Re: Trojan-PWS.Win32.Qwak (v)

[Richard Stovall]

Have a nice day indeed!  (OK, I had to look it up.  My Latin is, well,
American.)

But back to the original post, to which I meant to reply earlier today.
 John, you might want to take this up on the Vipre Enterprise forum at
supportforums.sunbeltsoftware.com.  Also note that the (v) designation has
to do with Vipre's whiz-bang virtual technology and isn't necessarily
indicative of a known threat.  I didn't have any, so I didn't pay careful
attention, but there was a slew of false positives reported yesterday
(1.25.10).  You might want to submit the quarantined files to Sunbelt and
Virustotal for analysis.

今日は！

RS


On Mon, Jan 25, 2010 at 11:59 PM, Roger Wright  wrote:

> Looks like it's some kind of password stealer.
>
>
> Die dulci fruere!
>
> Roger Wright
> ___
>
>
> Samuel 
> Goldwyn - 
> "I'm willing to admit that I may not always be right, but I am never
> wrong."
>
> On Mon, Jan 25, 2010 at 7:43 PM, John Aldrich <
> jaldr...@blueridgecarpet.com> wrote:
>
>> Anyone have any info on this? I've got several machines that I was emailed
>> on that reportedly had this on them, including one that doesn't go on the
>> internet or even have email! This leads me to wonder if this travels via
>> share or something. I looked on the Vipre site, but they didn't have any
>> real info on how it spreads or anything!
>>
>> All I can say is I'm glad I've got Vipre on these machines!
>> --
>> Thanks,
>> John Aldrich
>> Blueridge Industries
>> IT Manager
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Trojan-PWS.Win32.Qwak (v)

[Roger Wright]

Looks like it's some kind of password stealer.


Die dulci fruere!

Roger Wright
___


Samuel Goldwyn
- "I'm willing to admit that I may not always be right, but I am never
wrong."

On Mon, Jan 25, 2010 at 7:43 PM, John Aldrich
wrote:

> Anyone have any info on this? I've got several machines that I was emailed
> on that reportedly had this on them, including one that doesn't go on the
> internet or even have email! This leads me to wonder if this travels via
> share or something. I looked on the Vipre site, but they didn't have any
> real info on how it spreads or anything!
>
> All I can say is I'm glad I've got Vipre on these machines!
> --
> Thanks,
> John Aldrich
> Blueridge Industries
> IT Manager
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: OT: Moto Droid and Lack of Xch GAL

[Benjamin Zachary - Lists]

Did you check with touchdown by NitroDesk? I haven’t used it myself, but I do 
sync to my exchange server with push and it works fine

 

http://www.nitrodesk.com/dk_touchdownFeatures.aspx

 

 

 

From: Daniel Rodriguez [mailto:drod...@gmail.com] 
Sent: Monday, January 25, 2010 5:43 PM
To: NT System Admin Issues
Subject: Re: OT: Moto Droid and Lack of Xch GAL

 

I have the verizon htc eris. I have not seen this problem come up. I know that 
i can tell it to sync with my gmail and yahoo contacts. I dont see why it cant 
pull up the xch gal as it has a specific feature to integrate with xch.

On Jan 25, 2010 3:56 PM, "Don Guyer"  wrote:

Everyone,

 

I posted this to the Xch list but figured I’d post here also 
for complete coverage:

 

I’ve been teetering back/forth on getting this phone. Today, I 
read that it lacks the ability to pull up the Exchange GAL? Can anyone using 
one verify this for me? This would be a huge con!

 

Thanks,

 

 

Don Guyer

Systems Engineer - Information Services

Prudential, Fox & Roach/Trident Group

431 W. Lancaster Avenue

Devon, PA 19333

Direct: (610) 993-3299

Fax: (610) 650-5306

don.gu...@prufoxroach.com

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: OT: Moto Droid and Lack of Xch GAL

[Greg Olson]

On the Droid that is correct it doesn’t pull up the gal, and contact sync is 
weak (compared to other phones, such as the iphone and BBerry). But that said 
there is a third party software that Verizon recommends called TouchDown that 
fixes these issues, and really brings it up to par with BBerry and others 
(allows enterprise admins the ability to wipe and lockdown the phone and many 
other things). Plus it just plain works better in receiving my mail than the 
built in email app does. And I think it’s actually better than active sync on 
Win mobile.

We’ll worth checking out as they give you a 5 day trial, and it’s only 
something like $20.00 or so.
-Greg


From: Daniel Rodriguez [mailto:drod...@gmail.com]
Sent: Monday, January 25, 2010 2:43 PM
To: NT System Admin Issues
Subject: Re: OT: Moto Droid and Lack of Xch GAL


I have the verizon htc eris. I have not seen this problem come up. I know that 
i can tell it to sync with my gmail and yahoo contacts. I dont see why it cant 
pull up the xch gal as it has a specific feature to integrate with xch.
On Jan 25, 2010 3:56 PM, "Don Guyer" 
mailto:don.gu...@prufoxroach.com>> wrote:
Everyone,

I posted this to the Xch list but figured I’d post here also 
for complete coverage:

I’ve been teetering back/forth on getting this phone. Today, I 
read that it lacks the ability to pull up the Exchange GAL? Can anyone using 
one verify this for me? This would be a huge con!

Thanks,


Don Guyer
Systems Engineer - Information Services
Prudential, Fox & Roach/Trident Group
431 W. Lancaster Avenue
Devon, PA 19333
Direct: (610) 993-3299
Fax: (610) 650-5306
don.gu...@prufoxroach.com










~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Trojan-PWS.Win32.Qwak (v)

[John Aldrich]

Anyone have any info on this? I've got several machines that I was emailed 
on that reportedly had this on them, including one that doesn't go on the 
internet or even have email! This leads me to wonder if this travels via 
share or something. I looked on the Vipre site, but they didn't have any 
real info on how it spreads or anything!

All I can say is I'm glad I've got Vipre on these machines!
-- 
Thanks,
John Aldrich
Blueridge Industries
IT Manager

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: need to disable the left click touch on a laptop

[Mike Gill]

Many times there is an Fn key that can be used to enable/disable the pad
quickly. Works great for long bouts of typing.

 

-- 
Mike Gill

 

From: Len Hammond [mailto:lenhammo...@gmail.com] 
Sent: Saturday, January 23, 2010 5:31 AM
To: NT System Admin Issues
Subject: need to disable the left click touch on a laptop

 

I have a client that has a Dell Inspiron laptop that is always moving the
curser inadvertantly by touching the touchpad while typing. It annoys her
greatly.  A couple months ago I worked on a different Inspiron laptop and
that lady had her left click function turned off at the touchpad but the
actual button worked normally. I spend some time looking over her touchpad
driver and didn't find a checkbox to disable the left click from the pad.
Anyone know where this is. I also didn't find it on the couple of Gateway
laptops I service. She left this morning for a 2 week cruise, so if I find
anything, I'll just email it to her and she can make the change.

 

Thanks 


Len Hammond
CSI:Hartland
lenhamm...@gmail.com

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: OT: Moto Droid and Lack of Xch GAL

[Daniel Rodriguez]

I have the verizon htc eris. I have not seen this problem come up. I know
that i can tell it to sync with my gmail and yahoo contacts. I dont see why
it cant pull up the xch gal as it has a specific feature to integrate with
xch.

On Jan 25, 2010 3:56 PM, "Don Guyer"  wrote:

 Everyone,



I posted this to the Xch list but figured I’d post here also
for complete coverage:



I’ve been teetering back/forth on getting this phone. Today,
I read that it lacks the ability to pull up the Exchange GAL? Can anyone
using one verify this for me? This would be a huge con!



Thanks,





Don Guyer

Systems Engineer - Information Services

Prudential, Fox & Roach/Trident Group

431 W. Lancaster Avenue

Devon, PA 19333

Direct: (610) 993-3299

Fax: (610) 650-5306

don.gu...@prufoxroach.com

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Managed Switches...

[Philip Brothwell]

+1

Whenever possible you should run VoIP on separate wiring.  The networking
requirements for VoIP are very different than the requirements for most data
networks.  VoIP cares about jitter and latency, data networks care about
speed. The typical VoIP call uses less than 1Kbps of bandwidth but it wants
that bandwidth NOW.  Yes, you can (and should) use QoS and VLANS to help
with VoIP but if your network is heavily utilised you will still have
issues.  And since the bandwidth requirement for VoIP is low you can in many
cases reuse the existing PBX wiring for VoIP.  I have actually seen
enterprise-level VoIP run over CAT 3 cable.  (Something I do not recommend
other than as a stop-gap.)





