 9, 2009 at 11:34 AM, Steph Balog  wrote:

> (quoting Ken below)
>
> Ken (you dont happen to work at a university do you?)
>
> I did use wireshark, I was using wireshark when it was ethereal, and
> probably using it long before most on this list have been working. I HAVE
> stated the issue. Windows XP and 2003 clients are experiencing slow
> connectivity to shares on a windows 2008 server. Regardless of whether it is
> through dfs or not. Windows vista client and windows 7 clients do not.
> The issue looks to be a a client one. Perhaps something to do with how the
> OLDER client handle talking smb to the NEWER server. That is the ISSUE KEN.
> My question was if ANYONE has seen such an issue. There is an ISSUE KEN.
>
> And fyi, wireshark did not show me anything but smb traffic being initiated
> the server responding, and then nothing. It didnt show errors, it didnt show
> drops. It is not a network issue, it is not a traffic issue. So again KEN,
> unless you can add something useful to this conversation, please refrain
> from your semantics. And hopefully someone else may have experienced this
> and can offer me some isight.
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: MSBA 2.1

[Free, Bob]

I run into network/firewall folks that love to turn off ICMP but it
wreaks havoc on GPOs. It is a big step forward having NLA in Vista/2008
and removing the requirement on ICMP for GPO processing. 

 

From: Don Guyer [mailto:don.gu...@prufoxroach.com] 
Sent: Thursday, July 09, 2009 8:27 AM
To: NT System Admin Issues
Subject: RE: MSBA 2.1

 

We ran into something like this with our a/v management console (which
relies on resolution to work properly). Found out ICMP is blocked by
default in W2k8 in those cases and firewall being on in other cases,
that caused the issue.

 

Don Guyer

Systems Engineer - Information Services

Prudential, Fox & Roach/Trident Group

431 W. Lancaster Avenue

Devon, PA 19333

Direct: (610) 993-3299

Fax: (610) 650-5306

don.gu...@prufoxroach.com  

 

From: Free, Bob [mailto:r...@pge.com] 
Sent: Thursday, July 09, 2009 11:16 AM
To: NT System Admin Issues
Subject: RE: MSBA 2.1

 

>From what I've seen online in the past- File/Print sharing off (no
server or workstation service) probably most likely culprit. Also seen
it attributed to firewall or other "hardening" configs. 

 

From-  http://technet.microsoft.com/en-us/security/cc184922.aspx  MBSA
2.1 Frequently Asked Questions

 

 

 

   Q: Why am I seeing error "Could not resolve the computer name:
name. Please specify computer name, domain\computer, or an IP address."?


   

This error is common when scanning based on an IP address range. This is
because MBSA will convert the range into a list of specific IP addresses
for that range and attempt to resolve each IP address into the
associated NetBIOS computer name. When that name resolution cannot be
performed because the computer is switched off, or the IP address is not
in use, this error will be returned.

The error can also happen when using a domain name of domain members are
not accessible on the network, such as a laptop computer roaming outside
the wireless network, or a desktop computer that has been shut down.

If you specify a DNS fully qualified domain name (FQDN) as the domain to
be scanned, you will also see these errors. In that case, you need to
use the NetBIOS compatible domain name.

 

 

 

 

From: Haralson, Joe (GE Comm Fin, non-GE) [mailto:joe.haral...@ge.com] 
Sent: Wednesday, July 08, 2009 8:23 PM
To: NT System Admin Issues
Subject: MSBA 2.1

 

I'm attempting to use MSBA 2.1 but keep getting errors concerning name
resolution. Has anyone ran into this issue? I'm using an account that
has admin rights but when trying to scan a range of addresses I receive
name resolution errors. Any suggestions? We are having no DNS issues on
domain. Nslookup works just fine.

 

Thanks' 
Joe Haralson 

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~<>

RE: Slow DFS connections for windows xp users (and windows 2003)

[Steph Balog]

(quoting Ken below)

Ken (you dont happen to work at a university do you?)

I did use wireshark, I was using wireshark when it was ethereal, and probably 
using it long before most on this list have been working. I HAVE stated the 
issue. Windows XP and 2003 clients are experiencing slow connectivity to shares 
on a windows 2008 server. Regardless of whether it is through dfs or not. 
Windows vista client and windows 7 clients do not.
The issue looks to be a a client one. Perhaps something to do with how the 
OLDER client handle talking smb to the NEWER server. That is the ISSUE KEN. My 
question was if ANYONE has seen such an issue. There is an ISSUE KEN. 

And fyi, wireshark did not show me anything but smb traffic being initiated the 
server responding, and then nothing. It didnt show errors, it didnt show drops. 
It is not a network issue, it is not a traffic issue. So again KEN, unless you 
can add something useful to this conversation, please refrain from your 
semantics. And hopefully someone else may have experienced this and can offer 
me some isight.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: fiber for PACS

[Kim Longenbaugh]

Paul, the specs for the fiber you use will depend mainly on what
distances you have to cover, what speeds you need to run, and what your
switches or other network devices support.  Your switch vendor will have
info about the size, mode (single mode, multimode), distance, etc, and
you can google fiber specs for more info as well.

 



From: paul chinnery [mailto:pdw1...@hotmail.com] 
Sent: Thursday, July 09, 2009 7:48 AM
To: NT System Admin Issues
Subject: OT: fiber for PACS

 

Installing a new imaging center and the MI Supervisor is asking about
fiber run.  We've been running mm, 62.5 throughout the organization. 
For those of you with 'fiber' experience, is 62.5 good enough for
digital images or would it be better to go with 50?  
I've read that 62.5 is too small for the newer 40 gig that is coming out
this year.  I've also read that it's even too small for 10 gig but one
vendor I talked to said they had rolled out 10 gig using 62.5.



Windows Live(tm) SkyDrive(tm): Get 25 GB of free online storage. Get it
on your BlackBerry or iPhone.
  

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: MSBA 2.1

[Don Guyer]

We ran into something like this with our a/v management console (which
relies on resolution to work properly). Found out ICMP is blocked by
default in W2k8 in those cases and firewall being on in other cases,
that caused the issue.

 

Don Guyer

Systems Engineer - Information Services

Prudential, Fox & Roach/Trident Group

431 W. Lancaster Avenue

Devon, PA 19333

Direct: (610) 993-3299

Fax: (610) 650-5306

don.gu...@prufoxroach.com  

 

From: Free, Bob [mailto:r...@pge.com] 
Sent: Thursday, July 09, 2009 11:16 AM
To: NT System Admin Issues
Subject: RE: MSBA 2.1

 

>From what I've seen online in the past- File/Print sharing off (no
server or workstation service) probably most likely culprit. Also seen
it attributed to firewall or other "hardening" configs. 

 

From-  http://technet.microsoft.com/en-us/security/cc184922.aspx  MBSA
2.1 Frequently Asked Questions

 

 

 

   Q: Why am I seeing error "Could not resolve the computer name:
name. Please specify computer name, domain\computer, or an IP address."?


   

This error is common when scanning based on an IP address range. This is
because MBSA will convert the range into a list of specific IP addresses
for that range and attempt to resolve each IP address into the
associated NetBIOS computer name. When that name resolution cannot be
performed because the computer is switched off, or the IP address is not
in use, this error will be returned.

The error can also happen when using a domain name of domain members are
not accessible on the network, such as a laptop computer roaming outside
the wireless network, or a desktop computer that has been shut down.

If you specify a DNS fully qualified domain name (FQDN) as the domain to
be scanned, you will also see these errors. In that case, you need to
use the NetBIOS compatible domain name.

 

 

 

 

From: Haralson, Joe (GE Comm Fin, non-GE) [mailto:joe.haral...@ge.com] 
Sent: Wednesday, July 08, 2009 8:23 PM
To: NT System Admin Issues
Subject: MSBA 2.1

 

I'm attempting to use MSBA 2.1 but keep getting errors concerning name
resolution. Has anyone ran into this issue? I'm using an account that
has admin rights but when trying to scan a range of addresses I receive
name resolution errors. Any suggestions? We are having no DNS issues on
domain. Nslookup works just fine.

