Re: OT: Portable AC unit for small closet

[Richard Stovall]

All I'll say is:

1) No, she's not blonde.  She's a lanky, beautiful brunette.
2) It's a true story.


3) Strictly back on topic from now on...


On Fri, Oct 2, 2009 at 8:29 PM, Sherry Abercrombie  wrote:
> A college graduate and she didn't know the difference between those two
> words..and a health care worker.  All I can say is WOW, was she blonde?
>
> On Fri, Oct 2, 2009 at 6:15 PM, Richard Stovall  wrote:
>>
>> Many, many moons ago I was having a conversation with my
>> then-girlfriend.  Wonderful person, salt of the earth, tall, slim,
>> beautiful, college graduate, health care worker...  You get the idea.
>> Darn near perfect.
>>
>> Anyway, one day we were having a serious conversation about something
>> or other and I was describing an important turning point in my life.
>> I said something to the effect of "blah, blah, blah seminal event
>> blah, blah, blah."  She stopped me mid-sentence and said, "RICHARD!"
>> "I can't believe you said that!"  "What?", I said.  "THAT.  THAT
>> WORD!"
>>
>> As wonderful as she was, we didn't date for much longer.
>>
>> On Fri, Oct 2, 2009 at 5:43 PM, John Cook  wrote:
>> > I was wondering where Shookie was hiding...
>> > John W. Cook
>> > Systems Administrator
>> > Partnership For Strong Families
>> >  Sent to you from my Blackberry in the Cloud
>> >
>> > - Original Message -
>> > From: Ben Scott 
>> > To: NT System Admin Issues 
>> > Sent: Fri Oct 02 17:37:38 2009
>> > Subject: Re: OT: Portable AC unit for small closet
>> >
>> > On Fri, Oct 2, 2009 at 5:03 PM, Micheal Espinola Jr
>> >  wrote:
>> >> That's just gross.  Im really surprised at you Ben.  ;-)
>> >
>> >  "cum" is Latin for "combined with".  Aside from vulgar slang, it is
>> > colloquially used to mean "X turned into Y".  As in, "closet turned
>> > into server room".
>> >
>> >  Get your mind out of your pants.  It's already too crowded in there
>> > thanks to Shook's hands.
>> >
>> >  ;-)
>> >
>> > -- Ben
>> >
>> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> > ~   ~
>> >
>> >
>> > CONFIDENTIALITY STATEMENT: The information transmitted, or contained or
>> > attached to or with this Notice is intended only for the person or entity 
>> > to
>> > which it is addressed and may contain Protected Health Information (PHI),
>> > confidential and/or privileged material. Any review, transmission,
>> > dissemination, or other use of, and taking any action in reliance upon this
>> > information by persons or entities other than the intended recipient 
>> > without
>> > the express written consent of the sender are prohibited. This information
>> > may be protected by the Health Insurance Portability and Accountability Act
>> > of 1996 (HIPAA), and other Federal and Florida laws. Improper or
>> > unauthorized use or disclosure of this information could result in civil
>> > and/or criminal penalties.
>> >  Consider the environment. Please don't print this e-mail unless you
>> > really need to.
>> >
>> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> > ~   ~
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>
>
>
> --
> Sherry Abercrombie
>
> "Any sufficiently advanced technology is indistinguishable from magic."
> Arthur C. Clarke
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

OT: Google Wave Developer Preview at Google I/O 2009

[Cliff Partlow]

 

 

http://www.youtube.com/watch?v=v_UyVmITiYQ&feature=player_embedded

 

I have seen other demo's and did not have the big picture until I saw this.
Now I can go back and benefit from the other demo's.

 

If anyone can spare an invite I would be very grateful, send to :

 

cliff...@cox.net

 

 

 

"From The Sunny Side Of The Street!"

Cliff P.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: OT: Portable AC unit for small closet

[Richard Stovall]

Mine is too.

Now.

On Fri, Oct 2, 2009 at 10:08 PM, Steven M. Caesare  wrote:
> My wife is blonde.
>
>
>
> -sc
>
>
>
> From: Sherry Abercrombie [mailto:saber...@gmail.com]
> Sent: Friday, October 02, 2009 8:30 PM
>
> To: NT System Admin Issues
> Subject: Re: OT: Portable AC unit for small closet
>
>
>
> A college graduate and she didn't know the difference between those two
> words..and a health care worker.  All I can say is WOW, was she blonde?
>
> On Fri, Oct 2, 2009 at 6:15 PM, Richard Stovall  wrote:
>
> Many, many moons ago I was having a conversation with my
> then-girlfriend.  Wonderful person, salt of the earth, tall, slim,
> beautiful, college graduate, health care worker...  You get the idea.
> Darn near perfect.
>
> Anyway, one day we were having a serious conversation about something
> or other and I was describing an important turning point in my life.
> I said something to the effect of "blah, blah, blah seminal event
> blah, blah, blah."  She stopped me mid-sentence and said, "RICHARD!"
> "I can't believe you said that!"  "What?", I said.  "THAT.  THAT
> WORD!"
>
> As wonderful as she was, we didn't date for much longer.
>
> On Fri, Oct 2, 2009 at 5:43 PM, John Cook  wrote:
>> I was wondering where Shookie was hiding...
>> John W. Cook
>> Systems Administrator
>> Partnership For Strong Families
>>  Sent to you from my Blackberry in the Cloud
>>
>> - Original Message -
>> From: Ben Scott 
>> To: NT System Admin Issues 
>> Sent: Fri Oct 02 17:37:38 2009
>> Subject: Re: OT: Portable AC unit for small closet
>>
>> On Fri, Oct 2, 2009 at 5:03 PM, Micheal Espinola Jr
>>  wrote:
>>> That's just gross.  Im really surprised at you Ben.  ;-)
>>
>>  "cum" is Latin for "combined with".  Aside from vulgar slang, it is
>> colloquially used to mean "X turned into Y".  As in, "closet turned
>> into server room".
>>
>>  Get your mind out of your pants.  It's already too crowded in there
>> thanks to Shook's hands.
>>
>>  ;-)
>>
>> -- Ben
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>>
>> CONFIDENTIALITY STATEMENT: The information transmitted, or contained or
>> attached to or with this Notice is intended only for the person or entity to
>> which it is addressed and may contain Protected Health Information (PHI),
>> confidential and/or privileged material. Any review, transmission,
>> dissemination, or other use of, and taking any action in reliance upon this
>> information by persons or entities other than the intended recipient without
>> the express written consent of the sender are prohibited. This information
>> may be protected by the Health Insurance Portability and Accountability Act
>> of 1996 (HIPAA), and other Federal and Florida laws. Improper or
>> unauthorized use or disclosure of this information could result in civil
>> and/or criminal penalties.
>>  Consider the environment. Please don't print this e-mail unless you
>> really need to.
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>
> --
> Sherry Abercrombie
>
> "Any sufficiently advanced technology is indistinguishable from magic."
> Arthur C. Clarke
>
>
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: OT: Portable AC unit for small closet

[Steven M. Caesare]

My wife is blonde.

 

-sc

 

From: Sherry Abercrombie [mailto:saber...@gmail.com] 
Sent: Friday, October 02, 2009 8:30 PM
To: NT System Admin Issues
Subject: Re: OT: Portable AC unit for small closet

 

A college graduate and she didn't know the difference between those two
words..and a health care worker.  All I can say is WOW, was she
blonde?

On Fri, Oct 2, 2009 at 6:15 PM, Richard Stovall 
wrote:

Many, many moons ago I was having a conversation with my
then-girlfriend.  Wonderful person, salt of the earth, tall, slim,
beautiful, college graduate, health care worker...  You get the idea.
Darn near perfect.

Anyway, one day we were having a serious conversation about something
or other and I was describing an important turning point in my life.
I said something to the effect of "blah, blah, blah seminal event
blah, blah, blah."  She stopped me mid-sentence and said, "RICHARD!"
"I can't believe you said that!"  "What?", I said.  "THAT.  THAT
WORD!"

As wonderful as she was, we didn't date for much longer.


On Fri, Oct 2, 2009 at 5:43 PM, John Cook  wrote:
> I was wondering where Shookie was hiding...
> John W. Cook
> Systems Administrator
> Partnership For Strong Families
>  Sent to you from my Blackberry in the Cloud
>
> - Original Message -
> From: Ben Scott 
> To: NT System Admin Issues 
> Sent: Fri Oct 02 17:37:38 2009
> Subject: Re: OT: Portable AC unit for small closet
>
> On Fri, Oct 2, 2009 at 5:03 PM, Micheal Espinola Jr
>  wrote:
>> That's just gross.  Im really surprised at you Ben.  ;-)
>
>  "cum" is Latin for "combined with".  Aside from vulgar slang, it is
> colloquially used to mean "X turned into Y".  As in, "closet turned
> into server room".
>
>  Get your mind out of your pants.  It's already too crowded in there
> thanks to Shook's hands.
>
>  ;-)
>
> -- Ben
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>
> CONFIDENTIALITY STATEMENT: The information transmitted, or contained
or attached to or with this Notice is intended only for the person or
entity to which it is addressed and may contain Protected Health
Information (PHI), confidential and/or privileged material. Any review,
transmission, dissemination, or other use of, and taking any action in
reliance upon this information by persons or entities other than the
intended recipient without the express written consent of the sender are
prohibited. This information may be protected by the Health Insurance
Portability and Accountability Act of 1996 (HIPAA), and other Federal
and Florida laws. Improper or unauthorized use or disclosure of this
information could result in civil and/or criminal penalties.
>  Consider the environment. Please don't print this e-mail unless you
really need to.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~




-- 
Sherry Abercrombie

"Any sufficiently advanced technology is indistinguishable from magic." 
Arthur C. Clarke

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: OT: Portable AC unit for small closet

[Angus Scott-Fleming]

On 2 Oct 2009 at 18:29, Sherry Abercrombie  wrote:

> A college graduate and she didn't know the difference between those two 
> words..and a health care worker. All I can say is WOW, was she 
> blonde?

[g,d,rlh] in advance ... but it's LATE Freitag ...

A blonde woman was speeding down the road in her little red sports car and 
was pulled over by a woman police officer who was also blonde. The blonde 
cop asked to see the blonde driver's license. She dug through her purse 
and was getting progressively more agitated. 'What does it look like?' she 
finally asked the policewoman replied, 'It square and it has your picture 
on it.' The driver finally found a square mirror in her purse looked at it 
and handed it to the policewoman.. 'Here it is,' she said. The blonde 
officer looked at the mirror, then handed it back saying, OK, you can go. 
I didn't realize you were a cop.'

--
Angus Scott-Fleming
GeoApps, Tucson, Arizona
1-520-290-5038
+---+




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: MSE is released...

[Angus Scott-Fleming]

On 2 Oct 2009 at 22:23, Peter van Houten  wrote:

> For the Mozilla-heads here, there is a wonderful extension which I use
> in both Thunderbird and Firefox. Highlight and right-click (context menu
> editable) text and it will take you to the URL (or parts thereof)
> you have highlighted. Uses wildcards and will attempt to "repair" broken
> links:
> 
> http://email.about.com/od/thunderbirdextensions/gr/url_link.htm

I've been using Plain Text Links in Firefox for donkey's years (well, since it 
was called Phoenix, anyway) ...

Plain Text Links :: Add-ons for Firefox
https://addons.mozilla.org/en-US/firefox/addon/78


--
Angus Scott-Fleming
GeoApps, Tucson, Arizona
1-520-290-5038
+---+




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Google Wave Invite wanted

[Angus Scott-Fleming]

If anyone has one to spare, please send to angus.scottflem...@gmail.com

Thanks!

Angus


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: OT: Portable AC unit for small closet

[Sherry Abercrombie]

A college graduate and she didn't know the difference between those two
words..and a health care worker.  All I can say is WOW, was she blonde?

On Fri, Oct 2, 2009 at 6:15 PM, Richard Stovall  wrote:

> Many, many moons ago I was having a conversation with my
> then-girlfriend.  Wonderful person, salt of the earth, tall, slim,
> beautiful, college graduate, health care worker...  You get the idea.
> Darn near perfect.
>
> Anyway, one day we were having a serious conversation about something
> or other and I was describing an important turning point in my life.
> I said something to the effect of "blah, blah, blah seminal event
> blah, blah, blah."  She stopped me mid-sentence and said, "RICHARD!"
> "I can't believe you said that!"  "What?", I said.  "THAT.  THAT
> WORD!"
>
> As wonderful as she was, we didn't date for much longer.
>
> On Fri, Oct 2, 2009 at 5:43 PM, John Cook  wrote:
> > I was wondering where Shookie was hiding...
> > John W. Cook
> > Systems Administrator
> > Partnership For Strong Families
> >  Sent to you from my Blackberry in the Cloud
> >
> > - Original Message -
> > From: Ben Scott 
> > To: NT System Admin Issues 
> > Sent: Fri Oct 02 17:37:38 2009
> > Subject: Re: OT: Portable AC unit for small closet
> >
> > On Fri, Oct 2, 2009 at 5:03 PM, Micheal Espinola Jr
> >  wrote:
> >> That's just gross.  Im really surprised at you Ben.  ;-)
> >
> >  "cum" is Latin for "combined with".  Aside from vulgar slang, it is
> > colloquially used to mean "X turned into Y".  As in, "closet turned
> > into server room".
> >
> >  Get your mind out of your pants.  It's already too crowded in there
> > thanks to Shook's hands.
> >
> >  ;-)
> >
> > -- Ben
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> > ~   ~
> >
> >
> > CONFIDENTIALITY STATEMENT: The information transmitted, or contained or
> attached to or with this Notice is intended only for the person or entity to
> which it is addressed and may contain Protected Health Information (PHI),
> confidential and/or privileged material. Any review, transmission,
> dissemination, or other use of, and taking any action in reliance upon this
> information by persons or entities other than the intended recipient without
> the express written consent of the sender are prohibited. This information
> may be protected by the Health Insurance Portability and Accountability Act
> of 1996 (HIPAA), and other Federal and Florida laws. Improper or
> unauthorized use or disclosure of this information could result in civil
> and/or criminal penalties.
> >  Consider the environment. Please don't print this e-mail unless you
> really need to.
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> > ~   ~
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>


-- 
Sherry Abercrombie

"Any sufficiently advanced technology is indistinguishable from magic."
Arthur C. Clarke

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: VMware View

[Steven Peck]

We did some client settings tweaks on our test that helped some.  But
we are still on the fence about it.

