RE: What is the latest version of RDP client for Win7?

2010-02-18 Thread Ken Schaefer 
NetBIOS Extended User Interface

Cheers
Ken

-Original Message-
From: Steven M. Caesare [mailto:scaes...@caesare.com] 
Sent: Friday, 19 February 2010 2:02 PM
To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

I'll give you a dollar if you can tell me what NetBEUI stands for without 
looking it up.

I'll double that if you can tell me the code name for MS's Gateway Services for 
NetWare was while under development.

And if you cheat and look em up u r l...@m3.

-sc

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com]
Sent: Thursday, February 18, 2010 9:58 PM
To: NT System Admin Issues
Subject: Re: What is the latest version of RDP client for Win7?

Weren't you still on NetBEUI just last week?

Heh.

On Thu, Feb 18, 2010 at 17:52, Steven M. Caesare  wrote:
> I’ll probably no longer do so either, but I’ve run Windows without 
> protocol stacks installed/bound previously, and if there’s a 
> dependency, I’d like to see it documented.
>
>
>
> Otherwise there shouldn’t be a checkbox next to the protocol that 
> makes it just as easy to disable as File and Print sharing, which you 
> can disable with relative impunity.
>
>
>
> -sc
>
>
>
> From: Free, Bob [mailto:r...@pge.com]
> Sent: Thursday, February 18, 2010 8:41 PM
> To: NT System Admin Issues
> Subject: RE: What is the latest version of RDP client for Win7?
>
>
>
> I think that’s expected as it’s the party line from a Microsoft Techwriter.
> I believe it gets the point across. With what I heard from the PFE 
> that I can’t elaborate on, what Michael alluded and a few other cases 
> I’ve heard of I’m not going to risk disabling it on my servers. It’s not 
> worth it.
>
>
>
> From: Steven M. Caesare [mailto:scaes...@caesare.com]
> Sent: Thursday, February 18, 2010 4:12 PM
> To: NT System Admin Issues
> Subject: RE: What is the latest version of RDP client for Win7?
>
>
>
> That’s unfortunately nebulous.
>
>
>
> -sc
>
>
>
> From: Free, Bob [mailto:r...@pge.com]
> Sent: Thursday, February 18, 2010 4:24 PM
> To: NT System Admin Issues
> Subject: RE: What is the latest version of RDP client for Win7?
>
>
>
> The Argument against Disabling IPv6
>
> It is unfortunate that some organizations disable IPv6 on their 
> computers running Windows Vista or Windows Server 2008, where it is 
> installed and enabled by default. Many disable IPv6-based on the 
> assumption that they are not running any applications or services that 
> use it. Others might disable it because of a misperception that having 
> both IPv4 and IPv6 enabled effectively doubles their DNS and Web traffic. 
> This is not true.
>
>
>
> From Microsoft's perspective, IPv6 is a mandatory part of the Windows 
> operating system and it is enabled and included in standard Windows 
> service and application testing during the operating system development 
> process.
> Because Windows was designed specifically with IPv6 present, Microsoft 
> does not perform any testing to determine the effects of disabling 
> IPv6. If IPv6 is disabled on Windows Vista, Windows Server 2008, or 
> later versions, some components will not function. Moreover, 
> applications that you might not think are using IPv6—such as Remote 
> Assistance, HomeGroup, DirectAccess, and Windows Mail—could be.
>
>
>
> Therefore, Microsoft recommends that you leave IPv6 enabled, even if 
> you do not have an IPv6-enabled network, either native or tunneled. By 
> leaving IPv6 enabled, you do not disable IPv6-only applications and 
> services (for example, HomeGroup in Windows 7 and DirectAccess in 
> Windows 7 and Windows Server 2008 R2 are IPv6-only) and your hosts can 
> take advantage of IPv6-enhanced connectivity.
>
>
>
> http://207.46.16.252/en-us/magazine/2009.07.cableguy.aspx
>
>
>
>
>
>
>
> From: Steven M. Caesare [mailto:scaes...@caesare.com]
> Sent: Thursday, February 18, 2010 1:05 PM
> To: NT System Admin Issues
> Subject: RE: What is the latest version of RDP client for Win7?
>
>
>
> I’ve had IPv6 disabled on several Win2K8 servers as well without 
> problem as far as I can tell also.
>
>
>
> -sc
>
>
>
> From: Carl Houseman [mailto:c.house...@gmail.com]
> Sent: Thursday, February 18, 2010 3:04 PM
> To: NT System Admin Issues
> Subject: RE: What is the latest version of RDP client for Win7?
>
>
>
> I've had IPV6 disabled on Vista since forever and have never had any 
> issues talking to my WSUS server.
>
>
>
> More than likely "they" had something else going on and accidentally 
> fixed it at the same time they re-enabled IPV6.
>
>
>
> Carl
>
>
>
> From: Jon Harris [mailto:jk.har...@gmail.com]
> Sent: Thursday, February 18, 2010 3:00 PM
> To: NT System Admin Issues
> Subject: Re: What is the latest version of RDP client for Win7?
>
>
>
> I would add Vista and 7 as well but I have not done a lot of testing 
> on that issue.  I know some of the products like WSUS were having an 
> issue with Vista clients not having IP6 turned on.  I don't remember 
> what the issue was bu

RE: Problems with Google Buzz

2010-02-18 Thread Carl Houseman 
Pretty severe criticism from Infoworld's Cringely:

http://www.infoworld.com/d/adventures-in-it/google-new-microsoft-144


-Original Message-
From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] 
Sent: Thursday, February 18, 2010 5:18 PM
To: NT System Admin Issues
Subject: Problems with Google Buzz

http://www.darkreading.com/security/privacy/showArticle.jhtml?articleID=2229
00689


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Synchronous RDP Session Monitoring.

2010-02-18 Thread James Hill 
/console was replaced with /admin in version 6(I think) onwards.  It also does 
not permit synchronous viewing.  It will lock the remote desktop.

-Original Message-
From: Angus Scott-Fleming [mailto:angu...@geoapps.com] 
Sent: Friday, 19 February 2010 2:18 PM
To: NT System Admin Issues
Subject: Re: Synchronous RDP Session Monitoring.

On 18 Feb 2010 at 20:50, Harry Singh  wrote:

> Forgive my ignorance, butI'vebeen a Dameware user for over 6 years and 
> I have a very simple query for RDP users out there. Dameware, as does 
> VNC, allows you to connect to a desktopsynchronouslyso you can see the 
> user's actual Desktop as it appears for them -- is that an option while 
> using RDP ? if yes, how would i get that done ?

There's a command-line option that allows you to connect to the console of the 
remote machine, I believe it works like this:

C:> mstsc /v:SERVER /console

Microsoft Windows XP - Mstsc
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/ts_cmd_mstsc.mspx

Not sure if it works the same in connecting to an XP desktop, all I can do is 
suggest you try it out.

> In an attempt to cut costs, Dameware is slowly approaching the 
> proverbial chopping block.

UltraVNC works perfectly for me.

--
Angus Scott-Fleming
GeoApps, Tucson, Arizona
1-520-290-5038
+---+




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: What is the latest version of RDP client for Win7?

2010-02-18 Thread Steven M. Caesare 
That may be the case, but IPv6 is relatively new and _WIDELY_ unused in
many environments. So, good security practice says  that you minimize
your exposure surface, and explicitly allow only what you need.

 

If my entire infrastructure is IPv4 based, then a default deny/disable
of IPv6 is a reasonable security posture. I don't enable IPX or other
protocols, because _I_ don't use them.

 

If there's a dependency that requires IPv6, then let's see explicit
documentation of what it is. Lack of documentation because you haven't
had time to catch up from you previously poorly adopted product which
built those dependencies is... well quite frankly, shoddy.

 

-sc

 

From: Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: Thursday, February 18, 2010 10:34 PM
To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

As Bob said, IPv6 is the party line at Microsoft. They've made large
investments in rewriting the IP protocol stack and in the support of
6to4 and Teredo client/server/relay. They seem to be anticipating that
clients will need to be fully using IPv6 before current products are
obsolescent. Some new features and functionality are dependent on IPv6.

 

In terms of documentation - 2008
R2/Win7/everything-else-in-the-2010-wave are new. KB and technet
articles are still being developed. The 2007-wave of products
experienced relatively poor adoption (no secrets there!) due primarily
(IMO and only IMO) to the fact that the client and partner ecosystems
were not yet ready for x64 and the lack of "gotta-have features".

 

So...new things are being learned all the time. Who knows what might yet
be published?

 

Regards,

 

Michael B. Smith

Consultant and Exchange MVP

http://TheEssentialExchange.com

 

From: Steven M. Caesare [mailto:scaes...@caesare.com] 
Sent: Thursday, February 18, 2010 8:52 PM
To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

I'll probably no longer do so either, but I've run Windows without
protocol stacks installed/bound previously, and if there's a dependency,
I'd like to see it documented.

 

Otherwise there shouldn't be a checkbox next to the protocol that makes
it just as easy to disable as File and Print sharing, which you can
disable with relative impunity.

 

-sc

 

From: Free, Bob [mailto:r...@pge.com] 
Sent: Thursday, February 18, 2010 8:41 PM
To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

I think that's expected as it's the party line from a Microsoft
Techwriter. I believe it gets the point across. With what I heard from
the PFE that I can't elaborate on, what Michael alluded and a few other
cases I've heard of I'm not going to risk disabling it on my servers.
It's not worth it.

 

From: Steven M. Caesare [mailto:scaes...@caesare.com] 
Sent: Thursday, February 18, 2010 4:12 PM
To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

That's unfortunately nebulous.

 

-sc

 

From: Free, Bob [mailto:r...@pge.com] 
Sent: Thursday, February 18, 2010 4:24 PM
To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

The Argument against Disabling IPv6

It is unfortunate that some organizations disable IPv6 on their
computers running Windows Vista or Windows Server 2008, where it is
installed and enabled by default. Many disable IPv6-based on the
assumption that they are not running any applications or services that
use it. Others might disable it because of a misperception that having
both IPv4 and IPv6 enabled effectively doubles their DNS and Web
traffic. This is not true.

 

>From Microsoft's perspective, IPv6 is a mandatory part of the Windows
operating system and it is enabled and included in standard Windows
service and application testing during the operating system development
process. Because Windows was designed specifically with IPv6 present,
Microsoft does not perform any testing to determine the effects of
disabling IPv6. If IPv6 is disabled on Windows Vista, Windows Server
2008, or later versions, some components will not function. Moreover,
applications that you might not think are using IPv6-such as Remote
Assistance, HomeGroup, DirectAccess, and Windows Mail-could be.

 

Therefore, Microsoft recommends that you leave IPv6 enabled, even if you
do not have an IPv6-enabled network, either native or tunneled. By
leaving IPv6 enabled, you do not disable IPv6-only applications and
services (for example, HomeGroup in Windows 7 and DirectAccess in
Windows 7 and Windows Server 2008 R2 are IPv6-only) and your hosts can
take advantage of IPv6-enhanced connectivity.

 

http://207.46.16.252/en-us/magazine/2009.07.cableguy.aspx

 

 

 

From: Steven M. Caesare [mailto:scaes...@caesare.com] 
Sent: Thursday, February 18, 2010 1:05 PM
To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

I've had IPv6 disabled on severa

Re: Synchronous RDP Session Monitoring.

2010-02-18 Thread Angus Scott-Fleming 
On 18 Feb 2010 at 20:50, Harry Singh  wrote:

> Forgive my ignorance, butI'vebeen a Dameware user for over 6 years and 
> I have a very simple query for RDP users out there. Dameware, as does 
> VNC, allows you to connect to a desktopsynchronouslyso you can see the 
> user's actual Desktop as it appears for them -- is that an option while 
> using RDP ? if yes, how would i get that done ?

There's a command-line option that allows you to connect to the console of the 
remote machine, I believe it works like this:

C:> mstsc /v:SERVER /console

Microsoft Windows XP - Mstsc
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/ts_cmd_mstsc.mspx

Not sure if it works the same in connecting to an XP desktop, all I can do is 
suggest you try it out.

> In an attempt to cut costs, Dameware is slowly approaching the 
> proverbial chopping block.

UltraVNC works perfectly for me.

--
Angus Scott-Fleming
GeoApps, Tucson, Arizona
1-520-290-5038
+---+




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Vipre blocking access to "hosts" file???

2010-02-18 Thread Angus Scott-Fleming 
On 18 Feb 2010 at 13:07, HELP_PC  wrote:

> I think a stupid heuristic detection by VIPRE. Malware many times inject the
> host file with 127.0.0.0 and a bounce of legitimate security sites 

Yep, happened to me at home too.  My VIPRE nuked my HOSTS file but I just 
restored from the latest backup that Spybot S&D makes every time it updates the 
file.  File has been left alone since then.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: What is the latest version of RDP client for Win7?

2010-02-18 Thread Michael B. Smith 
As Bob said, IPv6 is the party line at Microsoft. They've made large 
investments in rewriting the IP protocol stack and in the support of 6to4 and 
Teredo client/server/relay. They seem to be anticipating that clients will need 
to be fully using IPv6 before current products are obsolescent. Some new 
features and functionality are dependent on IPv6.

In terms of documentation - 2008 R2/Win7/everything-else-in-the-2010-wave are 
new. KB and technet articles are still being developed. The 2007-wave of 
products experienced relatively poor adoption (no secrets there!) due primarily 
(IMO and only IMO) to the fact that the client and partner ecosystems were not 
yet ready for x64 and the lack of "gotta-have features".

So...new things are being learned all the time. Who knows what might yet be 
published?

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Steven M. Caesare [mailto:scaes...@caesare.com]
Sent: Thursday, February 18, 2010 8:52 PM
To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

I'll probably no longer do so either, but I've run Windows without protocol 
stacks installed/bound previously, and if there's a dependency, I'd like to see 
it documented.

Otherwise there shouldn't be a checkbox next to the protocol that makes it just 
as easy to disable as File and Print sharing, which you can disable with 
relative impunity.

-sc

From: Free, Bob [mailto:r...@pge.com]
Sent: Thursday, February 18, 2010 8:41 PM
To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

I think that's expected as it's the party line from a Microsoft Techwriter. I 
believe it gets the point across. With what I heard from the PFE that I can't 
elaborate on, what Michael alluded and a few other cases I've heard of I'm not 
going to risk disabling it on my servers. It's not worth it.

From: Steven M. Caesare [mailto:scaes...@caesare.com]
Sent: Thursday, February 18, 2010 4:12 PM
To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

That's unfortunately nebulous.

-sc

From: Free, Bob [mailto:r...@pge.com]
Sent: Thursday, February 18, 2010 4:24 PM
To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

The Argument against Disabling IPv6
It is unfortunate that some organizations disable IPv6 on their computers 
running Windows Vista or Windows Server 2008, where it is installed and enabled 
by default. Many disable IPv6-based on the assumption that they are not running 
any applications or services that use it. Others might disable it because of a 
misperception that having both IPv4 and IPv6 enabled effectively doubles their 
DNS and Web traffic. This is not true.