On Mon, Jan 25, 2010 at 5:19 PM, Kurt Buff  wrote:

> You can do this with QoS, and I've seen nothing to indicate that HP is
> anything less than stellar in this regard. But if memory serves (it's
> been a few years) switches with QoS cost a bit more. Perhaps that's no
> longer true.
>
> At the very least, it simplifies configuration and troubleshooting.
>
> Also, I don't know what the cost of phones would be for this system,
> but cost of switches is not that much, and cost of cabling is
> ~&75.00/drop, depending on location.
>
> OP didn't specify, but I find the use of phones as two-port switches
> to which the workstations are appended to be yucky, and fraught with
> problems - might as well run the cable separately, because QoS doesn't
> do much for you in those situations.
>
> At the very least, he should consider separate VLANs for VoIP vs.
> everything else, along with QoS.
>
> Kurt
>
> On Mon, Jan 25, 2010 at 13:27, Brian Desmond 
> wrote:
> > Why? You might as well just buy a new PBX or upgrade the existing one and
> run it on the existing infrastructure if you're going to do that. Doesn't
> get you any cost savings...
> >
> > Thanks,
> > Brian Desmond
> > br...@briandesmond.com
> >
> > c – 312.731.3132
> >
> >> -Original Message-
> >> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> >> Sent: Monday, January 25, 2010 3:16 PM
> >> To: NT System Admin Issues
> >> Subject: Re: Managed Switches...
> >>
> >> +1 on the HP switches.
> >>
> >> Further recommendation (which I know won't fly, but I'll make it
> >> anyway): Pull the cable needed to keep VoIP separate from everything
> else,
> >> and get VoIP its own infrastructure.
> >>
> >> Kurt
> >>
> >> On Mon, Jan 25, 2010 at 11:05, Reimer, Mark 
> >> wrote:
> >> > Hi folks,
> >> >
> >> >
> >> >
> >> > I need some opinions.
> >> >
> >> >
> >> >
> >> > Up until now (don’t laugh), we have been using unmanaged switches, and
> >> > it’s been working. But we hope to implement a VOIP system (probably
> >> > based on Asterix software), and there are other factors (VLAN’s for
> >> > one) that will require us to install managed switches.
> >> >
> >> >
> >> >
> >> > I know Cisco is the cream of the crop, and the most expensive. I’ve
> >> > heard that HP is quite good as well.
> >> >
> >> >
> >> >
> >> > So, without starting too many flame wars, can people make a
> >> > recommendation, (or a “unrecommendation”)?
> >> >
> >> >
> >> >
> >> > This would be for one physical location, looking at 150-200 drops
> >> > scattered throughout campus (we are an educational institution). We
> >> > are planning to use the current Ethernet wiring (CAT 5 or better in
> >> > all places), with the phone and computer using the same physical wire.
> >> >
> >> >
> >> >
> >> > Thanks in advance.
> >> >
> >> >
> >> >
> >> >
> >> >
> >> > Mark Reimer,  A+, MCSA
> >> >
> >> > Windows Servers & Networking
> >> >
> >> > Prairie Bible Institute
> >> >
> >> > Box 4000
> >> >
> >> > Three Hills, AB  T0M-2N0
> >> >
> >> > Canada
> >> >
> >> > Tel: 403-443-5511, Ext. 3476
> >> >
> >> > Fax: 403-443-5540
> >> >
> >> > Email: mark.rei...@prairie.edu
> >> >
> >> > www.prairie.edu
> >> >
> >> >
> >> >
> >> >
> >> >
> >> >
> >> >
> >> >
> >>
> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
> >>   ~
> >>
> >
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> > ~   ~
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Where do old PST files go when their accounts are deleted?

[Silvio L. Nisgoski]

Yesterday I would say that outlook doesn´t delete the emails, but today a 
laptop that I personally configured two accounts on Friday had the emails from 
one of the accounts ( one IMAP, one POP , the POP one disappeared ) disappear. 
The account was also gone, so I am lead to believe that somehow sometimes 
deleting an account deletes the emails too... The user is not able to say if 
any strange message appeared, and as he doesn´t speak my language, it  is hard 
to investigate...

but on the other side, when diagnosing  / reconfiguring his computer ( 
installing Outlook in english, as I was at it ) , I had ocasion of creating / 
deleting accounts a bunch of times, and the emails didn´t disappear now... 
strange...



  - Original Message - 
  From: Ken Schaefer 
  To: NT System Admin Issues 
  Sent: Monday, January 25, 2010 12:54 AM
  Subject: RE: Where do old PST files go when their accounts are deleted?


  I don't have a POP3 account to test with, but according to Microsoft:

   

  Note   Removing a POP3, IMAP, or HTTP account does not delete the items that 
were sent and received by using the account. If you were using a POP3 account, 
you can still use the Personal Folders file (.pst) to work with your items.

   

  From: Add or Remove an Email Account: 
http://office.microsoft.com/en-us/outlook/HA012316341033.aspx

   

  Seems the Tech may have done something extra to delete the PST file -or- it's 
been overwritten by the new one. I don't know what options are available when 
setting up a POP3 account, but at least for Exchange accounts, you can choose 
the file name.

   

  Cheers

  Ken

   

  From: Angus Scott-Fleming [mailto:angu...@geoapps.com] 
  Sent: Monday, 25 January 2010 10:02 AM
  To: NT System Admin Issues
  Subject: Re: Where do old PST files go when their accounts are deleted?

   

  On 24 Jan 2010 at 15:44, Jon Harris  wrote:

   

  > Sounds like a tech issue not a Microsoft. As someone else pointed out 

  > Outlook does prompt for delete old data before it does that.

   

  I wasn't there so I can't confirm what the tech did or saw.  I don't have 
Outlook available here to test, either.  Does anyone have the exact wording? I 
guess I can perform a test tomorrow when I have access to a system with the 
same version of Outlook installed.   

   

  If it was a typical dialog, it was "Are you sure you want to delete this 
account?" I wouldn't expect the data to go away.  If the dialog was even "Are 
you sure you want to delete this mailbox?" I still wouldn't expect the data to 
go away even though you could infer that is what it is saying.

   

  OTOH given that he was prompted, the tech *_should_* have thought twice 
before clicking [OK].  I'm just trying to recover from it ... [sigh] ...

   



   

 


 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Managed Switches...

[Kurt Buff]

You can do this with QoS, and I've seen nothing to indicate that HP is
anything less than stellar in this regard. But if memory serves (it's
been a few years) switches with QoS cost a bit more. Perhaps that's no
longer true.

At the very least, it simplifies configuration and troubleshooting.

Also, I don't know what the cost of phones would be for this system,
but cost of switches is not that much, and cost of cabling is
~&75.00/drop, depending on location.

OP didn't specify, but I find the use of phones as two-port switches
to which the workstations are appended to be yucky, and fraught with
problems - might as well run the cable separately, because QoS doesn't
do much for you in those situations.

At the very least, he should consider separate VLANs for VoIP vs.
everything else, along with QoS.