On Fri, Oct 2, 2009 at 2:31 PM, mse...@ont.com  wrote:
> If your guests are Vista or the new upcoming Windows 7 your are going to
> need 1-2 GB of memory. This is one reason we have put off deploying virtual
> desktops and VDI. Server memory is a lot more expensive than workstation
> memory. Also the cost of the VECD licenses to run virtual desktops isn't
> cheap. Performance issues for virtual desktop's could also point to SAN or
> storage issue or network /switch issues.
>
> Mike
>
> Original Message:
> -
> From: Craig Gauss gau...@rhahealthcare.org
> Date: Fri, 2 Oct 2009 15:31:42 -0500
> To: ntsysadmin@lyris.sunbelt-software.com
> Subject: RE: VMware View
>
>
> We have had some reports of "slow performance."  I was wondering about
> the RAM our consultant had us set them at 512 but that seems low to me.
> Especially with VMs because they will only use it when it needs it.
>
> Haha, dont think it is just your users.  Ours complain about some things
> like that as well.
>
> I did shut off the page file on one and it sure seems to come back from
> the screen saver a lot quicker.
>
>
> Craig Gauss,  Technical Supervisor/Security Officer
> Riverview Hospital Association
>
>
>
>
>
> 
>
> From: James Rankin [mailto:kz2...@googlemail.com]
> Sent: Friday, October 02, 2009 3:03 PM
> To: NT System Admin Issues
> Subject: Re: VMware View
>
>
> Give 'em as much memory as possible. Our database apps (especially those
> that have a lot of screen redrawing for long lists of numbers) run at a
> crawl without 4GB of RAM, even though they are only XP 32-bit machines.
> Don't know whether it is just our thin clients or not, but don't expect
> the performance of animated mouse pointers and the like to be up to much
> (probably only our users would complain about such a thing, however). If
> you are going to be using multiple screens, we have found SplitView to
> be very handy.
>
>
> 2009/10/2 Craig Gauss 
>
>
>        Just looking to see if anyone else out there is running View and
> if they
>        have come up with any sort of best practices when it comes to
> Windows
>        workstations.  We followed Vmware's best practice guide but I am
>        wondering if anyone else has found some good things that worked
> for
>        them.  I did read on one forum that some users have found it
> better to
>        set the VMs with no page file.
>
>        Anyone?
>
>        ~ Finally, powerful endpoint security that ISN'T a resource hog!
> ~
>        ~   ~
>
>
>
>
>
>
> --
> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put
> into the machine wrong figures, will the right answers come out?' I am
> not able rightly to apprehend the kind of confusion of ideas that could
> provoke such a question."
>
> http://raythestray.blogspot.com
>
>
>
>
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> 
> myhosting.com - Premium Microsoft® Windows® and Linux web and application
> hosting - http://link.myhosting.com/myhosting
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: OT: Portable AC unit for small closet

[Richard Stovall]

Many, many moons ago I was having a conversation with my
then-girlfriend.  Wonderful person, salt of the earth, tall, slim,
beautiful, college graduate, health care worker...  You get the idea.
Darn near perfect.

Anyway, one day we were having a serious conversation about something
or other and I was describing an important turning point in my life.
I said something to the effect of "blah, blah, blah seminal event
blah, blah, blah."  She stopped me mid-sentence and said, "RICHARD!"
"I can't believe you said that!"  "What?", I said.  "THAT.  THAT
WORD!"

As wonderful as she was, we didn't date for much longer.

On Fri, Oct 2, 2009 at 5:43 PM, John Cook  wrote:
> I was wondering where Shookie was hiding...
> John W. Cook
> Systems Administrator
> Partnership For Strong Families
>  Sent to you from my Blackberry in the Cloud
>
> - Original Message -
> From: Ben Scott 
> To: NT System Admin Issues 
> Sent: Fri Oct 02 17:37:38 2009
> Subject: Re: OT: Portable AC unit for small closet
>
> On Fri, Oct 2, 2009 at 5:03 PM, Micheal Espinola Jr
>  wrote:
>> That's just gross.  Im really surprised at you Ben.  ;-)
>
>  "cum" is Latin for "combined with".  Aside from vulgar slang, it is
> colloquially used to mean "X turned into Y".  As in, "closet turned
> into server room".
>
>  Get your mind out of your pants.  It's already too crowded in there
> thanks to Shook's hands.
>
>  ;-)
>
> -- Ben
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>
> CONFIDENTIALITY STATEMENT: The information transmitted, or contained or 
> attached to or with this Notice is intended only for the person or entity to 
> which it is addressed and may contain Protected Health Information (PHI), 
> confidential and/or privileged material. Any review, transmission, 
> dissemination, or other use of, and taking any action in reliance upon this 
> information by persons or entities other than the intended recipient without 
> the express written consent of the sender are prohibited. This information 
> may be protected by the Health Insurance Portability and Accountability Act 
> of 1996 (HIPAA), and other Federal and Florida laws. Improper or unauthorized 
> use or disclosure of this information could result in civil and/or criminal 
> penalties.
>  Consider the environment. Please don't print this e-mail unless you really 
> need to.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Audit Policies

[Ben Scott]

On Fri, Oct 2, 2009 at 6:42 PM, Free, Bob  wrote:
> Resource Kit, NT4 & 2000 IIRC.

  Ah-ha!  I just checked our server with the 2K Res Kit on it, and
sure enough, there's an AUDITPOL.EXE there.

  Good to know.  Thanks.  :)

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Audit Policies

[Free, Bob]

Resource Kit, NT4 & 2000 IIRC. I think it was eliminated in 2K3 Res Kit.
Probably wanted people to forget about it while thy cooked up the fancy
version for 2008/Vista :-) 

And if anyone is thinking about it, the new one won't run on the older
OS's. At least it didn't when I tried with an early copy a MS engineer
got me, makes sense when you think about the radical changes made in the
audit sub-system.

-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com] 
Sent: Friday, October 02, 2009 3:02 PM
To: NT System Admin Issues
Subject: Re: Audit Policies

On Fri, Oct 2, 2009 at 5:40 PM, Free, Bob  wrote:
> Auditpol has been around since the 90's, albeit in a much different
form
> than it is now. The old version could work on earlier OS's if it met
his
> particular needs.

  Really?  I did not know that.  Where does one get it from?  My XP
box doesn't seem to have it by default, nor is it in the Support
Tools.  Google just finds people talking about Vista.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Audit Policies

[Ben Scott]

On Fri, Oct 2, 2009 at 5:40 PM, Free, Bob  wrote:
> Auditpol has been around since the 90's, albeit in a much different form
> than it is now. The old version could work on earlier OS's if it met his
> particular needs.

  Really?  I did not know that.  Where does one get it from?  My XP
box doesn't seem to have it by default, nor is it in the Support
Tools.  Google just finds people talking about Vista.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Audit Policies

[Andy Ognenoff]

>-Original Message-
>From: Free, Bob [mailto:r...@pge.com]
>Sent: Friday, October 02, 2009 4:40 PM
>To: NT System Admin Issues
>Subject: RE: Audit Policies
>
>Auditpol has been around since the 90's, albeit in a much different form
>than it is now. The old version could work on earlier OS's if it met his
>particular needs.


Thanks! Looks like auditpol will do what I need if it will work on Win XP -
I'll try it out.

 - Andy O.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Audit Policies

[Andy Ognenoff]

Doh! Sorry - can't believe I forgot that. It's Win XP Pro.

 - Andy O.

>-Original Message-
>From: Ben Scott [mailto:mailvor...@gmail.com]
>Sent: Friday, October 02, 2009 4:33 PM
>To: NT System Admin Issues
>Subject: Re: Audit Policies
>
>On Fri, Oct 2, 2009 at 4:52 PM, Andy Ognenoff 
>wrote:
>> I'm trying to figure out a way to use a batch/reg/script to set local
>Audit
>> Policies (Local Security Policy > Audit Policy) for machines not
>connected
>> to a domain.
>
>(Say it with me now) What version of Windows?
>
>  For Vista/2008/7, the command is AUDITPOL.  The help is adequate.
>It's actually the only way to administer sub-category policies --
>Group Policy support for that was not implemented, much to the dismay
>of many.  Easily scriptable.
>
>  For XP, without a domain, I think you have to build a custom
>security template .INF file, and apply it with SECEDIT.
>
>-- Ben
>
>~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: OT: Portable AC unit for small closet

[John Cook]

I was wondering where Shookie was hiding...
John W. Cook
Systems Administrator
Partnership For Strong Families
 Sent to you from my Blackberry in the Cloud

- Original Message -
From: Ben Scott 
To: NT System Admin Issues 
Sent: Fri Oct 02 17:37:38 2009
Subject: Re: OT: Portable AC unit for small closet

On Fri, Oct 2, 2009 at 5:03 PM, Micheal Espinola Jr
 wrote:
> That's just gross.  Im really surprised at you Ben.  ;-)

  "cum" is Latin for "combined with".  Aside from vulgar slang, it is
colloquially used to mean "X turned into Y".  As in, "closet turned
into server room".

  Get your mind out of your pants.  It's already too crowded in there
thanks to Shook's hands.

  ;-)

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


CONFIDENTIALITY STATEMENT: The information transmitted, or contained or 
attached to or with this Notice is intended only for the person or entity to 
which it is addressed and may contain Protected Health Information (PHI), 
confidential and/or privileged material. Any review, transmission, 
dissemination, or other use of, and taking any action in reliance upon this 
information by persons or entities other than the intended recipient without 
the express written consent of the sender are prohibited. This information may 
be protected by the Health Insurance Portability and Accountability Act of 1996 
(HIPAA), and other Federal and Florida laws. Improper or unauthorized use or 
disclosure of this information could result in civil and/or criminal penalties.
 Consider the environment. Please don't print this e-mail unless you really 
need to.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: OT: Portable AC unit for small closet

[Free, Bob]

Touché

ME2- That one's not Latin :-]

-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com] 
Sent: Friday, October 02, 2009 2:38 PM
To: NT System Admin Issues
Subject: Re: OT: Portable AC unit for small closet

On Fri, Oct 2, 2009 at 5:03 PM, Micheal Espinola Jr
 wrote:
> That's just gross.  Im really surprised at you Ben.  ;-)

  "cum" is Latin for "combined with".  Aside from vulgar slang, it is
colloquially used to mean "X turned into Y".  As in, "closet turned
into server room".

  Get your mind out of your pants.  It's already too crowded in there
thanks to Shook's hands.

  ;-)

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Audit Policies

[Free, Bob]

Auditpol has been around since the 90's, albeit in a much different form
than it is now. The old version could work on earlier OS's if it met his
particular needs.

-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com] 
Sent: Friday, October 02, 2009 2:33 PM
To: NT System Admin Issues
Subject: Re: Audit Policies

On Fri, Oct 2, 2009 at 4:52 PM, Andy Ognenoff 
wrote:
> I'm trying to figure out a way to use a batch/reg/script to set local
Audit
> Policies (Local Security Policy > Audit Policy) for machines not
connected
> to a domain.

(Say it with me now) What version of Windows?

  For Vista/2008/7, the command is AUDITPOL.  The help is adequate.
It's actually the only way to administer sub-category policies --
Group Policy support for that was not implemented, much to the dismay
of many.  Easily scriptable.

  For XP, without a domain, I think you have to build a custom
security template .INF file, and apply it with SECEDIT.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: OT: Portable AC unit for small closet

[Ben Scott]

On Fri, Oct 2, 2009 at 5:03 PM, Micheal Espinola Jr
 wrote:
> That's just gross.  Im really surprised at you Ben.  ;-)

  "cum" is Latin for "combined with".  Aside from vulgar slang, it is
colloquially used to mean "X turned into Y".  As in, "closet turned
into server room".

  Get your mind out of your pants.  It's already too crowded in there
thanks to Shook's hands.

  ;-)

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Audit Policies

[Ben Scott]

On Fri, Oct 2, 2009 at 4:52 PM, Andy Ognenoff  wrote:
> I'm trying to figure out a way to use a batch/reg/script to set local Audit
> Policies (Local Security Policy > Audit Policy) for machines not connected
> to a domain.

(Say it with me now) What version of Windows?

  For Vista/2008/7, the command is AUDITPOL.  The help is adequate.
It's actually the only way to administer sub-category policies --
Group Policy support for that was not implemented, much to the dismay
of many.  Easily scriptable.

  For XP, without a domain, I think you have to build a custom
security template .INF file, and apply it with SECEDIT.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: VMware View

[mse...@ont.com]

If your guests are Vista or the new upcoming Windows 7 your are going to
need 1-2 GB of memory. This is one reason we have put off deploying virtual
desktops and VDI. Server memory is a lot more expensive than workstation
memory. Also the cost of the VECD licenses to run virtual desktops isn't
cheap. Performance issues for virtual desktop's could also point to SAN or
storage issue or network /switch issues.

Mike

Original Message:
-
From: Craig Gauss gau...@rhahealthcare.org
Date: Fri, 2 Oct 2009 15:31:42 -0500
To: ntsysadmin@lyris.sunbelt-software.com
Subject: RE: VMware View


We have had some reports of "slow performance."  I was wondering about
the RAM our consultant had us set them at 512 but that seems low to me.
Especially with VMs because they will only use it when it needs it.  
 
Haha, dont think it is just your users.  Ours complain about some things
like that as well.
 
I did shut off the page file on one and it sure seems to come back from
the screen saver a lot quicker.
 

Craig Gauss,  Technical Supervisor/Security Officer
Riverview Hospital Association



 



From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: Friday, October 02, 2009 3:03 PM
To: NT System Admin Issues
Subject: Re: VMware View


Give 'em as much memory as possible. Our database apps (especially those
that have a lot of screen redrawing for long lists of numbers) run at a
crawl without 4GB of RAM, even though they are only XP 32-bit machines.
Don't know whether it is just our thin clients or not, but don't expect
the performance of animated mouse pointers and the like to be up to much
(probably only our users would complain about such a thing, however). If
you are going to be using multiple screens, we have found SplitView to
be very handy.