>From Microsoft's perspective, IPv6 is a mandatory part of the Windows 
>operating system and it is enabled and included in standard Windows service 
>and application testing during the operating system development process. 
>Because Windows was designed specifically with IPv6 present, Microsoft does 
>not perform any testing to determine the effects of disabling IPv6. If IPv6 is 
>disabled on Windows Vista, Windows Server 2008, or later versions, some 
>components will not function. Moreover, applications that you might not think 
>are using IPv6-such as Remote Assistance, HomeGroup, DirectAccess, and Windows 
>Mail-could be.

Therefore, Microsoft recommends that you leave IPv6 enabled, even if you do not 
have an IPv6-enabled network, either native or tunneled. By leaving IPv6 
enabled, you do not disable IPv6-only applications and services (for example, 
HomeGroup in Windows 7 and DirectAccess in Windows 7 and Windows Server 2008 R2 
are IPv6-only) and your hosts can take advantage of IPv6-enhanced connectivity.

http://207.46.16.252/en-us/magazine/2009.07.cableguy.aspx



From: Steven M. Caesare [mailto:scaes...@caesare.com]
Sent: Thursday, February 18, 2010 1:05 PM
To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

I've had IPv6 disabled on several Win2K8 servers as well without problem as far 
as I can tell also.

-sc

From: Carl Houseman [mailto:c.house...@gmail.com]
Sent: Thursday, February 18, 2010 3:04 PM
To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

I've had IPV6 disabled on Vista since forever and have never had any issues 
talking to my WSUS server.

More than likely "they" had something else going on and accidentally fixed it 
at the same time they re-enabled IPV6.

Carl

From: Jon Harris [mailto:jk.har...@gmail.com]
Sent: Thursday, February 18, 2010 3:00 PM
To: NT System Admin Issues
Subject: Re: What is the latest version of RDP client for Win7?

I would add Vista and 7 as well but I have not done a lot of testing on that 
issue.  I know some of the products like WSUS were having an issue with Vista 
clients not having IP6 turned on.  I don't remember what the issue was b

RE: Synchronous RDP Session Monitoring.

2010-02-18 Thread James Hill 
Remote Assistance or Remote Control (via SCCM) are the only two options I’m 
aware of (without using a non Microsoft product).

From: Harry Singh [mailto:hbo...@gmail.com]
Sent: Friday, 19 February 2010 11:51 AM
To: NT System Admin Issues
Subject: Synchronous RDP Session Monitoring.

Forgive my ignorance, but I've been a Dameware user for over 6 years and I have 
a very simple query for RDP users out there. Dameware, as does VNC, allows you 
to connect to a desktop synchronously so you can see the user's actual Desktop 
as it appears for them -- is that an option while using RDP ? if yes,  how 
would i get that done ?

In an attempt to cut costs, Dameware is slowly approaching the proverbial 
chopping block.


Harry.





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: What is the latest version of RDP client for Win7?

2010-02-18 Thread Steven M. Caesare 
I'll give you a dollar if you can tell me what NetBEUI stands for without 
looking it up.

I'll double that if you can tell me the code name for MS's Gateway Services for 
NetWare was while under development.

And if you cheat and look em up u r l...@m3.

-sc

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Thursday, February 18, 2010 9:58 PM
To: NT System Admin Issues
Subject: Re: What is the latest version of RDP client for Win7?

Weren't you still on NetBEUI just last week?

Heh.

On Thu, Feb 18, 2010 at 17:52, Steven M. Caesare  wrote:
> I’ll probably no longer do so either, but I’ve run Windows without 
> protocol stacks installed/bound previously, and if there’s a 
> dependency, I’d like to see it documented.
>
>
>
> Otherwise there shouldn’t be a checkbox next to the protocol that 
> makes it just as easy to disable as File and Print sharing, which you 
> can disable with relative impunity.
>
>
>
> -sc
>
>
>
> From: Free, Bob [mailto:r...@pge.com]
> Sent: Thursday, February 18, 2010 8:41 PM
> To: NT System Admin Issues
> Subject: RE: What is the latest version of RDP client for Win7?
>
>
>
> I think that’s expected as it’s the party line from a Microsoft Techwriter.
> I believe it gets the point across. With what I heard from the PFE 
> that I can’t elaborate on, what Michael alluded and a few other cases 
> I’ve heard of I’m not going to risk disabling it on my servers. It’s not 
> worth it.
>
>
>
> From: Steven M. Caesare [mailto:scaes...@caesare.com]
> Sent: Thursday, February 18, 2010 4:12 PM
> To: NT System Admin Issues
> Subject: RE: What is the latest version of RDP client for Win7?
>
>
>
> That’s unfortunately nebulous.
>
>
>
> -sc
>
>
>
> From: Free, Bob [mailto:r...@pge.com]
> Sent: Thursday, February 18, 2010 4:24 PM
> To: NT System Admin Issues
> Subject: RE: What is the latest version of RDP client for Win7?
>
>
>
> The Argument against Disabling IPv6
>
> It is unfortunate that some organizations disable IPv6 on their 
> computers running Windows Vista or Windows Server 2008, where it is 
> installed and enabled by default. Many disable IPv6-based on the 
> assumption that they are not running any applications or services that 
> use it. Others might disable it because of a misperception that having 
> both IPv4 and IPv6 enabled effectively doubles their DNS and Web traffic. 
> This is not true.
>
>
>
> From Microsoft's perspective, IPv6 is a mandatory part of the Windows 
> operating system and it is enabled and included in standard Windows 
> service and application testing during the operating system development 
> process.
> Because Windows was designed specifically with IPv6 present, Microsoft 
> does not perform any testing to determine the effects of disabling 
> IPv6. If IPv6 is disabled on Windows Vista, Windows Server 2008, or 
> later versions, some components will not function. Moreover, 
> applications that you might not think are using IPv6—such as Remote 
> Assistance, HomeGroup, DirectAccess, and Windows Mail—could be.
>
>
>
> Therefore, Microsoft recommends that you leave IPv6 enabled, even if 
> you do not have an IPv6-enabled network, either native or tunneled. By 
> leaving IPv6 enabled, you do not disable IPv6-only applications and 
> services (for example, HomeGroup in Windows 7 and DirectAccess in 
> Windows 7 and Windows Server 2008 R2 are IPv6-only) and your hosts can 
> take advantage of IPv6-enhanced connectivity.
>
>
>
> http://207.46.16.252/en-us/magazine/2009.07.cableguy.aspx
>
>
>
>
>
>
>
> From: Steven M. Caesare [mailto:scaes...@caesare.com]
> Sent: Thursday, February 18, 2010 1:05 PM
> To: NT System Admin Issues
> Subject: RE: What is the latest version of RDP client for Win7?
>
>
>
> I’ve had IPv6 disabled on several Win2K8 servers as well without 
> problem as far as I can tell also.
>
>
>
> -sc
>
>
>
> From: Carl Houseman [mailto:c.house...@gmail.com]
> Sent: Thursday, February 18, 2010 3:04 PM
> To: NT System Admin Issues
> Subject: RE: What is the latest version of RDP client for Win7?
>
>
>
> I've had IPV6 disabled on Vista since forever and have never had any 
> issues talking to my WSUS server.
>
>
>
> More than likely "they" had something else going on and accidentally 
> fixed it at the same time they re-enabled IPV6.
>
>
>
> Carl
>
>
>
> From: Jon Harris [mailto:jk.har...@gmail.com]
> Sent: Thursday, February 18, 2010 3:00 PM
> To: NT System Admin Issues
> Subject: Re: What is the latest version of RDP client for Win7?
>
>
>
> I would add Vista and 7 as well but I have not done a lot of testing 
> on that issue.  I know some of the products like WSUS were having an 
> issue with Vista clients not having IP6 turned on.  I don't remember 
> what the issue was but they had problems connecting reliably to the server.
>
>
>
> Jon
>
> On Thu, Feb 18, 2010 at 2:36 PM, Free, Bob  wrote:
>
> Yes bad on any 2008 server
>
>
>
> From: Sam Cayze [mailto:sam.ca...@rollouts.com]
> Sent: Thursday, February 18, 2010 6:15 AM
>
>

Re: What is the latest version of RDP client for Win7?

2010-02-18 Thread Kurt Buff 
Weren't you still on NetBEUI just last week?

Heh.

On Thu, Feb 18, 2010 at 17:52, Steven M. Caesare  wrote:
> I’ll probably no longer do so either, but I’ve run Windows without protocol
> stacks installed/bound previously, and if there’s a dependency, I’d like to
> see it documented.
>
>
>
> Otherwise there shouldn’t be a checkbox next to the protocol that makes it
> just as easy to disable as File and Print sharing, which you can disable
> with relative impunity.
>
>
>
> -sc
>
>
>
> From: Free, Bob [mailto:r...@pge.com]
> Sent: Thursday, February 18, 2010 8:41 PM
> To: NT System Admin Issues
> Subject: RE: What is the latest version of RDP client for Win7?
>
>
>
> I think that’s expected as it’s the party line from a Microsoft Techwriter.
> I believe it gets the point across. With what I heard from the PFE that I
> can’t elaborate on, what Michael alluded and a few other cases I’ve heard of
> I’m not going to risk disabling it on my servers. It’s not worth it.
>
>
>
> From: Steven M. Caesare [mailto:scaes...@caesare.com]
> Sent: Thursday, February 18, 2010 4:12 PM
> To: NT System Admin Issues
> Subject: RE: What is the latest version of RDP client for Win7?
>
>
>
> That’s unfortunately nebulous.
>
>
>
> -sc
>
>
>
> From: Free, Bob [mailto:r...@pge.com]
> Sent: Thursday, February 18, 2010 4:24 PM
> To: NT System Admin Issues
> Subject: RE: What is the latest version of RDP client for Win7?
>
>
>
> The Argument against Disabling IPv6
>
> It is unfortunate that some organizations disable IPv6 on their computers
> running Windows Vista or Windows Server 2008, where it is installed and
> enabled by default. Many disable IPv6-based on the assumption that they are
> not running any applications or services that use it. Others might disable
> it because of a misperception that having both IPv4 and IPv6 enabled
> effectively doubles their DNS and Web traffic. This is not true.
>
>
>
> From Microsoft's perspective, IPv6 is a mandatory part of the Windows
> operating system and it is enabled and included in standard Windows service
> and application testing during the operating system development process.
> Because Windows was designed specifically with IPv6 present, Microsoft does
> not perform any testing to determine the effects of disabling IPv6. If IPv6
> is disabled on Windows Vista, Windows Server 2008, or later versions, some
> components will not function. Moreover, applications that you might not
> think are using IPv6—such as Remote Assistance, HomeGroup, DirectAccess, and
> Windows Mail—could be.
>
>
>
> Therefore, Microsoft recommends that you leave IPv6 enabled, even if you do
> not have an IPv6-enabled network, either native or tunneled. By leaving IPv6
> enabled, you do not disable IPv6-only applications and services (for
> example, HomeGroup in Windows 7 and DirectAccess in Windows 7 and Windows
> Server 2008 R2 are IPv6-only) and your hosts can take advantage of
> IPv6-enhanced connectivity.
>
>
>
> http://207.46.16.252/en-us/magazine/2009.07.cableguy.aspx
>
>
>
>
>
>
>
> From: Steven M. Caesare [mailto:scaes...@caesare.com]
> Sent: Thursday, February 18, 2010 1:05 PM
> To: NT System Admin Issues
> Subject: RE: What is the latest version of RDP client for Win7?
>
>
>
> I’ve had IPv6 disabled on several Win2K8 servers as well without problem as
> far as I can tell also.
>
>
>
> -sc
>
>
>
> From: Carl Houseman [mailto:c.house...@gmail.com]
> Sent: Thursday, February 18, 2010 3:04 PM
> To: NT System Admin Issues
> Subject: RE: What is the latest version of RDP client for Win7?
>
>
>
> I've had IPV6 disabled on Vista since forever and have never had any issues
> talking to my WSUS server.
>
>
>
> More than likely "they" had something else going on and accidentally fixed
> it at the same time they re-enabled IPV6.
>
>
>
> Carl
>
>
>
> From: Jon Harris [mailto:jk.har...@gmail.com]
> Sent: Thursday, February 18, 2010 3:00 PM
> To: NT System Admin Issues
> Subject: Re: What is the latest version of RDP client for Win7?
>
>
>
> I would add Vista and 7 as well but I have not done a lot of testing on that
> issue.  I know some of the products like WSUS were having an issue with
> Vista clients not having IP6 turned on.  I don't remember what the issue was
> but they had problems connecting reliably to the server.
>
>
>
> Jon
>
> On Thu, Feb 18, 2010 at 2:36 PM, Free, Bob  wrote:
>
> Yes bad on any 2008 server
>
>
>
> From: Sam Cayze [mailto:sam.ca...@rollouts.com]
> Sent: Thursday, February 18, 2010 6:15 AM
>
> To: NT System Admin Issues
> Subject: RE: What is the latest version of RDP client for Win7?
>
>
>
> Can you answer this:  Is it bad to do it on any 2008 machine, or just a 2008
> machine that will host Exchange?
>
>
>
> From: Michael B. Smith [mailto:mich...@smithcons.com]
> Sent: Thursday, February 18, 2010 7:22 AM
>
> To: NT System Admin Issues
> Subject: RE: What is the latest version of RDP client for Win7?
>
>
>
> There are known problems with doing so. And, unfortunately, before you ask
> me wh

Re: IM raises its ugly head again...

2010-02-18 Thread Kurt Buff 
Thank you sir. You obviously have a much bigger user population than we do.

On Thu, Feb 18, 2010 at 17:17, Free, Bob  wrote:
> Akonix.
>
> I don't know much about it, it was selected by the InfoSec folks to meet 
> audit requirements, there are several (4 I think) of them in some kind of HA 
> load balanced configuration.
>
> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Thursday, February 18, 2010 4:41 PM
> To: NT System Admin Issues
> Subject: Re: IM raises its ugly head again...
>
> That's pretty sweet. Care to name the appliance?
>
> On Thu, Feb 18, 2010 at 15:57, Free, Bob  wrote:
>> We support only the most basic IM services from the 3 major players' thick 
>> clients, web services or 3rd party clients won't work. IM traffic all goes 
>> through an appliance and is 100% logged, reviewed, archived etc. The 
>> solution ties to AD account of the logged in user same as the web proxy. 
>> Works in conjunction with the web proxy to deny any rouge P2P apps etc
>>
>> Nothing like video, music streaming, file xfer is allowed, just basic IM 
>> text service. It has a workflow for reviewing and auditing instant messaging 
>> conversations and demonstrating compliance to regulatory agencies.
>>
>> One cool thing is that it keeps all internal communications inside our 
>> network even if it is between different external providers.
>>
>>
>> -Original Message-
>> From: Kurt Buff [mailto:kurt.b...@gmail.com]
>> Sent: Thursday, February 18, 2010 12:44 PM
>> To: NT System Admin Issues
>> Subject: IM raises its ugly head again...
>>
>> Anyone out there care to share their policy and (very) general
>> implementation info on IM and personal video conferencing usage?
>>
>> Does your company, for instance, allow users to install and use any of
>> the major consumer IM/video apps and communicate directly to the major
>> public IM/video providers such as MSN, AOL, Yahoo! and Google?
>>
>> If your company does allow it, what does the company consider to be
>> the cost/benefit tradeoff WRT security and not using a centralized
>> IM/video server with gateways to public IM/video services?
>>
>> Also, what security concerns were looked at before implementation and
>> what measures, if any, were taken to mitigate them?
>>
>> If direct access to public IM/video services isn't allowed, is an
>> IM/video service provided for business purposes, and if so, what are
>> you using - MSFT OCS, or Openfire, or something else?
>>
>> If you can't comment on-list, but don't mind doing so off-list, I'd
>> certainly appreciate it.
>>
>> Kurt
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: What is the latest version of RDP client for Win7?