Kurt

On Mon, Jan 25, 2010 at 13:27, Brian Desmond  wrote:
> Why? You might as well just buy a new PBX or upgrade the existing one and run 
> it on the existing infrastructure if you're going to do that. Doesn't get you 
> any cost savings...
>
> Thanks,
> Brian Desmond
> br...@briandesmond.com
>
> c – 312.731.3132
>
>> -Original Message-
>> From: Kurt Buff [mailto:kurt.b...@gmail.com]
>> Sent: Monday, January 25, 2010 3:16 PM
>> To: NT System Admin Issues
>> Subject: Re: Managed Switches...
>>
>> +1 on the HP switches.
>>
>> Further recommendation (which I know won't fly, but I'll make it
>> anyway): Pull the cable needed to keep VoIP separate from everything else,
>> and get VoIP its own infrastructure.
>>
>> Kurt
>>
>> On Mon, Jan 25, 2010 at 11:05, Reimer, Mark 
>> wrote:
>> > Hi folks,
>> >
>> >
>> >
>> > I need some opinions.
>> >
>> >
>> >
>> > Up until now (don’t laugh), we have been using unmanaged switches, and
>> > it’s been working. But we hope to implement a VOIP system (probably
>> > based on Asterix software), and there are other factors (VLAN’s for
>> > one) that will require us to install managed switches.
>> >
>> >
>> >
>> > I know Cisco is the cream of the crop, and the most expensive. I’ve
>> > heard that HP is quite good as well.
>> >
>> >
>> >
>> > So, without starting too many flame wars, can people make a
>> > recommendation, (or a “unrecommendation”)?
>> >
>> >
>> >
>> > This would be for one physical location, looking at 150-200 drops
>> > scattered throughout campus (we are an educational institution). We
>> > are planning to use the current Ethernet wiring (CAT 5 or better in
>> > all places), with the phone and computer using the same physical wire.
>> >
>> >
>> >
>> > Thanks in advance.
>> >
>> >
>> >
>> >
>> >
>> > Mark Reimer,  A+, MCSA
>> >
>> > Windows Servers & Networking
>> >
>> > Prairie Bible Institute
>> >
>> > Box 4000
>> >
>> > Three Hills, AB  T0M-2N0
>> >
>> > Canada
>> >
>> > Tel: 403-443-5511, Ext. 3476
>> >
>> > Fax: 403-443-5540
>> >
>> > Email: mark.rei...@prairie.edu
>> >
>> > www.prairie.edu
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>>   ~
>>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Managed Switches...

[Brian Desmond]

Why? You might as well just buy a new PBX or upgrade the existing one and run 
it on the existing infrastructure if you're going to do that. Doesn't get you 
any cost savings...

Thanks,
Brian Desmond
br...@briandesmond.com

c – 312.731.3132

> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Monday, January 25, 2010 3:16 PM
> To: NT System Admin Issues
> Subject: Re: Managed Switches...
> 
> +1 on the HP switches.
> 
> Further recommendation (which I know won't fly, but I'll make it
> anyway): Pull the cable needed to keep VoIP separate from everything else,
> and get VoIP its own infrastructure.
> 
> Kurt
> 
> On Mon, Jan 25, 2010 at 11:05, Reimer, Mark 
> wrote:
> > Hi folks,
> >
> >
> >
> > I need some opinions.
> >
> >
> >
> > Up until now (don’t laugh), we have been using unmanaged switches, and
> > it’s been working. But we hope to implement a VOIP system (probably
> > based on Asterix software), and there are other factors (VLAN’s for
> > one) that will require us to install managed switches.
> >
> >
> >
> > I know Cisco is the cream of the crop, and the most expensive. I’ve
> > heard that HP is quite good as well.
> >
> >
> >
> > So, without starting too many flame wars, can people make a
> > recommendation, (or a “unrecommendation”)?
> >
> >
> >
> > This would be for one physical location, looking at 150-200 drops
> > scattered throughout campus (we are an educational institution). We
> > are planning to use the current Ethernet wiring (CAT 5 or better in
> > all places), with the phone and computer using the same physical wire.
> >
> >
> >
> > Thanks in advance.
> >
> >
> >
> >
> >
> > Mark Reimer,  A+, MCSA
> >
> > Windows Servers & Networking
> >
> > Prairie Bible Institute
> >
> > Box 4000
> >
> > Three Hills, AB  T0M-2N0
> >
> > Canada
> >
> > Tel: 403-443-5511, Ext. 3476
> >
> > Fax: 403-443-5540
> >
> > Email: mark.rei...@prairie.edu
> >
> > www.prairie.edu
> >
> >
> >
> >
> >
> >
> >
> >
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>   ~
> 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Managed Switches...

[Glen Johnson]

Why?
We've been running VOIP and everything else on one wire since 2001 and no 
problems, after we configured QOS. ;)
Or do HP switches not support QOS?
200 voip phones, 500+ desktops, 40+ printers and now IP video cameras.

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Monday, January 25, 2010 4:16 PM
To: NT System Admin Issues
Subject: Re: Managed Switches...

+1 on the HP switches.

Further recommendation (which I know won't fly, but I'll make it
anyway): Pull the cable needed to keep VoIP separate from everything
else, and get VoIP its own infrastructure.

Kurt

On Mon, Jan 25, 2010 at 11:05, Reimer, Mark  wrote:
> Hi folks,
>
>
>
> I need some opinions.
>
>
>
> Up until now (don’t laugh), we have been using unmanaged switches, and it’s
> been working. But we hope to implement a VOIP system (probably based on
> Asterix software), and there are other factors (VLAN’s for one) that will
> require us to install managed switches.
>
>
>
> I know Cisco is the cream of the crop, and the most expensive. I’ve heard
> that HP is quite good as well.
>
>
>
> So, without starting too many flame wars, can people make a recommendation,
> (or a “unrecommendation”)?
>
>
>
> This would be for one physical location, looking at 150-200 drops scattered
> throughout campus (we are an educational institution). We are planning to
> use the current Ethernet wiring (CAT 5 or better in all places), with the
> phone and computer using the same physical wire.
>
>
>
> Thanks in advance.
>
>
>
>
>
> Mark Reimer,  A+, MCSA
>
> Windows Servers & Networking
>
> Prairie Bible Institute
>
> Box 4000
>
> Three Hills, AB  T0M-2N0
>
> Canada
>
> Tel: 403-443-5511, Ext. 3476
>
> Fax: 403-443-5540
>
> Email: mark.rei...@prairie.edu
>
> www.prairie.edu
>
>
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Managed Switches...

[Kurt Buff]

+1 on the HP switches.

Further recommendation (which I know won't fly, but I'll make it
anyway): Pull the cable needed to keep VoIP separate from everything
else, and get VoIP its own infrastructure.

Kurt

On Mon, Jan 25, 2010 at 11:05, Reimer, Mark  wrote:
> Hi folks,
>
>
>
> I need some opinions.
>
>
>
> Up until now (don’t laugh), we have been using unmanaged switches, and it’s
> been working. But we hope to implement a VOIP system (probably based on
> Asterix software), and there are other factors (VLAN’s for one) that will
> require us to install managed switches.
>
>
>
> I know Cisco is the cream of the crop, and the most expensive. I’ve heard
> that HP is quite good as well.
>
>
>
> So, without starting too many flame wars, can people make a recommendation,
> (or a “unrecommendation”)?
>
>
>
> This would be for one physical location, looking at 150-200 drops scattered
> throughout campus (we are an educational institution). We are planning to
> use the current Ethernet wiring (CAT 5 or better in all places), with the
> phone and computer using the same physical wire.
>
>
>
> Thanks in advance.
>
>
>
>
>
> Mark Reimer,  A+, MCSA
>
> Windows Servers & Networking
>
> Prairie Bible Institute
>
> Box 4000
>
> Three Hills, AB  T0M-2N0
>
> Canada
>
> Tel: 403-443-5511, Ext. 3476
>
> Fax: 403-443-5540
>
> Email: mark.rei...@prairie.edu
>
> www.prairie.edu
>
>
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Managed Switches...

[Sean Rector]

I absolutely recommend HP - lifetime warranty and lifetime software
updates were the kicker for me.

 

Sean Rector, MCSE

 

From: Reimer, Mark [mailto:mark.rei...@prairie.edu] 
Sent: Monday, January 25, 2010 2:05 PM
To: NT System Admin Issues
Subject: Managed Switches...

 

Hi folks,

 

I need some opinions.

 

Up until now (don't laugh), we have been using unmanaged switches, and
it's been working. But we hope to implement a VOIP system (probably
based on Asterix software), and there are other factors (VLAN's for one)
that will require us to install managed switches.

 

I know Cisco is the cream of the crop, and the most expensive. I've
heard that HP is quite good as well.

 

So, without starting too many flame wars, can people make a
recommendation, (or a "unrecommendation")?

 

This would be for one physical location, looking at 150-200 drops
scattered throughout campus (we are an educational institution). We are
planning to use the current Ethernet wiring (CAT 5 or better in all
places), with the phone and computer using the same physical wire.

 

Thanks in advance.