2009/10/2 Craig Gauss 


Just looking to see if anyone else out there is running View and
if they
have come up with any sort of best practices when it comes to
Windows
workstations.  We followed Vmware's best practice guide but I am
wondering if anyone else has found some good things that worked
for
them.  I did read on one forum that some users have found it
better to
set the VMs with no page file.

Anyone?

~ Finally, powerful endpoint security that ISN'T a resource hog!
~
~   ~






-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put
into the machine wrong figures, will the right answers come out?' I am
not able rightly to apprehend the kind of confusion of ideas that could
provoke such a question."

http://raythestray.blogspot.com


 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


myhosting.com - Premium Microsoft® Windows® and Linux web and application
hosting - http://link.myhosting.com/myhosting



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Audit Policies

[Free, Bob]

Look into auditpol.exe.you could script it to set your policies

-Original Message-
From: Andy Ognenoff [mailto:andyognen...@gmail.com] 
Sent: Friday, October 02, 2009 1:53 PM
To: NT System Admin Issues
Subject: Audit Policies

I'm trying to figure out a way to use a batch/reg/script to set local
Audit
Policies (Local Security Policy > Audit Policy) for machines not
connected
to a domain.  

For my main network, I obviously use group policy but I'm trying to whip
something up to run on hundreds of POS terminals so I don't have to rely
on
an individual following a bunch of manual steps.  

Anyone know what registry keys/config gets affected by setting those
policies?  I tried using ProcMon to capture it but was unsuccessful.

TIA!

 - Andy O.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: VMware View

[Don Ely]

Yeah I don't set screen savers at all.

On 10/2/09, Craig Gauss  wrote:
> Yeah that is one thing the VM best practices guide showed.
>
> Even with blank ones ours seem to lag if they are sitting there for a
> long time on the screen saver
>
>
> Craig Gauss,  Technical Supervisor/Security Officer
> Riverview Hospital Association
>
>
>
>
>
> 
>
> From: Don Ely [mailto:don@gmail.com]
> Sent: Friday, October 02, 2009 3:35 PM
> To: NT System Admin Issues
> Subject: Re: VMware View
>
>
> Screen savers in VM's are bad...  Eat processors...  Set them to blank
>
>
> On Fri, Oct 2, 2009 at 1:31 PM, Craig Gauss 
> wrote:
>
>
>   We have had some reports of "slow performance."  I was wondering
> about the RAM our consultant had us set them at 512 but that seems low
> to me.  Especially with VMs because they will only use it when it needs
> it.
>   
>   Haha, dont think it is just your users.  Ours complain about
> some things like that as well.
>   
>   I did shut off the page file on one and it sure seems to come
> back from the screen saver a lot quicker.
>   
>
>   Craig Gauss,  Technical Supervisor/Security Officer
>   Riverview Hospital Association
>   
>   
>
>   
>
> 
>
>   From: James Rankin [mailto:kz2...@googlemail.com]
>   Sent: Friday, October 02, 2009 3:03 PM
>   To: NT System Admin Issues
>   Subject: Re: VMware View
>   
>   
>   Give 'em as much memory as possible. Our database apps
> (especially those that have a lot of screen redrawing for long lists of
> numbers) run at a crawl without 4GB of RAM, even though they are only XP
> 32-bit machines. Don't know whether it is just our thin clients or not,
> but don't expect the performance of animated mouse pointers and the like
> to be up to much (probably only our users would complain about such a
> thing, however). If you are going to be using multiple screens, we have
> found SplitView to be very handy.
>   
>   
>   2009/10/2 Craig Gauss 
>   
>
>   Just looking to see if anyone else out there is running
> View and if they
>   have come up with any sort of best practices when it
> comes to Windows
>   workstations.  We followed Vmware's best practice guide
> but I am
>   wondering if anyone else has found some good things that
> worked for
>   them.  I did read on one forum that some users have
> found it better to
>   set the VMs with no page file.
>   
>   Anyone?
>   
>   ~ Finally, powerful endpoint security that ISN'T a
> resource hog! ~
>   ~
>   ~
>   
>   
>
>
>
>
>   --
>   "On two occasions...I have been asked, 'Pray, Mr Babbage, if you
> put into the machine wrong figures, will the right answers come out?' I
> am not able rightly to apprehend the kind of confusion of ideas that
> could provoke such a question."
>   
>   http://raythestray.blogspot.com
> 
>   
>
>   
>
>   
>   
>
>   
>
>   
>
>   
>   
>
>   
>
>   
>
>   
>
>   
>
>
>
>
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~

-- 
Sent from my mobile device

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: OT: Portable AC unit for small closet

[Sam Cayze]

I caught that too.  Ewe.
:)



From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] 
Sent: Friday, October 02, 2009 4:03 PM
To: NT System Admin Issues
Subject: Re: OT: Portable AC unit for small closet


That's just gross.  Im really surprised at you Ben.  ;-)

--
ME2



On Fri, Oct 2, 2009 at 4:54 PM, Ben Scott  wrote:


On Fri, Oct 2, 2009 at 4:41 PM, Bill Songstad
 wrote:
> Does anyone on the list have any comments about portable

> air conditioners for an almost cool room 

 At a previous job, the home office had a closet cum server
room.
They had stuck a Maytag brand portable AC in there.  It had been
running fine for years and years when I left.  Probably wasn't
the
most efficient solution, but it worked.

 One nice thing about the Maytag model was that it evaporated
the
condensation drip into the hot air exhaust, so there was no need
for a
separate drain.  We had another client buy a different brand,
and it
had a condensation reservoir which would fill up after a couple
of
hours.  It needed an additional pump and drain line to run
unattended.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog!
~
~   ~



 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Land Attack

[Richard Stovall]

Yeah, I figured so as well.  I remember the thread about the SPF
records.

-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com] 
Sent: Friday, October 02, 2009 4:48 PM
To: NT System Admin Issues
Subject: Re: Land Attack

On Fri, Oct 2, 2009 at 4:16 PM, Richard Stovall
 wrote:
> Are you having any mail-related trouble at all?

  I'm pretty sure the SPF record thing is a red herring.He had SPF
records before, too; he just changed them recently.  :)

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: OT: Portable AC unit for small closet

[Micheal Espinola Jr]

That's just gross.  Im really surprised at you Ben.  ;-)

--
ME2


On Fri, Oct 2, 2009 at 4:54 PM, Ben Scott  wrote:

> On Fri, Oct 2, 2009 at 4:41 PM, Bill Songstad  wrote:
> > Does anyone on the list have any comments about portable
> > air conditioners for an almost cool room 
>
>  At a previous job, the home office had a closet cum server room.
> They had stuck a Maytag brand portable AC in there.  It had been
> running fine for years and years when I left.  Probably wasn't the
> most efficient solution, but it worked.
>
>  One nice thing about the Maytag model was that it evaporated the
> condensation drip into the hot air exhaust, so there was no need for a
> separate drain.  We had another client buy a different brand, and it
> had a condensation reservoir which would fill up after a couple of
> hours.  It needed an additional pump and drain line to run unattended.
>
> -- Ben
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: OT: Portable AC unit for small closet

[Ben Scott]

On Fri, Oct 2, 2009 at 4:41 PM, Bill Songstad  wrote:
> Does anyone on the list have any comments about portable
> air conditioners for an almost cool room 

  At a previous job, the home office had a closet cum server room.
They had stuck a Maytag brand portable AC in there.  It had been
running fine for years and years when I left.  Probably wasn't the
most efficient solution, but it worked.

  One nice thing about the Maytag model was that it evaporated the
condensation drip into the hot air exhaust, so there was no need for a
separate drain.  We had another client buy a different brand, and it
had a condensation reservoir which would fill up after a couple of
hours.  It needed an additional pump and drain line to run unattended.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Audit Policies

[Andy Ognenoff]

I'm trying to figure out a way to use a batch/reg/script to set local Audit
Policies (Local Security Policy > Audit Policy) for machines not connected
to a domain.  

For my main network, I obviously use group policy but I'm trying to whip
something up to run on hundreds of POS terminals so I don't have to rely on
an individual following a bunch of manual steps.  

Anyone know what registry keys/config gets affected by setting those
policies?  I tried using ProcMon to capture it but was unsuccessful.

TIA!

 - Andy O.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: VMware View

[Craig Gauss]

Yeah that is one thing the VM best practices guide showed.  
 
Even with blank ones ours seem to lag if they are sitting there for a
long time on the screen saver
 

Craig Gauss,  Technical Supervisor/Security Officer
Riverview Hospital Association



 



From: Don Ely [mailto:don@gmail.com] 
Sent: Friday, October 02, 2009 3:35 PM
To: NT System Admin Issues
Subject: Re: VMware View


Screen savers in VM's are bad...  Eat processors...  Set them to blank


On Fri, Oct 2, 2009 at 1:31 PM, Craig Gauss 
wrote:


We have had some reports of "slow performance."  I was wondering
about the RAM our consultant had us set them at 512 but that seems low
to me.  Especially with VMs because they will only use it when it needs
it.  
 
Haha, dont think it is just your users.  Ours complain about
some things like that as well.
 
I did shut off the page file on one and it sure seems to come
back from the screen saver a lot quicker.
 

Craig Gauss,  Technical Supervisor/Security Officer
Riverview Hospital Association



 



From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: Friday, October 02, 2009 3:03 PM
To: NT System Admin Issues
Subject: Re: VMware View


Give 'em as much memory as possible. Our database apps
(especially those that have a lot of screen redrawing for long lists of
numbers) run at a crawl without 4GB of RAM, even though they are only XP
32-bit machines. Don't know whether it is just our thin clients or not,
but don't expect the performance of animated mouse pointers and the like
to be up to much (probably only our users would complain about such a
thing, however). If you are going to be using multiple screens, we have
found SplitView to be very handy.


2009/10/2 Craig Gauss 


Just looking to see if anyone else out there is running
View and if they
have come up with any sort of best practices when it
comes to Windows
workstations.  We followed Vmware's best practice guide
but I am
wondering if anyone else has found some good things that
worked for
them.  I did read on one forum that some users have
found it better to
set the VMs with no page file.

Anyone?

~ Finally, powerful endpoint security that ISN'T a
resource hog! ~
~
  ~






-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you
put into the machine wrong figures, will the right answers come out?' I
am not able rightly to apprehend the kind of confusion of ideas that
could provoke such a question."

http://raythestray.blogspot.com
 


 


 



 


 










 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Security Log/Event Viewer wierdness

[Christopher]

Ben nailed it..

As far as I can tell, the "setup security" template (default security
settings)  was the culprit.  I remembred that I initially applied the wrong
version of my security template to a couple of the systems, so I rolled it
back to the "setup security" template, then re applied the correct
template.  Somewhere in between all that, my account got explicitly defined
on the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security
key (as well as SYSTEM) with full control, instead of the "Administrators"
group.

I'm assuming it's the "setup security" template that caused it, as I was the
one logged in when that template was applied.  I don't see any other way it
would have picked my account to have permissions, it's not even the built in
administrator account or anything.

Thanks everyone, especially Ben!

On Thu, Oct 1, 2009 at 4:58 PM, Ben Scott  wrote:

> On Thu, Oct 1, 2009 at 3:42 PM, Christopher  wrote:
> > When the other admin logs in to those same
> > machines and views the Security log - things like the "Source" and
> > "Category" are numbers instead of words.
>
>  We're talking local logon, right?  Not a remote/network logon?
>
>  The EventLog service doesn't actually log the full text of messages.
>  It logs various ID numbers.  Event Viewer then has to go find the
> files contain the text and build what you see.  It does that by
> looking up the sources in the registry, and then reading the files.
> Since it works for one user, that means the files are there.  So that
> leaves permissions on the registry and permissions on the files.
>
>  In the registry, look under:
>
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\
>
>  There's a "Sources" entry.  Each source has a subkey under this key.
>  Each source will define one or more message files in registry entries
> under the source subkey.
>
>  For Event Viewer to work properly, the user needs permission to read
> all of the above registry entries, and all of the files called out by
> those registry entries.
>
> -- Ben
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Portable AC unit for small closet

[Sam Cayze]

I bought 2 (redundancy) from various consumer stores over 3 years.
Around $500 each.  Bought a bunch of flexi hvac tubes and ran the
exhaust far down into the plenum.  (Ask your building first!)
 
They've been running 24/7 since then, no issues.  (Although the
condenser is not engaged 24/7).
 
Sam



From: Bill Songstad [mailto:bsongs...@gmail.com] 
Sent: Friday, October 02, 2009 3:42 PM
To: NT System Admin Issues
Subject: OT: Portable AC unit for small closet


I have a server closet that is creeping into the 80s so I thought a
little AC unit might do the trick.  I've heard that there are two
flavors of portable AC units for small areas like this.  Basically a
home user version that breaks if you run it 24/7 and a commercial
version that can run 24/7 that costs a couple hundred dollars more.
Does anyone on the list have any comments about portable air
conditioners for an almost cool room about 70 sq feet.  Any models to
look for or stay away from?  
 
Thanks for any input,
 
-Bill

 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Land Attack

[Ben Scott]

On Fri, Oct 2, 2009 at 4:16 PM, Richard Stovall
 wrote:
> Are you having any mail-related trouble at all?

  I'm pretty sure the SPF record thing is a red herring.He had SPF
records before, too; he just changed them recently.  :)

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

OT: Portable AC unit for small closet

[Bill Songstad]

I have a server closet that is creeping into the 80s so I thought a little
AC unit might do the trick.  I've heard that there are two flavors of
portable AC units for small areas like this.  Basically a home user version
that breaks if you run it 24/7 and a commercial version that can run 24/7
that costs a couple hundred dollars more.  Does anyone on the list have any
comments about portable air conditioners for an almost cool room about 70 sq
feet.  Any models to look for or stay away from?