2010-02-18 Thread Steven M. Caesare 
I'll probably no longer do so either, but I've run Windows without
protocol stacks installed/bound previously, and if there's a dependency,
I'd like to see it documented.

 

Otherwise there shouldn't be a checkbox next to the protocol that makes
it just as easy to disable as File and Print sharing, which you can
disable with relative impunity.

 

-sc

 

From: Free, Bob [mailto:r...@pge.com] 
Sent: Thursday, February 18, 2010 8:41 PM
To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

I think that's expected as it's the party line from a Microsoft
Techwriter. I believe it gets the point across. With what I heard from
the PFE that I can't elaborate on, what Michael alluded and a few other
cases I've heard of I'm not going to risk disabling it on my servers.
It's not worth it.

 

From: Steven M. Caesare [mailto:scaes...@caesare.com] 
Sent: Thursday, February 18, 2010 4:12 PM
To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

That's unfortunately nebulous.

 

-sc

 

From: Free, Bob [mailto:r...@pge.com] 
Sent: Thursday, February 18, 2010 4:24 PM
To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

The Argument against Disabling IPv6

It is unfortunate that some organizations disable IPv6 on their
computers running Windows Vista or Windows Server 2008, where it is
installed and enabled by default. Many disable IPv6-based on the
assumption that they are not running any applications or services that
use it. Others might disable it because of a misperception that having
both IPv4 and IPv6 enabled effectively doubles their DNS and Web
traffic. This is not true.

 

>From Microsoft's perspective, IPv6 is a mandatory part of the Windows
operating system and it is enabled and included in standard Windows
service and application testing during the operating system development
process. Because Windows was designed specifically with IPv6 present,
Microsoft does not perform any testing to determine the effects of
disabling IPv6. If IPv6 is disabled on Windows Vista, Windows Server
2008, or later versions, some components will not function. Moreover,
applications that you might not think are using IPv6-such as Remote
Assistance, HomeGroup, DirectAccess, and Windows Mail-could be.

 

Therefore, Microsoft recommends that you leave IPv6 enabled, even if you
do not have an IPv6-enabled network, either native or tunneled. By
leaving IPv6 enabled, you do not disable IPv6-only applications and
services (for example, HomeGroup in Windows 7 and DirectAccess in
Windows 7 and Windows Server 2008 R2 are IPv6-only) and your hosts can
take advantage of IPv6-enhanced connectivity.

 

http://207.46.16.252/en-us/magazine/2009.07.cableguy.aspx

 

 

 

From: Steven M. Caesare [mailto:scaes...@caesare.com] 
Sent: Thursday, February 18, 2010 1:05 PM
To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

I've had IPv6 disabled on several Win2K8 servers as well without problem
as far as I can tell also.

 

-sc

 

From: Carl Houseman [mailto:c.house...@gmail.com] 
Sent: Thursday, February 18, 2010 3:04 PM
To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

I've had IPV6 disabled on Vista since forever and have never had any
issues talking to my WSUS server.

 

More than likely "they" had something else going on and accidentally
fixed it at the same time they re-enabled IPV6.

 

Carl

 

From: Jon Harris [mailto:jk.har...@gmail.com] 
Sent: Thursday, February 18, 2010 3:00 PM
To: NT System Admin Issues
Subject: Re: What is the latest version of RDP client for Win7?

 

I would add Vista and 7 as well but I have not done a lot of testing on
that issue.  I know some of the products like WSUS were having an issue
with Vista clients not having IP6 turned on.  I don't remember what the
issue was but they had problems connecting reliably to the server.

 

Jon

On Thu, Feb 18, 2010 at 2:36 PM, Free, Bob  wrote:

Yes bad on any 2008 server

 

From: Sam Cayze [mailto:sam.ca...@rollouts.com] 
Sent: Thursday, February 18, 2010 6:15 AM 


To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

Can you answer this:  Is it bad to do it on any 2008 machine, or just a
2008 machine that will host Exchange?

 

From: Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: Thursday, February 18, 2010 7:22 AM 


To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

There are known problems with doing so. And, unfortunately, before you
ask me what they are - I'm not allowed to say.

 

Regards,

 

Michael B. Smith

Consultant and Exchange MVP

http://TheEssentialExchange.com

 

From: Sam Cayze [mailto:sam.ca...@rollouts.com] 
Sent: Thursday, February 18, 2010 8:18 AM 


To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

Ok

Synchronous RDP Session Monitoring.

2010-02-18 Thread Harry Singh 
Forgive my ignorance, but I've been a Dameware user for over 6 years and I
have a very simple query for RDP users out there. Dameware, as does VNC,
allows you to connect to a desktop synchronously so you can see the user's
actual Desktop as it appears for them -- is that an option while using RDP ?
if yes,  how would i get that done ?

In an attempt to cut costs, Dameware is slowly approaching the proverbial
chopping block.


Harry.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: What is the latest version of RDP client for Win7?

2010-02-18 Thread Free, Bob 
I think that's expected as it's the party line from a Microsoft
Techwriter. I believe it gets the point across. With what I heard from
the PFE that I can't elaborate on, what Michael alluded and a few other
cases I've heard of I'm not going to risk disabling it on my servers.
It's not worth it.

 

From: Steven M. Caesare [mailto:scaes...@caesare.com] 
Sent: Thursday, February 18, 2010 4:12 PM
To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

That's unfortunately nebulous.

 

-sc

 

From: Free, Bob [mailto:r...@pge.com] 
Sent: Thursday, February 18, 2010 4:24 PM
To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

The Argument against Disabling IPv6

It is unfortunate that some organizations disable IPv6 on their
computers running Windows Vista or Windows Server 2008, where it is
installed and enabled by default. Many disable IPv6-based on the
assumption that they are not running any applications or services that
use it. Others might disable it because of a misperception that having
both IPv4 and IPv6 enabled effectively doubles their DNS and Web
traffic. This is not true.

 

>From Microsoft's perspective, IPv6 is a mandatory part of the Windows
operating system and it is enabled and included in standard Windows
service and application testing during the operating system development
process. Because Windows was designed specifically with IPv6 present,
Microsoft does not perform any testing to determine the effects of
disabling IPv6. If IPv6 is disabled on Windows Vista, Windows Server
2008, or later versions, some components will not function. Moreover,
applications that you might not think are using IPv6-such as Remote
Assistance, HomeGroup, DirectAccess, and Windows Mail-could be.

 

Therefore, Microsoft recommends that you leave IPv6 enabled, even if you
do not have an IPv6-enabled network, either native or tunneled. By
leaving IPv6 enabled, you do not disable IPv6-only applications and
services (for example, HomeGroup in Windows 7 and DirectAccess in
Windows 7 and Windows Server 2008 R2 are IPv6-only) and your hosts can
take advantage of IPv6-enhanced connectivity.

 

http://207.46.16.252/en-us/magazine/2009.07.cableguy.aspx

 

 

 

From: Steven M. Caesare [mailto:scaes...@caesare.com] 
Sent: Thursday, February 18, 2010 1:05 PM
To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

I've had IPv6 disabled on several Win2K8 servers as well without problem
as far as I can tell also.

 

-sc

 

From: Carl Houseman [mailto:c.house...@gmail.com] 
Sent: Thursday, February 18, 2010 3:04 PM
To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

I've had IPV6 disabled on Vista since forever and have never had any
issues talking to my WSUS server.

 

More than likely "they" had something else going on and accidentally
fixed it at the same time they re-enabled IPV6.

 

Carl

 

From: Jon Harris [mailto:jk.har...@gmail.com] 
Sent: Thursday, February 18, 2010 3:00 PM
To: NT System Admin Issues
Subject: Re: What is the latest version of RDP client for Win7?

 

I would add Vista and 7 as well but I have not done a lot of testing on
that issue.  I know some of the products like WSUS were having an issue
with Vista clients not having IP6 turned on.  I don't remember what the
issue was but they had problems connecting reliably to the server.

 

Jon

On Thu, Feb 18, 2010 at 2:36 PM, Free, Bob  wrote:

Yes bad on any 2008 server

 

From: Sam Cayze [mailto:sam.ca...@rollouts.com] 
Sent: Thursday, February 18, 2010 6:15 AM 


To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

Can you answer this:  Is it bad to do it on any 2008 machine, or just a
2008 machine that will host Exchange?

 

From: Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: Thursday, February 18, 2010 7:22 AM 


To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

There are known problems with doing so. And, unfortunately, before you
ask me what they are - I'm not allowed to say.

 

Regards,

 

Michael B. Smith

Consultant and Exchange MVP

http://TheEssentialExchange.com

 

From: Sam Cayze [mailto:sam.ca...@rollouts.com] 
Sent: Thursday, February 18, 2010 8:18 AM 


To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

Ok!  I'll try to find it again.

 

Curious though, as to why it's such a bad idea...

 

From: Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: Thursday, February 18, 2010 6:15 AM 


To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

Sam -

 

DON'T DO THAT.  Dramatic enough? :-)

 

And like Carl asked, I'm interested to know where you read it. 'Cuz I'll
try to get it fixed.

 

Regards,

 

Michael B. Smith

Consultant and Exchange MVP

http://TheEssentialExchange.com

RE: Problems with Google Buzz

2010-02-18 Thread Steven M. Caesare 
It's harder to "not be evil" with that many people turning cranks.

-sc

-Original Message-
From: Andrew S. Baker [mailto:asbz...@gmail.com] 
Sent: Thursday, February 18, 2010 5:56 PM
To: NT System Admin Issues
Subject: Re: Problems with Google Buzz

Google has to get it together in short order.   They have too much going on 
right now. 

--Original Message--
From: Joseph Heaton
To: NT Issues
ReplyTo: NT Issues
Subject: Problems with Google Buzz
Sent: Feb 18, 2010 5:17 PM

http://www.darkreading.com/security/privacy/showArticle.jhtml?articleID=222900689


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~



 
-ASB: http://xeesm.com/AndrewBaker
 Sent from my Verizon Smartphone
~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: IM raises its ugly head again...

2010-02-18 Thread Free, Bob 
Akonix. 

I don't know much about it, it was selected by the InfoSec folks to meet audit 
requirements, there are several (4 I think) of them in some kind of HA load 
balanced configuration.

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Thursday, February 18, 2010 4:41 PM
To: NT System Admin Issues
Subject: Re: IM raises its ugly head again...

That's pretty sweet. Care to name the appliance?

On Thu, Feb 18, 2010 at 15:57, Free, Bob  wrote:
> We support only the most basic IM services from the 3 major players' thick 
> clients, web services or 3rd party clients won't work. IM traffic all goes 
> through an appliance and is 100% logged, reviewed, archived etc. The solution 
> ties to AD account of the logged in user same as the web proxy. Works in 
> conjunction with the web proxy to deny any rouge P2P apps etc
>
> Nothing like video, music streaming, file xfer is allowed, just basic IM text 
> service. It has a workflow for reviewing and auditing instant messaging 
> conversations and demonstrating compliance to regulatory agencies.
>
> One cool thing is that it keeps all internal communications inside our 
> network even if it is between different external providers.
>
>
> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Thursday, February 18, 2010 12:44 PM
> To: NT System Admin Issues
> Subject: IM raises its ugly head again...
>
> Anyone out there care to share their policy and (very) general
> implementation info on IM and personal video conferencing usage?
>
> Does your company, for instance, allow users to install and use any of
> the major consumer IM/video apps and communicate directly to the major
> public IM/video providers such as MSN, AOL, Yahoo! and Google?
>
> If your company does allow it, what does the company consider to be
> the cost/benefit tradeoff WRT security and not using a centralized
> IM/video server with gateways to public IM/video services?
>
> Also, what security concerns were looked at before implementation and
> what measures, if any, were taken to mitigate them?
>
> If direct access to public IM/video services isn't allowed, is an
> IM/video service provided for business purposes, and if so, what are
> you using - MSFT OCS, or Openfire, or something else?
>
> If you can't comment on-list, but don't mind doing so off-list, I'd
> certainly appreciate it.
>
> Kurt
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: IM raises its ugly head again...

2010-02-18 Thread Mike Gill 
Care to run down a little on how you deployed it? I'm thinking of AD
integration, auto-populated contact lists, friendly screen names, SSO, etc.
I'm looking at Soapbox right now but haven't pulled the trigger yet.

http://www.coversant.net/product/communicator-overview.aspx

-- 
Mike Gill


-Original Message-
From: Andy Ognenoff [mailto:andyognen...@gmail.com] 
Sent: Thursday, February 18, 2010 1:39 PM
To: NT System Admin Issues
Subject: RE: IM raises its ugly head again...

We implemented Openfire in March for internal communication and the business
LOVES it. It's got a plugin for message archival. We use Pidgin as the
client (with all the protocols besides xmpp removed - just remove the dlls).
We tried Spark as the client for a while but the resource usage was crazy
(90+ MB at times, whereas Pidgin hovers around 16 MB).

 - Andy O.

>-Original Message-
>From: Kurt Buff [mailto:kurt.b...@gmail.com]
>Sent: Thursday, February 18, 2010 2:44 PM
>To: NT System Admin Issues
>Subject: IM raises its ugly head again...
>
>Anyone out there care to share their policy and (very) general
>implementation info on IM and personal video conferencing usage?
>
>Does your company, for instance, allow users to install and use any of
>the major consumer IM/video apps and communicate directly to the major
>public IM/video providers such as MSN, AOL, Yahoo! and Google?
>
>If your company does allow it, what does the company consider to be
>the cost/benefit tradeoff WRT security and not using a centralized
>IM/video server with gateways to public IM/video services?
>
>Also, what security concerns were looked at before implementation and
>what measures, if any, were taken to mitigate them?
>
>If direct access to public IM/video services isn't allowed, is an
>IM/video service provided for business purposes, and if so, what are
>you using - MSFT OCS, or Openfire, or something else?
>
>If you can't comment on-list, but don't mind doing so off-list, I'd
>certainly appreciate it.
>
>Kurt
>
>~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Problems with Google Buzz

2010-02-18 Thread Jon Harris 
Thanks guys I had Buzz turned off or at least it was not showing.  I just
checked and it was still logging information so I disabled it.  What a PITA
what gives at least Facebook et. al. gives you warnings or options up front
of what they are doing.