 

 

Mark Reimer,  A+, MCSA

Windows Servers & Networking

Prairie Bible Institute

Box 4000

Three Hills, AB  T0M-2N0

Canada

Tel: 403-443-5511, Ext. 3476

Fax: 403-443-5540

Email: mark.rei...@prairie.edu

www.prairie.edu

 

 

 

 

Virginia Opera's 35th Anniversary Season The One You Love

Celebrate with a 2009-2010 subscription: 
La Boh?me?|?The Daughter of the Regiment?|?Don Giovanni?|?Porgy and BessSM

Visit us online at www.VaOpera.org or call 1-866-OPERA-VA

The vision of Virginia Opera is to enrich lives through the powerful 
integration of music, voice and human drama.

This e-mail and any attached files are confidential and intended solely for the 
intended recipient(s). Unless otherwise specified, persons unnamed as 
recipients may not read, distribute, copy or alter this e-mail. Any views or 
opinions expressed in this e-mail belong to the author and may not necessarily 
represent those of Virginia Opera. Although precautions have been taken to 
ensure no viruses are present, Virginia Opera cannot accept responsibility for 
any loss or damage that may arise from the use of this e-mail or attachments.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

OT: Moto Droid and Lack of Xch GAL

[Don Guyer]

Everyone,

 

I posted this to the Xch list but figured I'd post here
also for complete coverage:

 

I've been teetering back/forth on getting this phone.
Today, I read that it lacks the ability to pull up the Exchange GAL? Can
anyone using one verify this for me? This would be a huge con!

 

Thanks,

 

 

Don Guyer

Systems Engineer - Information Services

Prudential, Fox & Roach/Trident Group

431 W. Lancaster Avenue

Devon, PA 19333

Direct: (610) 993-3299

Fax: (610) 650-5306

don.gu...@prufoxroach.com

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: auditing for ntfs and share permissions changes

[Miller Bonnie L .]

Hmm... since it's the share permissions, you'd probably have to audit changes 
to the registry key where those are stored under

HKLM\System\CurrentControlSet\Services\LanManServer\Shares

-Bonnie

From: Kim Longenbaugh [mailto:k...@colonialsavings.com]
Sent: Monday, January 25, 2010 12:33 PM
To: NT System Admin Issues
Subject: auditing for ntfs and share permissions changes

We had an issue where a user's share permissions for a folder got changed, and 
no one claims to know how it happened.

We think have auditing turned on so those types of changes show up in event 
logs, but aren't seeing any indication of who made the change.  Either we don't 
have the right things being audited, or we don't know what event log items to 
look for.

So, which event log entries would tell us who made a permission change?  Would 
we look on the server hosting the share, or in the AD controller?

This is in a W2K3 environment.





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

auditing for ntfs and share permissions changes

[Kim Longenbaugh]

We had an issue where a user's share permissions for a folder got
changed, and no one claims to know how it happened.

 

We think have auditing turned on so those types of changes show up in
event logs, but aren't seeing any indication of who made the change.
Either we don't have the right things being audited, or we don't know
what event log items to look for.

 

So, which event log entries would tell us who made a permission change?
Would we look on the server hosting the share, or in the AD controller?

 

This is in a W2K3 environment.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Managed Switches...

[RichardMcClary]

+100!  Ya' just got my biggest gripe against Cisco.
--
Richard D. McClary
Systems Administrator, Information Technology Group 
ASPCA®
1717 S. Philo Rd, Ste 36
Urbana, IL  61802

"Joseph L. Casale"  wrote on 01/25/2010 
02:14:06 PM:

> >I love my Procurves.
> 
> Yeah, me too. You can call them *anytime* *without* a contract that 
> costs as much as the fscking switch too, for free.
> 
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
> 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Managed Switches...

[Joseph L. Casale]

>I love my Procurves.

Yeah, me too. You can call them *anytime* *without* a contract that costs as 
much as the fscking switch too, for free.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Managed Switches...

[asbzone]

+1
Sent from my Verizon Wireless BlackBerry

-Original Message-
From: Steve Ens 
Date: Mon, 25 Jan 2010 13:11:08 
To: NT System Admin Issues
Subject: Re: Managed Switches...

I love my Procurves.

On Mon, Jan 25, 2010 at 1:05 PM, Reimer, Mark wrote:

>  Hi folks,
>
>
>
> I need some opinions.
>
>
>
> Up until now (don’t laugh), we have been using unmanaged switches, and it’s
> been working. But we hope to implement a VOIP system (probably based on
> Asterix software), and there are other factors (VLAN’s for one) that will
> require us to install managed switches.
>
>
>
> I know Cisco is the cream of the crop, and the most expensive. I’ve heard
> that HP is quite good as well.
>
>
>
> So, without starting too many flame wars, can people make a recommendation,
> (or a “unrecommendation”)?
>
>
>
> This would be for one physical location, looking at 150-200 drops scattered
> throughout campus (we are an educational institution). We are planning to
> use the current Ethernet wiring (CAT 5 or better in all places), with the
> phone and computer using the same physical wire.
>
>
>
> Thanks in advance.
>
>
>
>
>
> Mark Reimer,  A+, MCSA
>
> Windows Servers & Networking
>
> Prairie Bible Institute
>
> Box 4000
>
> Three Hills, AB  T0M-2N0
>
> Canada
>
> Tel: 403-443-5511, Ext. 3476
>
> Fax: 403-443-5540
>
> Email: mark.rei...@prairie.edu
>
> www.prairie.edu
>
>
>
>
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: 2008 R2 in a 2003 R2 domain

[asbzone]

If you want to be safe, the UAC prompts you about potentially dangerous 
activities.  

If you desire expediency, keep and admin level CMD window available at all 
times, and run what you want from in there. 

Sent from my Verizon Wireless BlackBerry

-Original Message-
From: "Neil Standley" 
Date: Mon, 25 Jan 2010 09:27:35 
To: NT System Admin Issues
Subject: RE: 2008 R2 in a 2003 R2 domain

When I run a command prompt as administrator I can run it successfully, as I 
expect it would. Is it normal to encounter UAC when logged in as a domain admin 
in 2008? (I know, not best practice.) It seems strange to me that I get an 
error stating I must be a member of the admins/dom admins group to run the 
command when I already am. 

 

I can understand not having permission to write to the root of a drive, for 
NON-admin accounts, but again I’m logged in as a domain admin so shouldn’t I 
have full control? 

 

What further confuses me is, if I create a folder at the root I should be the 
Owner of that folder and have full control over it and its contents. Is that 
not true? What I’m seeing here is that my admin user acct doesn’t have the 
rights to create new objects within this subfolder either even though effective 
permissions state I have full control. It seems as if permissions are not being 
inherited properly.

 

 

 

Thanks

Neil

 

From: Ken Schaefer [mailto:k...@adopenstatic.com] 
Sent: Friday, January 22, 2010 8:15 PM
To: NT System Admin Issues
Subject: RE: 2008 R2 in a 2003 R2 domain

 

Did you run your command window “as Administrator”?

 

UAC doesn’t apply to the built-in Administrator account. It does to every other 
account. You seem to be running into that issue.

 

Regular users haven’t had modify permissions to the root of drives in Win2k3 
days (at least to the C: drive). Perhaps they have just extended that in Win2k8 
R2

 

Cheers

Ken

 

From: Neil Standley [mailto:n...@net-venture.com] 
Sent: Saturday, 23 January 2010 8:08 AM
To: NT System Admin Issues
Subject: 2008 R2 in a 2003 R2 domain

 

Please forgive me if this has been answered already, I searched through my list 
emails and couldn’t find anything related.

 

Is there anything I need to do to prep my 2003 R2 domain before introducing a 
2008 R2 member server?

 

 

 

I ask because, well I was stupid and forgot to ask before adding it to my 
domain and now have a few oddities. 

 

After joining this server to the domain, the Domain admins group is 
automatically added to the local admin group on the 2008 server. When I log in 
as my domain admin account I find I can’t do some things an admin should have 
rights to do. Such as execute IISReset, see error below. (yes, IIS IS installed 
and running)

 

This is the exact message I get when trying to run IISReset using my domain 
admin account. If I login as the local admin I can run this without errors.

 

Access denied, you must be an administrator of the remote computer to use this

command. Either have your account added to the administrator local group of

the remote computer or to the domain administrator global group.

 

I also could not create a new file on the root of D until I added authenticated 
users and gave them modify permissions. But again, if I’m logged in as local 
admin then I have no problem doing this.

 

 

Thank  it’s Friday!

 

 

Thanks,

Neil 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Managed Switches...