 

Thanks' 
Joe Haralson 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~<>

Re: Evian Ad on YouTube

[James Kerr]

Yeah, thats an odd one alright.

James
  - Original Message - 
  From: Sherry Abercrombie 
  To: NT System Admin Issues 
  Sent: Thursday, July 09, 2009 9:21 AM
  Subject: OT: Evian Ad on YouTube


  Just released yesterday to YouTube to "gauge" peoples reaction, kinda weird, 
but cute.

  http://www.youtube.com/watch?v=_PHnRIn74Ag

   

  -- 
  Sherry Abercrombie

  "Any sufficiently advanced technology is indistinguishable from magic." 
  Arthur C. Clarke




 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: New IE zero day exploit in the wild

[James Kerr]

Doctors are worse for sure. I used to admin at a civil engineering firm. I now 
mostly work with doctors, medical staff and a bunch of social workers. Social 
workers are the worst of the lot, I swear! ;-)

James
  - Original Message - 
  From: paul chinnery 
  To: NT System Admin Issues 
  Sent: Thursday, July 09, 2009 8:04 AM
  Subject: RE: New IE zero day exploit in the wild


  A third of my users are doctors.  I wonder which group is harder to work 
with: engineers or doctors?

  > Date: Wed, 8 Jul 2009 11:51:09 -0700
  > Subject: Re: New IE zero day exploit in the wild
  > From: kurt.b...@gmail.com
  > To: ntsysadmin@lyris.sunbelt-software.com
  > 
  > Truth. However, there are also political and training issues.
  > 
  > 1) We haven't, as a company (nor within IT) figured out how to make
  > our standard apps work under under non-admin accounts. This will take
  > time and resources to figure out, and then further time and resources
  > to figure out how to "productionise" the application of these settings
  > and apply them across the domain, including two offices overseas.
  > 
  > 2) A large portion of our users are engineers who have a rabid
  > aversion to the idea that they can't be admins on their own boxes. I'm
  > in the (multi-year!) process of simply trying to convince engineering
  > managers that none of the staff need two NICs in their boxes - one for
  > the production LAN and one for the test/dev LAN.
  > 
  > 3) The overseas offices are also politically resistant to this idea.
  > 
  > While I agree that the load would be lessened, and we'd have a much
  > better managed and more secure environment, this is not a trivial
  > effort, and at times I despair. But, I persist, and have it as a goal
  > to work toward this fiscal year.
  > 
  > The first step is to get signoff by company management, in the form of
  > an actual policy - something of which there are no good examples.
  > There are practices and recommendations regarding IT, but very little
  > in the way of a real IT policy that has been agreed to by management.
  > 
  > Kurt
  > 
  > On Wed, Jul 8, 2009 at 07:52, Jonathan Link wrote:
  > > After taking local admin rights away from users my plate is less full.
  > > YMMV.
  > >
  > > On Wed, Jul 8, 2009 at 10:47 AM, Kurt Buff  wrote:
  > >>
  > >> Yes, unfortunately, all our users are admins. It sucks, but I use it
  > >> to my advantage when I can.
  > >>
  > >> The reason we've not done a GP is because we haven't had the luxury of
  > >> studying to understand them. Our plates always seem to be full with
  > >> other things.
  > >>
  > >> On Tue, Jul 7, 2009 at 19:04, Ken Schaefer wrote:
  > >> > Are all your users admins? Otherwise, how is that logon script going to
  > >> > update HKLM?
  > >> >
  > >> > Machine-based startup script would be better idea, no?
  > >> >
  > >> > Cheers
  > >> > Ken
  > >> >
  > >> > 
  > >> > From: Kurt Buff [kurt.b...@gmail.com]
  > >> > Sent: Wednesday, 8 July 2009 2:41 AM
  > >> > To: NT System Admin Issues
  > >> > Subject: Re: New IE zero day exploit in the wild
  > >> >
  > >> > I'm just pushing out the .reg file in the login script:
  > >> >
  > >> > regedit /s \\fileserver\public\patches\videokillbits.reg
  > >> >
  > >> > The file was easy to create, in a capable editor (not notepad or
  > >> > wordpad) that allows metacharacter search and replace, such as '\n'
  > >> > for CRLF and '\t' for tab. I used the ancient, no-longer-supported
  > >> > PFE32. I really should switch to VIM, I suppose.
  > >> >
  > >> > On Tue, Jul 7, 2009 at 08:40, Eric
  > >> > Wittersheim wrote:
  > >> >> I'm pushing out the .reg via GP.  So far so good.
  > >> >>
  > >> >> On Tue, Jul 7, 2009 at 10:38 AM, David Lum  wrote:
  > >> >>>
  > >> >>> The “Microsoft fix-it” is an MSI that I am pushing via SMS and is
  > >> >>> pushing
  > >> >>> fine (so far just a few test cases have it, but no issues). Beats
  > >> >>> trying to
  > >> >>> push out a .REG or something…
  > >> >>>
  > >> >>>
  > >> >>>
  > >> >>> David Lum // SYSTEMS ENGINEER
  > >> >>> NORTHWEST EVALUATION ASSOCIATION
  > >> >>> (Desk) 971.222.1025 // (Cell) 503.267.9764
  > >> >>>
  > >> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
  > >> > ~   ~
  > >> >
  > >> >
  > >>
  > >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
  > >> ~   ~
  > >>
  > >
  > >
  > >
  > >
  > 
  > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
  > ~  ~
  > 


--
  Insert movie times and more without leaving Hotmail®. See how. 



 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ 

RE: MSBA 2.1

[Free, Bob]

>From what I've seen online in the past- File/Print sharing off (no
server or workstation service) probably most likely culprit. Also seen
it attributed to firewall or other "hardening" configs. 

 

From-  http://technet.microsoft.com/en-us/security/cc184922.aspx  MBSA
2.1 Frequently Asked Questions

 

 

 

   Q: Why am I seeing error "Could not resolve the computer name:
name. Please specify computer name, domain\computer, or an IP address."?


   

This error is common when scanning based on an IP address range. This is
because MBSA will convert the range into a list of specific IP addresses
for that range and attempt to resolve each IP address into the
associated NetBIOS computer name. When that name resolution cannot be
performed because the computer is switched off, or the IP address is not
in use, this error will be returned.

The error can also happen when using a domain name of domain members are
not accessible on the network, such as a laptop computer roaming outside
the wireless network, or a desktop computer that has been shut down.

If you specify a DNS fully qualified domain name (FQDN) as the domain to
be scanned, you will also see these errors. In that case, you need to
use the NetBIOS compatible domain name.

 

 

 

 

From: Haralson, Joe (GE Comm Fin, non-GE) [mailto:joe.haral...@ge.com] 
Sent: Wednesday, July 08, 2009 8:23 PM
To: NT System Admin Issues
Subject: MSBA 2.1

 

I'm attempting to use MSBA 2.1 but keep getting errors concerning name
resolution. Has anyone ran into this issue? I'm using an account that
has admin rights but when trying to scan a range of addresses I receive
name resolution errors. Any suggestions? We are having no DNS issues on
domain. Nslookup works just fine.

 

Thanks' 
Joe Haralson 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~<>

RE: Network Topology Software

[Kennedy, Jim]

Whoops. My link works for me because I already registered and have the cookie. 
Thanks for fixing my error.


From: Hall, Stuart [mailto:sh...@thompson.com]
Sent: Thursday, July 09, 2009 11:12 AM
To: NT System Admin Issues
Subject: RE: Network Topology Software

http://www.solarwinds.com/register/registrationform.aspx?Program=583&c=7015000E50d

That's the entry point for it.

You fill in the form and they mail the key / redirect you to the download page 
(linked below)

If you go straight to the link below, you just get redirected to the trial 
version download.

From: Hall, Stuart
Sent: Thursday, July 09, 2009 11:10 AM
To: NT System Admin Issues
Subject: RE: Network Topology Software

Just takes me to a download page? No option for freeby LSExpress?