Jon

On Thu, Feb 18, 2010 at 5:55 PM, Andrew S. Baker  wrote:

> Google has to get it together in short order.   They have too much going on
> right now.
>
> --Original Message--
> From: Joseph Heaton
> To: NT Issues
> ReplyTo: NT Issues
> Subject: Problems with Google Buzz
> Sent: Feb 18, 2010 5:17 PM
>
>
> http://www.darkreading.com/security/privacy/showArticle.jhtml?articleID=222900689
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>
>
>
> -ASB: http://xeesm.com/AndrewBaker
>  Sent from my Verizon Smartphone
>  ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: IM raises its ugly head again...

2010-02-18 Thread Kurt Buff 
That's pretty sweet. Care to name the appliance?

On Thu, Feb 18, 2010 at 15:57, Free, Bob  wrote:
> We support only the most basic IM services from the 3 major players' thick 
> clients, web services or 3rd party clients won't work. IM traffic all goes 
> through an appliance and is 100% logged, reviewed, archived etc. The solution 
> ties to AD account of the logged in user same as the web proxy. Works in 
> conjunction with the web proxy to deny any rouge P2P apps etc
>
> Nothing like video, music streaming, file xfer is allowed, just basic IM text 
> service. It has a workflow for reviewing and auditing instant messaging 
> conversations and demonstrating compliance to regulatory agencies.
>
> One cool thing is that it keeps all internal communications inside our 
> network even if it is between different external providers.
>
>
> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Thursday, February 18, 2010 12:44 PM
> To: NT System Admin Issues
> Subject: IM raises its ugly head again...
>
> Anyone out there care to share their policy and (very) general
> implementation info on IM and personal video conferencing usage?
>
> Does your company, for instance, allow users to install and use any of
> the major consumer IM/video apps and communicate directly to the major
> public IM/video providers such as MSN, AOL, Yahoo! and Google?
>
> If your company does allow it, what does the company consider to be
> the cost/benefit tradeoff WRT security and not using a centralized
> IM/video server with gateways to public IM/video services?
>
> Also, what security concerns were looked at before implementation and
> what measures, if any, were taken to mitigate them?
>
> If direct access to public IM/video services isn't allowed, is an
> IM/video service provided for business purposes, and if so, what are
> you using - MSFT OCS, or Openfire, or something else?
>
> If you can't comment on-list, but don't mind doing so off-list, I'd
> certainly appreciate it.
>
> Kurt
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: What is the latest version of RDP client for Win7?

2010-02-18 Thread Steven M. Caesare 
That's unfortunately nebulous.

 

-sc

 

From: Free, Bob [mailto:r...@pge.com] 
Sent: Thursday, February 18, 2010 4:24 PM
To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

The Argument against Disabling IPv6

It is unfortunate that some organizations disable IPv6 on their
computers running Windows Vista or Windows Server 2008, where it is
installed and enabled by default. Many disable IPv6-based on the
assumption that they are not running any applications or services that
use it. Others might disable it because of a misperception that having
both IPv4 and IPv6 enabled effectively doubles their DNS and Web
traffic. This is not true.

 

>From Microsoft's perspective, IPv6 is a mandatory part of the Windows
operating system and it is enabled and included in standard Windows
service and application testing during the operating system development
process. Because Windows was designed specifically with IPv6 present,
Microsoft does not perform any testing to determine the effects of
disabling IPv6. If IPv6 is disabled on Windows Vista, Windows Server
2008, or later versions, some components will not function. Moreover,
applications that you might not think are using IPv6-such as Remote
Assistance, HomeGroup, DirectAccess, and Windows Mail-could be.

 

Therefore, Microsoft recommends that you leave IPv6 enabled, even if you
do not have an IPv6-enabled network, either native or tunneled. By
leaving IPv6 enabled, you do not disable IPv6-only applications and
services (for example, HomeGroup in Windows 7 and DirectAccess in
Windows 7 and Windows Server 2008 R2 are IPv6-only) and your hosts can
take advantage of IPv6-enhanced connectivity.

 

http://207.46.16.252/en-us/magazine/2009.07.cableguy.aspx

 

 

 

From: Steven M. Caesare [mailto:scaes...@caesare.com] 
Sent: Thursday, February 18, 2010 1:05 PM
To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

I've had IPv6 disabled on several Win2K8 servers as well without problem
as far as I can tell also.

 

-sc

 

From: Carl Houseman [mailto:c.house...@gmail.com] 
Sent: Thursday, February 18, 2010 3:04 PM
To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

I've had IPV6 disabled on Vista since forever and have never had any
issues talking to my WSUS server.

 

More than likely "they" had something else going on and accidentally
fixed it at the same time they re-enabled IPV6.

 

Carl

 

From: Jon Harris [mailto:jk.har...@gmail.com] 
Sent: Thursday, February 18, 2010 3:00 PM
To: NT System Admin Issues
Subject: Re: What is the latest version of RDP client for Win7?

 

I would add Vista and 7 as well but I have not done a lot of testing on
that issue.  I know some of the products like WSUS were having an issue
with Vista clients not having IP6 turned on.  I don't remember what the
issue was but they had problems connecting reliably to the server.

 

Jon

On Thu, Feb 18, 2010 at 2:36 PM, Free, Bob  wrote:

Yes bad on any 2008 server

 

From: Sam Cayze [mailto:sam.ca...@rollouts.com] 
Sent: Thursday, February 18, 2010 6:15 AM 


To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

Can you answer this:  Is it bad to do it on any 2008 machine, or just a
2008 machine that will host Exchange?

 

From: Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: Thursday, February 18, 2010 7:22 AM 


To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

There are known problems with doing so. And, unfortunately, before you
ask me what they are - I'm not allowed to say.

 

Regards,

 

Michael B. Smith

Consultant and Exchange MVP

http://TheEssentialExchange.com

 

From: Sam Cayze [mailto:sam.ca...@rollouts.com] 
Sent: Thursday, February 18, 2010 8:18 AM 


To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

Ok!  I'll try to find it again.

 

Curious though, as to why it's such a bad idea...

 

From: Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: Thursday, February 18, 2010 6:15 AM 


To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

Sam -

 

DON'T DO THAT.  Dramatic enough? :-)

 

And like Carl asked, I'm interested to know where you read it. 'Cuz I'll
try to get it fixed.

 

Regards,

 

Michael B. Smith

Consultant and Exchange MVP

http://TheEssentialExchange.com  

 

From: Carl Houseman [mailto:c.house...@gmail.com] 
Sent: Wednesday, February 17, 2010 10:37 PM 


To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

Where'd you read that?

 

From: Sam Cayze [mailto:sam.ca...@rollouts.com] 
Sent: Wednesday, February 17, 2010 10:33 PM 


To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

IP6 is disabled on the NIC(s).   Something I read to

RE: IM raises its ugly head again...

2010-02-18 Thread Free, Bob 
We support only the most basic IM services from the 3 major players' thick 
clients, web services or 3rd party clients won't work. IM traffic all goes 
through an appliance and is 100% logged, reviewed, archived etc. The solution 
ties to AD account of the logged in user same as the web proxy. Works in 
conjunction with the web proxy to deny any rouge P2P apps etc 

Nothing like video, music streaming, file xfer is allowed, just basic IM text 
service. It has a workflow for reviewing and auditing instant messaging 
conversations and demonstrating compliance to regulatory agencies.

One cool thing is that it keeps all internal communications inside our network 
even if it is between different external providers.


-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Thursday, February 18, 2010 12:44 PM
To: NT System Admin Issues
Subject: IM raises its ugly head again...

Anyone out there care to share their policy and (very) general
implementation info on IM and personal video conferencing usage?

Does your company, for instance, allow users to install and use any of
the major consumer IM/video apps and communicate directly to the major
public IM/video providers such as MSN, AOL, Yahoo! and Google?

If your company does allow it, what does the company consider to be
the cost/benefit tradeoff WRT security and not using a centralized
IM/video server with gateways to public IM/video services?

Also, what security concerns were looked at before implementation and
what measures, if any, were taken to mitigate them?

If direct access to public IM/video services isn't allowed, is an
IM/video service provided for business purposes, and if so, what are
you using - MSFT OCS, or Openfire, or something else?

If you can't comment on-list, but don't mind doing so off-list, I'd
certainly appreciate it.

Kurt

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Problems with Google Buzz

2010-02-18 Thread Andrew S. Baker 
Google has to get it together in short order.   They have too much going on 
right now. 

--Original Message--
From: Joseph Heaton
To: NT Issues
ReplyTo: NT Issues
Subject: Problems with Google Buzz
Sent: Feb 18, 2010 5:17 PM

http://www.darkreading.com/security/privacy/showArticle.jhtml?articleID=222900689


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~



 
-ASB: http://xeesm.com/AndrewBaker
 Sent from my Verizon Smartphone
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Remote 2008 server management via script

2010-02-18 Thread Michael B. Smith 
I didn't understand that from your original post, sorry.

You can use a PowerShell remote session or psexec to do a "schtasks /run". Or a 
sanur for that matter. (Runas isn't going to work in an automated system since 
it prompts for a password.)

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Jeff Bunting [mailto:bunting.j...@gmail.com]
Sent: Thursday, February 18, 2010 5:19 PM
To: NT System Admin Issues
Subject: Re: Remote 2008 server management via script

Thanks for that suggestion Michael.  I hadn't poked around in 2008 scheduled 
tasks yet and see they've added a lot of new features.  I think the problem is 
that the script needs to execute whenever the backup server tells it to, rather 
than at a specified time.  I see that a task can be set to run on command, but 
wouldn't this also have to be executed locally too?  schtasks doesn't appear to 
have any remote options available.

Jeff
On Thu, Feb 18, 2010 at 4:57 PM, Michael B. Smith 
mailto:mich...@smithcons.com>> wrote:
You can set a script to "run with full permissions" in Scheduled Tasks.

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Jeff Bunting 
[mailto:bunting.j...@gmail.com]
Sent: Thursday, February 18, 2010 4:53 PM
To: NT System Admin Issues
Subject: Remote 2008 server management via script

Hi all, looking for the preferred method to execute a script against a 2008 
domain member with UAC enabled.

Details: backup folks have a script that executes on backup server that sends 
sc commands to stop some selected services.  This is giving "access denied" 
messages on the new 2008 server.  Is this possible to do without turning off 
UAC?  The only method I've been able to think of is to execute the script 
locally with runas/psexec/cmd (assuming this works under 2008; haven't tried 
yet).

Additional info: the backup service account is a local machine account (member 
of administrators) on the 2008 box; the backup server is a Windows 2003 member 
in a different domain.  The 2008 server is a member of a different 2003 mixed 
mode domain.

Thanks,
Jeff

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: IM raises its ugly head again...

2010-02-18 Thread Phillip Partipilo 
A point to consider in all of this... Now that the wireless carriers these days 
are touting smartphones to a much larger audience (not just us IT nerds), just 
about all of them can run IM apps (and IRC and so forth). Not so easy to leak 
data though.

 
Phillip Partipilo
Parametric Solutions Inc.
Jupiter, Florida
(561) 747-6107
 
 

-Original Message-
From: Cameron Cooper [mailto:ccoo...@aurico.com] 
Sent: Thursday, February 18, 2010 4:14 PM
To: NT System Admin Issues
Subject: RE: IM raises its ugly head again...

We don't allow IM on our network at all, through any of the IM providers.  
Without the use of a central IM app, our concern is that employees will waste 
company resources and time by adding and chatting with friends through out the 
day.  Another concern has been security with that is data leakage (which can 
still happen with email.  USB drives and CD burning have been disabled via GP).

We have thought about implementing an internal IM solution for communication.

_
Cameron Cooper
System Administrator | CompTIA A+ Certified
Aurico Reports, Inc
Phone: 847-890-4021 | Fax: 847-255-1896
ccoo...@aurico.com | www.aurico.com


-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Thursday, February 18, 2010 2:44 PM
To: NT System Admin Issues
Subject: IM raises its ugly head again...

Anyone out there care to share their policy and (very) general implementation 
info on IM and personal video conferencing usage?

Does your company, for instance, allow users to install and use any of the 
major consumer IM/video apps and communicate directly to the major public 
IM/video providers such as MSN, AOL, Yahoo! and Google?

If your company does allow it, what does the company consider to be the 
cost/benefit tradeoff WRT security and not using a centralized IM/video server 
with gateways to public IM/video services?

Also, what security concerns were looked at before implementation and what 
measures, if any, were taken to mitigate them?

If direct access to public IM/video services isn't allowed, is an IM/video 
service provided for business purposes, and if so, what are you using - MSFT 
OCS, or Openfire, or something else?

If you can't comment on-list, but don't mind doing so off-list, I'd certainly 
appreciate it.

Kurt

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

--
If this email is spam, report it here:
http://www.onlymyemail.com/view/?action=reportSpam&Id=ODEzNjQ6MTA0NzIzMDYzODpwanBAcHNuZXQuY29t



THIS ELECTRONIC MESSAGE AND ANY ATTACHMENTS ARE CONFIDENTIAL
AND PROPRIETARY PROPERTY OF THE SENDER. THE INFORMATION IS 
INTENDED FOR USE BY THE ADDRESSEE ONLY. ANY OTHER INTERCEPTION,
COPYING, ACCESSING, OR DISCLOSURE OF THIS MESSAGE IS PROHIBITED.
IF YOU HAVE RECEIVED THIS MESSAGE IN ERROR, PLEASE IMMEDIATELY
NOTIFY THE SENDER AND DELETE THIS MAIL AND ALL ATTACHMENTS. DO NOT
FORWARD THIS MESSAGE WITHOUT PERMISSION OF THE SENDER. 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Log Management software

2010-02-18 Thread Michael B. Smith 
I have a couple of commercial clients that look for errors.

I've heard, but have no experience with, that some high security government 
agencies monitor desktops more closely than they monitor servers.

By the way, this capability is built into System Center Operations Manager 
(called Audit Collection Service), if you happen to have licensed that software.

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com


-Original Message-
From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] 
Sent: Thursday, February 18, 2010 5:23 PM
To: NT System Admin Issues
Subject: Re: Log Management software

I noticed they have a desktop version.  Anyone out there monitoring logs from 
their desktops?

>>> "Christopher Bodnar"  2/18/2010 2:14 PM 
>>> >>>
Anyone use this before? 

http://www.diskmonitor.com/Log-Manager/ 

I just set it up on a test system, and it seems to be pretty decent. Does 
exactly what I was looking for. Basically download the security logs from our 
domain controllers and store them in a SQL DB for reporting. 