[Kim Longenbaugh]

I agree about the Nortel data switches, although if the OP needs Layer 3
switching, the 5500 or higher series would be called for.

-Original Message-
From: Todd Lemmiksoo [mailto:tlemmik...@all-mode.com] 
Sent: Monday, January 25, 2010 1:26 PM
To: NT System Admin Issues
Subject: RE: Managed Switches...

You should also look into the Nortel data switches. Models 4548GT and
4550T-PWR. 

-Original Message-
From: Phil Brutsche [mailto:p...@optimumdata.com] 
Sent: Monday, January 25, 2010 2:15 PM
To: NT System Admin Issues
Subject: Re: Managed Switches...

Stick with HP and Cisco - real Cisco, not the Cisco-branded Linksys
garbage.

Anything else is total and utter crap.

Reimer, Mark wrote:
> Hi folks,
> 
> I need some opinions.
> 
> Up until now (don't laugh), we have been using unmanaged switches, and

> it's been working. But we hope to implement a VOIP system (probably 
> based on Asterix software), and there are other factors (VLAN's for 
> one) that will require us to install managed switches.
> 
> I know Cisco is the cream of the crop, and the most expensive. I've 
> heard that HP is quite good as well.
> 
> So, without starting too many flame wars, can people make a 
> recommendation, (or a "unrecommendation")?
> 
> This would be for one physical location, looking at 150-200 drops 
> scattered throughout campus (we are an educational institution). We 
> are planning to use the current Ethernet wiring (CAT 5 or better in 
> all places), with the phone and computer using the same physical wire.

-- 

Phil Brutsche
p...@optimumdata.com


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Managed Switches...

[Todd Lemmiksoo]

You should also look into the Nortel data switches. Models 4548GT and
4550T-PWR. 

-Original Message-
From: Phil Brutsche [mailto:p...@optimumdata.com] 
Sent: Monday, January 25, 2010 2:15 PM
To: NT System Admin Issues
Subject: Re: Managed Switches...

Stick with HP and Cisco - real Cisco, not the Cisco-branded Linksys
garbage.

Anything else is total and utter crap.

Reimer, Mark wrote:
> Hi folks,
> 
> I need some opinions.
> 
> Up until now (don't laugh), we have been using unmanaged switches, and

> it's been working. But we hope to implement a VOIP system (probably 
> based on Asterix software), and there are other factors (VLAN's for 
> one) that will require us to install managed switches.
> 
> I know Cisco is the cream of the crop, and the most expensive. I've 
> heard that HP is quite good as well.
> 
> So, without starting too many flame wars, can people make a 
> recommendation, (or a "unrecommendation")?
> 
> This would be for one physical location, looking at 150-200 drops 
> scattered throughout campus (we are an educational institution). We 
> are planning to use the current Ethernet wiring (CAT 5 or better in 
> all places), with the phone and computer using the same physical wire.

-- 

Phil Brutsche
p...@optimumdata.com


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Managed Switches...

[Phil Brutsche]

Stick with HP and Cisco - real Cisco, not the Cisco-branded Linksys garbage.

Anything else is total and utter crap.

Reimer, Mark wrote:
> Hi folks,
> 
> I need some opinions.
> 
> Up until now (don’t laugh), we have been using unmanaged switches, and
> it’s been working. But we hope to implement a VOIP system (probably
> based on Asterix software), and there are other factors (VLAN’s for one)
> that will require us to install managed switches.
> 
> I know Cisco is the cream of the crop, and the most expensive. I’ve
> heard that HP is quite good as well.
> 
> So, without starting too many flame wars, can people make a
> recommendation, (or a “unrecommendation”)?
> 
> This would be for one physical location, looking at 150-200 drops
> scattered throughout campus (we are an educational institution). We are
> planning to use the current Ethernet wiring (CAT 5 or better in all
> places), with the phone and computer using the same physical wire.

-- 

Phil Brutsche
p...@optimumdata.com


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: [ot] RE: Managed Switches...

[Steve Ens]

As long as I love them at work, she is fine with that.  I can't take them
home or out to dinner (anymore).

On Mon, Jan 25, 2010 at 1:11 PM, Michael B. Smith wrote:

> And how does the wife feel about that?
>
> [sorry, couldn't resist.]
>
> From: Steve Ens [mailto:stevey...@gmail.com]
> Sent: Monday, January 25, 2010 2:11 PM
> To: NT System Admin Issues
> Subject: Re: Managed Switches...
>
> I love my Procurves.
> On Mon, Jan 25, 2010 at 1:05 PM, Reimer, Mark 
> wrote:
> Hi folks,
>
> I need some opinions.
>
> Up until now (don't laugh), we have been using unmanaged switches, and it's
> been working. But we hope to implement a VOIP system (probably based on
> Asterix software), and there are other factors (VLAN's for one) that will
> require us to install managed switches.
>
> I know Cisco is the cream of the crop, and the most expensive. I've heard
> that HP is quite good as well.
>
> So, without starting too many flame wars, can people make a recommendation,
> (or a "unrecommendation")?
>
> This would be for one physical location, looking at 150-200 drops scattered
> throughout campus (we are an educational institution). We are planning to
> use the current Ethernet wiring (CAT 5 or better in all places), with the
> phone and computer using the same physical wire.
>
> Thanks in advance.
>
>
> Mark Reimer,  A+, MCSA
> Windows Servers & Networking
> Prairie Bible Institute
> Box 4000
> Three Hills, AB  T0M-2N0
> Canada
> Tel: 403-443-5511, Ext. 3476
> Fax: 403-443-5540
> Email: mark.rei...@prairie.edu
> www.prairie.edu
>
>
>
>
>
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

[ot] RE: Managed Switches...

[Michael B. Smith]

And how does the wife feel about that?

[sorry, couldn't resist.]

From: Steve Ens [mailto:stevey...@gmail.com] 
Sent: Monday, January 25, 2010 2:11 PM
To: NT System Admin Issues
Subject: Re: Managed Switches...

I love my Procurves.
On Mon, Jan 25, 2010 at 1:05 PM, Reimer, Mark  wrote:
Hi folks,
 
I need some opinions.
 
Up until now (don't laugh), we have been using unmanaged switches, and it's 
been working. But we hope to implement a VOIP system (probably based on Asterix 
software), and there are other factors (VLAN's for one) that will require us to 
install managed switches.
 
I know Cisco is the cream of the crop, and the most expensive. I've heard that 
HP is quite good as well.
 
So, without starting too many flame wars, can people make a recommendation, (or 
a "unrecommendation")?
 
This would be for one physical location, looking at 150-200 drops scattered 
throughout campus (we are an educational institution). We are planning to use 
the current Ethernet wiring (CAT 5 or better in all places), with the phone and 
computer using the same physical wire.
 
Thanks in advance.
 
 
Mark Reimer,  A+, MCSA
Windows Servers & Networking
Prairie Bible Institute
Box 4000
Three Hills, AB  T0M-2N0
Canada
Tel: 403-443-5511, Ext. 3476
Fax: 403-443-5540
Email: mark.rei...@prairie.edu
www.prairie.edu
 
 
 
 

 
 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Managed Switches...

[Steve Ens]

I love my Procurves.

On Mon, Jan 25, 2010 at 1:05 PM, Reimer, Mark wrote:

>  Hi folks,
>
>
>
> I need some opinions.
>
>
>
> Up until now (don’t laugh), we have been using unmanaged switches, and it’s
> been working. But we hope to implement a VOIP system (probably based on
> Asterix software), and there are other factors (VLAN’s for one) that will
> require us to install managed switches.
>
>
>
> I know Cisco is the cream of the crop, and the most expensive. I’ve heard
> that HP is quite good as well.
>
>
>
> So, without starting too many flame wars, can people make a recommendation,
> (or a “unrecommendation”)?
>
>
>
> This would be for one physical location, looking at 150-200 drops scattered
> throughout campus (we are an educational institution). We are planning to
> use the current Ethernet wiring (CAT 5 or better in all places), with the
> phone and computer using the same physical wire.
>
>
>
> Thanks in advance.
>
>
>
>
>
> Mark Reimer,  A+, MCSA
>
> Windows Servers & Networking
>
> Prairie Bible Institute
>
> Box 4000
>
> Three Hills, AB  T0M-2N0
>
> Canada
>
> Tel: 403-443-5511, Ext. 3476
>
> Fax: 403-443-5540
>
> Email: mark.rei...@prairie.edu
>
> www.prairie.edu
>
>
>
>
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Managed Switches...