From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org]
Sent: Thursday, July 09, 2009 10:38 AM
To: NT System Admin Issues
Subject: RE: Network Topology Software

Nice find Paul. Downloading it now and they already emailed the serial number 
to me. Here is the link to it if anyone else wants it:

http://www.solarwinds.com/register/MoreSoftware.aspx?External=false&Program=583


From: Maglinger, Paul [mailto:pmaglin...@scvl.com]
Sent: Thursday, July 09, 2009 10:28 AM
To: NT System Admin Issues
Subject: RE: Network Topology Software

Solarwinds had a freeby version of LanSurveyor Express at one time that would 
work with Visio 2007.


From: Daniel Rodriguez [mailto:drod...@gmail.com]
Sent: Thursday, July 09, 2009 8:41 AM
To: NT System Admin Issues
Subject: Network Topology Software
Question:

Is there any software available that will 'show' what is connected on the 
network, graphically? Something that looks like Packet Tracer, but self 
discovery.





















~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: New IE zero day exploit in the wild

[David Lum]

I pushed the .MSI fix to 300 machines yesterday morning, no death screams yet. 
I have one person complaining about some unknown active-x process taking up 
CPU, but I haven't even determined if it started yesterday or has been ongoing.

David Lum // SYSTEMS ENGINEER
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764
-Original Message-
From: Richard Stovall [mailto:richard.stov...@researchdata.com]
Sent: Thursday, July 09, 2009 8:11 AM
To: NT System Admin Issues
Subject: RE: New IE zero day exploit in the wild

I've deployed a startup script via Group Policy to a couple of machines in a 
test OU that successfully sets the killbit for all 45 CLSIDs relevant to this 
vulnerability.  I'm about ready to link it to our production OUs, but wanted to 
ask if anyone has experienced any negative consequences after doing so.

Thanks to everyone who chipped in about this issue.

RS

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Network Topology Software

[Hall, Stuart]

http://www.solarwinds.com/register/registrationform.aspx?Program=583&c=7
015000E50d

 

That's the entry point for it.

 

You fill in the form and they mail the key / redirect you to the
download page (linked below)

 

If you go straight to the link below, you just get redirected to the
trial version download.

 

From: Hall, Stuart 
Sent: Thursday, July 09, 2009 11:10 AM
To: NT System Admin Issues
Subject: RE: Network Topology Software

 

Just takes me to a download page? No option for freeby LSExpress?

 

From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] 
Sent: Thursday, July 09, 2009 10:38 AM
To: NT System Admin Issues
Subject: RE: Network Topology Software

 

Nice find Paul. Downloading it now and they already emailed the serial
number to me. Here is the link to it if anyone else wants it:

 

http://www.solarwinds.com/register/MoreSoftware.aspx?External=false&Prog
ram=583

 

 

From: Maglinger, Paul [mailto:pmaglin...@scvl.com] 
Sent: Thursday, July 09, 2009 10:28 AM
To: NT System Admin Issues
Subject: RE: Network Topology Software

 

Solarwinds had a freeby version of LanSurveyor Express at one time that
would work with Visio 2007. 

 



From: Daniel Rodriguez [mailto:drod...@gmail.com] 
Sent: Thursday, July 09, 2009 8:41 AM
To: NT System Admin Issues
Subject: Network Topology Software

Question:

 

Is there any software available that will 'show' what is connected on
the network, graphically? Something that looks like Packet Tracer, but
self discovery. 

 

 

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Virtualization Webinar July 16

[David Lum]

The only webinar where the Q&A / heckling lasts longer than the presentation 
itself.

Dave

-Original Message-
From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] 
Sent: Thursday, July 09, 2009 8:09 AM
To: NT System Admin Issues
Subject: Re: Virtualization Webinar July 16

I look forward to the chat/comment bar on the side of the
presentation, ala Stephen Colbert's "The W0rd" segment...

--
ME2



On Wed, Jul 8, 2009 at 8:59 PM, Andy Shook wrote:
> NT list homies,
>
> See below, yours truly is doing stufflet me know if you have any
> questions.
>
>
>
> Shook
>
>
>
> To view this email as a web page, go here.
>
>
>
> Peak 10 Webinar Event
>
> Thursday, July 16, 2009
>
> You are cordially invited to join Peak 10 for this informative technology
> presentation discussing the current differences between various
> virtualization options.
>
> As a companion to our recent Engineering Series Event detailing
> virtualization implementation, Andy Shook, Sr. Solutions Engineer for Peak
> 10, will be giving a presentation titled "Virtualization: Deciphering the
> Playing Field," outlining a comparison of various virtualization platforms
> such as VMware, Microsoft Hyper V, Virtual Iron and Xen. He will provide
> insight as to why organizations create multiple virtualization options and
> will engage participants to share their experience with each platform.
>
> Reserve Your Spot Now!
>
> When:
>
> Thursday, July 16, 2009
>
> Time:
>
> 11:30 a.m. to 1:00 p.m.
>
> Where:
>
> This is an Online Event
> Participation information will be sent after registering.
>
> This email was sent by: Peak 10, Inc.
> 8910 Lenox Pointe Drive, Suite B, Charlotte, NC, 28273-3432, USA
>
> We respect your right to privacy - view our policy
>
> Unsubscribe
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: New IE zero day exploit in the wild

[Richard Stovall]

I've deployed a startup script via Group Policy to a couple of machines in a 
test OU that successfully sets the killbit for all 45 CLSIDs relevant to this 
vulnerability.  I'm about ready to link it to our production OUs, but wanted to 
ask if anyone has experienced any negative consequences after doing so.

Thanks to everyone who chipped in about this issue.

RS

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Virtualization Webinar July 16

[Micheal Espinola Jr]

I look forward to the chat/comment bar on the side of the
presentation, ala Stephen Colbert's "The W0rd" segment...

--
ME2



On Wed, Jul 8, 2009 at 8:59 PM, Andy Shook wrote:
> NT list homies,
>
> See below, yours truly is doing stuff….let me know if you have any
> questions.
>
>
>
> Shook
>
>
>
> To view this email as a web page, go here.
>
>
>
> Peak 10 Webinar Event
>
> Thursday, July 16, 2009
>
> You are cordially invited to join Peak 10 for this informative technology
> presentation discussing the current differences between various
> virtualization options.
>
> As a companion to our recent Engineering Series Event detailing
> virtualization implementation, Andy Shook, Sr. Solutions Engineer for Peak
> 10, will be giving a presentation titled "Virtualization: Deciphering the
> Playing Field," outlining a comparison of various virtualization platforms
> such as VMware, Microsoft Hyper V, Virtual Iron and Xen. He will provide
> insight as to why organizations create multiple virtualization options and
> will engage participants to share their experience with each platform.
>
> Reserve Your Spot Now!
>
> When:
>
> Thursday, July 16, 2009
>
> Time:
>
> 11:30 a.m. to 1:00 p.m.
>
> Where:
>
> This is an Online Event
> Participation information will be sent after registering.
>
> This email was sent by: Peak 10, Inc.
> 8910 Lenox Pointe Drive, Suite B, Charlotte, NC, 28273-3432, USA
>
> We respect your right to privacy - view our policy
>
> Unsubscribe
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Network Topology Software

[Hall, Stuart]

Just takes me to a download page? No option for freeby LSExpress?

 

From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] 
Sent: Thursday, July 09, 2009 10:38 AM
To: NT System Admin Issues
Subject: RE: Network Topology Software

 

Nice find Paul. Downloading it now and they already emailed the serial
number to me. Here is the link to it if anyone else wants it:

 

http://www.solarwinds.com/register/MoreSoftware.aspx?External=false&Prog
ram=583

 

 

From: Maglinger, Paul [mailto:pmaglin...@scvl.com] 
Sent: Thursday, July 09, 2009 10:28 AM
To: NT System Admin Issues
Subject: RE: Network Topology Software

 

Solarwinds had a freeby version of LanSurveyor Express at one time that
would work with Visio 2007. 