Thanks,



Chris Bodnar, MCSE
Systems Engineer
Distributed Systems Service Delivery - Intel Services Guardian Life Insurance 
Company of America
Email: christopher_bod...@glic.com
Phone: 610-807-6459
Fax: 610-807-6003


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Log Management software

2010-02-18 Thread Joseph Heaton 
I noticed they have a desktop version.  Anyone out there monitoring logs from 
their desktops?

>>> "Christopher Bodnar"  2/18/2010 2:14 PM >>>
Anyone use this before? 

http://www.diskmonitor.com/Log-Manager/ 

I just set it up on a test system, and it seems to be pretty decent. Does 
exactly what I was looking for. Basically download the security logs from 
our domain controllers and store them in a SQL DB for reporting. 

Thanks,



Chris Bodnar, MCSE
Systems Engineer
Distributed Systems Service Delivery - Intel Services
Guardian Life Insurance Company of America
Email: christopher_bod...@glic.com 
Phone: 610-807-6459
Fax: 610-807-6003


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Remote 2008 server management via script

2010-02-18 Thread Jeff Bunting 
Thanks for that suggestion Michael.  I hadn't poked around in 2008 scheduled
tasks yet and see they've added a lot of new features.  I think the problem
is that the script needs to execute whenever the backup server tells it to,
rather than at a specified time.  I see that a task can be set to run on
command, but wouldn't this also have to be executed locally too?  schtasks
doesn't appear to have any remote options available.

Jeff

On Thu, Feb 18, 2010 at 4:57 PM, Michael B. Smith wrote:

> You can set a script to “run with full permissions” in Scheduled Tasks.
>
>
>
> Regards,
>
>
>
> Michael B. Smith
>
> Consultant and Exchange MVP
>
> http://TheEssentialExchange.com
>
>
>
> *From:* Jeff Bunting [mailto:bunting.j...@gmail.com]
> *Sent:* Thursday, February 18, 2010 4:53 PM
> *To:* NT System Admin Issues
> *Subject:* Remote 2008 server management via script
>
>
>
> Hi all, looking for the preferred method to execute a script against a 2008
> domain member with UAC enabled.
>
> Details: backup folks have a script that executes on backup server that
> sends sc commands to stop some selected services.  This is giving "access
> denied" messages on the new 2008 server.  Is this possible to do without
> turning off UAC?  The only method I've been able to think of is to execute
> the script locally with runas/psexec/cmd (assuming this works under 2008;
> haven't tried yet).
>
> Additional info: the backup service account is a local machine account
> (member of administrators) on the 2008 box; the backup server is a Windows
> 2003 member in a different domain.  The 2008 server is a member of a
> different 2003 mixed mode domain.
>
> Thanks,
> Jeff
>
>
>
>
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Problems with Google Buzz

2010-02-18 Thread Joseph Heaton 
http://www.darkreading.com/security/privacy/showArticle.jhtml?articleID=222900689


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Log Management software

2010-02-18 Thread Christopher Bodnar 
Anyone use this before? 

http://www.diskmonitor.com/Log-Manager/

I just set it up on a test system, and it seems to be pretty decent. Does 
exactly what I was looking for. Basically download the security logs from 
our domain controllers and store them in a SQL DB for reporting. 

Thanks,



Chris Bodnar, MCSE
Systems Engineer
Distributed Systems Service Delivery - Intel Services
Guardian Life Insurance Company of America
Email: christopher_bod...@glic.com
Phone: 610-807-6459
Fax: 610-807-6003


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: SQL Cluster

2010-02-18 Thread Mayo, Bill 
What are you trying to accomplish? I imagine that you could technically setup a 
NLB cluster for SQL, but it would logically mean that the data is read only and 
is synchronized in some other fashion.  If you are looking for a multi-server 
SQL solution where the data is shared, then you are doing a MSCS cluster.  In 
that type of situation, any given database can only be accessed by one SQL 
Server at a time.  Windows does not permit having 2 servers access the same 
disk resource simultaneously.
 
A NLB cluster means that you are spreading requests to multiple servers, all of 
which are active.  This is commonly used for clustering web servers.
 
A MSCS cluster means that you are utilizing shared storage and have 2 or more 
servers with resource groups spread between them.  Only one server can access 
any particular resource group at a time.  This is commonly used for SQL Server, 
and is the Exchange 2003 and earlier method for clustering as well.

Bill Mayo



From: Cameron Cooper [mailto:ccoo...@aurico.com] 
Sent: Thursday, February 18, 2010 4:56 PM
To: NT System Admin Issues
Subject: RE: SQL Cluster
Sensitivity: Confidential



Is there documentation out there that shows how this is setup?

 

_

Cameron Cooper

System Administrator | CompTIA A+ Certified

Aurico Reports, Inc

Phone: 847-890-4021 | Fax: 847-255-1896

ccoo...@aurico.com | www.aurico.com

 

From: Sean Rector [mailto:sean.rec...@vaopera.org] 
Sent: Thursday, February 18, 2010 3:51 PM
To: NT System Admin Issues
Subject: RE: SQL Cluster
Sensitivity: Confidential

 

Yep...the Data & Log drives are on my iSCSI SAN.

 

Sean Rector, MCSE

 

From: Cameron Cooper [mailto:ccoo...@aurico.com] 
Sent: Thursday, February 18, 2010 4:38 PM
To: NT System Admin Issues
Subject: SQL Cluster
Sensitivity: Confidential

 

Can you setup two SQL servers to Load-Balanced Cluster?  Or is this not 
suggested for SQL?

 

_

Cameron Cooper

System Administrator | CompTIA A+ Certified

Aurico Reports, Inc

Phone: 847-890-4021 | Fax: 847-255-1896

ccoo...@aurico.com | www.aurico.com

 

 

 

Information Technology Manager
Virginia Opera Association 

E-Mail: sean.rec...@vaopera.org  
Phone:(757) 213-4548 (direct line)
{+}

Virginia Opera's 35th Anniversary Season    The One You 
Love

Celebrate with a 2009-2010 subscription: 
La Bohème |   The 
Daughter of the Regiment  
   |   Don Giovanni | 
  Porgy and BessSM  

Visit us online at www.VaOpera.org   or call 
1-866-OPERA-VA

The vision of Virginia Opera is to enrich lives through the powerful 
integration of music, voice and human drama.



This e-mail and any attached files are confidential and intended solely for the 
intended recipient(s). Unless otherwise specified, persons unnamed as 
recipients may not read, distribute, copy or alter this e-mail. Any views or 
opinions expressed in this e-mail belong to the author and may not necessarily 
represent those of Virginia Opera. Although precautions have been taken to 
ensure no viruses are present, Virginia Opera cannot accept responsibility for 
any loss or damage that may arise from the use of this e-mail or attachments.

{*}

 

 

 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Remote 2008 server management via script

2010-02-18 Thread Michael B. Smith 
You can set a script to "run with full permissions" in Scheduled Tasks.

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Jeff Bunting [mailto:bunting.j...@gmail.com]
Sent: Thursday, February 18, 2010 4:53 PM
To: NT System Admin Issues
Subject: Remote 2008 server management via script

Hi all, looking for the preferred method to execute a script against a 2008 
domain member with UAC enabled.

Details: backup folks have a script that executes on backup server that sends 
sc commands to stop some selected services.  This is giving "access denied" 
messages on the new 2008 server.  Is this possible to do without turning off 
UAC?  The only method I've been able to think of is to execute the script 
locally with runas/psexec/cmd (assuming this works under 2008; haven't tried 
yet).

Additional info: the backup service account is a local machine account (member 
of administrators) on the 2008 box; the backup server is a Windows 2003 member 
in a different domain.  The 2008 server is a member of a different 2003 mixed 
mode domain.

Thanks,
Jeff





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: SQL Cluster

2010-02-18 Thread Cameron Cooper 
Is there documentation out there that shows how this is setup?

 

_

Cameron Cooper

System Administrator | CompTIA A+ Certified

Aurico Reports, Inc

Phone: 847-890-4021 | Fax: 847-255-1896

ccoo...@aurico.com | www.aurico.com

 

From: Sean Rector [mailto:sean.rec...@vaopera.org] 
Sent: Thursday, February 18, 2010 3:51 PM
To: NT System Admin Issues
Subject: RE: SQL Cluster
Sensitivity: Confidential

 

Yep...the Data & Log drives are on my iSCSI SAN.

 

Sean Rector, MCSE

 

From: Cameron Cooper [mailto:ccoo...@aurico.com] 
Sent: Thursday, February 18, 2010 4:38 PM
To: NT System Admin Issues
Subject: SQL Cluster
Sensitivity: Confidential

 

Can you setup two SQL servers to Load-Balanced Cluster?  Or is this not 
suggested for SQL?

 

_

Cameron Cooper

System Administrator | CompTIA A+ Certified

Aurico Reports, Inc

Phone: 847-890-4021 | Fax: 847-255-1896

ccoo...@aurico.com | www.aurico.com

 

 

 

Information Technology Manager
Virginia Opera Association 

E-Mail: sean.rec...@vaopera.org  
Phone:(757) 213-4548 (direct line)
{+}

Virginia Opera's 35th Anniversary Season    The One You 
Love

Celebrate with a 2009-2010 subscription: 
La Bohème |   The 
Daughter of the Regiment  
   |   Don Giovanni | 
  Porgy and BessSM  

Visit us online at www.VaOpera.org   or call 
1-866-OPERA-VA

The vision of Virginia Opera is to enrich lives through the powerful 
integration of music, voice and human drama.



This e-mail and any attached files are confidential and intended solely for the 
intended recipient(s). Unless otherwise specified, persons unnamed as 
recipients may not read, distribute, copy or alter this e-mail. Any views or 
opinions expressed in this e-mail belong to the author and may not necessarily 
represent those of Virginia Opera. Although precautions have been taken to 
ensure no viruses are present, Virginia Opera cannot accept responsibility for 
any loss or damage that may arise from the use of this e-mail or attachments.

{*}

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Remote 2008 server management via script

2010-02-18 Thread Jeff Bunting 
Hi all, looking for the preferred method to execute a script against a 2008
domain member with UAC enabled.

Details: backup folks have a script that executes on backup server that
sends sc commands to stop some selected services.  This is giving "access
denied" messages on the new 2008 server.  Is this possible to do without
turning off UAC?  The only method I've been able to think of is to execute
the script locally with runas/psexec/cmd (assuming this works under 2008;
haven't tried yet).

Additional info: the backup service account is a local machine account
(member of administrators) on the 2008 box; the backup server is a Windows
2003 member in a different domain.  The 2008 server is a member of a
different 2003 mixed mode domain.

Thanks,
Jeff

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: SQL Cluster

2010-02-18 Thread Sean Rector 
Yep...the Data & Log drives are on my iSCSI SAN.

 

Sean Rector, MCSE

 

From: Cameron Cooper [mailto:ccoo...@aurico.com] 
Sent: Thursday, February 18, 2010 4:38 PM
To: NT System Admin Issues
Subject: SQL Cluster
Sensitivity: Confidential

 

Can you setup two SQL servers to Load-Balanced Cluster?  Or is this not
suggested for SQL?

 

_

Cameron Cooper

System Administrator | CompTIA A+ Certified

Aurico Reports, Inc

Phone: 847-890-4021 | Fax: 847-255-1896

ccoo...@aurico.com | www.aurico.com

 

 

 

Virginia Opera's 35th Anniversary Season The One You Love

Celebrate with a 2009-2010 subscription: 
La Boh?me?|?The Daughter of the Regiment?|?Don Giovanni?|?Porgy and BessSM

Visit us online at www.VaOpera.org or call 1-866-OPERA-VA

The vision of Virginia Opera is to enrich lives through the powerful 
integration of music, voice and human drama.

This e-mail and any attached files are confidential and intended solely for the 
intended recipient(s). Unless otherwise specified, persons unnamed as 
recipients may not read, distribute, copy or alter this e-mail. Any views or 
opinions expressed in this e-mail belong to the author and may not necessarily 
represent those of Virginia Opera. Although precautions have been taken to 
ensure no viruses are present, Virginia Opera cannot accept responsibility for 
any loss or damage that may arise from the use of this e-mail or attachments.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: IM raises its ugly head again...

2010-02-18 Thread Steven Peck 
We've had an internal LCS solution for years.  We have a restricted
pilot to Public IM for a subset of users.  We are transitioning to
OCS2007r2 currently.  Out of all users with IM accounts we have 3/4
logged on during business hours.  I consider this a rather high buy in
rate for an instant messaging product.  We do not have a company
mandate that requires people to be logged in.

The transition is to add archiving capabilities.  However the actual
policy is being debated now.

What I suspect will happen is what we do with laptops.  If you have a
business need to use IM communications you will sign a document saying
you have read and understood the business rules and agree to abide by
them (which really can be summed up to: don't be stupid, this isn't
your property and can be audited).  PIM users will probably have their
communications automatically archived, the rest will not.  This is a
guess.  As most executives will be the primary recipients for this, I
suspect the archives will be accessed only when there is a question or
issue (we have email archival as well).

We fall under HIPAA rules.  We do not fall under SOX but are
considering working under them just because the laws will probably
eventually cover us.  (Not for profit insurance)

We are not using the live meeting subset of features due to licensing
but will probably trial it and possibly implement it later.  We have
trialed VOIP through LCS2005 which was well received but Communicator
2005 had client UI issues (which MS said it would) that did not make
it suitable for corporate use.  I suspect that we will be trialing
VOIP again with OCS2007r2.  I would love to do conference lines with
it and offload the dozens of external conference lines we currently
pay for primarily internal only use.

Steven Peck

On Thu, Feb 18, 2010 at 12:43 PM, Kurt Buff  wrote:
> Anyone out there care to share their policy and (very) general
> implementation info on IM and personal video conferencing usage?
>
> Does your company, for instance, allow users to install and use any of
> the major consumer IM/video apps and communicate directly to the major
> public IM/video providers such as MSN, AOL, Yahoo! and Google?
>
> If your company does allow it, what does the company consider to be
> the cost/benefit tradeoff WRT security and not using a centralized
> IM/video server with gateways to public IM/video services?
>
> Also, what security concerns were looked at before implementation and
> what measures, if any, were taken to mitigate them?
>
> If direct access to public IM/video services isn't allowed, is an
> IM/video service provided for business purposes, and if so, what are
> you using - MSFT OCS, or Openfire, or something else?
>
> If you can't comment on-list, but don't mind doing so off-list, I'd
> certainly appreciate it.
>
> Kurt
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: IM raises its ugly head again...

2010-02-18 Thread Andy Ognenoff 
We implemented Openfire in March for internal communication and the business
LOVES it. It's got a plugin for message archival. We use Pidgin as the
client (with all the protocols besides xmpp removed - just remove the dlls).
We tried Spark as the client for a while but the resource usage was crazy
(90+ MB at times, whereas Pidgin hovers around 16 MB).

 - Andy O.