[Reimer, Mark]

Hi folks,

 

I need some opinions.

 

Up until now (don't laugh), we have been using unmanaged switches, and
it's been working. But we hope to implement a VOIP system (probably
based on Asterix software), and there are other factors (VLAN's for one)
that will require us to install managed switches.

 

I know Cisco is the cream of the crop, and the most expensive. I've
heard that HP is quite good as well.

 

So, without starting too many flame wars, can people make a
recommendation, (or a "unrecommendation")?

 

This would be for one physical location, looking at 150-200 drops
scattered throughout campus (we are an educational institution). We are
planning to use the current Ethernet wiring (CAT 5 or better in all
places), with the phone and computer using the same physical wire.

 

Thanks in advance.

 

 

Mark Reimer,  A+, MCSA

Windows Servers & Networking

Prairie Bible Institute

Box 4000

Three Hills, AB  T0M-2N0

Canada

Tel: 403-443-5511, Ext. 3476

Fax: 403-443-5540

Email: mark.rei...@prairie.edu  

www.prairie.edu  

 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: 2008 R2 in a 2003 R2 domain

[Neil Standley]

Thanks for clarifying. 

 

Looks like I need to work with this more before I go production with it.



 

 

 

 

Neil

 

From: Carl Houseman [mailto:c.house...@gmail.com] 
Sent: Monday, January 25, 2010 9:33 AM
To: NT System Admin Issues
Subject: RE: 2008 R2 in a 2003 R2 domain

 

Being logged in as a domain admin is not enough to get full administrator 
access.  You only have full admin access if:

 

a) UAC prompts you

or

b) you start something "as an administrator".

 

Running scripts or doing NTFS things that require administrator access do not 
cause UAC prompts.

 

This is all the same as Windows Vista/7.

 

Carl

 

From: Neil Standley [mailto:n...@net-venture.com] 
Sent: Monday, January 25, 2010 12:28 PM
To: NT System Admin Issues
Subject: RE: 2008 R2 in a 2003 R2 domain

 

When I run a command prompt as administrator I can run it successfully, as I 
expect it would. Is it normal to encounter UAC when logged in as a domain admin 
in 2008? (I know, not best practice.) It seems strange to me that I get an 
error stating I must be a member of the admins/dom admins group to run the 
command when I already am. 

 

I can understand not having permission to write to the root of a drive, for 
NON-admin accounts, but again I’m logged in as a domain admin so shouldn’t I 
have full control? 

 

What further confuses me is, if I create a folder at the root I should be the 
Owner of that folder and have full control over it and its contents. Is that 
not true? What I’m seeing here is that my admin user acct doesn’t have the 
rights to create new objects within this subfolder either even though effective 
permissions state I have full control. It seems as if permissions are not being 
inherited properly.

 

 

 

Thanks

Neil

 

From: Ken Schaefer [mailto:k...@adopenstatic.com] 
Sent: Friday, January 22, 2010 8:15 PM
To: NT System Admin Issues
Subject: RE: 2008 R2 in a 2003 R2 domain

 

Did you run your command window “as Administrator”?

 

UAC doesn’t apply to the built-in Administrator account. It does to every other 
account. You seem to be running into that issue.

 

Regular users haven’t had modify permissions to the root of drives in Win2k3 
days (at least to the C: drive). Perhaps they have just extended that in Win2k8 
R2

 

Cheers

Ken

 

From: Neil Standley [mailto:n...@net-venture.com] 
Sent: Saturday, 23 January 2010 8:08 AM
To: NT System Admin Issues
Subject: 2008 R2 in a 2003 R2 domain

 

Please forgive me if this has been answered already, I searched through my list 
emails and couldn’t find anything related.

 

Is there anything I need to do to prep my 2003 R2 domain before introducing a 
2008 R2 member server?

 

 

 

I ask because, well I was stupid and forgot to ask before adding it to my 
domain and now have a few oddities. 

 

After joining this server to the domain, the Domain admins group is 
automatically added to the local admin group on the 2008 server. When I log in 
as my domain admin account I find I can’t do some things an admin should have 
rights to do. Such as execute IISReset, see error below. (yes, IIS IS installed 
and running)

 

This is the exact message I get when trying to run IISReset using my domain 
admin account. If I login as the local admin I can run this without errors.

 

Access denied, you must be an administrator of the remote computer to use this

command. Either have your account added to the administrator local group of

the remote computer or to the domain administrator global group.

 

I also could not create a new file on the root of D until I added authenticated 
users and gave them modify permissions. But again, if I’m logged in as local 
admin then I have no problem doing this.

 

 

Thank  it’s Friday!

 

 

Thanks,

Neil 

 

 

 

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: 2008 R2 in a 2003 R2 domain

[Carl Houseman]

Being logged in as a domain admin is not enough to get full administrator 
access.  You only have full admin access if:

 

a) UAC prompts you

or

b) you start something "as an administrator".

 

Running scripts or doing NTFS things that require administrator access do not 
cause UAC prompts.

 

This is all the same as Windows Vista/7.

 

Carl

 

From: Neil Standley [mailto:n...@net-venture.com] 
Sent: Monday, January 25, 2010 12:28 PM
To: NT System Admin Issues
Subject: RE: 2008 R2 in a 2003 R2 domain

 

When I run a command prompt as administrator I can run it successfully, as I 
expect it would. Is it normal to encounter UAC when logged in as a domain admin 
in 2008? (I know, not best practice.) It seems strange to me that I get an 
error stating I must be a member of the admins/dom admins group to run the 
command when I already am. 

 

I can understand not having permission to write to the root of a drive, for 
NON-admin accounts, but again I’m logged in as a domain admin so shouldn’t I 
have full control? 

 

What further confuses me is, if I create a folder at the root I should be the 
Owner of that folder and have full control over it and its contents. Is that 
not true? What I’m seeing here is that my admin user acct doesn’t have the 
rights to create new objects within this subfolder either even though effective 
permissions state I have full control. It seems as if permissions are not being 
inherited properly.

 

 

 

Thanks

Neil

 

From: Ken Schaefer [mailto:k...@adopenstatic.com] 
Sent: Friday, January 22, 2010 8:15 PM
To: NT System Admin Issues
Subject: RE: 2008 R2 in a 2003 R2 domain

 

Did you run your command window “as Administrator”?

 

UAC doesn’t apply to the built-in Administrator account. It does to every other 
account. You seem to be running into that issue.

 

Regular users haven’t had modify permissions to the root of drives in Win2k3 
days (at least to the C: drive). Perhaps they have just extended that in Win2k8 
R2

 

Cheers

Ken

 

From: Neil Standley [mailto:n...@net-venture.com] 
Sent: Saturday, 23 January 2010 8:08 AM
To: NT System Admin Issues
Subject: 2008 R2 in a 2003 R2 domain

 

Please forgive me if this has been answered already, I searched through my list 
emails and couldn’t find anything related.

 

Is there anything I need to do to prep my 2003 R2 domain before introducing a 
2008 R2 member server?

 

 

 

I ask because, well I was stupid and forgot to ask before adding it to my 
domain and now have a few oddities. 

 

After joining this server to the domain, the Domain admins group is 
automatically added to the local admin group on the 2008 server. When I log in 
as my domain admin account I find I can’t do some things an admin should have 
rights to do. Such as execute IISReset, see error below. (yes, IIS IS installed 
and running)

 

This is the exact message I get when trying to run IISReset using my domain 
admin account. If I login as the local admin I can run this without errors.

 

Access denied, you must be an administrator of the remote computer to use this

command. Either have your account added to the administrator local group of

the remote computer or to the domain administrator global group.

 

I also could not create a new file on the root of D until I added authenticated 
users and gave them modify permissions. But again, if I’m logged in as local 
admin then I have no problem doing this.

 

 

Thank  it’s Friday!

 

 

Thanks,

Neil 

 

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

2008 R2 Aero theme over RDP

[James Rankin]

Has anyone got a clue how to allow the Aero themes to be enabled on RDP in
Server 2008 R2? I have to design a mandatory profile for our new XenApp farm
and I want it to have all the funky Windows 7-style visual effects. I have
installed the Desktop Experience feature, enabled the Themes service, yet I
still can't manage to get the Aero or 7 themes to apply. I can temporarily
get them working if I delete the
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager\Remote
subkey, but then it just resets back to the non-Aero theme when I log off -
even if I set a Deny on the Create Subkey permission on the ThemeManager key
for all users. Does anyone have any pointers as to how to achieve this?