Thanks for any input,

-Bill

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Access to server share

[Micheal Espinola Jr]

OSX and higher will integrate with AD.

There are also utils ($) that will give you more granular Mac security
control via AD GPO.

--
ME2


On Fri, Oct 2, 2009 at 12:49 PM, Don Ely  wrote:

> Most newer Mac OS's will integrate with AD
>
> On 10/2/09, jesse-r...@wi.rr.com  wrote:
> > Yeah, I did that, and it works...  I'm guesing thats the solution I am
> > going with.
> >
> > The issue is, I have several PCs that are not part of my 2003 Domain.
>  They
> > are part of an older pseudo NT4 domain (it emulates a PDC) that is hosted
> > by a Mac Server.  Unfortunately, I don't think the Mac Server can
> establish
> > a proper domain trust with my 2003 Domain. The Mac OS doesn't have that
> > abiltiy as far as I know.
> > JR
> >
> > Original Message:
> > -
> > From:  asbz...@gmail.com
> > Date: Fri, 2 Oct 2009 15:30:58 +
> > To: ntsysadmin@lyris.sunbelt-software.com
> > Subject: Re: Access to server share
> >
> >
> > And almost no-one will recommend null session shares to a DC.
> >
> > Other viable options include creating an account in the domain that
> matches
> > the credentials of the workstation logon in order to facilitate
> passthrough
> > authentication.
> >
> > --Original Message--
> > From: Ben Scott
> > To: NT Issues
> > ReplyTo: NT Issues
> > Subject: Re: Access to server share
> > Sent: Oct 2, 2009 11:24 AM
> >
> > On Fri, Oct 2, 2009 at 11:07 AM, jesse-r...@wi.rr.com
> >  wrote:
> >> It was my understanding, since the Share and NTFS perms have "Everyone"
> >> included, shouldn't non-domain machines be able to access this share
> >> without providing credentials?
> >
> >   "Everyone" is a group, not a user.  Sessions are authenticated to
> > users, not groups.  So until and unless you authenticate as *some*
> > user, you're not a member of the "Everyone" group.
> >
> >   As ASB says, you can add that share to the list of null session
> > shares, and then you can connect without authenticating first.
> >
> > -- Ben
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> > ~   ~
> >
> >
> > Sent from my Verizon Wireless BlackBerry
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> > ~   ~
> >
> > 
> > mail2web.com - Microsoft® Exchange solutions from a leading provider -
> > http://link.mail2web.com/Business/Exchange
> >
> >
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> > ~   ~
> >
> >
>
> --
> Sent from my mobile device
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: VMware View

[Don Ely]

Screen savers in VM's are bad...  Eat processors...  Set them to blank

On Fri, Oct 2, 2009 at 1:31 PM, Craig Gauss wrote:

>  We have had some reports of "slow performance."  I was wondering about
> the RAM our consultant had us set them at 512 but that seems low to me.
> Especially with VMs because they will only use it when it needs it.
>
> Haha, dont think it is just your users.  Ours complain about some things
> like that as well.
>
> I did shut off the page file on one and it sure seems to come back from the
> screen saver a lot quicker.
>
>
> Craig Gauss,  Technical Supervisor/Security Officer
> Riverview Hospital Association
>
>
>
>  --
> *From:* James Rankin [mailto:kz2...@googlemail.com]
> *Sent:* Friday, October 02, 2009 3:03 PM
> *To:* NT System Admin Issues
> *Subject:* Re: VMware View
>
>   Give 'em as much memory as possible. Our database apps (especially those
> that have a lot of screen redrawing for long lists of numbers) run at a
> crawl without 4GB of RAM, even though they are only XP 32-bit machines.
> Don't know whether it is just our thin clients or not, but don't expect the
> performance of animated mouse pointers and the like to be up to much
> (probably only our users would complain about such a thing, however). If you
> are going to be using multiple screens, we have found SplitView to be very
> handy.
>
> 2009/10/2 Craig Gauss 
>
>> Just looking to see if anyone else out there is running View and if they
>> have come up with any sort of best practices when it comes to Windows
>> workstations.  We followed Vmware's best practice guide but I am
>> wondering if anyone else has found some good things that worked for
>> them.  I did read on one forum that some users have found it better to
>> set the VMs with no page file.
>>
>> Anyone?
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>>
>
>
> --
> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
> the machine wrong figures, will the right answers come out?' I am not able
> rightly to apprehend the kind of confusion of ideas that could provoke such
> a question."
>
> http://raythestray.blogspot.com
>
>
>
>
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Internet Routing Issues

[David Mazzaccaro]

All good here in CT
 



From: asbz...@gmail.com [mailto:asbz...@gmail.com] 
Sent: Friday, October 02, 2009 4:22 PM
To: NT System Admin Issues
Subject: Re: Internet Routing Issues


We're fine in NJ, so far. 


Sent from my Verizon Wireless BlackBerry



From: "Carol Fee" 
Date: Fri, 2 Oct 2009 15:24:40 -0400
To: NT System Admin Issues
Subject: Internet Routing Issues


There seem to be some issues with Internet routing from the Boston area.
We die in New York.  Anyone else ?
 
 


Carol Fee
Network Administrator
617-338-0623
c...@massbar.org
 

 

  
   Massachusetts Bar Association
   20 West Street
   Boston, MA 02111-1204
   (617) 338-0500
 

 

 

 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~<>

RE: VMware View

[Craig Gauss]

We have had some reports of "slow performance."  I was wondering about
the RAM our consultant had us set them at 512 but that seems low to me.
Especially with VMs because they will only use it when it needs it.  
 
Haha, dont think it is just your users.  Ours complain about some things
like that as well.
 
I did shut off the page file on one and it sure seems to come back from
the screen saver a lot quicker.
 

Craig Gauss,  Technical Supervisor/Security Officer
Riverview Hospital Association



 



From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: Friday, October 02, 2009 3:03 PM
To: NT System Admin Issues
Subject: Re: VMware View


Give 'em as much memory as possible. Our database apps (especially those
that have a lot of screen redrawing for long lists of numbers) run at a
crawl without 4GB of RAM, even though they are only XP 32-bit machines.
Don't know whether it is just our thin clients or not, but don't expect
the performance of animated mouse pointers and the like to be up to much
(probably only our users would complain about such a thing, however). If
you are going to be using multiple screens, we have found SplitView to
be very handy.


2009/10/2 Craig Gauss 


Just looking to see if anyone else out there is running View and
if they
have come up with any sort of best practices when it comes to
Windows
workstations.  We followed Vmware's best practice guide but I am
wondering if anyone else has found some good things that worked
for
them.  I did read on one forum that some users have found it
better to
set the VMs with no page file.

Anyone?

~ Finally, powerful endpoint security that ISN'T a resource hog!
~
~   ~






-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put
into the machine wrong figures, will the right answers come out?' I am
not able rightly to apprehend the kind of confusion of ideas that could
provoke such a question."

http://raythestray.blogspot.com


 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: MSE is released...

[Peter van Houten]

For the Mozilla-heads here, there is a wonderful extension which I use
in both Thunderbird and Firefox. Highlight and right-click (context menu
editable) text and it will take you to the URL (or parts thereof)
you have highlighted. Uses wildcards and will attempt to "repair" broken
links:

http://email.about.com/od/thunderbirdextensions/gr/url_link.htm

--
Peter van Houten

On Fri, Oct 2, 2009 at 2:01 PM, Angus Scott-Fleming 
 wrote:



On 30 Sep 2009 at 11:17, Stu Sjouwerman wrote:


Understood. But that has one drawback, which is that you do not
check emails for known bad URLs which are usually phishing
attempts and use social engineering. For savvy people like us, no
worries, but for consumers and/or clueless end-users, this is an
extra layer or protection that can prevent bad infections.


Good point. I see so few messages like this due to my spam filters I
tend to forget most l-users are phishable.

Pegasus Mail (the mail client I use and install at client shops if
possible) has a feature I've not seen in other mail clients: in an
HTML message if the displayed URL is different from the underlying
URL (e.g. the message shows "https://secure.yourbanksname.com/"; but
the actual link is something like "http://bogus.server.in.ru/";) the
cursor changes from the default finger-hand (indicating a clickable
link) to a red circle-with-a-slash indicating that you should not
click this link. Nothing very difficult to code, and it's a nice
safety feature that goes along with other Pegasus Mail safety
features like no-scripting-in-email and
don't-download-remote-images.

For "Click Here" links, it displays the underlying URL in the status
bar and tooltip -- not as bullet- and idiot-proof, but still much
better than OL or OE.

--
Angus Scott-Fleming
GeoApps, Tucson, Arizona
1-520-290-5038
+---+


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Land Attack

[Richard Stovall]

Are you having any mail-related trouble at all?

 

From: David W. McSpadden [mailto:dav...@imcu.com] 
Sent: Friday, October 02, 2009 3:14 PM
To: NT System Admin Issues
Subject: Re: Land Attack

 

No.  We do about 350K logged entries a day on the syslog of the ASA
these are only 200 of that.  A very small %.  Just something new I
hadn't seen before.

 

From: Richard Stovall   

Sent: Friday, October 02, 2009 2:42 PM

To: NT System Admin Issues
  

Subject: RE: Land Attack

 

I don't recall ever hearing of a Land Attack before, but one of the
chief characteristics is that it spoofs the source as the same as the
destination.  Unless your ASA really is hammering itself with packets,
that's why the source and destination are the same.

 

http://en.wikipedia.org/wiki/LAND_attack

 

Are you having performance, DOS issues because of this?

 

From: David W. McSpadden [mailto:dav...@imcu.com] 
Sent: Friday, October 02, 2009 2:36 PM
To: NT System Admin Issues
Subject: Re: Land Attack

 

Yes.

ASA says Deny ip due to Land Attack from xx1.xx1.xx1.xx1 to
xx1.xx1.xx1.xx1

 

From: Richard Stovall   

Sent: Friday, October 02, 2009 2:31 PM

To: NT System Admin Issues
  

Subject: RE: Land Attack

 

Being detected by your perimeter firewall?

 

From: David W. McSpadden [mailto:dav...@imcu.com] 
Sent: Friday, October 02, 2009 2:27 PM
To: NT System Admin Issues
Subject: Land Attack

 

I have been getting a Land Attack from myself???

This started as soon as I set up my SPF record for email???

Any ideas???

 

 

 

 

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Internet Routing Issues

[asbzone]

We're fine in NJ, so far. 

Sent from my Verizon Wireless BlackBerry

-Original Message-
From: "Carol Fee" 

Date: Fri, 2 Oct 2009 15:24:40 
To: NT System Admin Issues
Subject: Internet Routing Issues


There seem to be some issues with Internet routing from the Boston area.
We die in New York.  Anyone else ?
 
 


Carol Fee
Network Administrator
617-338-0623
c...@massbar.org
 

 

  
   Massachusetts Bar Association
   20 West Street
   Boston, MA 02111-1204
   (617) 338-0500
 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~<>

RE: Deleting printer from XP

[Richard Stovall]

Were these available to all users, or were they added user by user.  If
the former, maybe they were added using the global add (/ga) parameter
of printui.dll  and you can get rid of them with the global delete
parameter (/gd).

 

rundll32 printui.dll PrintUIEntry /gd /n\\machine\printer

 

http://www.microsoft.com/windowsserver2003/techinfo/overview/printuidll.
mspx

 

 

 

From: N Parr [mailto:npar...@mortonind.com] 
Sent: Friday, October 02, 2009 3:15 PM
To: NT System Admin Issues
Subject: RE: Deleting printer from XP

 

manually, browse, connect/install

 



From: Devin Meade [mailto:devin.me...@gmail.com] 
Sent: Friday, October 02, 2009 2:11 PM
To: NT System Admin Issues
Subject: Re: Deleting printer from XP

Were they deployed via Group Policy?  If so, you will get an "access
denied" message when you try to delete it.

On Fri, Oct 2, 2009 at 1:09 PM, N Parr  wrote:

I have a couple XP SP3 workstations that can't delete any printers that
are installed and shared on other computers.  Anyone ever run in to
this?  It has to be something on the workstation side because some of
the printers are installed on other XP workstations and 2000/2003
servers and I can't delete any of them.  But I can just fine from other
workstations.  Bouncing the spooler, rebooting doesn't help.  I can't
find anything helpful googling because the search terms fit so many
problems.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~





 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Internet Routing Issues

[Adam Greene]

This just in from an outages list I'm subscribed to: 


We just opened a ticket with Verizon and were informed of outages for Verizon on East Coast.

-Original Message-
From: outages-boun...@outages.org [mailto:outages-boun...@outages.org] On Behalf Of Joseph Jackson
Sent: Friday, October 02, 2009 3:46 PM
To: outa...@outages.org
Subject: [outages] Verizon west coast outage?

Anyone seeing packet loss going through .so-6-0-0.xt1.lax7.alter.net for hosts on Verizon but on the East Coast dying?  

Have a prefix that isn't available if data comes into Verizon on the west coast only.


Joseph


___
outages mailing list
outa...@outages.org
https://puck.nether.net/mailman/listinfo/outages
___






On 10/2/2009 4:04 PM, Adam Greene wrote:

  
We're an ISP in New York and since 3:20pm have been receiving some
calls from customers with unusual connectivity issues. So far we have
not been able to isolate anything on our network, which also suggests
an issue out on the Internet somewhere. 
  
I don't see our route announcements bouncing out there ...
  
A few minutes ago, customers reported things working again. It would be
interesting to know if your issues have also gone away in the last few
minutes.
  
Adam
  
Webjogger Internet Services
ASN 20208
  
  
On 10/2/2009 3:24 PM, Carol Fee wrote:
  


There
seem to be some issues with Internet routing from the Boston area.  We
die in New York.  Anyone else ?
 

 




Carol
Fee
Network
Administrator
617-338-0623
c...@massbar.org
 


 
  
Massachusetts Bar Association
   20
West Street
  
Boston, MA 02111-1204
   (617) 338-0500

 
 
 
 
  
  



 

 

Re: Internet Routing Issues

[Adam Greene]

We're an ISP in New York and since 3:20pm have been receiving some
calls from customers with unusual connectivity issues. So far we have
not been able to isolate anything on our network, which also suggests
an issue out on the Internet somewhere. 