 



From: Daniel Rodriguez [mailto:drod...@gmail.com] 
Sent: Thursday, July 09, 2009 8:41 AM
To: NT System Admin Issues
Subject: Network Topology Software

Question:

 

Is there any software available that will 'show' what is connected on
the network, graphically? Something that looks like Packet Tracer, but
self discovery. 

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Evian Ad on YouTube

[Ken Cornetet]

This is how you do a bottled water commercial: 
http://www.youtube.com/watch?v=AiYYDSivdRk


From: Sherry Abercrombie [mailto:saber...@gmail.com]
Sent: Thursday, July 09, 2009 9:21 AM
To: NT System Admin Issues
Subject: OT: Evian Ad on YouTube

Just released yesterday to YouTube to "gauge" peoples reaction, kinda weird, 
but cute.

http://www.youtube.com/watch?v=_PHnRIn74Ag



--
Sherry Abercrombie

"Any sufficiently advanced technology is indistinguishable from magic."
Arthur C. Clarke





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Network Topology Software

[Kennedy, Jim]

Nice find Paul. Downloading it now and they already emailed the serial number 
to me. Here is the link to it if anyone else wants it:

http://www.solarwinds.com/register/MoreSoftware.aspx?External=false&Program=583


From: Maglinger, Paul [mailto:pmaglin...@scvl.com]
Sent: Thursday, July 09, 2009 10:28 AM
To: NT System Admin Issues
Subject: RE: Network Topology Software

Solarwinds had a freeby version of LanSurveyor Express at one time that would 
work with Visio 2007.


From: Daniel Rodriguez [mailto:drod...@gmail.com]
Sent: Thursday, July 09, 2009 8:41 AM
To: NT System Admin Issues
Subject: Network Topology Software
Question:

Is there any software available that will 'show' what is connected on the 
network, graphically? Something that looks like Packet Tracer, but self 
discovery.









~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Server 2008 fail/ My fail?

[Owens, Michael]

Do you mean to the share? Example, my path is 
\\stuctx07\profiles$


Profiles$ did not grant write access tot he user... I just changed it. The 
strange thing - it was working... I did not change the permissions.
After changing them to allow the users right access... it was still a no go. 
The Admin cannot create a profile either.


However here is my caveot- I want the admins unaffected by the GPO for these 
machines- when I log on they pull down the GPO. I had it working a while back - 
but I recreated the GPO and I cant figure out the deligations tab.

Mike


From: Jonathan Link [mailto:jonathan.l...@gmail.com]
Sent: Thursday, July 09, 2009 10:13 AM
To: NT System Admin Issues
Subject: Re: Server 2008 fail/ My fail?

I'd see if an admin account could create a profile.  Double check the 
permissions on the parent folder, of course.  You had been adjusting 
permissions before I advised verifying the GPO setting, you might want to 
verify the permissions will still allow users to create files and folders...

On Thu, Jul 9, 2009 at 9:47 AM, Owens, Michael 
mailto:michael.ow...@dys.ohio.gov>> wrote:
Ok - I just tried that option - and now it wont create the roaming profile at 
first log on. Did I do something wrong?

Thanks,
Mike


From: Jonathan Link 
[mailto:jonathan.l...@gmail.com]
Sent: Tuesday, July 07, 2009 4:42 PM

To: NT System Admin Issues
Subject: Re: Server 2008 fail/ My fail?

Did you adjust the GPO?
Administrative Templates\System\User Profiles

"Add the Administrators security group to roaming user profiles"


On Tue, Jul 7, 2009 at 2:12 PM, Owens, Michael 
mailto:michael.ow...@dys.ohio.gov>> wrote:
Heres what is going on.

I have a share, that TS profiles get created on. Only that account has access 
to them, and system. For some reason it takes away administrators - I would 
like to add a group, to the parent folder, to propogate to all child objects 
created. Does that make sense?


From: Jon Harris [mailto:jk.har...@gmail.com]
Sent: Tuesday, July 07, 2009 1:46 PM
To: NT System Admin Issues
Subject: Re: Server 2008 fail/ My fail?

I have been doing that for the last week while I move from 2003 to 2008.  Look 
at the Security Tab bottom Advanced then Edit then Edit again then Apply To.  
Will this not work or do you want to Add a group/person/etc.  If you are adding 
then the second Edit should be Add instead.

Jon

On Tue, Jul 7, 2009 at 1:38 PM, Owens, Michael 
mailto:michael.ow...@dys.ohio.gov>> wrote:
Does anyone know why they got rid of the option to "replace permission entries 
on all child objects with entries shown here that apply to child objects?" Or 
did they move it?


This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.











This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.











This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.











This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Virtualization Webinar July 16

[David Lum]

OMG too funny

From: Steven M. Caesare [mailto:scaes...@caesare.com]
Sent: Wednesday, July 08, 2009 6:48 PM
To: NT System Admin Issues
Subject: RE: Virtualization Webinar July 16

I'm down.

Is there a virtual heckling option for this webinar?

-sc

From: Andy Shook [mailto:andy.sh...@peak10.com]
Sent: Wednesday, July 08, 2009 8:59 PM
To: NT System Admin Issues
Subject: Virtualization Webinar July 16

NT list homies,
See below, yours truly is doing stufflet me know if you have any questions.

Shook

To view this email as a web page, go 
here.


[http://www.peak10.com/email-templates/images/CLT_virtualization_0709_header.jpg]

Peak 10 Webinar Event
Thursday, July 16, 2009
You are cordially invited to join Peak 10 for this informative technology 
presentation discussing the current differences between various virtualization 
options.
As a companion to our recent Engineering Series Event detailing virtualization 
implementation, Andy Shook, Sr. Solutions Engineer for Peak 10, will be giving 
a presentation titled "Virtualization: Deciphering the Playing Field," 
outlining a comparison of various virtualization platforms such as VMware, 
Microsoft Hyper V, Virtual Iron and Xen. He will provide insight as to why 
organizations create multiple virtualization options and will engage 
participants to share their experience with each platform.
Reserve Your Spot Now!
[http://www.peak10.com/email-templates/images/registernow.png]

When:

Thursday, July 16, 2009

Time:

11:30 a.m. to 1:00 p.m.

Where:

This is an Online Event
Participation information will be sent after registering.


[http://www.peak10.com/email-templates/images/P10_invite_footer.png]


This email was sent by: Peak 10, Inc.
8910 Lenox Pointe Drive, Suite B, Charlotte, NC, 28273-3432, USA



We respect your right to privacy - view our 
policy

[http://www.exacttarget.com/gfx/newpoweredby.gif]


Unsubscribe











~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Win2003 DC on Win2000 domain

[Jon Harris]

Those kind of problems generally turn out bad for me.

Jon

On Thu, Jul 9, 2009 at 10:26 AM, Erik Goldoff  wrote:

>  h, thinking maybe to move the schema master, GC and other FSMO roles
> to the Exchange/DC and try again ...  this one is strange... and I'm
> definitely not seeing the problem, that's the problem 
>
>  Erik Goldoff
>
> *IT  Consultant*
>
> *Systems, Networks, & Security *
>
>
>  --
>  *From:* Jon Harris [mailto:jk.har...@gmail.com]
> *Sent:* Thursday, July 09, 2009 10:21 AM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Win2003 DC on Win2000 domain
>
>   They might have other problems that you are not seeing then would be a
> guess.  You might try running adprep as the Schema Master user ID again.
> Since there is Exchange sitting on a DC you might need to update the
> Exchange Schema as well before you can dcpromo a W2k3 server.
>
> Jon
>
> On Thu, Jul 9, 2009 at 10:13 AM, Erik Goldoff  wrote:
>
>>  Ran the ADPrep last nite around 10pm ... gave it an hour and got this
>> error ... so logged out, and tried dcpromo again this morning after a good 8
>> hours + time for replication to finish, and same error.  Replication status
>> shows all success, no errors
>>
>>  Erik Goldoff
>>
>> *IT  Consultant*
>>
>> *Systems, Networks, & Security *
>>
>>
>>  --
>>  *From:* Jon Harris [mailto:jk.har...@gmail.com]
>> *Sent:* Thursday, July 09, 2009 10:11 AM
>> *To:* NT System Admin Issues
>> *Subject:* Re: Win2003 DC on Win2000 domain
>>
>>   Only when I did not give it enough time to replicate but that was years
>> ago with the 2k server at sub SP2 and the W2k3 at SP0.
>>
>> Jon
>>
>> On Thu, Jul 9, 2009 at 10:06 AM, Erik Goldoff  wrote:
>>
>>>  OK, to get back on the topic, this one has taken a weird twist :
>>>
>>> Ran ADPREP /Forestprep   ( and /domainprep ) on the Win2000 DC (schema
>>> master) with successful completion messages
>>>
>>> but running DCPromo on the Win2003 server against this domain errors out
>>> :
>>>
>>>
>>>
>>> The operation failed because:
>>>
>>> The Active Directory Installation  Wizard cannot continue because the
>>> forest is not prepared for installing Windows Server 2003.  Use the Adprep
>>> command-line tool to prepare both the forest and the domain ..
>>>
>>> "The version of the Active Directory schema of the source forest is not
>>> compatible with the version of Active Directory on this computer."
>>>
>>>
>>>  Three DCs at this site, all show proper replication, event logs show
>>> nothing relevant, attempt to rerun adprep show
>>> "Forest-wide information has already been updated "
>>>
>>> Anybody run across this before ???
>>>
>>> Thanks
>>>
>>>
>>>  Erik Goldoff
>>>
>>> *IT  Consultant*
>>>
>>> *Systems, Networks, & Security *
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>
>
>
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Network Topology Software

[Maglinger, Paul]

Solarwinds had a freeby version of LanSurveyor Express at one time that
would work with Visio 2007. 



From: Daniel Rodriguez [mailto:drod...@gmail.com] 
Sent: Thursday, July 09, 2009 8:41 AM
To: NT System Admin Issues
Subject: Network Topology Software


Question:
 
Is there any software available that will 'show' what is connected on
the network, graphically? Something that looks like Packet Tracer, but
self discovery. 

 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Win2003 DC on Win2000 domain

[Erik Goldoff]

h, thinking maybe to move the schema master, GC and other FSMO roles to
the Exchange/DC and try again ...  this one is strange... and I'm definitely
not seeing the problem, that's the problem 
 

Erik Goldoff


IT  Consultant

Systems, Networks, & Security 

 

  _  

From: Jon Harris [mailto:jk.har...@gmail.com] 
Sent: Thursday, July 09, 2009 10:21 AM
To: NT System Admin Issues
Subject: Re: Win2003 DC on Win2000 domain


They might have other problems that you are not seeing then would be a
guess.  You might try running adprep as the Schema Master user ID again.
Since there is Exchange sitting on a DC you might need to update the
Exchange Schema as well before you can dcpromo a W2k3 server.
 
Jon


On Thu, Jul 9, 2009 at 10:13 AM, Erik Goldoff  wrote:


Ran the ADPrep last nite around 10pm ... gave it an hour and got this error
... so logged out, and tried dcpromo again this morning after a good 8 hours
+ time for replication to finish, and same error.  Replication status shows
all success, no errors
 


Erik Goldoff


IT  Consultant

Systems, Networks, & Security 

 

  _  


From: Jon Harris [mailto:jk.har...@gmail.com] 

Sent: Thursday, July 09, 2009 10:11 AM 

To: NT System Admin Issues

Subject: Re: Win2003 DC on Win2000 domain


Only when I did not give it enough time to replicate but that was years ago
with the 2k server at sub SP2 and the W2k3 at SP0.
 
Jon


On Thu, Jul 9, 2009 at 10:06 AM, Erik Goldoff  wrote:


OK, to get back on the topic, this one has taken a weird twist :
 
Ran ADPREP /Forestprep   ( and /domainprep ) on the Win2000 DC (schema
master) with successful completion messages 
 
but running DCPromo on the Win2003 server against this domain errors out :
 
 

The operation failed because:
 
The Active Directory Installation  Wizard cannot continue because the forest
is not prepared for installing Windows Server 2003.  Use the Adprep
command-line tool to prepare both the forest and the domain ..
 
"The version of the Active Directory schema of the source forest is not
compatible with the version of Active Directory on this computer."
 

 Three DCs at this site, all show proper replication, event logs show
nothing relevant, attempt to rerun adprep show 
"Forest-wide information has already been updated "
 
Anybody run across this before ???
 
Thanks
 
 


Erik Goldoff


IT  Consultant

Systems, Networks, & Security 

 



 



 










 



 



 



 










 


 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Win2003 DC on Win2000 domain

[Jon Harris]

They might have other problems that you are not seeing then would be a
guess.  You might try running adprep as the Schema Master user ID again.
Since there is Exchange sitting on a DC you might need to update the
Exchange Schema as well before you can dcpromo a W2k3 server.

Jon

On Thu, Jul 9, 2009 at 10:13 AM, Erik Goldoff  wrote:

>  Ran the ADPrep last nite around 10pm ... gave it an hour and got this
> error ... so logged out, and tried dcpromo again this morning after a good 8
> hours + time for replication to finish, and same error.  Replication status
> shows all success, no errors
>
>  Erik Goldoff
>
> *IT  Consultant*
>
> *Systems, Networks, & Security *
>
>
>  --
>  *From:* Jon Harris [mailto:jk.har...@gmail.com]
> *Sent:* Thursday, July 09, 2009 10:11 AM
> *To:* NT System Admin Issues
> *Subject:* Re: Win2003 DC on Win2000 domain
>
>   Only when I did not give it enough time to replicate but that was years
> ago with the 2k server at sub SP2 and the W2k3 at SP0.
>
> Jon
>
> On Thu, Jul 9, 2009 at 10:06 AM, Erik Goldoff  wrote:
>
>>  OK, to get back on the topic, this one has taken a weird twist :
>>
>> Ran ADPREP /Forestprep   ( and /domainprep ) on the Win2000 DC (schema
>> master) with successful completion messages
>>
>> but running DCPromo on the Win2003 server against this domain errors out :
>>
>>
>>
>> The operation failed because:
>>
>> The Active Directory Installation  Wizard cannot continue because the
>> forest is not prepared for installing Windows Server 2003.  Use the Adprep
>> command-line tool to prepare both the forest and the domain ..
>>
>> "The version of the Active Directory schema of the source forest is not
>> compatible with the version of Active Directory on this computer."
>>
>>
>>  Three DCs at this site, all show proper replication, event logs show
>> nothing relevant, attempt to rerun adprep show
>> "Forest-wide information has already been updated "
>>
>> Anybody run across this before ???
>>
>> Thanks
>>
>>
>>  Erik Goldoff
>>
>> *IT  Consultant*
>>
>> *Systems, Networks, & Security *
>>
>>
>>
>>
>>
>>
>>
>
>
>
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Win2003 DC on Win2000 domain

[Erik Goldoff]

Ran the ADPrep last nite around 10pm ... gave it an hour and got this error
... so logged out, and tried dcpromo again this morning after a good 8 hours
+ time for replication to finish, and same error.  Replication status shows
all success, no errors
 

Erik Goldoff


IT  Consultant

Systems, Networks, & Security 

 

  _  

From: Jon Harris [mailto:jk.har...@gmail.com] 
Sent: Thursday, July 09, 2009 10:11 AM
To: NT System Admin Issues
Subject: Re: Win2003 DC on Win2000 domain


Only when I did not give it enough time to replicate but that was years ago
with the 2k server at sub SP2 and the W2k3 at SP0.
 