>-Original Message-
>From: Kurt Buff [mailto:kurt.b...@gmail.com]
>Sent: Thursday, February 18, 2010 2:44 PM
>To: NT System Admin Issues
>Subject: IM raises its ugly head again...
>
>Anyone out there care to share their policy and (very) general
>implementation info on IM and personal video conferencing usage?
>
>Does your company, for instance, allow users to install and use any of
>the major consumer IM/video apps and communicate directly to the major
>public IM/video providers such as MSN, AOL, Yahoo! and Google?
>
>If your company does allow it, what does the company consider to be
>the cost/benefit tradeoff WRT security and not using a centralized
>IM/video server with gateways to public IM/video services?
>
>Also, what security concerns were looked at before implementation and
>what measures, if any, were taken to mitigate them?
>
>If direct access to public IM/video services isn't allowed, is an
>IM/video service provided for business purposes, and if so, what are
>you using - MSFT OCS, or Openfire, or something else?
>
>If you can't comment on-list, but don't mind doing so off-list, I'd
>certainly appreciate it.
>
>Kurt
>
>~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

SQL Cluster

2010-02-18 Thread Cameron Cooper 
Can you setup two SQL servers to Load-Balanced Cluster?  Or is this not
suggested for SQL?

 

_

Cameron Cooper

System Administrator | CompTIA A+ Certified

Aurico Reports, Inc

Phone: 847-890-4021 | Fax: 847-255-1896

ccoo...@aurico.com   | www.aurico.com

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: What is the latest version of RDP client for Win7?

2010-02-18 Thread Free, Bob 
The Argument against Disabling IPv6

It is unfortunate that some organizations disable IPv6 on their
computers running Windows Vista or Windows Server 2008, where it is
installed and enabled by default. Many disable IPv6-based on the
assumption that they are not running any applications or services that
use it. Others might disable it because of a misperception that having
both IPv4 and IPv6 enabled effectively doubles their DNS and Web
traffic. This is not true.

 

>From Microsoft's perspective, IPv6 is a mandatory part of the Windows
operating system and it is enabled and included in standard Windows
service and application testing during the operating system development
process. Because Windows was designed specifically with IPv6 present,
Microsoft does not perform any testing to determine the effects of
disabling IPv6. If IPv6 is disabled on Windows Vista, Windows Server
2008, or later versions, some components will not function. Moreover,
applications that you might not think are using IPv6-such as Remote
Assistance, HomeGroup, DirectAccess, and Windows Mail-could be.

 

Therefore, Microsoft recommends that you leave IPv6 enabled, even if you
do not have an IPv6-enabled network, either native or tunneled. By
leaving IPv6 enabled, you do not disable IPv6-only applications and
services (for example, HomeGroup in Windows 7 and DirectAccess in
Windows 7 and Windows Server 2008 R2 are IPv6-only) and your hosts can
take advantage of IPv6-enhanced connectivity.

 

http://207.46.16.252/en-us/magazine/2009.07.cableguy.aspx

 

 

 

From: Steven M. Caesare [mailto:scaes...@caesare.com] 
Sent: Thursday, February 18, 2010 1:05 PM
To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

I've had IPv6 disabled on several Win2K8 servers as well without problem
as far as I can tell also.

 

-sc

 

From: Carl Houseman [mailto:c.house...@gmail.com] 
Sent: Thursday, February 18, 2010 3:04 PM
To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

I've had IPV6 disabled on Vista since forever and have never had any
issues talking to my WSUS server.

 

More than likely "they" had something else going on and accidentally
fixed it at the same time they re-enabled IPV6.

 

Carl

 

From: Jon Harris [mailto:jk.har...@gmail.com] 
Sent: Thursday, February 18, 2010 3:00 PM
To: NT System Admin Issues
Subject: Re: What is the latest version of RDP client for Win7?

 

I would add Vista and 7 as well but I have not done a lot of testing on
that issue.  I know some of the products like WSUS were having an issue
with Vista clients not having IP6 turned on.  I don't remember what the
issue was but they had problems connecting reliably to the server.

 

Jon

On Thu, Feb 18, 2010 at 2:36 PM, Free, Bob  wrote:

Yes bad on any 2008 server

 

From: Sam Cayze [mailto:sam.ca...@rollouts.com] 
Sent: Thursday, February 18, 2010 6:15 AM 


To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

Can you answer this:  Is it bad to do it on any 2008 machine, or just a
2008 machine that will host Exchange?

 

From: Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: Thursday, February 18, 2010 7:22 AM 


To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

There are known problems with doing so. And, unfortunately, before you
ask me what they are - I'm not allowed to say.

 

Regards,

 

Michael B. Smith

Consultant and Exchange MVP

http://TheEssentialExchange.com

 

From: Sam Cayze [mailto:sam.ca...@rollouts.com] 
Sent: Thursday, February 18, 2010 8:18 AM 


To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

Ok!  I'll try to find it again.

 

Curious though, as to why it's such a bad idea...

 

From: Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: Thursday, February 18, 2010 6:15 AM 


To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

Sam -

 

DON'T DO THAT.  Dramatic enough? :-)

 

And like Carl asked, I'm interested to know where you read it. 'Cuz I'll
try to get it fixed.

 

Regards,

 

Michael B. Smith

Consultant and Exchange MVP

http://TheEssentialExchange.com  

 

From: Carl Houseman [mailto:c.house...@gmail.com] 
Sent: Wednesday, February 17, 2010 10:37 PM 


To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

Where'd you read that?

 

From: Sam Cayze [mailto:sam.ca...@rollouts.com] 
Sent: Wednesday, February 17, 2010 10:33 PM 


To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

IP6 is disabled on the NIC(s).   Something I read to do when introducing
Ex2010 into an IPv4 environment.

 

From: Free, Bob [mailto:r...@pge.com] 
Sent: Wednesday, February 17, 2010 4:20 PM
To: NT System Admin Issues
Subject: RE: What is the latest version of RDP clien

RE: IM raises its ugly head again...

2010-02-18 Thread Cameron Cooper 
We don't allow IM on our network at all, through any of the IM providers.  
Without the use of a central IM app, our concern is that employees will waste 
company resources and time by adding and chatting with friends through out the 
day.  Another concern has been security with that is data leakage (which can 
still happen with email.  USB drives and CD burning have been disabled via GP).

We have thought about implementing an internal IM solution for communication.

_
Cameron Cooper
System Administrator | CompTIA A+ Certified
Aurico Reports, Inc
Phone: 847-890-4021 | Fax: 847-255-1896
ccoo...@aurico.com | www.aurico.com


-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Thursday, February 18, 2010 2:44 PM
To: NT System Admin Issues
Subject: IM raises its ugly head again...

Anyone out there care to share their policy and (very) general implementation 
info on IM and personal video conferencing usage?

Does your company, for instance, allow users to install and use any of the 
major consumer IM/video apps and communicate directly to the major public 
IM/video providers such as MSN, AOL, Yahoo! and Google?

If your company does allow it, what does the company consider to be the 
cost/benefit tradeoff WRT security and not using a centralized IM/video server 
with gateways to public IM/video services?

Also, what security concerns were looked at before implementation and what 
measures, if any, were taken to mitigate them?

If direct access to public IM/video services isn't allowed, is an IM/video 
service provided for business purposes, and if so, what are you using - MSFT 
OCS, or Openfire, or something else?

If you can't comment on-list, but don't mind doing so off-list, I'd certainly 
appreciate it.

Kurt

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: What is the latest version of RDP client for Win7?

2010-02-18 Thread Steven M. Caesare 
I've had IPv6 disabled on several Win2K8 servers as well without problem
as far as I can tell also.

 

-sc

 

From: Carl Houseman [mailto:c.house...@gmail.com] 
Sent: Thursday, February 18, 2010 3:04 PM
To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

I've had IPV6 disabled on Vista since forever and have never had any
issues talking to my WSUS server.

 

More than likely "they" had something else going on and accidentally
fixed it at the same time they re-enabled IPV6.

 

Carl

 

From: Jon Harris [mailto:jk.har...@gmail.com] 
Sent: Thursday, February 18, 2010 3:00 PM
To: NT System Admin Issues
Subject: Re: What is the latest version of RDP client for Win7?

 

I would add Vista and 7 as well but I have not done a lot of testing on
that issue.  I know some of the products like WSUS were having an issue
with Vista clients not having IP6 turned on.  I don't remember what the
issue was but they had problems connecting reliably to the server.

 

Jon

On Thu, Feb 18, 2010 at 2:36 PM, Free, Bob  wrote:

Yes bad on any 2008 server

 

From: Sam Cayze [mailto:sam.ca...@rollouts.com] 
Sent: Thursday, February 18, 2010 6:15 AM 


To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

Can you answer this:  Is it bad to do it on any 2008 machine, or just a
2008 machine that will host Exchange?

 

From: Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: Thursday, February 18, 2010 7:22 AM 


To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

There are known problems with doing so. And, unfortunately, before you
ask me what they are - I'm not allowed to say.

 

Regards,

 

Michael B. Smith

Consultant and Exchange MVP

http://TheEssentialExchange.com

 

From: Sam Cayze [mailto:sam.ca...@rollouts.com] 
Sent: Thursday, February 18, 2010 8:18 AM 


To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

Ok!  I'll try to find it again.

 

Curious though, as to why it's such a bad idea...

 

From: Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: Thursday, February 18, 2010 6:15 AM 


To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

Sam -

 

DON'T DO THAT.  Dramatic enough? :-)

 

And like Carl asked, I'm interested to know where you read it. 'Cuz I'll
try to get it fixed.

 

Regards,

 

Michael B. Smith

Consultant and Exchange MVP

http://TheEssentialExchange.com  

 

From: Carl Houseman [mailto:c.house...@gmail.com] 
Sent: Wednesday, February 17, 2010 10:37 PM 


To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

Where'd you read that?

 

From: Sam Cayze [mailto:sam.ca...@rollouts.com] 
Sent: Wednesday, February 17, 2010 10:33 PM 


To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

IP6 is disabled on the NIC(s).   Something I read to do when introducing
Ex2010 into an IPv4 environment.

 

From: Free, Bob [mailto:r...@pge.com] 
Sent: Wednesday, February 17, 2010 4:20 PM
To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

What do you mean by ip4 only?

 

From: Sam Cayze [mailto:sam.ca...@rollouts.com] 
Sent: Tuesday, February 16, 2010 8:45 AM
To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

Having a terrible time getting an RDP session open to my first Srv08
server.  Works 50% of the time.  Have to fire up the VMware Console to
connect.  Once I log in through the console, I can then connect to the
Srv08.

 

Firewall is disabled.  ip4 only.

 

???

 



From: Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: Tuesday, February 16, 2010 10:41 AM
To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

That's the same version I have (Win7 ultimate x64).

 

Regards,

 

Michael B. Smith

Consultant and Exchange MVP

http://TheEssentialExchange.com  

 

From: Sam Cayze [mailto:sam.ca...@rollouts.com] 
Sent: Tuesday, February 16, 2010 11:35 AM
To: NT System Admin Issues
Subject: What is the latest version of RDP client for Win7?

 

I have 6.1.7600; thought 7.x was out...

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: IM raises its ugly head again...

2010-02-18 Thread Kurt Buff 
That too, but that's much more variable, I think, and probably depends
on the regulatory environment in which the org operates.
SARBOX/JSOX/HIPAA/etc., will drive this for many, and if the company
isn't subject to them, it's not likely to implement them.

Kurt

On Thu, Feb 18, 2010 at 12:53, Terry Dickson
 wrote:
> Also what are your policies/regulations on archival of the conversations?
>
> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Thursday, February 18, 2010 2:44 PM
> To: NT System Admin Issues
> Subject: IM raises its ugly head again...
>
> Anyone out there care to share their policy and (very) general implementation 
> info on IM and personal video conferencing usage?
>
> Does your company, for instance, allow users to install and use any of the 
> major consumer IM/video apps and communicate directly to the major public 
> IM/video providers such as MSN, AOL, Yahoo! and Google?
>
> If your company does allow it, what does the company consider to be the 
> cost/benefit tradeoff WRT security and not using a centralized IM/video 
> server with gateways to public IM/video services?
>
> Also, what security concerns were looked at before implementation and what 
> measures, if any, were taken to mitigate them?
>
> If direct access to public IM/video services isn't allowed, is an IM/video 
> service provided for business purposes, and if so, what are you using - MSFT 
> OCS, or Openfire, or something else?
>
> If you can't comment on-list, but don't mind doing so off-list, I'd certainly 
> appreciate it.
>
> Kurt
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: What is the latest version of RDP client for Win7?

2010-02-18 Thread Kurt Buff 
That's a good habit...

On Thu, Feb 18, 2010 at 12:26, Free, Bob  wrote:
> Didn't come up in the conversation...he just saw that I had done it out of 
> habit[1] in the sandbox R2 AD Forest and gave us a pretty stern warning about 
> it.
>
> [1]My habit being adhering to the old "always disable unnecessary protocols 
> and services" paradigm
>
> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Thursday, February 18, 2010 12:19 PM
> To: NT System Admin Issues
> Subject: Re: What is the latest version of RDP client for Win7?
>
> How about disabling IPv4?
>
> On Thu, Feb 18, 2010 at 11:35, Free, Bob  wrote:
>> It is very strongly recommended by high level support people at MS NOT to
>> disable IPv6 because the entire testing and supportability matrix is wrapped
>> around IPv6 being enabled. BadThings™ can happen if it is disabled
>>
>>
>>
>> From: Sam Cayze [mailto:sam.ca...@rollouts.com]
>> Sent: Wednesday, February 17, 2010 7:33 PM
>> To: NT System Admin Issues
>> Subject: RE: What is the latest version of RDP client for Win7?
>>
>>
>>
>> IP6 is disabled on the NIC(s).   Something I read to do when introducing
>> Ex2010 into an IPv4 environment.
>>
>>
>>
>> From: Free, Bob [mailto:r...@pge.com]
>> Sent: Wednesday, February 17, 2010 4:20 PM
>> To: NT System Admin Issues
>> Subject: RE: What is the latest version of RDP client for Win7?
>>
>>
>>
>> What do you mean by ip4 only?
>>
>>
>>
>> From: Sam Cayze [mailto:sam.ca...@rollouts.com]
>> Sent: Tuesday, February 16, 2010 8:45 AM
>> To: NT System Admin Issues
>> Subject: RE: What is the latest version of RDP client for Win7?
>>
>>
>>
>> Having a terrible time getting an RDP session open to my first Srv08
>> server.  Works 50% of the time.  Have to fire up the VMware Console to
>> connect.  Once I log in through the console, I can then connect to the
>> Srv08.
>>
>>
>>
>> Firewall is disabled.  ip4 only.
>>
>>
>>
>> ???
>>
>>
>>
>> 
>>
>> From: Michael B. Smith [mailto:mich...@smithcons.com]
>> Sent: Tuesday, February 16, 2010 10:41 AM
>> To: NT System Admin Issues
>> Subject: RE: What is the latest version of RDP client for Win7?
>>
>> That’s the same version I have (Win7 ultimate x64).
>>
>>
>>
>> Regards,
>>
>>
>>
>> Michael B. Smith
>>
>> Consultant and Exchange MVP
>>
>> http://TheEssentialExchange.com
>>
>>
>>
>> From: Sam Cayze [mailto:sam.ca...@rollouts.com]
>> Sent: Tuesday, February 16, 2010 11:35 AM
>> To: NT System Admin Issues
>> Subject: What is the latest version of RDP client for Win7?
>>
>>
>>
>> I have 6.1.7600; thought 7.x was out...
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: IM raises its ugly head again...