I don't see our route announcements bouncing out there ...

A few minutes ago, customers reported things working again. It would be
interesting to know if your issues have also gone away in the last few
minutes.

Adam

Webjogger Internet Services
ASN 20208


On 10/2/2009 3:24 PM, Carol Fee wrote:

  
  
  There
seem to be some issues with Internet routing from the Boston area.  We
die in New York.  Anyone else ?
   
  
   
  
  
  
  
  Carol
Fee
  Network
Administrator
  617-338-0623
  c...@massbar.org
   
  
  
 
    
Massachusetts Bar Association
     20
West Street
    
Boston, MA 02111-1204
   (617) 338-0500
  
   
   
   
   



 

 

Re: VMware View

[James Rankin]

Give 'em as much memory as possible. Our database apps (especially those
that have a lot of screen redrawing for long lists of numbers) run at a
crawl without 4GB of RAM, even though they are only XP 32-bit machines.
Don't know whether it is just our thin clients or not, but don't expect the
performance of animated mouse pointers and the like to be up to much
(probably only our users would complain about such a thing, however). If you
are going to be using multiple screens, we have found SplitView to be very
handy.

2009/10/2 Craig Gauss 

> Just looking to see if anyone else out there is running View and if they
> have come up with any sort of best practices when it comes to Windows
> workstations.  We followed Vmware's best practice guide but I am
> wondering if anyone else has found some good things that worked for
> them.  I did read on one forum that some users have found it better to
> set the VMs with no page file.
>
> Anyone?
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>


-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question."

http://raythestray.blogspot.com

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Internet Routing Issues

[Phillip Partipilo]

Some issues with Verizon it looks like
http://www.internetpulse.com/Main.aspx?Metric=PL
 
 
Phillip Partipilo
Parametric Solutions Inc.
Jupiter, Florida
(561) 747-6107
 
 
 

  _  

From: Carol Fee [mailto:c...@massbar.org] 
Sent: Friday, October 02, 2009 3:25 PM
To: NT System Admin Issues
Subject: Internet Routing Issues


There seem to be some issues with Internet routing from the Boston area.  We
die in New York.  Anyone else ?
 
 
  _  

Carol Fee
Network Administrator
617-338-0623
c...@massbar.org
 



  
   Massachusetts Bar Association
   20 West Street
   Boston, MA 02111-1204
   (617) 338-0500
 

 


 


  _  

If this email is spam, report it here:
http://www.OnlyMyEmail.com/ReportSpam
  
THIS ELECTRONIC MESSAGE AND ANY ATTACHMENTS ARE CONFIDENTIAL AND PROPRIETARY
PROPERTY OF THE SENDER. THE INFORMATION IS INTENDED FOR USE BY THE ADDRESSEE
ONLY. ANY OTHER INTERCEPTION, COPYING, ACCESSING, OR DISCLOSURE OF THIS
MESSAGE IS PROHIBITED. IF YOU HAVE RECEIVED THIS MESSAGE IN ERROR, PLEASE
IMMEDIATELY NOTIFY THE SENDER AND DELETE THIS MAIL AND ALL ATTACHMENTS. DO
NOT FORWARD THIS MESSAGE WITHOUT PERMISSION OF THE SENDER. 



THIS ELECTRONIC MESSAGE AND ANY ATTACHMENTS ARE CONFIDENTIAL
AND PROPRIETARY PROPERTY OF THE SENDER. THE INFORMATION IS 
INTENDED FOR USE BY THE ADDRESSEE ONLY. ANY OTHER INTERCEPTION,
COPYING, ACCESSING, OR DISCLOSURE OF THIS MESSAGE IS PROHIBITED.
IF YOU HAVE RECEIVED THIS MESSAGE IN ERROR, PLEASE IMMEDIATELY
NOTIFY THE SENDER AND DELETE THIS MAIL AND ALL ATTACHMENTS. DO NOT
FORWARD THIS MESSAGE WITHOUT PERMISSION OF THE SENDER. 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~<>

Internet Routing Issues

[Carol Fee]

There seem to be some issues with Internet routing from the Boston area.
We die in New York.  Anyone else ?
 
 


Carol Fee
Network Administrator
617-338-0623
c...@massbar.org
 

 

  
   Massachusetts Bar Association
   20 West Street
   Boston, MA 02111-1204
   (617) 338-0500
 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~<>

Re: Seizing roles in a parent/child domain

[Michael Leone]

On Fri, Oct 2, 2009 at 1:34 PM, Brian Desmond  wrote:
> Hi-
>
> I'd expect this is a replication issue. You may want to create manual 
> connection objects temporarily and force replication.

Ah ha! I had also come to that conclusion, and that is what I am doing
now. Actually, what I am doing is creating manual connections in my
production domain. And then I will blow away the testing copies of the
virtual DCs I made to test with, and re-create them from the virtual
DCs all over again. They should then have the connections already
defined, so that wehn I seize the roles, it should all just go smooth.

See, this is good. It helps to point out weak areas in our AD config.
And it helps to know that we can recover in a D/R scenario. I did it
this way once, a couple years back, but that was on a single
site/single domain configuration.

Thanks everyone. I'll post more, when I can get back to it (probably Monday)

>
> Thanks,
> Brian Desmond
> br...@briandesmond.com
>
> c - 312.731.3132
>
> Active Directory, 4th Ed - http://www.briandesmond.com/ad4/
> Microsoft MVP - https://mvp.support.microsoft.com/profile/Brian
>
>
> -Original Message-
> From: Michael Leone [mailto:oozerd...@gmail.com]
> Sent: Friday, October 02, 2009 12:00 PM
> To: NT System Admin Issues
> Subject: Re: Seizing roles in a parent/child domain
>
> On Fri, Oct 2, 2009 at 12:35 PM, Free, Bob  wrote:
>> Hence the "if at all possible" in my query :-)
>
> Here's the problem I am getting now, tho ...
>
> The parent DC seized all the roles, and seems OK about it ...
>
> Server "admnrdc004" knows about 5 roles
> Schema - CN=NTDS Settings,CN=ADMNRDC004
> Domain - CN=NTDS Settings,CN=ADMNRDC004
> PDC - CN=NTDS Settings,CN=ADMNRDC004
> RID - CN=NTDS Settings,CN=ADMNRDC004
> Infrastructure - CN=NTDS Settings,CN=ADMNRDC004
>
>
> The child is *not* happy, in the least 
>
> Server "ADMNWDC003" knows about 5 roles
> Schema - CN=NTDS Settings,CN=ADMNRDC001
> Domain - CN=NTDS Settings,CN=ADMNRDC001
> PDC - CN=NTDS Settings,CN=ADMNWDC003
> RID - CN=NTDS Settings,CN=ADMNWDC003
> Infrastructure - CN=NTDS Settings,CN=ADMNWDC003
>
> So it still seems to want to talk to RDC001 in the parent domain, which 
> doesn't exist anymore. Seems like RDC004 didn't go and tell
> WDC003 that it was seizing all roles.
>
> How to resolve this? I thought to initiate a replicate from RDC004, but it 
> doesn't know that WDC003 is an inbound neighbor,  It does know that it is an 
> outbound neighbor, tho ...
>
>  OUTBOUND NEIGHBORS FOR CHANGE NOTIFICATIONS 
>    WilsonPark\ADMNWDC003 via RPC
>        objectGuid: 34a3f66b-148d-4336-bc47-9cf94b7edbff
>
> The child shows this, for "repadmin /showreps" (edited)
>
>    WilsonPark\ADMNRDC004 via RPC
>        objectGuid: fce67ece-48f8-4ed5-8165-92887f332c23
>        Last attempt @ 2009-10-02 12:49.03 failed, result 1908:
>            Could not find the domain controller for this domain.
>        Last success @ 2009-09-29 15:42.46.
>        99 consecutive failure(s).
>
>
> Now I am really confused  can you shed any light?
>
> Thanks
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Deleting printer from XP

[N Parr]

manually, browse, connect/install



From: Devin Meade [mailto:devin.me...@gmail.com] 
Sent: Friday, October 02, 2009 2:11 PM
To: NT System Admin Issues
Subject: Re: Deleting printer from XP


Were they deployed via Group Policy?  If so, you will get an "access
denied" message when you try to delete it.


On Fri, Oct 2, 2009 at 1:09 PM, N Parr  wrote:


I have a couple XP SP3 workstations that can't delete any
printers that
are installed and shared on other computers.  Anyone ever run in
to
this?  It has to be something on the workstation side because
some of
the printers are installed on other XP workstations and
2000/2003
servers and I can't delete any of them.  But I can just fine
from other
workstations.  Bouncing the spooler, rebooting doesn't help.  I
can't
find anything helpful googling because the search terms fit so
many
problems.

~ Finally, powerful endpoint security that ISN'T a resource hog!
~
~   ~







 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Land Attack

[David W. McSpadden]

No.  We do about 350K logged entries a day on the syslog of the ASA these are 
only 200 of that.  A very small %.  Just something new I hadn't seen before.


From: Richard Stovall 
Sent: Friday, October 02, 2009 2:42 PM
To: NT System Admin Issues 
Subject: RE: Land Attack


I don't recall ever hearing of a Land Attack before, but one of the chief 
characteristics is that it spoofs the source as the same as the destination.  
Unless your ASA really is hammering itself with packets, that's why the source 
and destination are the same.

 

http://en.wikipedia.org/wiki/LAND_attack

 

Are you having performance, DOS issues because of this?

 

From: David W. McSpadden [mailto:dav...@imcu.com] 
Sent: Friday, October 02, 2009 2:36 PM
To: NT System Admin Issues
Subject: Re: Land Attack

 

Yes.

ASA says Deny ip due to Land Attack from xx1.xx1.xx1.xx1 to xx1.xx1.xx1.xx1

 

From: Richard Stovall 

Sent: Friday, October 02, 2009 2:31 PM

To: NT System Admin Issues 

Subject: RE: Land Attack

 

Being detected by your perimeter firewall?

 

From: David W. McSpadden [mailto:dav...@imcu.com] 
Sent: Friday, October 02, 2009 2:27 PM
To: NT System Admin Issues
Subject: Land Attack

 

I have been getting a Land Attack from myself???

This started as soon as I set up my SPF record for email???

Any ideas???

 

  

  

 


 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Deleting printer from XP

[N Parr]

Yes, bounced and rebooted and I said originally. 

-Original Message-
From: Terry Dickson [mailto:te...@treasurer.state.ks.us] 
Sent: Friday, October 02, 2009 2:08 PM
To: NT System Admin Issues
Subject: RE: Deleting printer from XP

Did you make sure the Print Spooler is running on those computers?

-Original Message-
From: N Parr [mailto:npar...@mortonind.com]
Sent: Friday, October 02, 2009 1:09 PM
To: NT System Admin Issues
Subject: Deleting printer from XP

I have a couple XP SP3 workstations that can't delete any printers that
are installed and shared on other computers.  Anyone ever run in to
this?  It has to be something on the workstation side because some of
the printers are installed on other XP workstations and 2000/2003
servers and I can't delete any of them.  But I can just fine from other
workstations.  Bouncing the spooler, rebooting doesn't help.  I can't
find anything helpful googling because the search terms fit so many
problems.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Deleting printer from XP

[Devin Meade]

Were they deployed via Group Policy?  If so, you will get an "access denied"
message when you try to delete it.

On Fri, Oct 2, 2009 at 1:09 PM, N Parr  wrote:

> I have a couple XP SP3 workstations that can't delete any printers that
> are installed and shared on other computers.  Anyone ever run in to
> this?  It has to be something on the workstation side because some of
> the printers are installed on other XP workstations and 2000/2003
> servers and I can't delete any of them.  But I can just fine from other
> workstations.  Bouncing the spooler, rebooting doesn't help.  I can't
> find anything helpful googling because the search terms fit so many
> problems.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Deleting printer from XP

[Terry Dickson]

Did you make sure the Print Spooler is running on those computers?

-Original Message-
From: N Parr [mailto:npar...@mortonind.com] 
Sent: Friday, October 02, 2009 1:09 PM
To: NT System Admin Issues
Subject: Deleting printer from XP

I have a couple XP SP3 workstations that can't delete any printers that
are installed and shared on other computers.  Anyone ever run in to
this?  It has to be something on the workstation side because some of
the printers are installed on other XP workstations and 2000/2003
servers and I can't delete any of them.  But I can just fine from other
workstations.  Bouncing the spooler, rebooting doesn't help.  I can't
find anything helpful googling because the search terms fit so many
problems.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: 2003 DNS Cached Lookups

[Richard Stovall]

You guys are using OpenDNS for your forwarders, right?  Can you pull
reports from there?

I don't know of a way to dump the cache to text.  If you do find a way
please pass it along.

-Original Message-
From: Fred Sawyer [mailto:fr...@sunbelt-software.com] 
Sent: Friday, October 02, 2009 2:33 PM
To: NT System Admin Issues
Subject: 2003 DNS Cached Lookups

Does anyone know of a quick and dirty way to export all cached entries
in detail to a text file from a 2003 DNS server?  

The standard right click and export does not export all of the
information I need to gather.  So far I am not having any luck with
command line tools.

In advance thank you for any advice offered.

Fred

..
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Vista, 7, etc method of determining if a network connection has "Internet Access"

[Richard Stovall]

I found the NCSI link below after I disabled the "Link-Layer Topology
Discovery Mapper I/O Driver" on the appropriate NIC.  I decided to wait
and see if that fixed the original problem before re-enabling it and
making any other changes such as whitelisting the appropriate URIs or
adopting the registry change suggested in the MS article.  So far, the
problem has not re-occurred and the users are DHCP once again with
filtering enabled.  I'll post a wrapup sometime next week when I've got
more information.

 

From: Angus Scott-Fleming [mailto:angu...@geoapps.com] 
Sent: Friday, October 02, 2009 2:28 PM
To: NT System Admin Issues
Subject: Re: Vista, 7, etc method of determining if a network connection
has "Internet Access"

 

On 29 Sep 2009 at 14:02, Richard Stovall  wrote:

 

> I think I may have found the phantom "MS URL".