Jon


On Thu, Jul 9, 2009 at 10:06 AM, Erik Goldoff  wrote:


OK, to get back on the topic, this one has taken a weird twist :
 
Ran ADPREP /Forestprep   ( and /domainprep ) on the Win2000 DC (schema
master) with successful completion messages 
 
but running DCPromo on the Win2003 server against this domain errors out :
 
 

The operation failed because:
 
The Active Directory Installation  Wizard cannot continue because the forest
is not prepared for installing Windows Server 2003.  Use the Adprep
command-line tool to prepare both the forest and the domain ..
 
"The version of the Active Directory schema of the source forest is not
compatible with the version of Active Directory on this computer."
 

 Three DCs at this site, all show proper replication, event logs show
nothing relevant, attempt to rerun adprep show 
"Forest-wide information has already been updated "
 
Anybody run across this before ???
 
Thanks
 
 


Erik Goldoff


IT  Consultant

Systems, Networks, & Security 

 



 



 






 


 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Server 2008 fail/ My fail?

[Jonathan Link]

I'd see if an admin account could create a profile.  Double check the
permissions on the parent folder, of course.  You had been adjusting
permissions before I advised verifying the GPO setting, you might want to
verify the permissions will still allow users to create files and folders...

On Thu, Jul 9, 2009 at 9:47 AM, Owens, Michael
wrote:

>  Ok - I just tried that option - and now it wont create the roaming
> profile at first log on. Did I do something wrong?
>
> Thanks,
> Mike
>
>  --
> *From:* Jonathan Link [mailto:jonathan.l...@gmail.com]
> *Sent:* Tuesday, July 07, 2009 4:42 PM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Server 2008 fail/ My fail?
>
>   Did you adjust the GPO?
> Administrative Templates\System\User Profiles
>
> "Add the Administrators security group to roaming user profiles"
>
>
> On Tue, Jul 7, 2009 at 2:12 PM, Owens, Michael  > wrote:
>
>>  Heres what is going on.
>>
>> I have a share, that TS profiles get created on. Only that account has
>> access to them, and system. For some reason it takes away administrators - I
>> would like to add a group, to the parent folder, to propogate to all child
>> objects created. Does that make sense?
>>
>>  --
>> *From:* Jon Harris [mailto:jk.har...@gmail.com]
>> *Sent:* Tuesday, July 07, 2009 1:46 PM
>> *To:* NT System Admin Issues
>> *Subject:* Re: Server 2008 fail/ My fail?
>>
>>   I have been doing that for the last week while I move from 2003 to
>> 2008.  Look at the Security Tab bottom Advanced then Edit then Edit again
>> then Apply To.  Will this not work or do you want to Add a
>> group/person/etc.  If you are adding then the second Edit should be Add
>> instead.
>>
>> Jon
>>
>> On Tue, Jul 7, 2009 at 1:38 PM, Owens, Michael <
>> michael.ow...@dys.ohio.gov> wrote:
>>
>>>  Does anyone know why they got rid of the option to "replace permission
>>> entries on all child objects with entries shown here that apply to child
>>> objects?" Or did they move it?
>>>
>>> --
>>> This message, and any response to it, may constitute a public record and
>>> thus may be publicly available to anyone who requests it in accordance
>>> with Chapter 149 of the Ohio Revised Code.
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>>
>>
>>
>> --
>> This message, and any response to it, may constitute a public record and
>> thus may be publicly available to anyone who requests it in accordance
>> with Chapter 149 of the Ohio Revised Code.
>>
>>
>>
>>
>>
>>
>
>
>
>
>
> --
> This message, and any response to it, may constitute a public record and
> thus may be publicly available to anyone who requests it in accordance
> with Chapter 149 of the Ohio Revised Code.
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Windows 7 RC

[John Aldrich]

Kewl.. I might just put it into use for a real workstation then. Thanks

 

John-AldrichTile-Tools

 

From: Jon Harris [mailto:jk.har...@gmail.com] 
Sent: Thursday, July 09, 2009 10:07 AM
To: NT System Admin Issues
Subject: Re: Windows 7 RC

 

The RC expires some time in June/May 2010.

 

Jon

On Thu, Jul 9, 2009 at 10:02 AM, Rod Trent  wrote:

July 2010. 

  _  

 

Anyone know when the RC expires? i.e. is it safe to put it out for testing
by a regular user for a few weeks or is it going to expire like the end of
July or something? I don't recall seeing an expiration date on it.

 

Error! Filename not specified.Error! Filename not specified.

 

 

 

 

 

 

 

 

 

 

Checked by AVG - www.avg.com
Version: 8.5.387 / Virus Database: 270.13.8/2227 - Release Date: 07/09/09
05:55:00


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~<><>

Re: Windows 7 RC

[Jon Harris]

I can't remember when the Nags start sorry but I may be remembering the
dates they start as the dates the RC is suppose to die.

Jon

On Thu, Jul 9, 2009 at 10:08 AM, Jonathan Link wrote:

> Don't nag screens show up in March, though?
>
>
> On Thu, Jul 9, 2009 at 10:06 AM, Jon Harris  wrote:
>
>> The RC expires some time in June/May 2010.
>>
>> Jon
>>
>>   On Thu, Jul 9, 2009 at 10:02 AM, Rod Trent wrote:
>>
>>> July 2010.
>>>
>>> --
>>>
>>>
>>>  Anyone know when the RC expires? i.e. is it safe to put it out for
>>> testing by a regular user for a few weeks or is it going to expire like the
>>> end of July or something? I don't recall seeing an expiration date on it.
>>>
>>>
>>>
>>> [image: John-Aldrich][image: Tile-Tools]
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>>
>>
>>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Win2003 DC on Win2000 domain

[Jon Harris]

Only when I did not give it enough time to replicate but that was years ago
with the 2k server at sub SP2 and the W2k3 at SP0.

Jon

On Thu, Jul 9, 2009 at 10:06 AM, Erik Goldoff  wrote:

>  OK, to get back on the topic, this one has taken a weird twist :
>
> Ran ADPREP /Forestprep   ( and /domainprep ) on the Win2000 DC (schema
> master) with successful completion messages
>
> but running DCPromo on the Win2003 server against this domain errors out :
>
>
>
> The operation failed because:
>
> The Active Directory Installation  Wizard cannot continue because the
> forest is not prepared for installing Windows Server 2003.  Use the Adprep
> command-line tool to prepare both the forest and the domain ..
>
> "The version of the Active Directory schema of the source forest is not
> compatible with the version of Active Directory on this computer."
>
>
>  Three DCs at this site, all show proper replication, event logs show
> nothing relevant, attempt to rerun adprep show
> "Forest-wide information has already been updated "
>
> Anybody run across this before ???
>
> Thanks
>
>
>  Erik Goldoff
>
> *IT  Consultant*
>
> *Systems, Networks, & Security *
>
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Windows 7 RC

[Jonathan Link]

Don't nag screens show up in March, though?

On Thu, Jul 9, 2009 at 10:06 AM, Jon Harris  wrote:

> The RC expires some time in June/May 2010.
>
> Jon
>
>   On Thu, Jul 9, 2009 at 10:02 AM, Rod Trent wrote:
>
>> July 2010.
>>
>> --
>>
>>
>>  Anyone know when the RC expires? i.e. is it safe to put it out for
>> testing by a regular user for a few weeks or is it going to expire like the
>> end of July or something? I don't recall seeing an expiration date on it.
>>
>>
>>
>> [image: John-Aldrich][image: Tile-Tools]
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Google Voice

[Erik Goldoff]

 
So far that's for the cost of International calls, local CONUS calls are
free


Erik Goldoff
IT  Consultant
Systems, Networks, & Security 


-Original Message-
From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] 
Sent: Thursday, July 09, 2009 9:51 AM
To: NT System Admin Issues
Subject: Re: Google Voice

But, there is a monetary "Balance" section, and a link to "add credit"
via Google's Checkout service.