2010-02-18 Thread Terry Dickson 
Also what are your policies/regulations on archival of the conversations?

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Thursday, February 18, 2010 2:44 PM
To: NT System Admin Issues
Subject: IM raises its ugly head again...

Anyone out there care to share their policy and (very) general implementation 
info on IM and personal video conferencing usage?

Does your company, for instance, allow users to install and use any of the 
major consumer IM/video apps and communicate directly to the major public 
IM/video providers such as MSN, AOL, Yahoo! and Google?

If your company does allow it, what does the company consider to be the 
cost/benefit tradeoff WRT security and not using a centralized IM/video server 
with gateways to public IM/video services?

Also, what security concerns were looked at before implementation and what 
measures, if any, were taken to mitigate them?

If direct access to public IM/video services isn't allowed, is an IM/video 
service provided for business purposes, and if so, what are you using - MSFT 
OCS, or Openfire, or something else?

If you can't comment on-list, but don't mind doing so off-list, I'd certainly 
appreciate it.

Kurt

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: IM raises its ugly head again...

2010-02-18 Thread Kevin Lundy 
No consumer IM.  IMO that is just a date leak accident waiting to happen.
Especially if you allow any and all.

We provide internal OCS, but no gateway to public.  We do have a public
LiveMeeting server tied to OCS.

My wifes company, a large computer OEM, allows Yahoo.  She works from home,
which means I support her laptop most of the time and anytime she has a
problem, it is often related to Yahoo IM.  Her computer seems to run slower
with it.

On Thu, Feb 18, 2010 at 3:43 PM, Kurt Buff  wrote:

>  Anyone out there care to share their policy and (very) general
> implementation info on IM and personal video conferencing usage?
>
> Does your company, for instance, allow users to install and use any of
> the major consumer IM/video apps and communicate directly to the major
> public IM/video providers such as MSN, AOL, Yahoo! and Google?
>
> If your company does allow it, what does the company consider to be
> the cost/benefit tradeoff WRT security and not using a centralized
> IM/video server with gateways to public IM/video services?
>
> Also, what security concerns were looked at before implementation and
> what measures, if any, were taken to mitigate them?
>
> If direct access to public IM/video services isn't allowed, is an
> IM/video service provided for business purposes, and if so, what are
> you using - MSFT OCS, or Openfire, or something else?
>
> If you can't comment on-list, but don't mind doing so off-list, I'd
> certainly appreciate it.
>
> Kurt
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: IM raises its ugly head again...

2010-02-18 Thread Sean Rector 
We don't allow IM and block it at the ISA server.

Sean Rector, MCSE

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Thursday, February 18, 2010 3:44 PM
To: NT System Admin Issues
Subject: IM raises its ugly head again...

Anyone out there care to share their policy and (very) general implementation 
info on IM and personal video conferencing usage?

Does your company, for instance, allow users to install and use any of the 
major consumer IM/video apps and communicate directly to the major public 
IM/video providers such as MSN, AOL, Yahoo! and Google?

If your company does allow it, what does the company consider to be the 
cost/benefit tradeoff WRT security and not using a centralized IM/video server 
with gateways to public IM/video services?

Also, what security concerns were looked at before implementation and what 
measures, if any, were taken to mitigate them?

If direct access to public IM/video services isn't allowed, is an IM/video 
service provided for business purposes, and if so, what are you using - MSFT 
OCS, or Openfire, or something else?

If you can't comment on-list, but don't mind doing so off-list, I'd certainly 
appreciate it.

Kurt

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

Virginia Opera's 35th Anniversary Season The One You Love

Celebrate with a 2009-2010 subscription: 
La Bohème | The Daughter of the Regiment | Don Giovanni | Porgy and BessSM

Visit us online at www.VaOpera.org or call 1-866-OPERA-VA

The vision of Virginia Opera is to enrich lives through the powerful 
integration of music, voice and human drama.

This e-mail and any attached files are confidential and intended solely for the 
intended recipient(s). Unless otherwise specified, persons unnamed as 
recipients may not read, distribute, copy or alter this e-mail. Any views or 
opinions expressed in this e-mail belong to the author and may not necessarily 
represent those of Virginia Opera. Although precautions have been taken to 
ensure no viruses are present, Virginia Opera cannot accept responsibility for 
any loss or damage that may arise from the use of this e-mail or attachments.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: BB wont' sync with O2003 calendar

2010-02-18 Thread Terry Dickson 
OK it has been a few years since I dealt with this but I am assuming you are 
not using a BB server but the Desktop Manager which uses something like 
Activesync.When I did this I would delete the data store on the 
Desktop(computer)  and then let it resync and pull everything down and sync 
again.However it appears you already have your appointments deleted so I am 
not sure how well that would work.  I actually had a batch file to do this but 
that computer is no longer with our office.  Maybe I have an old version I 
could look up tonight when I get home.

From: paul d [mailto:pdw1...@hotmail.com]
Sent: Thursday, February 18, 2010 2:07 PM
To: NT System Admin Issues
Subject: BB wont' sync with O2003 calendar

Somehow the user plugged in his BB and erased most of the appointments in his 
Outlook 2003 calendar. From what he said, it (and don't chuckle, I'm not a BB 
expert) when synchronizing, basically deleted all the appointments from the 
Outlook calendar but kept them on his BB.
Now, when he tries to sync it up again, it gets up to 233 out of 243 
appointments and then fails.
Error logs reports, in part:  DesktopMgr caused an Access Violation (0xc005)
in module MsOutlookApi.dll.
>From the research I've done, it appears it could be a bad recurring 
>appointment.  That makes sense as it does fail after doing 233 records.
My question: is there a way to determine which recurring appointment caused the 
problem?

Thanks,  And on a totally OT subject, I get the Healtchare IT Strategist email 
and I laughed out loud when I read this article's headline:


"Grants Link pregnant W. Virginia women, specialists."


Hotmail: Trusted email with Microsoft's powerful SPAM protection. Sign up 
now.




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

IM raises its ugly head again...

2010-02-18 Thread Kurt Buff 
Anyone out there care to share their policy and (very) general
implementation info on IM and personal video conferencing usage?

Does your company, for instance, allow users to install and use any of
the major consumer IM/video apps and communicate directly to the major
public IM/video providers such as MSN, AOL, Yahoo! and Google?

If your company does allow it, what does the company consider to be
the cost/benefit tradeoff WRT security and not using a centralized
IM/video server with gateways to public IM/video services?

Also, what security concerns were looked at before implementation and
what measures, if any, were taken to mitigate them?

If direct access to public IM/video services isn't allowed, is an
IM/video service provided for business purposes, and if so, what are
you using - MSFT OCS, or Openfire, or something else?

If you can't comment on-list, but don't mind doing so off-list, I'd
certainly appreciate it.

Kurt

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: What is the latest version of RDP client for Win7?

2010-02-18 Thread Free, Bob 
Didn't come up in the conversation...he just saw that I had done it out of 
habit[1] in the sandbox R2 AD Forest and gave us a pretty stern warning about 
it.

[1]My habit being adhering to the old "always disable unnecessary protocols and 
services" paradigm 

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Thursday, February 18, 2010 12:19 PM
To: NT System Admin Issues
Subject: Re: What is the latest version of RDP client for Win7?

How about disabling IPv4?

On Thu, Feb 18, 2010 at 11:35, Free, Bob  wrote:
> It is very strongly recommended by high level support people at MS NOT to
> disable IPv6 because the entire testing and supportability matrix is wrapped
> around IPv6 being enabled. BadThings™ can happen if it is disabled
>
>
>
> From: Sam Cayze [mailto:sam.ca...@rollouts.com]
> Sent: Wednesday, February 17, 2010 7:33 PM
> To: NT System Admin Issues
> Subject: RE: What is the latest version of RDP client for Win7?
>
>
>
> IP6 is disabled on the NIC(s).   Something I read to do when introducing
> Ex2010 into an IPv4 environment.
>
>
>
> From: Free, Bob [mailto:r...@pge.com]
> Sent: Wednesday, February 17, 2010 4:20 PM
> To: NT System Admin Issues
> Subject: RE: What is the latest version of RDP client for Win7?
>
>
>
> What do you mean by ip4 only?
>
>
>
> From: Sam Cayze [mailto:sam.ca...@rollouts.com]
> Sent: Tuesday, February 16, 2010 8:45 AM
> To: NT System Admin Issues
> Subject: RE: What is the latest version of RDP client for Win7?
>
>
>
> Having a terrible time getting an RDP session open to my first Srv08
> server.  Works 50% of the time.  Have to fire up the VMware Console to
> connect.  Once I log in through the console, I can then connect to the
> Srv08.
>
>
>
> Firewall is disabled.  ip4 only.
>
>
>
> ???
>
>
>
> 
>
> From: Michael B. Smith [mailto:mich...@smithcons.com]
> Sent: Tuesday, February 16, 2010 10:41 AM
> To: NT System Admin Issues
> Subject: RE: What is the latest version of RDP client for Win7?
>
> That’s the same version I have (Win7 ultimate x64).
>
>
>
> Regards,
>
>
>
> Michael B. Smith
>
> Consultant and Exchange MVP
>
> http://TheEssentialExchange.com
>
>
>
> From: Sam Cayze [mailto:sam.ca...@rollouts.com]
> Sent: Tuesday, February 16, 2010 11:35 AM
> To: NT System Admin Issues
> Subject: What is the latest version of RDP client for Win7?
>
>
>
> I have 6.1.7600; thought 7.x was out...
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Gpupdate /force not forcing update

2010-02-18 Thread Free, Bob 
> Group memberships can't.

There is actually a way to update a computer's group memberships without a 
reboot. We discussed it on activdir last year. In Server 2008, Microsoft added 
some switches to the klist.exe utility that you could use to force a refresh of 
the server's tokens, and thus pick up group membership changes without a 
reboot. The command format for doing that is: 

klist -li 0×3e7 purge


One of the GPO MVPs, Darren Mar Elia has blogged about it and also played with 
it on 2003, there it involves klist running as LocalSystem. I have not heard it 
discussed for Win7 but Vista was alleged to have the plumbing but is missing a 
resource somewhere to run klist.


-Original Message-
From: Charlie Kaiser [mailto:charl...@golden-eagle.org] 
Sent: Thursday, February 18, 2010 6:57 AM
To: NT System Admin Issues
Subject: RE: Gpupdate /force not forcing update

Groups apply to the AD account. Like a user account, logging off and back on
is required to modify the security token. How do you log off a computer
account? Reboot...

Changing many policy settings can be done without a reboot. Group
memberships can't.

***
Charlie Kaiser
charl...@golden-eagle.org
Kingman, AZ
***  

> -Original Message-
> From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
> Sent: Thursday, February 18, 2010 7:47 AM
> To: NT System Admin Issues
> Subject: Gpupdate /force not forcing update
> 
> I just had a bit of weirdness with a machine not updating its 
> group policy the way I expected.
> 
>  
> 
> Yesterday I removed a machine (Vista) from a group using 
> ADUC. Today when I ran gpresult on the machine, it still 
> showed that it was a member of the group. The time stamp of 
> the last policy update was recent, and I checked the DC the 
> machine had gotten the update from and confirmed that that DC 
> knew the machine was no longer a member of the group. Yet the 
> machine still thought it was.
> 
>  
> 
> So I ran gpupdate /force, then another gpresult after that. 
> Same thing-the machine still showed as being a member of the 
> group I had removed it from nearly 24 hours earlier.
> 
>  
> 
> Lastly, I rebooted the machine. Logged back in, ran gpresult, 
> and all was fine. The machine was no longer a member of the group.
> 
>  
> 
> My question is, why didn't gpupdate /force accomplish this? 
> If a reboot was necessary for the change to apply, normally 
> gpupdate will tell me that. It didn't, though.
> 
>  
> 
> Is this a bug, or by design?
> 
>  
> 
>  
> 
>  
> 
> John Hornbuckle
> 
> MIS Department
> 
> Taylor County School District
> 
> www.taylor.k12.fl.us
> 
>  
> 
>  
> 
>  
> 
>  
> 
> 
> 
> NOTICE: Florida has a broad public records law. Most written 
> communications to or from this entity are public records that 
> will be disclosed to the public and the media upon request. 
> E-mail communications may be subject to public disclosure.
> 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: What is the latest version of RDP client for Win7?

2010-02-18 Thread Kurt Buff 
How about disabling IPv4?

On Thu, Feb 18, 2010 at 11:35, Free, Bob  wrote:
> It is very strongly recommended by high level support people at MS NOT to
> disable IPv6 because the entire testing and supportability matrix is wrapped
> around IPv6 being enabled. BadThings™ can happen if it is disabled
>
>
>
> From: Sam Cayze [mailto:sam.ca...@rollouts.com]
> Sent: Wednesday, February 17, 2010 7:33 PM
> To: NT System Admin Issues
> Subject: RE: What is the latest version of RDP client for Win7?
>
>
>
> IP6 is disabled on the NIC(s).   Something I read to do when introducing
> Ex2010 into an IPv4 environment.
>
>
>
> From: Free, Bob [mailto:r...@pge.com]
> Sent: Wednesday, February 17, 2010 4:20 PM
> To: NT System Admin Issues
> Subject: RE: What is the latest version of RDP client for Win7?
>
>
>
> What do you mean by ip4 only?
>
>
>
> From: Sam Cayze [mailto:sam.ca...@rollouts.com]
> Sent: Tuesday, February 16, 2010 8:45 AM
> To: NT System Admin Issues
> Subject: RE: What is the latest version of RDP client for Win7?
>
>
>
> Having a terrible time getting an RDP session open to my first Srv08
> server.  Works 50% of the time.  Have to fire up the VMware Console to
> connect.  Once I log in through the console, I can then connect to the
> Srv08.
>
>
>
> Firewall is disabled.  ip4 only.
>
>
>
> ???
>
>
>
> 
>
> From: Michael B. Smith [mailto:mich...@smithcons.com]
> Sent: Tuesday, February 16, 2010 10:41 AM
> To: NT System Admin Issues
> Subject: RE: What is the latest version of RDP client for Win7?
>
> That’s the same version I have (Win7 ultimate x64).
>
>
>
> Regards,
>
>
>
> Michael B. Smith
>
> Consultant and Exchange MVP
>
> http://TheEssentialExchange.com
>
>
>
> From: Sam Cayze [mailto:sam.ca...@rollouts.com]
> Sent: Tuesday, February 16, 2010 11:35 AM
> To: NT System Admin Issues
> Subject: What is the latest version of RDP client for Win7?
>
>
>
> I have 6.1.7600; thought 7.x was out...
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Office 2007 upgrades

2010-02-18 Thread John Aldrich 
Yeah... that's what one of the sales reps I talked to mentioned. I don't know 
if management would go for that... sometimes they can be penny-wise and pound 
foolish in my personal opinion. They don't like to pay for "extended 
warranties" and "service contracts." They'd just prefer to replace some things 
if they get broken than pay for a service contract *sigh*




-Original Message-
From: Paul Muhlbach [mailto:mu...@apmcomp.com] 
Sent: Thursday, February 18, 2010 2:57 PM
To: NT System Admin Issues
Subject: RE: Office 2007 upgrades

John:
You may also want to consider the open License program.  If I recall
correctly, you can get into the licensing program and spread your costs
over the three year term.  if you purchase with Software assurance, then
you can renew the software assurance only at the end of year three which
will be significantly less than the cost of the original licensing.
The other benefit to software assurance is licensing for Office 2010
(when it is released) is then available to you with no additional
charges. 
Just a thought as I am investigating upgrades for one of the
organizations I do work with.
 