> 

> http://technet.microsoft.com/en-

> us/library/cc766017%28WS.10%29.aspx describes how Vista and above 

> reach out to http://www.msftncsi.com/ncsi.txt

> 

> When I get it all figured out I'll post back to the group...

 

That article describes how to disable the NCSI check.  I'd either try
that OR allow access to www.msftncsi.com and/or dns.msftncsi.com through
the firewall.  

 

 

--

Angus Scott-Fleming

GeoApps, Tucson, Arizona

1-520-895-3270

~!

 

  

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Land Attack

[Richard Stovall]

I don't recall ever hearing of a Land Attack before, but one of the
chief characteristics is that it spoofs the source as the same as the
destination.  Unless your ASA really is hammering itself with packets,
that's why the source and destination are the same.

 

http://en.wikipedia.org/wiki/LAND_attack

 

Are you having performance, DOS issues because of this?

 

From: David W. McSpadden [mailto:dav...@imcu.com] 
Sent: Friday, October 02, 2009 2:36 PM
To: NT System Admin Issues
Subject: Re: Land Attack

 

Yes.

ASA says Deny ip due to Land Attack from xx1.xx1.xx1.xx1 to
xx1.xx1.xx1.xx1

 

From: Richard Stovall   

Sent: Friday, October 02, 2009 2:31 PM

To: NT System Admin Issues
  

Subject: RE: Land Attack

 

Being detected by your perimeter firewall?

 

From: David W. McSpadden [mailto:dav...@imcu.com] 
Sent: Friday, October 02, 2009 2:27 PM
To: NT System Admin Issues
Subject: Land Attack

 

I have been getting a Land Attack from myself???

This started as soon as I set up my SPF record for email???

Any ideas???

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Land Attack

[David W. McSpadden]

Yes.
ASA says Deny ip due to Land Attack from xx1.xx1.xx1.xx1 to xx1.xx1.xx1.xx1


From: Richard Stovall 
Sent: Friday, October 02, 2009 2:31 PM
To: NT System Admin Issues 
Subject: RE: Land Attack


Being detected by your perimeter firewall?

 

From: David W. McSpadden [mailto:dav...@imcu.com] 
Sent: Friday, October 02, 2009 2:27 PM
To: NT System Admin Issues
Subject: Land Attack

 

I have been getting a Land Attack from myself???

This started as soon as I set up my SPF record for email???

Any ideas???

 

 


 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

2003 DNS Cached Lookups

[Fred Sawyer]

Does anyone know of a quick and dirty way to export all cached entries in 
detail to a text file from a 2003 DNS server?  

The standard right click and export does not export all of the information I 
need to gather.  So far I am not having any luck with command line tools.

In advance thank you for any advice offered.

Fred

..
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Land Attack

[Richard Stovall]

Being detected by your perimeter firewall?

 

From: David W. McSpadden [mailto:dav...@imcu.com] 
Sent: Friday, October 02, 2009 2:27 PM
To: NT System Admin Issues
Subject: Land Attack

 

I have been getting a Land Attack from myself???

This started as soon as I set up my SPF record for email???

Any ideas???

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: MSE is released...

[Lee Douglas]

Eudora also alerts you to situations where the displayed url is different
from the underlying url and makes you click a 'proceed anyway' to use
it. Nice safety feature even if it's sometimes a nuisance.

On Fri, Oct 2, 2009 at 2:01 PM, Angus Scott-Fleming wrote:

> On 30 Sep 2009 at 11:17, Stu Sjouwerman  wrote:
>
> > Understood. But that has one drawback, which is that you do not check
> emails
> > for known bad URLs which are usually phishing attempts and use social
> > engineering.  For savvy people like us, no worries, but for consumers
> and/or
> > clueless end-users, this is an extra layer or protection that can prevent
> bad
> > infections.
>
> Good point.  I see so few messages like this due to my spam filters I tend
> to
> forget most l-users are phishable.
>
> Pegasus Mail (the mail client I use and install at client shops if
> possible)
> has a feature I've not seen in other mail clients: in an HTML message if
> the
> displayed URL is different from the underlying URL (e.g. the message shows
> "https://secure.yourbanksname.com/"; but the actual link is something like
> "http://bogus.server.in.ru/";) the cursor changes from the default
> finger-hand
> (indicating a clickable link) to a red circle-with-a-slash indicating that
> you
> should not click this link.  Nothing very difficult to code, and it's a
> nice
> safety feature that goes along with other Pegasus Mail safety features like
> no-
> scripting-in-email and don't-download-remote-images.
>
> For "Click Here" links, it displays the underlying URL in the status bar
> and
> tooltip -- not as bullet- and idiot-proof, but still much better than OL or
> OE.
>
> --
> Angus Scott-Fleming
> GeoApps, Tucson, Arizona
> 1-520-290-5038
> +---+
>
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Vista, 7, etc method of determining if a network connection has "Internet Access"

[Angus Scott-Fleming]

On 29 Sep 2009 at 14:02, Richard Stovall  wrote:

> I think I may have found the phantom "MS URL".
> 
> http://technet.microsoft.com/en-
> us/library/cc766017%28WS.10%29.aspx describes how Vista and above 
> reach out to http://www.msftncsi.com/ncsi.txt
> 
> When I get it all figured out I´ll post back to the group...

That article describes how to disable the NCSI check.  I'd either try that OR 
allow access to www.msftncsi.com and/or dns.msftncsi.com through the firewall.  


--
Angus Scott-Fleming
GeoApps, Tucson, Arizona
1-520-895-3270
~!



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Land Attack

[David W. McSpadden]

I have been getting a Land Attack from myself???
This started as soon as I set up my SPF record for email???
Any ideas???
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Deleting printer from XP

[N Parr]

I have a couple XP SP3 workstations that can't delete any printers that
are installed and shared on other computers.  Anyone ever run in to
this?  It has to be something on the workstation side because some of
the printers are installed on other XP workstations and 2000/2003
servers and I can't delete any of them.  But I can just fine from other
workstations.  Bouncing the spooler, rebooting doesn't help.  I can't
find anything helpful googling because the search terms fit so many
problems.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: MSE is released...

[Angus Scott-Fleming]

On 30 Sep 2009 at 11:17, Stu Sjouwerman  wrote:

> Understood. But that has one drawback, which is that you do not check emails
> for known bad URLs which are usually phishing attempts and use social
> engineering.  For savvy people like us, no worries, but for consumers and/or
> clueless end-users, this is an extra layer or protection that can prevent bad
> infections. 

Good point.  I see so few messages like this due to my spam filters I tend to 
forget most l-users are phishable.

Pegasus Mail (the mail client I use and install at client shops if possible) 
has a feature I've not seen in other mail clients: in an HTML message if the 
displayed URL is different from the underlying URL (e.g. the message shows 
"https://secure.yourbanksname.com/"; but the actual link is something like 
"http://bogus.server.in.ru/";) the cursor changes from the default finger-hand 
(indicating a clickable link) to a red circle-with-a-slash indicating that you 
should not click this link.  Nothing very difficult to code, and it's a nice 
safety feature that goes along with other Pegasus Mail safety features like no-
scripting-in-email and don't-download-remote-images.

For "Click Here" links, it displays the underlying URL in the status bar and 
tooltip -- not as bullet- and idiot-proof, but still much better than OL or OE. 

--
Angus Scott-Fleming
GeoApps, Tucson, Arizona
1-520-290-5038
+---+




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Seizing roles in a parent/child domain

[Brian Desmond]

Hi-

I'd expect this is a replication issue. You may want to create manual 
connection objects temporarily and force replication.

Thanks,
Brian Desmond
br...@briandesmond.com

c - 312.731.3132

Active Directory, 4th Ed - http://www.briandesmond.com/ad4/
Microsoft MVP - https://mvp.support.microsoft.com/profile/Brian


-Original Message-
From: Michael Leone [mailto:oozerd...@gmail.com]
Sent: Friday, October 02, 2009 12:00 PM
To: NT System Admin Issues
Subject: Re: Seizing roles in a parent/child domain

On Fri, Oct 2, 2009 at 12:35 PM, Free, Bob  wrote:
> Hence the "if at all possible" in my query :-)

Here's the problem I am getting now, tho ...

The parent DC seized all the roles, and seems OK about it ...

Server "admnrdc004" knows about 5 roles
Schema - CN=NTDS Settings,CN=ADMNRDC004
Domain - CN=NTDS Settings,CN=ADMNRDC004
PDC - CN=NTDS Settings,CN=ADMNRDC004
RID - CN=NTDS Settings,CN=ADMNRDC004
Infrastructure - CN=NTDS Settings,CN=ADMNRDC004


The child is *not* happy, in the least 

Server "ADMNWDC003" knows about 5 roles
Schema - CN=NTDS Settings,CN=ADMNRDC001
Domain - CN=NTDS Settings,CN=ADMNRDC001
PDC - CN=NTDS Settings,CN=ADMNWDC003
RID - CN=NTDS Settings,CN=ADMNWDC003
Infrastructure - CN=NTDS Settings,CN=ADMNWDC003

So it still seems to want to talk to RDC001 in the parent domain, which doesn't 
exist anymore. Seems like RDC004 didn't go and tell
WDC003 that it was seizing all roles.

How to resolve this? I thought to initiate a replicate from RDC004, but it 
doesn't know that WDC003 is an inbound neighbor,  It does know that it is an 
outbound neighbor, tho ...

 OUTBOUND NEIGHBORS FOR CHANGE NOTIFICATIONS 
WilsonPark\ADMNWDC003 via RPC
objectGuid: 34a3f66b-148d-4336-bc47-9cf94b7edbff

The child shows this, for "repadmin /showreps" (edited)

WilsonPark\ADMNRDC004 via RPC
objectGuid: fce67ece-48f8-4ed5-8165-92887f332c23
Last attempt @ 2009-10-02 12:49.03 failed, result 1908:
Could not find the domain controller for this domain.
Last success @ 2009-09-29 15:42.46.
99 consecutive failure(s).


Now I am really confused  can you shed any light?

Thanks

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Seizing roles in a parent/child domain

[Andrew Levicki]

Hi Bob,
I'm sure you probably know this, but when you do a seize, it always attempts
a transfer first.
Thanks,

Andrew

2009/10/2 Free, Bob 

> Hence the "if at all possible" in my query :-)
>
>
> -Original Message-
> From: Michael Leone [mailto:oozerd...@gmail.com]
> Sent: Friday, October 02, 2009 9:29 AM
> To: NT System Admin Issues
> Subject: Re: Seizing roles in a parent/child domain
>
> On Fri, Oct 2, 2009 at 12:18 PM, Free, Bob  wrote:
> > Correct. I assume you are aware you should always transfer if at all
> > possible vs seize?
>
> Actually, not in this scenario. I have created a virtual domain using
> ESX, and have 1 DC for the parent, and 1 DC for the child, in this
> virtual domain. The DCs are virtual. There are no FSMO role holders to
> transfer from, as the FSMO role holders are all physical servers in my
> production environment.
>
> In effect, I am emulating a D/R situation, where all I have are
> virtual DCs, that hold no roles. I need to seize all roles, so the
> domains become functional. Then I can continue on with my testing,
> etc.
>
> When I'm done and seized all roles, and cleaned out the metadata, I
> should end up with a virtual copy of my parent/child domain config,
> which I can then test upgrading, etc. Like creating a test lab version
> of my production environment.
>
> Yes, I would transfer if I could. :-)
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Seizing roles in a parent/child domain

[Michael Leone]

On Fri, Oct 2, 2009 at 12:35 PM, Free, Bob  wrote:
> Hence the "if at all possible" in my query :-)

Here's the problem I am getting now, tho ...

The parent DC seized all the roles, and seems OK about it ...

Server "admnrdc004" knows about 5 roles
Schema - CN=NTDS Settings,CN=ADMNRDC004
Domain - CN=NTDS Settings,CN=ADMNRDC004
PDC - CN=NTDS Settings,CN=ADMNRDC004
RID - CN=NTDS Settings,CN=ADMNRDC004
Infrastructure - CN=NTDS Settings,CN=ADMNRDC004


The child is *not* happy, in the least 

Server "ADMNWDC003" knows about 5 roles
Schema - CN=NTDS Settings,CN=ADMNRDC001
Domain - CN=NTDS Settings,CN=ADMNRDC001
PDC - CN=NTDS Settings,CN=ADMNWDC003
RID - CN=NTDS Settings,CN=ADMNWDC003
Infrastructure - CN=NTDS Settings,CN=ADMNWDC003

So it still seems to want to talk to RDC001 in the parent domain,
which doesn't exist anymore. Seems like RDC004 didn't go and tell
WDC003 that it was seizing all roles.

How to resolve this? I thought to initiate a replicate from RDC004,
but it doesn't know that WDC003 is an inbound neighbor,  It does know
that it is an outbound neighbor, tho ...

 OUTBOUND NEIGHBORS FOR CHANGE NOTIFICATIONS 
WilsonPark\ADMNWDC003 via RPC
objectGuid: 34a3f66b-148d-4336-bc47-9cf94b7edbff

The child shows this, for "repadmin /showreps" (edited)

WilsonPark\ADMNRDC004 via RPC
objectGuid: fce67ece-48f8-4ed5-8165-92887f332c23
Last attempt @ 2009-10-02 12:49.03 failed, result 1908:
Could not find the domain controller for this domain.
Last success @ 2009-09-29 15:42.46.
99 consecutive failure(s).


Now I am really confused  can you shed any light?