--
ME2



On Thu, Jul 9, 2009 at 9:32 AM, Rob Bonfiglio wrote:
> Currently they are saying it's free.  They don't indicate if it will 
> always be free though:
>
> http://www.google.com/support/voice/bin/answer.py?answer=141993
>
> On Thu, Jul 9, 2009 at 9:27 AM, Lee Douglas  wrote:
>>
>> It is pretty cool. I was one of the early 'beta' folks - not that 
>> it's a normal beta where they pay much attention to feedback.
>>
>> The only concerns I have is what it's going to cost and if there will 
>> ever be a way to move my phone number to them. I hate to give out the 
>> Google Voice number and later find out that I can't afford it. Right 
>> now, having yet another phone number isn't a plus unless I can make 
>> it my only phone number.
>>
>> YMMV
>>
>>
>>
>>
>> On Wed, Jul 8, 2009 at 6:33 PM, Ben Schorr  wrote:
>>>
>>> I'm interested in trying it but it looks like they don't have any 
>>> 808 numbers so that significantly limits its usefulness to me.
>>>
>>> Ben M. Schorr
>>> Chief Executive Officer
>>> __
>>> Roland Schorr & Tower
>>> www.rolandschorr.com
>>> b...@rolandschorr.com
>>> Twitter: http://www.twitter.com/bschorr
>>>
>>>
>>> -Original Message-
>>> From: Micheal Espinola Jr [mailto:michealespin...@gmail.com]
>>> Sent: Wednesday, July 08, 2009 12:26 PM
>>> To: NT System Admin Issues
>>> Subject: OT: Google Voice
>>>
>>> Anyone else get an invite yet?  Looks pretty cool so far...
>>>
>>> --
>>> ME2
>>>
>>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>>>   ~
>>>
>>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>>>   ~
>>>
>>
>>
>>
>>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Windows 7 RC

[Jon Harris]

The RC expires some time in June/May 2010.

Jon

On Thu, Jul 9, 2009 at 10:02 AM, Rod Trent  wrote:

> July 2010.
>
> --
>
>
>  Anyone know when the RC expires? i.e. is it safe to put it out for
> testing by a regular user for a few weeks or is it going to expire like the
> end of July or something? I don't recall seeing an expiration date on it.
>
>
>
> [image: John-Aldrich][image: Tile-Tools]
>
>
>
>
>
>
>
>
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Win2003 DC on Win2000 domain

[Erik Goldoff]

OK, to get back on the topic, this one has taken a weird twist :
 
Ran ADPREP /Forestprep   ( and /domainprep ) on the Win2000 DC (schema
master) with successful completion messages 
 
but running DCPromo on the Win2003 server against this domain errors out :
 
 

The operation failed because:
 
The Active Directory Installation  Wizard cannot continue because the forest
is not prepared for installing Windows Server 2003.  Use the Adprep
command-line tool to prepare both the forest and the domain ..
 
"The version of the Active Directory schema of the source forest is not
compatible with the version of Active Directory on this computer."
 

 Three DCs at this site, all show proper replication, event logs show
nothing relevant, attempt to rerun adprep show 
"Forest-wide information has already been updated "
 
Anybody run across this before ???
 
Thanks
 
 

Erik Goldoff


IT  Consultant

Systems, Networks, & Security 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

re: Windows 7 RC

[Rod Trent]

July 2010. 



Anyone know when the RC expires? i.e. is it safe to put it out for testing by a 
regular user for a few weeks or is it going to expire like the end of July or 
something? I don't recall seeing an expiration date on it.
 

 

 

 

 
 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Google Voice

[Andy Ognenoff]

>But, there is a monetary "Balance" section, and a link to "add credit"
>via Google's Checkout service.

That's for making international calls.  I've been using it since it came out
to talk to my friend in the Peace Corps in South Africa.  Pretty good
international rates.

BTW, if you have a Google Voice number and an iPhone - get the GV Mobile
app.

http://www.seankovacs.com/index.php/gv-mobile/


 - Andy O.



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Windows 7 RC

[John Aldrich]

Anyone know when the RC expires? i.e. is it safe to put it out for testing
by a regular user for a few weeks or is it going to expire like the end of
July or something? I don't recall seeing an expiration date on it.

 

John-AldrichTile-Tools

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~<><>

Re: Google Voice

[Micheal Espinola Jr]

But, there is a monetary "Balance" section, and a link to "add credit"
via Google's Checkout service.

--
ME2



On Thu, Jul 9, 2009 at 9:32 AM, Rob Bonfiglio wrote:
> Currently they are saying it's free.  They don't indicate if it will always
> be free though:
>
> http://www.google.com/support/voice/bin/answer.py?answer=141993
>
> On Thu, Jul 9, 2009 at 9:27 AM, Lee Douglas  wrote:
>>
>> It is pretty cool. I was one of the early 'beta' folks - not that it's a
>> normal beta where they pay much attention to feedback.
>>
>> The only concerns I have is what it's going to cost and if there will ever
>> be a way to move my phone number to them. I hate to give out the Google
>> Voice number and later find out that I can't afford it. Right now, having
>> yet another phone number isn't a plus unless I can make it my only phone
>> number.
>>
>> YMMV
>>
>>
>>
>>
>> On Wed, Jul 8, 2009 at 6:33 PM, Ben Schorr  wrote:
>>>
>>> I'm interested in trying it but it looks like they don't have any 808
>>> numbers so that significantly limits its usefulness to me.
>>>
>>> Ben M. Schorr
>>> Chief Executive Officer
>>> __
>>> Roland Schorr & Tower
>>> www.rolandschorr.com
>>> b...@rolandschorr.com
>>> Twitter: http://www.twitter.com/bschorr
>>>
>>>
>>> -Original Message-
>>> From: Micheal Espinola Jr [mailto:michealespin...@gmail.com]
>>> Sent: Wednesday, July 08, 2009 12:26 PM
>>> To: NT System Admin Issues
>>> Subject: OT: Google Voice
>>>
>>> Anyone else get an invite yet?  Looks pretty cool so far...
>>>
>>> --
>>> ME2
>>>
>>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>>> ~   ~
>>>
>>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>>> ~   ~
>>>
>>
>>
>>
>>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Google Voice

[Micheal Espinola Jr]

Yesterday morning. It was a bit of a surprise. I wasn't expecting it.

--
ME2



On Wed, Jul 8, 2009 at 9:06 PM, Bob Fronk wrote:
> Not yet.  Did you get one?  When?
>
> --
> Bob Fronk
>   Б  АаPlease print only аas needed.
>
>
>
>
> -Original Message-
> From: Micheal Espinola Jr [mailto:michealespin...@gmail.com]
> Sent: Wednesday, July 08, 2009 6:26 PM
> To: NT System Admin Issues
> Subject: OT: Google Voice
>
> Anyone else get an invite yet?  Looks pretty cool so far...
>
> --
> ME2
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Server 2008 fail/ My fail?

[Owens, Michael]

Ok - I just tried that option - and now it wont create the roaming profile at 
first log on. Did I do something wrong?

Thanks,
Mike


From: Jonathan Link [mailto:jonathan.l...@gmail.com]
Sent: Tuesday, July 07, 2009 4:42 PM
To: NT System Admin Issues
Subject: Re: Server 2008 fail/ My fail?

Did you adjust the GPO?
Administrative Templates\System\User Profiles

"Add the Administrators security group to roaming user profiles"


On Tue, Jul 7, 2009 at 2:12 PM, Owens, Michael 
mailto:michael.ow...@dys.ohio.gov>> wrote:
Heres what is going on.

I have a share, that TS profiles get created on. Only that account has access 
to them, and system. For some reason it takes away administrators - I would 
like to add a group, to the parent folder, to propogate to all child objects 
created. Does that make sense?


From: Jon Harris [mailto:jk.har...@gmail.com]
Sent: Tuesday, July 07, 2009 1:46 PM
To: NT System Admin Issues
Subject: Re: Server 2008 fail/ My fail?

I have been doing that for the last week while I move from 2003 to 2008.  Look 
at the Security Tab bottom Advanced then Edit then Edit again then Apply To.  
Will this not work or do you want to Add a group/person/etc.  If you are adding 
then the second Edit should be Add instead.