TIA,




JRR

-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: 2008 R2 in a 2003 R2 domain

[Neil Standley]

When I run a command prompt as administrator I can run it successfully, as I 
expect it would. Is it normal to encounter UAC when logged in as a domain admin 
in 2008? (I know, not best practice.) It seems strange to me that I get an 
error stating I must be a member of the admins/dom admins group to run the 
command when I already am. 

 

I can understand not having permission to write to the root of a drive, for 
NON-admin accounts, but again I’m logged in as a domain admin so shouldn’t I 
have full control? 

 

What further confuses me is, if I create a folder at the root I should be the 
Owner of that folder and have full control over it and its contents. Is that 
not true? What I’m seeing here is that my admin user acct doesn’t have the 
rights to create new objects within this subfolder either even though effective 
permissions state I have full control. It seems as if permissions are not being 
inherited properly.

 

 

 

Thanks

Neil

 

From: Ken Schaefer [mailto:k...@adopenstatic.com] 
Sent: Friday, January 22, 2010 8:15 PM
To: NT System Admin Issues
Subject: RE: 2008 R2 in a 2003 R2 domain

 

Did you run your command window “as Administrator”?

 

UAC doesn’t apply to the built-in Administrator account. It does to every other 
account. You seem to be running into that issue.

 

Regular users haven’t had modify permissions to the root of drives in Win2k3 
days (at least to the C: drive). Perhaps they have just extended that in Win2k8 
R2

 

Cheers

Ken

 

From: Neil Standley [mailto:n...@net-venture.com] 
Sent: Saturday, 23 January 2010 8:08 AM
To: NT System Admin Issues
Subject: 2008 R2 in a 2003 R2 domain

 

Please forgive me if this has been answered already, I searched through my list 
emails and couldn’t find anything related.

 

Is there anything I need to do to prep my 2003 R2 domain before introducing a 
2008 R2 member server?

 

 

 

I ask because, well I was stupid and forgot to ask before adding it to my 
domain and now have a few oddities. 

 

After joining this server to the domain, the Domain admins group is 
automatically added to the local admin group on the 2008 server. When I log in 
as my domain admin account I find I can’t do some things an admin should have 
rights to do. Such as execute IISReset, see error below. (yes, IIS IS installed 
and running)

 

This is the exact message I get when trying to run IISReset using my domain 
admin account. If I login as the local admin I can run this without errors.

 

Access denied, you must be an administrator of the remote computer to use this

command. Either have your account added to the administrator local group of

the remote computer or to the domain administrator global group.

 

I also could not create a new file on the root of D until I added authenticated 
users and gave them modify permissions. But again, if I’m logged in as local 
admin then I have no problem doing this.

 

 

Thank  it’s Friday!

 

 

Thanks,

Neil 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: permission issue on 2008 R2?

[David Lum]

OH YEAH!   Now that you mention it I have done just that when modifying the 
HOSTS file too. I have to open notepad as an admin then open the HOSTS file, 
duh.

Dave

From: James Hill [mailto:james.h...@superamart.com.au]
Sent: Saturday, January 23, 2010 4:23 PM
To: NT System Admin Issues
Subject: RE: permission issue on 2008 R2?

You can get around it by modifying the permissions (not advisable) or by 
running the particular task as an admin.  For example if you want to create a 
txt file, open notepad as an admin and then save the file to the location.


From: David Lum [mailto:david@nwea.org]
Sent: Saturday, 23 January 2010 4:26 AM
To: NT System Admin Issues
Subject: RE: permission issue on 2008 R2?

Windows 7 is the same, even logged in as a local administrator all I can do is 
create a folder at the root of a drive, not a file. I can COPY a file to the 
root but not create. Haven't cared enough to find what I need to change, it's 
certainly a permissions issue.
David Lum // SYSTEMS ENGINEER
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764
From: Neil Standley [mailto:n...@net-venture.com]
Sent: Friday, January 22, 2010 9:10 AM
To: NT System Admin Issues
Subject: permission issue on 2008 R2?

I have a strange issue where if I right click in the root of my D drive and 
choose "new", the only option I get is Folder. This also happens when I move 
folders/files from another system (2003 R2) to the D drive of my 2008 R2 server.
However, if I create a new folder on the root of that drive and change into 
that directory I can create a new folder, shortcuts, bitmap image, contact, 
rich text doc, text files, and zip files.

I am logged on to the server via RDP using a Domain admin account.

I have confirmed I have full control and ownership, and suspect they are 
related issues but I'm not sure where else to look.


TIA.


Neil














~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

OT - Garage work in Pompano Beach

[Richard Stovall]

Anyone do side work in Pompano Beach, FL or know a reputable outfit there?
 I have a user whose hard disk is dying and needs to have it replaced.
 Should be a quick matter of cloning and replacing the disk.  The bad blocks
appear to be on areas of the disk that aren't in use.

Thanks,
RS

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Robocopy syntax

[Tom Miller]

Hi Guys,  
 
Quick question on robocopy:  I am moving staff to new servers slowly as part of 
migration.  I initially used the /mir switch but once both sides are using the 
files (same folders) I changed to /E /COPY:DAT /R:3 /W:5.   What I really need 
though is syntax that says "whatever is newer wins, and copy to the other 
side".  Possible with Robocopy?
 
 

Confidentiality Notice:  This e-mail message, including attachments, is for the 
sole use of the intended recipient(s) and may contain confidential and 
privileged information.  Any unauthorized review, use, disclosure, or 
distribution is prohibited.  If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Robocopy GUI

[Haralson, Joe (GE Comm Fin, non-GE)]

Thanks everyone. I went back to using the command-line Robocopy and had
no issues. I was attempting to use the /Copyallor  /COPY:DATSOU
switches. I had no problem getting these option to work using
commandline tool. I appreciate all your replies, but was under a time
crunch and needed to get the ball rolling. I will have to explore the
Robocopy GUI version issue when I have more time.
 
Joe Haralson

Network Infrastructure Team

 



From: Ken Schaefer [mailto:k...@adopenstatic.com] 
Sent: Saturday, January 23, 2010 1:22 AM
To: NT System Admin Issues
Subject: RE: Robocopy GUI



No. 

 

I think Brian is trying to say:

 

a)  Please describe what you are trying to do

b)  Please describe how you are trying to do it

c)   Please describe what the actual error/output is that you are
seeing

 

Based on the information above, someone can provide some advice as to
what the problem might be, and how to fix it.

 

Posting an email that says "I'm trying to use tool  and I've set it
up but I don't get the results I expect" is, unfortunately, usually not
enough information to provide any sort of diagnosis.

 

Cheers

Ken

 

From: HELP_PC [mailto:g...@enter.it] 
Sent: Saturday, 23 January 2010 3:10 PM
To: NT System Admin Issues
Subject: R: Robocopy GUI

 

Brian, do you mean that if you select options that is impossible to
execute you don't get any advice ?

 

GuidoElia

HELPPC

 

 



Da: Brian Desmond [mailto:br...@briandesmond.com] 
Inviato: sabato 23 gennaio 2010 6.59
A: NT System Admin Issues
Oggetto: RE: Robocopy GUI

What you're trying to accomplish and the switches you're using would be
a useful start...

 

Thanks,

Brian Desmond

br...@briandesmond.com  

 

c - 312.731.3132

 

From: Haralson, Joe (GE Comm Fin, non-GE) [mailto:joe.haral...@ge.com] 
Sent: Friday, January 22, 2010 8:18 PM
To: NT System Admin Issues
Subject: Robocopy GUI

 

I'm trying to use the GUI verson of Robocopy for first time but having
issues getting it to work. I've installed the application and setup the
parameters for source and destination along with switches. However, when
I select run I receive a message stating that Robocopy started at a
certain time. I've checked the logs but have no entry. Does anyone known
why Robocopy isn't working.

 

Joe Haralson

 

 

 

 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Resizing C partition in Server 2003

[tony patton]

+1 on Paragon Partition Manager, it's my tool of choice when I need to 
resize partitions.

Haven't tried it on a RAID 5 array tho.