Thanks

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Access to server share

[Don Ely]

Most newer Mac OS's will integrate with AD

On 10/2/09, jesse-r...@wi.rr.com  wrote:
> Yeah, I did that, and it works...  I'm guesing thats the solution I am
> going with.
>
> The issue is, I have several PCs that are not part of my 2003 Domain.  They
> are part of an older pseudo NT4 domain (it emulates a PDC) that is hosted
> by a Mac Server.  Unfortunately, I don't think the Mac Server can establish
> a proper domain trust with my 2003 Domain. The Mac OS doesn't have that
> abiltiy as far as I know.
> JR
>
> Original Message:
> -
> From:  asbz...@gmail.com
> Date: Fri, 2 Oct 2009 15:30:58 +
> To: ntsysadmin@lyris.sunbelt-software.com
> Subject: Re: Access to server share
>
>
> And almost no-one will recommend null session shares to a DC.
>
> Other viable options include creating an account in the domain that matches
> the credentials of the workstation logon in order to facilitate passthrough
> authentication.
>
> --Original Message--
> From: Ben Scott
> To: NT Issues
> ReplyTo: NT Issues
> Subject: Re: Access to server share
> Sent: Oct 2, 2009 11:24 AM
>
> On Fri, Oct 2, 2009 at 11:07 AM, jesse-r...@wi.rr.com
>  wrote:
>> It was my understanding, since the Share and NTFS perms have "Everyone"
>> included, shouldn't non-domain machines be able to access this share
>> without providing credentials?
>
>   "Everyone" is a group, not a user.  Sessions are authenticated to
> users, not groups.  So until and unless you authenticate as *some*
> user, you're not a member of the "Everyone" group.
>
>   As ASB says, you can add that share to the list of null session
> shares, and then you can connect without authenticating first.
>
> -- Ben
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>
> Sent from my Verizon Wireless BlackBerry
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> 
> mail2web.com - Microsoft® Exchange solutions from a leading provider -
> http://link.mail2web.com/Business/Exchange
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>

-- 
Sent from my mobile device

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: krbtgt Account issues

[Free, Bob]

Brian or Ken-

 

Nearly everything I have ever read about changing the krbTGT password
says you should change it twice if you are in a situation where you have
to change it. Would that be pertinent here as well?

 

--bob

 

 

From: Brian Desmond [mailto:br...@briandesmond.com] 
Sent: Thursday, October 01, 2009 7:02 PM
To: NT System Admin Issues
Subject: RE: krbtgt Account issues

 

Well basically something requested AES256 encryption (a Vista+ client)
and there isn't such an encryption type available. That account is
supposed to get its password rotated automatically when you go to DFL3
(WS2008). It would appear as though that did not happen (or have you not
raised your DFL?). 

 

You should just be able to reset the krbtgt password to something of
your choosing and be on your merry way. It's possible you may have boxes
which need to be bounced after this but this shouldn't happen.

 

Thanks,

Brian Desmond

br...@briandesmond.com

 

c - 312.731.3132

 

From: Ken Schaefer [mailto:k...@adopenstatic.com] 
Sent: Thursday, October 01, 2009 8:05 PM
To: NT System Admin Issues
Subject: RE: krbtgt Account issues

 

Hi,

 

You do not need to enable that account. It's only purpose is to provide
a password that can be used to derive certain protections applied to
TGTs.

 

To be honest - I've never seen this error before, and I'm entirely sure
why you're in this situation. After resetting the password, have you
given time for the changes to propagate, and also tried purging the
tickets of the service in question?

 

Cheers

Ken

 

From: Sean Rector [mailto:sean.rec...@vaopera.org] 
Sent: Friday, 2 October 2009 1:21 AM
To: NT System Admin Issues
Subject: krbtgt Account issues

 

I'm getting the event listed below when my BES server tries to do an
LDAP lookup.  The problem is that while I can reset the krbtgt account's
password, it is disabled and cannot be enabled.  The Kerberos Key
Distribution service runs on the System Account.  What's the best method
for clearing this problem?

 

Log Name:  System

Source:Microsoft-Windows-Kerberos-Key-Distribution-Center

Date:  10/1/2009 1:05:51 PM

Event ID:  14

Task Category: None

Level: Error

Keywords:  Classic

User:  N/A

Computer:  VOA-NOR-DC01.vaopera.net

Description:

While processing an AS request for target service krbtgt/VAOPERA.NET,
the account account.adm did not have a suitable key for generating a
Kerberos ticket (the missing key has an ID of 3). The requested etypes :
18. The accounts available etypes : 23  -133  -128  3  -140. Changing or
resetting the password of krbtgt will generate a proper key.

 

Sean Rector, MCSE

 

Information Technology Manager
Virginia Opera Association 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Seizing roles in a parent/child domain

[Free, Bob]

Hence the "if at all possible" in my query :-)


-Original Message-
From: Michael Leone [mailto:oozerd...@gmail.com] 
Sent: Friday, October 02, 2009 9:29 AM
To: NT System Admin Issues
Subject: Re: Seizing roles in a parent/child domain

On Fri, Oct 2, 2009 at 12:18 PM, Free, Bob  wrote:
> Correct. I assume you are aware you should always transfer if at all
> possible vs seize?

Actually, not in this scenario. I have created a virtual domain using
ESX, and have 1 DC for the parent, and 1 DC for the child, in this
virtual domain. The DCs are virtual. There are no FSMO role holders to
transfer from, as the FSMO role holders are all physical servers in my
production environment.

In effect, I am emulating a D/R situation, where all I have are
virtual DCs, that hold no roles. I need to seize all roles, so the
domains become functional. Then I can continue on with my testing,
etc.

When I'm done and seized all roles, and cleaned out the metadata, I
should end up with a virtual copy of my parent/child domain config,
which I can then test upgrading, etc. Like creating a test lab version
of my production environment.

Yes, I would transfer if I could. :-)

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Seizing roles in a parent/child domain

[Michael Leone]

On Fri, Oct 2, 2009 at 12:18 PM, Free, Bob  wrote:
> Correct. I assume you are aware you should always transfer if at all
> possible vs seize?

Actually, not in this scenario. I have created a virtual domain using
ESX, and have 1 DC for the parent, and 1 DC for the child, in this
virtual domain. The DCs are virtual. There are no FSMO role holders to
transfer from, as the FSMO role holders are all physical servers in my
production environment.

In effect, I am emulating a D/R situation, where all I have are
virtual DCs, that hold no roles. I need to seize all roles, so the
domains become functional. Then I can continue on with my testing,
etc.

When I'm done and seized all roles, and cleaned out the metadata, I
should end up with a virtual copy of my parent/child domain config,
which I can then test upgrading, etc. Like creating a test lab version
of my production environment.

Yes, I would transfer if I could. :-)

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Seizing roles in a parent/child domain

[Free, Bob]

Correct. I assume you are aware you should always transfer if at all
possible vs seize?

-Original Message-
From: Michael Leone [mailto:oozerd...@gmail.com] 
Sent: Friday, October 02, 2009 8:55 AM
To: NT System Admin Issues
Subject: Seizing roles in a parent/child domain

During my testing in a virtual parent/child domain structure
(Win2000), I have seized all 5 FSMO roles on my parent DC. All went
well.

On the child DC, I do *not* seize all roles, because 3 of them are
forest-wide, right? Domain naming (owner) and Schema Master are
forest-wide, and so should *not* be seized on a child DC. The others -
PDC, RID, Operations - can all be seized, since they are domain
specific, correct?

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

VMware View

[Craig Gauss]

Just looking to see if anyone else out there is running View and if they
have come up with any sort of best practices when it comes to Windows
workstations.  We followed Vmware's best practice guide but I am
wondering if anyone else has found some good things that worked for
them.  I did read on one forum that some users have found it better to
set the VMs with no page file. 

Anyone?

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Seizing roles in a parent/child domain

[Michael Leone]

During my testing in a virtual parent/child domain structure
(Win2000), I have seized all 5 FSMO roles on my parent DC. All went
well.

On the child DC, I do *not* seize all roles, because 3 of them are
forest-wide, right? Domain naming (owner) and Schema Master are
forest-wide, and so should *not* be seized on a child DC. The others -
PDC, RID, Operations - can all be seized, since they are domain
specific, correct?

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Access to server share

[jesse-r...@wi.rr.com]

Yeah, I did that, and it works...  I'm guesing thats the solution I am
going with.

The issue is, I have several PCs that are not part of my 2003 Domain.  They
are part of an older pseudo NT4 domain (it emulates a PDC) that is hosted
by a Mac Server.  Unfortunately, I don't think the Mac Server can establish
a proper domain trust with my 2003 Domain. The Mac OS doesn't have that
abiltiy as far as I know.
JR

Original Message:
-
From:  asbz...@gmail.com
Date: Fri, 2 Oct 2009 15:30:58 +
To: ntsysadmin@lyris.sunbelt-software.com
Subject: Re: Access to server share


And almost no-one will recommend null session shares to a DC. 

Other viable options include creating an account in the domain that matches
the credentials of the workstation logon in order to facilitate passthrough
authentication. 

--Original Message--
From: Ben Scott
To: NT Issues
ReplyTo: NT Issues
Subject: Re: Access to server share
Sent: Oct 2, 2009 11:24 AM

On Fri, Oct 2, 2009 at 11:07 AM, jesse-r...@wi.rr.com
 wrote:
> It was my understanding, since the Share and NTFS perms have "Everyone"
> included, shouldn't non-domain machines be able to access this share
> without providing credentials?

  "Everyone" is a group, not a user.  Sessions are authenticated to
users, not groups.  So until and unless you authenticate as *some*
user, you're not a member of the "Everyone" group.

  As ASB says, you can add that share to the list of null session
shares, and then you can connect without authenticating first.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


Sent from my Verizon Wireless BlackBerry
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


mail2web.com - Microsoft® Exchange solutions from a leading provider -
http://link.mail2web.com/Business/Exchange



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Access to server share

[asbzone]

And almost no-one will recommend null session shares to a DC. 

Other viable options include creating an account in the domain that matches the 
credentials of the workstation logon in order to facilitate passthrough 
authentication. 

--Original Message--
From: Ben Scott
To: NT Issues
ReplyTo: NT Issues
Subject: Re: Access to server share
Sent: Oct 2, 2009 11:24 AM

On Fri, Oct 2, 2009 at 11:07 AM, jesse-r...@wi.rr.com
 wrote:
> It was my understanding, since the Share and NTFS perms have "Everyone"
> included, shouldn't non-domain machines be able to access this share
> without providing credentials?

  "Everyone" is a group, not a user.  Sessions are authenticated to
users, not groups.  So until and unless you authenticate as *some*
user, you're not a member of the "Everyone" group.

  As ASB says, you can add that share to the list of null session
shares, and then you can connect without authenticating first.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


Sent from my Verizon Wireless BlackBerry
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Access to server share

[Ben Scott]

On Fri, Oct 2, 2009 at 11:07 AM, jesse-r...@wi.rr.com
 wrote:
> It was my understanding, since the Share and NTFS perms have "Everyone"
> included, shouldn't non-domain machines be able to access this share
> without providing credentials?

  "Everyone" is a group, not a user.  Sessions are authenticated to
users, not groups.  So until and unless you authenticate as *some*
user, you're not a member of the "Everyone" group.

  As ASB says, you can add that share to the list of null session
shares, and then you can connect without authenticating first.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Access to server share

[Ken Schaefer]

Apologies - Guest is not enabled by default.

-Original Message-
From: Ken Schaefer [mailto:k...@adopenstatic.com] 
Sent: Friday, 2 October 2009 11:14 PM
To: NT System Admin Issues
Subject: RE: Access to server share

Guest is not part of Everyone.

The concept of null user authentication, and null user enumeration of shared 
resources disappeared way back in the post-NT days due to all the issues 
security issues that caused (whether it be shares, RPC ports or whatever)

Cheers
Ken

-Original Message-
From: jesse-r...@wi.rr.com [mailto:jesse-r...@wi.rr.com]
Sent: Friday, 2 October 2009 11:08 PM
To: NT System Admin Issues
Subject: Access to server share

Not sure what I'm missing here

I have Win2003 DC (Server-A) which has a folder on it called Test and is Shared 
as Test.  Share permissions are on the Test folder are Everyone-Full and NTFS 
permissions are Everyone-Full.

When trying to access this share, \\Server-A\test, from an XP machine that is 
NOT part of the domain, it prompts me for credentials.  Same thing if I just 
try to access \\Server-A from a non-domain machine in an attempt to list ALL 
the shares.  It prompts for credentials then too.

It was my understanding, since the Share and NTFS perms have "Everyone"
included, shouldn't non-domain machines be able to access this share without 
providing credentials?

Anyone have a clue what might be going on? Am I forgetting something basic?
JR


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Access to server share

[Ken Schaefer]

Guest is not part of Everyone.

The concept of null user authentication, and null user enumeration of shared 
resources disappeared way back in the post-NT days due to all the issues 
security issues that caused (whether it be shares, RPC ports or whatever)

Cheers
Ken

-Original Message-
From: jesse-r...@wi.rr.com [mailto:jesse-r...@wi.rr.com] 
Sent: Friday, 2 October 2009 11:08 PM
To: NT System Admin Issues
Subject: Access to server share

Not sure what I'm missing here

I have Win2003 DC (Server-A) which has a folder on it called Test and is Shared 
as Test.  Share permissions are on the Test folder are Everyone-Full and NTFS 
permissions are Everyone-Full.

When trying to access this share, \\Server-A\test, from an XP machine that is 
NOT part of the domain, it prompts me for credentials.  Same thing if I just 
try to access \\Server-A from a non-domain machine in an attempt to list ALL 
the shares.  It prompts for credentials then too.

It was my understanding, since the Share and NTFS perms have "Everyone"
included, shouldn't non-domain machines be able to access this share without 
providing credentials?

Anyone have a clue what might be going on? Am I forgetting something basic?
JR


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Access to server share

[asbzone]

The everyone group doesn't enable non-domain users to access without the 
prompt...

That would be null session shares...

--Original Message--
From: jesse-r...@wi.rr.com
To: NT Issues
ReplyTo: NT Issues
Subject: Access to server share
Sent: Oct 2, 2009 11:07 AM

Not sure what I'm missing here

I have Win2003 DC (Server-A) which has a folder on it called Test and is
Shared as Test.  Share permissions are on the Test folder are Everyone-Full
and NTFS permissions are Everyone-Full.

When trying to access this share, \\Server-A\test, from an XP machine that
is NOT part of the domain, it prompts me for credentials.  Same thing if I
just try to access \\Server-A from a non-domain machine in an attempt to
list ALL the shares.  It prompts for credentials then too.