Jon

On Tue, Jul 7, 2009 at 1:38 PM, Owens, Michael 
mailto:michael.ow...@dys.ohio.gov>> wrote:
Does anyone know why they got rid of the option to "replace permission entries 
on all child objects with entries shown here that apply to child objects?" Or 
did they move it?


This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.











This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.











This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Network Topology Software

[Daniel Rodriguez]

Question:

Is there any software available that will 'show' what is connected on the
network, graphically? Something that looks like Packet Tracer, but self
discovery.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: New IE zero day exploit in the wild

[David Lum]

I work with one law firm, and they are generally receptive to adapting most 
best practices, and sometimes they pay the bill the same day I am there (once I 
got a check before they got the invoicehang on let me send you the invoice 
for this check���!). It helps to have excellent working relationships. Then 
again 100% of my clients have been word of mouth and I only take on the ones 
that feel like a good fit (and that I feel I have time to adequately service).

It also doesn���t hurt that the consultant I replaced (a few years ago) they 
felt like he was just creating work for himself to make some cash initially 
I was brought on to cover for times this guy was go�oddly after my 2nd 
onsite visit they booted the other guy. A few months ago I got what I 
considered the ultimate unsolicited compliment:You have saved us so much 
money!���.

I realize this firm may or may not be representative, but not a one of them 
would I consider the typical lawyer snake.

Dave

From: Jon Harris [mailto:jk.har...@gmail.com]
Sent: Thursday, July 09, 2009 5:16 AM
To: NT System Admin Issues
Subject: Re: New IE zero day exploit in the wild

Depends on the engineering type.  I know Chemical and Nuclear understand rules 
and will work inside them with little fuss Metallurgical seem to be willing if 
they can't find a loop hole, but they look hard for loop holes to slip through. 
 Doctors and Chemist ignore rules for the most part until someone beats on them 
producing enough pain to get compliance.  All of that is from personal 
experience.  Doctors seem to be the worst at paying the bill, BTW.

I have been lucky enough to stay away from lawyers so I know nothing of their 
management.

Jon
On Thu, Jul 9, 2009 at 8:05 AM, paul chinnery 
mailto:pdw1...@hotmail.com>> wrote:


> Subject: RE: New IE zero day exploit in the wild
> Date: Wed, 8 Jul 2009 14:56:01 -0400
> From: don.gu...@prufoxroach.com

> To: 
> ntsysadmin@lyris.sunbelt-software.com
>
> We're going through something similar right now. Although, not "everyone" is 
> a local admin, there are enough of them to cause additional workload on the 
> field techs.
>
> We also have a few thousand Sales Agents who are allowed to bring in their 
> home laptops and connect to the network.
>
> That's another battle altogether..
>
> Don Guyer
> Systems Engineer - Information Services
> Prudential, Fox & Roach/Trident Group
> 431 W. Lancaster Avenue
> Devon, PA 19333
> Direct: (610) 993-3299
> Fax: (610) 650-5306
> don.gu...@prufoxroach.com
>
>
> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Wednesday, July 08, 2009 2:51 PM
> To: NT System Admin Issues
> Subject: Re: New IE zero day exploit in the wild
>
> Truth. However, there are also political and training issues.
>
> 1) We haven't, as a company (nor within IT) figured out how to make
> our standard apps work under under non-admin accounts. This will take
> time and resources to figure out, and then further time and resources
> to figure out how to "productionise" the application of these settings
> and apply them across the domain, including two offices overseas.
>
> 2) A large portion of our users are engineers who have a rabid
> aversion to the idea that they can't be admins on their own boxes. I'm
> in the (multi-year!) process of simply trying to convince engineering
> managers that none of the staff need two NICs in their boxes - one for
> the production LAN and one for the test/dev LAN.
>
> 3) The overseas offices are also politically resistant to this idea.
>
> While I agree that the load would be lessened, and we'd have a much
> better managed and more secure environment, this is not a trivial
> effort, and at times I despair. But, I persist, and have it as a goal
> to work toward this fiscal year.
>
> The first step is to get signoff by company management, in the form of
> an actual policy - something of which there are no good examples.
> There are practices and recommendations regarding IT, but very little
> in the way of a real IT policy that has been agreed to by management.
>
> Kurt
>
> On Wed, Jul 8, 2009 at 07:52, Jonathan 
> Linkmailto:jonathan.l...@gmail.com>> wrote:
> > After taking local admin rights away from users my plate is less full.
> > YMMV.
> >
> > On Wed, Jul 8, 2009 at 10:47 AM, Kurt Buff 
> > mailto:kurt.b...@gmail.com>> wrote:
> >>
> >> Yes, unfortunately, all our users are admins. It sucks, but I use it
> >> to my advantage when I can.
> >>
> >> The reason we've not done a GP is because we haven't had the luxury of
> >> studying to understand them. Our plates always seem to be full with
> >> other things.
> >>
> >> On Tue, Jul 7, 2009 at 19:04, Ken 
> >> Schaefermailto:k...@adopenstatic.com>> wrote:
> >> > Are all your users admins? Otherwise, how is that logon script going to
> >> > update HKLM?
> >> 

Re: Google Voice

[Rob Bonfiglio]

Currently they are saying it's free.  They don't indicate if it will always
be free though:

http://www.google.com/support/voice/bin/answer.py?answer=141993

On Thu, Jul 9, 2009 at 9:27 AM, Lee Douglas  wrote:

> It is pretty cool. I was one of the early 'beta' folks - not that it's a
> normal beta where they pay much attention to feedback.
>
> The only concerns I have is what it's going to cost and if there will ever
> be a way to move my phone number to them. I hate to give out the Google
> Voice number and later find out that I can't afford it. Right now, having
> yet another phone number isn't a plus unless I can make it my only phone
> number.
>
> YMMV
>
>
>
>
>  On Wed, Jul 8, 2009 at 6:33 PM, Ben Schorr  wrote:
>
>> I'm interested in trying it but it looks like they don't have any 808
>> numbers so that significantly limits its usefulness to me.
>>
>> Ben M. Schorr
>> Chief Executive Officer
>> __
>> Roland Schorr & Tower
>> www.rolandschorr.com
>> b...@rolandschorr.com
>> Twitter: http://www.twitter.com/bschorr
>>
>>
>> -Original Message-
>> From: Micheal Espinola Jr [mailto:michealespin...@gmail.com]
>> Sent: Wednesday, July 08, 2009 12:26 PM
>> To: NT System Admin Issues
>> Subject: OT: Google Voice
>>
>> Anyone else get an invite yet?  Looks pretty cool so far...
>>
>> --
>> ME2
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Google Voice

[Lee Douglas]

It is pretty cool. I was one of the early 'beta' folks - not that it's a
normal beta where they pay much attention to feedback.

The only concerns I have is what it's going to cost and if there will ever
be a way to move my phone number to them. I hate to give out the Google
Voice number and later find out that I can't afford it. Right now, having
yet another phone number isn't a plus unless I can make it my only phone
number.

YMMV




On Wed, Jul 8, 2009 at 6:33 PM, Ben Schorr  wrote:

> I'm interested in trying it but it looks like they don't have any 808
> numbers so that significantly limits its usefulness to me.
>
> Ben M. Schorr
> Chief Executive Officer
> __
> Roland Schorr & Tower
> www.rolandschorr.com
> b...@rolandschorr.com
> Twitter: http://www.twitter.com/bschorr
>
>
> -Original Message-
> From: Micheal Espinola Jr [mailto:michealespin...@gmail.com]
> Sent: Wednesday, July 08, 2009 12:26 PM
> To: NT System Admin Issues
> Subject: OT: Google Voice
>
> Anyone else get an invite yet?  Looks pretty cool so far...
>
> --
> ME2
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

OT: Evian Ad on YouTube

[Sherry Abercrombie]

Just released yesterday to YouTube to "gauge" peoples reaction, kinda weird,
but cute.

http://www.youtube.com/watch?v=_PHnRIn74Ag



-- 
Sherry Abercrombie

"Any sufficiently advanced technology is indistinguishable from magic."
Arthur C. Clarke

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~