Regards

Tony Patton
Desktop Operations Cavan
Ext 8078
Direct Dial 049 435 2878
email: tony.pat...@quinn-insurance.com



From:
"Christopher Bodnar" 
To:
"NT System Admin Issues" 
Date:
22/01/2010 20:05
Subject:
RE: Resizing C partition in Server 2003



As others have mentioned Acronis DiskDirector does the job, and we use it 
here extensively on ESX guests. The problem we ran into with DiskDirector 
is the lack of x64 support and no support for Windows Server 2008. We have 
since moved to Paragon's Partition Manager 10.0 Server Edition. Almost 
identical to DiskDirector, but it also supports x64 and Windows Server 
2008. 
 
YMMV
 
 
Chris Bodnar, MCSE
Sr. Systems Engineer
Infrastructure Service Delivery
Distributed Systems Service Delivery - Intel Services
Guardian Life Insurance Company of America
Email: christopher_bod...@glic.com
Phone: 610-807-6459
Fax: 610-807-6003
 
-Original Message-
From: Angus Scott-Fleming [mailto:angu...@geoapps.com] 
Sent: Friday, January 22, 2010 2:12 PM
To: NT System Admin Issues
Subject: Resizing C partition in Server 2003
 
Anyone ever expanded a C partition in a multi-partitioned RAID-5 server? 
Client needs to do so to add new software.  Any time I've thought about 
doing 
this it has been: back up twice, verify backups, blow away D partition, 
expand 
C, add D partition, restore from backup.  Client uses Acronis to back up 
server 
and when he talked to their sales people they sold him this $600 program, 
which 
I had never heard of:
 
--- Included Stuff Follows --- 
  Acronis Disk Director Server 10.0
 
Windows and Linux partitioning tool: create, fix, format, delete, 
remove, 
resize and repair Windows and Linux partitions 
 
The suite includes the Acronis Partition Expert product which allows 
you 
to automatically or manually merge, split, resize, copy, and move 
partitions without losing data. It also lets you reorganize the hard 
disk 
drive structure, optimize disk space usage and much more. 
 
- Included Stuff Ends -
  
http://www.acronis.com/enterprise/products/diskdirector/partitioning.html
 
He's says he's going to try this, and I may get to pick up the pieces ;-)
 
 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~
 
 

This message, and any attachments to it, may contain information that is 
privileged, confidential, and exempt from disclosure under applicable law. 
If the reader of this message is not the intended recipient, you are 
notified that any use, dissemination, distribution, copying, or 
communication of this message is strictly prohibited. If you have received 
this message in error, please notify the sender immediately by return 
e-mail and delete the message and any attachments. Thank you. 


http://www.quinn-insurance.com

This e-mail is intended only for the addressee named above. The contents
should not be copied nor disclosed to any other person. Any views or
opinions expressed are solely those of the sender and
do not necessarily represent those of QUINN-Insurance, unless otherwise
specifically stated . As internet communications are not secure,
QUINN-Insurance is not responsible for the contents of this message nor
responsible for any change made to this message after it was sent by the
original sender. Although virus scanning is used on all inbound and
outbound e-mail, we advise you to carry out your own virus check before
opening any attachment. We cannot accept liability for any damage sustained
as a result of any software viruses.



QUINN-Life Direct Limited is regulated by the Financial Regulator.
QUINN-Insurance Limited is regulated by the Financial Regulator and
regulated by the Financial Services Authority for the conduct of UK
business.



QUINN-Life Direct Limited is registered in Ireland, registration number
292374 and is a private company limited by shares.
QUINN-Insurance Limited is registered in Ireland, registration number
240768 and is a private company limited by shares.
Both companies have their head office at Dublin Road, Cavan, Co. Cavan.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Adding 2008 DC's...

[Palmer, Neal]

Hi from a lurker J

 

Can I just thank you guys for this heads and your post Bob... Im tasked
with investigating a 2003>2008 domain raise this year and this is an
awesome starting point!

 

Thanks!


Neal

 

___

 

Neal Palmer

Senior Technical Support Officer

UWIC, Cardiff, Wales...

___

 

From: Brian Desmond [mailto:br...@briandesmond.com] 
Sent: 09 January 2010 02:55
To: NT System Admin Issues
Subject: RE: Adding 2008 DC's...

 

It changes because of the new crypto types IIRC and needing to have a
hash in that new format. 

 

Thanks,

Brian Desmond

br...@briandesmond.com  

 

c - 312.731.3132

 

From: Free, Bob [mailto:r...@pge.com] 
Sent: Friday, January 08, 2010 6:27 PM
To: NT System Admin Issues
Subject: RE: Adding 2008 DC's...

 

Michael- I'm probably further in your debt than the other way around J

 

One thing this conversation did stir up in my addled old brain that is
actually germane to the "what happens when I flip the bit" question is
that when you switch DFL your krbTGT account has  it's password changed.

 

I remember Brial Puhl talking about when they flipped the REDMOND domain
to Server 2008 DFL, they experienced an issue with some of their
application servers suddenly failing to authenticate because of the
password change. They tried to repro it and I don't think they ever did.
Something to keep in the back of your mind.

 

 My bet is it changes twice like is recommended in the AD DR WP or the
joeware "what to do if one of your DCs get's stolen" instructions. I'd
guess it is baked in as they actually have an event in 2K8 telling you
to change it twice if you have to change it for some reason.  Looking at
replication metadata for pwdLastSet bears that out. I'm not clear on why
it needs to be changed when raising FL but there must be a good reason.

 

Cheers

 

--bob

 

 

 

From: Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: Friday, January 08, 2010 3:35 PM
To: NT System Admin Issues
Subject: RE: Adding 2008 DC's...

 

Thanks Bob!

 

Let me buy you one (or a few) at TEC...

 

From: Free, Bob [mailto:r...@pge.com] 
Sent: Friday, January 08, 2010 6:22 PM
To: NT System Admin Issues
Subject: RE: Adding 2008 DC's...

 

> I haven't seen anything documented about raising the DFL/FFL causing
security changes. 

 

It's that first DC that I'm concerned with, raising FLs comes later in
the game.

 

There are a few changes that can be made when you introduce the first
2K8 DC into the domain if they are not specifically configured in your
DC policy that could affect functionality. There are also some tighter
settings that are now baked in that could possibly need to be relaxed.
To mitigate them, it may even be necessary to edit the DC policies from
an up-level client prior to introducing the first 2K8 DC as the settings
required aren't available to the 2K3 editor..

 

For example, if you had left LMCompatibility level at the default of 2
but not configured it in your GPO, it would be raised to 3 across the
domain.  Null session shares are cleared from the DC's registry if not
defined in GPO, NullSessionPipes list is shorter. There are some NTLM
changes http://technet.microsoft.com/en-us/library/dd566199(WS.10).aspx


There is the NT4 Crypto issue previously mentioned.   Etc. etc.

 

DES is turned off in R2/WIN7 and can affect some apps that only use DES
for Kerberos encryption, SAP and some JAVA implementations been
mentioned as possible issues. http://support.microsoft.com/kb/977321 

 

The list goes on. There are 2 sources I'd recommend reviewing before
plunking in the first DC.

 

Glen LeCheminant's blog
http://blogs.technet.com/glennl/archive/2009/08/21/w2k3-to-w2k8-active-d
irectory-upgrade-considerations.aspx

 

We had the luxury of having Glen come on site and help with our review
and he pointed us to this resource that Product Services is maintaining
on TechNet--

 

Microsoft Support Quick Start for Adding Windows Server 2008 or Windows
Server 2008 R2 Domain Controllers to Existing Domains. 

http://technet.microsoft.com/en-us/library/ee522994(WS.10).aspx
   

 

Especially look at "known issues" This document is dynamic so I would
check back occasionally.

 

These may all be uneventful in most environments but I'm not going to
break something like SAP AuthN / AuthZ or some critical app that runs on
some long forgotten NAS box if I can help it. I'm getting too old for a
RGE J

 

--bob

 

 

From: Michael Waltonen [mailto:walto...@umn.edu] 
Sent: Friday, January 08, 2010 6:29 AM
To: NT System Admin Issues
Subject: RE: Adding 2008 DC's...

 

I haven't seen anything documented about raising the DFL/FFL causing
security changes.  Do you have anything about this that you can share?

 

I have seen the 2008 DCs removed