It was my understanding, since the Share and NTFS perms have "Everyone"
included, shouldn't non-domain machines be able to access this share
without providing credentials?

Anyone have a clue what might be going on? Am I forgetting something basic?
JR


mail2web.coÿÿ– Enhanced email for the mobile individual based on Microsoft®
Exchange - http://link.mail2web.com/Personal/EnhancedEmail



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~



Sent from my Verizon Wireless BlackBerry
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Access to server share

[jesse-r...@wi.rr.com]

Not sure what I'm missing here

I have Win2003 DC (Server-A) which has a folder on it called Test and is
Shared as Test.  Share permissions are on the Test folder are Everyone-Full
and NTFS permissions are Everyone-Full.

When trying to access this share, \\Server-A\test, from an XP machine that
is NOT part of the domain, it prompts me for credentials.  Same thing if I
just try to access \\Server-A from a non-domain machine in an attempt to
list ALL the shares.  It prompts for credentials then too.

It was my understanding, since the Share and NTFS perms have "Everyone"
included, shouldn't non-domain machines be able to access this share
without providing credentials?

Anyone have a clue what might be going on? Am I forgetting something basic?
JR


mail2web.com – Enhanced email for the mobile individual based on Microsoft®
Exchange - http://link.mail2web.com/Personal/EnhancedEmail



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Citrix Password Manager frustration

[James Rankin]

I think I may have worked this out...looks like the Password Manager Console
is what's installed by default, not the service itself. Seems that the
service won't install on 64-bit 2008 or alongside the instance of XenApp
itself...now I just have to work out how to import an SSL certificate in to
IIS7 and I might get somewhere. Citrix documentation as clear as mud as
usual, complete with all the prerequisite unnecessary name changes

2009/10/2 James Rankin 

> Does anyone know how on earth to get Citrix Password Manager 4.6 working
> with the Key Management Module? I have installed a new XenApp farm which
> comes with Password Manager already pre-loaded. I am trying to create a new
> user configuration and utilise the options to allow the users to unlock and
> reset their primary domain accounts. It tells me that this needs the Key
> Management Module - but I can't find any way to install this, or modify the
> exist Password Manager install, or configure it in any way. Am I missing
> something here? The documentation isn't much help either. If I run the
> Citrix Password Manager installation files, it tells me "Citrix XTE service
> is already installed on this machine". I am running Windows 2008 32-bit, for
> the record, with the IIS role installed.
>
> If anyone can give me any pointers I would be very grateful...I have been
> battering my head against this for a while now
>
>
> TIA,
>
>
>
>
> JRR
>
> --
> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
> the machine wrong figures, will the right answers come out?' I am not able
> rightly to apprehend the kind of confusion of ideas that could provoke such
> a question."
>
> http://raythestray.blogspot.com
>



-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question."

http://raythestray.blogspot.com

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: LogMeIn Central!

[Sam Cayze]

"make shortcuts on the desktop which go right through and connect."
They've actually had this feature for years.  You can even create an RSS
Feed of all the shortcuts for your account.  Handy for a RSS toolbar
Folder in Firefox; I'm just one click and one password away from a
LogMeIn session with anyone in my company.



From: Benjamin Zachary - Lists [mailto:li...@levelfive.us] 
Sent: Thursday, October 01, 2009 10:57 PM
To: NT System Admin Issues
Subject: RE: LogMeIn Central!



The new logmein is pretty nice actually. I like that you can make
shortcuts on the desktop which go right through and connect. To combat
any theft you can click on invalidate all shortcuts if anything became
compromised.. im interested to see the hamachi vpn, looks interesting
for certain.

 

 

From: David Lum [mailto:david@nwea.org] 
Sent: Wednesday, September 30, 2009 9:12 AM
To: NT System Admin Issues
Subject: LogMeIn Central!

 

Has anyone checked out the new LogMeIn Central?  It now has a "wake on
LAN" option. I was looking at my systems this morning and it showed a
"power on" button for one of my systems that was off. Knowing this
system had WOL enabled I tried it and lo and behold, the machine came
up! What's weird is I have two other systems offline (laptops) and it
doesn't show me that option and they don't have WOL anyhow. I wonder if
LogMeIn detects the WOL capability?

 

Anyhow LogMeIn Central is $299/yr and I'm not sure I'll ante up for it,
but that is a cool feature.

David Lum // SYSTEMS ENGINEER 
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764

 

 

 

 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Job resume fun

[Erik Goldoff]

we gonna have to change your name to Hank Roving ?
 

Erik Goldoff


IT  Consultant

Systems, Networks, & Security 

 

  _  

From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] 
Sent: Wednesday, September 30, 2009 4:47 PM
To: NT System Admin Issues
Subject: RE: Job resume fun



Hmm. sounds like my job. J Except when it comes to the tufting machines.
then I only back up the pattern files for the carpet tufting machines. J

 

John-AldrichTile-Tools

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~<><>

RE: krbtgt Account issues

[Sean Rector]

Ahhh...I was trying this from my Win 7 desktop.  Trying it on my XP VM now.

Sean Rector, MCSE

From: James Rankin [mailto:kz2...@googlemail.com]
Sent: Friday, October 02, 2009 9:27 AM
To: NT System Admin Issues
Subject: Re: krbtgt Account issues

We get that error primarily from the boss's Win7 desktop, and yes, we are still 
at a 2000 functional level
2009/10/1 Sean Rector mailto:sean.rec...@vaopera.org>>

I'm getting the event listed below when my BES server tries to do an LDAP 
lookup.  The problem is that while I can reset the krbtgt account's password, 
it is disabled and cannot be enabled.  The Kerberos Key Distribution service 
runs on the System Account.  What's the best method for clearing this problem?



Log Name:  System

Source:Microsoft-Windows-Kerberos-Key-Distribution-Center

Date:  10/1/2009 1:05:51 PM

Event ID:  14

Task Category: None

Level: Error

Keywords:  Classic

User:  N/A

Computer:  VOA-NOR-DC01.vaopera.net

Description:

While processing an AS request for target service 
krbtgt/VAOPERA.NET, the account account.adm did not have a 
suitable key for generating a Kerberos ticket (the missing key has an ID of 3). 
The requested etypes : 18. The accounts available etypes : 23  -133  -128  3  
-140. Changing or resetting the password of krbtgt will generate a proper key.



Sean Rector, MCSE


Information Technology Manager
Virginia Opera Association

E-Mail: sean.rec...@vaopera.org
Phone:(757) 213-4548 (direct line)
{+}
Virginia Opera's 35th Anniversary Season The One You 
Love
Celebrate with a 2009-2010 Subscription: La 
Bohème, The Daughter of 
the Regiment, Don 
Giovanni and Porgy and 
BessSM
Visit us online at www.vaopera.org or call 
1-866-OPERA-VA

The vision of Virginia Opera is to enrich lives through the powerful 
integration of music, voice and human drama

This e-mail and any attached files are confidential and intended solely for the 
intended recipient(s). Unless otherwise specified, persons unnamed as 
recipients may not read, distribute, copy or alter this e-mail. Any views or 
opinions expressed in this e-mail belong to the author and may not necessarily 
represent those of Virginia Opera. Although precautions have been taken to 
ensure no viruses are present, Virginia Opera cannot accept responsibility for 
any loss or damage that may arise from the use of this e-mail or attachments.

{*}







--
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the 
machine wrong figures, will the right answers come out?' I am not able rightly 
to apprehend the kind of confusion of ideas that could provoke such a question."

http://raythestray.blogspot.com





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: krbtgt Account issues

[James Rankin]

We get that error primarily from the boss's Win7 desktop, and yes, we are
still at a 2000 functional level

2009/10/1 Sean Rector 

>  I’m getting the event listed below when my BES server tries to do an LDAP
> lookup.  The problem is that while I can reset the krbtgt account’s
> password, it is disabled and cannot be enabled.  The Kerberos Key
> Distribution service runs on the System Account.  What’s the best method for
> clearing this problem?
>
>
>
> Log Name:  System
>
> Source:Microsoft-Windows-Kerberos-Key-Distribution-Center
>
> Date:  10/1/2009 1:05:51 PM
>
> Event ID:  14
>
> Task Category: None
>
> Level: Error
>
> Keywords:  Classic
>
> User:  N/A
>
> Computer:  VOA-NOR-DC01.vaopera.net
>
> Description:
>
> While processing an AS request for target service krbtgt/VAOPERA.NET, the
> account account.adm did not have a suitable key for generating a Kerberos
> ticket (the missing key has an ID of 3). The requested etypes : 18. The
> accounts available etypes : 23  -133  -128  3  -140. Changing or resetting
> the password of krbtgt will generate a proper key.
>
>
>
> Sean Rector, MCSE
>
>
>  Information Technology Manager
> Virginia Opera Association
>
>  E-Mail: sean.rec...@vaopera.org
> Phone:(757) 213-4548 (direct line)
> {+}
> *Virginia Opera's 35th Anniversary Season * *The
> One You Love*
> *Celebrate with a 2009-2010 Subscription: La 
> Bohème,
> The Daughter of the 
> Regiment,
> Don Giovanni  and Porgy
> and BessSM *
> Visit us online at www.vaopera.org or call 1-866-OPERA-VA
>
> The vision of Virginia Opera is to enrich lives through the powerful
> integration of music, voice and human drama
> --
> This e-mail and any attached files are confidential and intended solely for
> the intended recipient(s). Unless otherwise specified, persons unnamed as
> recipients may not read, distribute, copy or alter this e-mail. Any views or
> opinions expressed in this e-mail belong to the author and may not
> necessarily represent those of Virginia Opera. Although precautions have
> been taken to ensure no viruses are present, Virginia Opera cannot accept
> responsibility for any loss or damage that may arise from the use of this
> e-mail or attachments.
>
> {*}
>
>
>
>
>
>


-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question."

http://raythestray.blogspot.com

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: krbtgt Account issues

[Sean Rector]

Unfortunately I can't raise my DFL yet - I still have a 2003 DC in a branch 
office that cannot be upgraded.

Sean Rector, MCSE

From: Brian Desmond [mailto:br...@briandesmond.com]
Sent: Thursday, October 01, 2009 10:02 PM
To: NT System Admin Issues
Subject: RE: krbtgt Account issues

Well basically something requested AES256 encryption (a Vista+ client) and 
there isn't such an encryption type available. That account is supposed to get 
its password rotated automatically when you go to DFL3 (WS2008). It would 
appear as though that did not happen (or have you not raised your DFL?).

You should just be able to reset the krbtgt password to something of your 
choosing and be on your merry way. It's possible you may have boxes which need 
to be bounced after this but this shouldn't happen.

Thanks,
Brian Desmond
br...@briandesmond.com

c - 312.731.3132

From: Ken Schaefer [mailto:k...@adopenstatic.com]
Sent: Thursday, October 01, 2009 8:05 PM
To: NT System Admin Issues
Subject: RE: krbtgt Account issues

Hi,

You do not need to enable that account. It's only purpose is to provide a 
password that can be used to derive certain protections applied to TGTs.

To be honest - I've never seen this error before, and I'm entirely sure why 
you're in this situation. After resetting the password, have you given time for 
the changes to propagate, and also tried purging the tickets of the service in 
question?

Cheers
Ken

From: Sean Rector [mailto:sean.rec...@vaopera.org]
Sent: Friday, 2 October 2009 1:21 AM
To: NT System Admin Issues
Subject: krbtgt Account issues

I'm getting the event listed below when my BES server tries to do an LDAP 
lookup.  The problem is that while I can reset the krbtgt account's password, 
it is disabled and cannot be enabled.  The Kerberos Key Distribution service 
runs on the System Account.  What's the best method for clearing this problem?

Log Name:  System
Source:Microsoft-Windows-Kerberos-Key-Distribution-Center
Date:  10/1/2009 1:05:51 PM
Event ID:  14
Task Category: None
Level: Error
Keywords:  Classic
User:  N/A
Computer:  VOA-NOR-DC01.vaopera.net
Description:
While processing an AS request for target service krbtgt/VAOPERA.NET, the 
account account.adm did not have a suitable key for generating a Kerberos 
ticket (the missing key has an ID of 3). The requested etypes : 18. The 
accounts available etypes : 23  -133  -128  3  -140. Changing or resetting the 
password of krbtgt will generate a proper key.

Sean Rector, MCSE

Information Technology Manager
Virginia Opera Association











Information Technology Manager
Virginia Opera Association

E-Mail: sean.rec...@vaopera.org
Phone:(757) 213-4548 (direct line)
{+}

Virginia Opera's 35th Anniversary Season The One You 
Love
Celebrate with a 2009-2010 Subscription: La 
Boh?me, The Daughter of 
the Regiment, Don 
Giovanni and Porgy and 
BessSM
Visit us online at www.vaopera.org or call 
1-866-OPERA-VA

The vision of Virginia Opera is to enrich lives through the powerful 
integration of music, voice and human drama

This e-mail and any attached files are confidential and intended solely for the 
intended recipient(s). Unless otherwise specified, persons unnamed as 
recipients may not read, distribute, copy or alter this e-mail. Any views or 
opinions expressed in this e-mail belong to the author and may not necessarily 
represent those of Virginia Opera. Although precautions have been taken to 
ensure no viruses are present, Virginia Opera cannot accept responsibility for 
any loss or damage that may arise from the use of this e-mail or attachments.

{*}

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Citrix Password Manager frustration

[James Rankin]

Does anyone know how on earth to get Citrix Password Manager 4.6 working
with the Key Management Module? I have installed a new XenApp farm which
comes with Password Manager already pre-loaded. I am trying to create a new
user configuration and utilise the options to allow the users to unlock and
reset their primary domain accounts. It tells me that this needs the Key
Management Module - but I can't find any way to install this, or modify the
exist Password Manager install, or configure it in any way. Am I missing
something here? The documentation isn't much help either. If I run the
Citrix Password Manager installation files, it tells me "Citrix XTE service
is already installed on this machine". I am running Windows 2008 32-bit, for
the record, with the IIS role installed.

If anyone can give me any pointers I would be very grateful...I have been
battering my head against this for a while now


TIA,




JRR

-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question."

http://raythestray.blogspot.com

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~