Hope that helps.
Regards,
Paul
 
 
 
Paul Muhlbach, A+, CNA, MCSE, MCT
APM Computer Services
Camrose, AB  
Phone 403-894-5802
email: pmuhl...@apmcomp.com 
 
 


>>> On 2/18/2010 at 6:49 AM, in message  "John Aldrich"
 wrote:


Ahh Ok. Ill look into what version of Office 2000 each user is
running. Thatll certainly matter, as you point out.
 



 

From:Angus Scott-Fleming [mailto:angu...@geoapps.com] 
Sent: Thursday, February 18, 2010 8:45 AM
To: NT System Admin Issues
Subject: Re: Office 2007 upgrades

 
On 17 Feb 2010 at 16:53, John Aldrich  wrote:
 
> I am looking at upgrading about 15 of my users from Office 2000
> Professional to Office 2007 Standard. Is this possible? My Zones rep
says
> his licensing team says its not and wants to sell me full Office
2007
> installs. 2007 Standard is pretty much what Office 2000 Professional
used to
> be, is it not? 
 
No, 2000 Pro included Access 2000, 2007 Std does not include Access
2007.
 
I would be Very Surprised if M$ lets you 'legally' upgrade from 2000 to
2007, skipping XP and 2003 in the process (and thus failing to fatten
M$'s bottom line) ;-).
 
OTOH the first link at "microsoft office upgrade licensing - Google
Search"
http://www.google.com/search?q=microsoft+office+upgrade+licensing 
suggests that you may be able to do that (!!)
 
2007 Microsoft Office system pricing and upgrade information

http://office.microsoft.com/en-us/suites/FX101754511033.aspx 

 
2007 Office Suites: Office Standard 2007

Qualifying Products for Upgrade: Microsoft Works 6.010; Microsoft
Works suite 20002006 or later; any 20002007 Microsoft Office
program or suite; any Microsoft Office XP suite except Office XP Student
and Teacher.

 

Good luck with this, but point your "Zones Rep" at that official M$
page.
 
HTH
 
Eh?
 
 
 
--
Angus Scott-Fleming
GeoApps, Tucson, Arizona
1-520-895-3270
~!
 
  
  

 
 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: What is the latest version of RDP client for Win7?

2010-02-18 Thread Jon Harris 
Could have been don't remember much but there seemed to be an issue and it
was around the patching that I was seeing it.

Jon

On Thu, Feb 18, 2010 at 3:03 PM, Carl Houseman  wrote:

>  I've had IPV6 disabled on Vista since forever and have never had any
> issues talking to my WSUS server.
>
>
>
> More than likely "they" had something else going on and accidentally fixed
> it at the same time they re-enabled IPV6.
>
>
>
> Carl
>
>
>
> *From:* Jon Harris [mailto:jk.har...@gmail.com]
> *Sent:* Thursday, February 18, 2010 3:00 PM
>
> *To:* NT System Admin Issues
> *Subject:* Re: What is the latest version of RDP client for Win7?
>
>
>
> I would add Vista and 7 as well but I have not done a lot of testing on
> that issue.  I know some of the products like WSUS were having an issue with
> Vista clients not having IP6 turned on.  I don't remember what the issue was
> but they had problems connecting reliably to the server.
>
>
>
> Jon
>
> On Thu, Feb 18, 2010 at 2:36 PM, Free, Bob  wrote:
>
> Yes bad on any 2008 server
>
>
>
> *From:* Sam Cayze [mailto:sam.ca...@rollouts.com]
> *Sent:* Thursday, February 18, 2010 6:15 AM
>
>
> *To:* NT System Admin Issues
> *Subject:* RE: What is the latest version of RDP client for Win7?
>
>
>
> Can you answer this:  Is it bad to do it on any 2008 machine, or just a
> 2008 machine that will host Exchange?
>
>
>
> *From:* Michael B. Smith [mailto:mich...@smithcons.com]
> *Sent:* Thursday, February 18, 2010 7:22 AM
>
>
> *To:* NT System Admin Issues
> *Subject:* RE: What is the latest version of RDP client for Win7?
>
>
>
> There are known problems with doing so. And, unfortunately, before you ask
> me what they are – I’m not allowed to say.
>
>
>
> Regards,
>
>
>
> Michael B. Smith
>
> Consultant and Exchange MVP
>
> http://TheEssentialExchange.com
>
>
>
> *From:* Sam Cayze [mailto:sam.ca...@rollouts.com]
> *Sent:* Thursday, February 18, 2010 8:18 AM
>
>
> *To:* NT System Admin Issues
> *Subject:* RE: What is the latest version of RDP client for Win7?
>
>
>
> Ok!  I’ll try to find it again.
>
>
>
> Curious though, as to why it’s such a bad idea…
>
>
>
> *From:* Michael B. Smith [mailto:mich...@smithcons.com]
> *Sent:* Thursday, February 18, 2010 6:15 AM
>
>
> *To:* NT System Admin Issues
> *Subject:* RE: What is the latest version of RDP client for Win7?
>
>
>
> Sam –
>
>
>
> DON’T DO THAT.  Dramatic enough? :-)
>
>
>
> And like Carl asked, I’m interested to know where you read it. ‘Cuz I’ll
> try to get it fixed.
>
>
>
> Regards,
>
>
>
> Michael B. Smith
>
> Consultant and Exchange MVP
>
> http://TheEssentialExchange.com 
>
>
>
> *From:* Carl Houseman [mailto:c.house...@gmail.com]
> *Sent:* Wednesday, February 17, 2010 10:37 PM
>
>
> *To:* NT System Admin Issues
> *Subject:* RE: What is the latest version of RDP client for Win7?
>
>
>
> Where'd you read that?
>
>
>
> *From:* Sam Cayze [mailto:sam.ca...@rollouts.com]
> *Sent:* Wednesday, February 17, 2010 10:33 PM
>
>
> *To:* NT System Admin Issues
> *Subject:* RE: What is the latest version of RDP client for Win7?
>
>
>
> IP6 is disabled on the NIC(s).   Something I read to do when introducing
> Ex2010 into an IPv4 environment.
>
>
>
> *From:* Free, Bob [mailto:r...@pge.com]
> *Sent:* Wednesday, February 17, 2010 4:20 PM
> *To:* NT System Admin Issues
> *Subject:* RE: What is the latest version of RDP client for Win7?
>
>
>
> What do you mean by ip4 only?
>
>
>
> *From:* Sam Cayze [mailto:sam.ca...@rollouts.com]
> *Sent:* Tuesday, February 16, 2010 8:45 AM
> *To:* NT System Admin Issues
> *Subject:* RE: What is the latest version of RDP client for Win7?
>
>
>
> Having a terrible time getting an RDP session open to my first Srv08
> server.  Works 50% of the time.  Have to fire up the VMware Console to
> connect.  Once I log in through the console, I can then connect to the
> Srv08.
>
>
>
> Firewall is disabled.  ip4 only.
>
>
>
> ???
>
>
>  --
>
> *From:* Michael B. Smith [mailto:mich...@smithcons.com]
> *Sent:* Tuesday, February 16, 2010 10:41 AM
> *To:* NT System Admin Issues
> *Subject:* RE: What is the latest version of RDP client for Win7?
>
> That’s the same version I have (Win7 ultimate x64).
>
>
>
> Regards,
>
>
>
> Michael B. Smith
>
> Consultant and Exchange MVP
>
> http://TheEssentialExchange.com 
>
>
>
> *From:* Sam Cayze [mailto:sam.ca...@rollouts.com]
> *Sent:* Tuesday, February 16, 2010 11:35 AM
> *To:* NT System Admin Issues
> *Subject:* What is the latest version of RDP client for Win7?
>
>
>
> I have 6.1.7600; thought 7.x was out...
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

BB wont' sync with O2003 calendar

2010-02-18 Thread paul d 

Somehow the user plugged in his BB and erased most of the appointments in his 
Outlook 2003 calendar. From what he said, it (and don't chuckle, I'm not a BB 
expert) when synchronizing, basically deleted all the appointments from the 
Outlook calendar but kept them on his BB.
Now, when he tries to sync it up again, it gets up to 233 out of 243 
appointments and then fails.
Error logs reports, in part:  DesktopMgr caused an Access Violation 
(0xc005) 
in module MsOutlookApi.dll.
>From the research I've done, it appears it could be a bad recurring 
>appointment.  That makes sense as it does fail after doing 233 records.
My question: is there a way to determine which recurring appointment caused the 
problem?

Thanks,  And on a totally OT subject, I get the Healtchare IT Strategist email 
and I laughed out loud when I read this article's headline:



“Grants Link pregnant W. Virginia women, specialists.”


  
_
Hotmail: Trusted email with Microsoft’s powerful SPAM protection.
http://clk.atdmt.com/GBL/go/201469226/direct/01/
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: What is the latest version of RDP client for Win7?

2010-02-18 Thread Carl Houseman 
I've had IPV6 disabled on Vista since forever and have never had any issues
talking to my WSUS server.

 

More than likely "they" had something else going on and accidentally fixed
it at the same time they re-enabled IPV6.

 

Carl

 

From: Jon Harris [mailto:jk.har...@gmail.com] 
Sent: Thursday, February 18, 2010 3:00 PM
To: NT System Admin Issues
Subject: Re: What is the latest version of RDP client for Win7?

 

I would add Vista and 7 as well but I have not done a lot of testing on that
issue.  I know some of the products like WSUS were having an issue with
Vista clients not having IP6 turned on.  I don't remember what the issue was
but they had problems connecting reliably to the server.

 

Jon

On Thu, Feb 18, 2010 at 2:36 PM, Free, Bob  wrote:

Yes bad on any 2008 server

 

From: Sam Cayze [mailto:sam.ca...@rollouts.com] 
Sent: Thursday, February 18, 2010 6:15 AM 


To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

Can you answer this:  Is it bad to do it on any 2008 machine, or just a 2008
machine that will host Exchange?

 

From: Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: Thursday, February 18, 2010 7:22 AM 


To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

There are known problems with doing so. And, unfortunately, before you ask
me what they are - I'm not allowed to say.

 

Regards,

 

Michael B. Smith

Consultant and Exchange MVP

http://TheEssentialExchange.com

 

From: Sam Cayze [mailto:sam.ca...@rollouts.com] 
Sent: Thursday, February 18, 2010 8:18 AM 


To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

Ok!  I'll try to find it again.

 

Curious though, as to why it's such a bad idea.

 

From: Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: Thursday, February 18, 2010 6:15 AM 


To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

Sam -

 

DON'T DO THAT.  Dramatic enough? :-)

 

And like Carl asked, I'm interested to know where you read it. 'Cuz I'll try
to get it fixed.

 

Regards,

 

Michael B. Smith

Consultant and Exchange MVP

http://TheEssentialExchange.com  

 

From: Carl Houseman [mailto:c.house...@gmail.com] 
Sent: Wednesday, February 17, 2010 10:37 PM 


To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

Where'd you read that?

 

From: Sam Cayze [mailto:sam.ca...@rollouts.com] 
Sent: Wednesday, February 17, 2010 10:33 PM 


To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

IP6 is disabled on the NIC(s).   Something I read to do when introducing
Ex2010 into an IPv4 environment.

 

From: Free, Bob [mailto:r...@pge.com] 
Sent: Wednesday, February 17, 2010 4:20 PM
To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

What do you mean by ip4 only?

 

From: Sam Cayze [mailto:sam.ca...@rollouts.com] 
Sent: Tuesday, February 16, 2010 8:45 AM
To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

Having a terrible time getting an RDP session open to my first Srv08 server.
Works 50% of the time.  Have to fire up the VMware Console to connect.  Once
I log in through the console, I can then connect to the Srv08.

 

Firewall is disabled.  ip4 only.

 

???

 

  _  

From: Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: Tuesday, February 16, 2010 10:41 AM
To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

That's the same version I have (Win7 ultimate x64).

 

Regards,

 

Michael B. Smith

Consultant and Exchange MVP

http://TheEssentialExchange.com  

 

From: Sam Cayze [mailto:sam.ca...@rollouts.com] 
Sent: Tuesday, February 16, 2010 11:35 AM
To: NT System Admin Issues
Subject: What is the latest version of RDP client for Win7?

 

I have 6.1.7600; thought 7.x was out...

 

 

 

 

 

 

 

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: What is the latest version of RDP client for Win7?

2010-02-18 Thread Jon Harris 
I would add Vista and 7 as well but I have not done a lot of testing on that
issue.  I know some of the products like WSUS were having an issue with
Vista clients not having IP6 turned on.  I don't remember what the issue was
but they had problems connecting reliably to the server.

Jon

On Thu, Feb 18, 2010 at 2:36 PM, Free, Bob  wrote:

>  Yes bad on any 2008 server
>
>
>
> *From:* Sam Cayze [mailto:sam.ca...@rollouts.com]
> *Sent:* Thursday, February 18, 2010 6:15 AM
>
> *To:* NT System Admin Issues
> *Subject:* RE: What is the latest version of RDP client for Win7?
>
>
>
> Can you answer this:  Is it bad to do it on any 2008 machine, or just a
> 2008 machine that will host Exchange?
>
>
>
> *From:* Michael B. Smith [mailto:mich...@smithcons.com]
> *Sent:* Thursday, February 18, 2010 7:22 AM
>
> *To:* NT System Admin Issues
> *Subject:* RE: What is the latest version of RDP client for Win7?
>
>
>
> There are known problems with doing so. And, unfortunately, before you ask
> me what they are – I’m not allowed to say.
>
>
>
> Regards,
>
>
>
> Michael B. Smith
>
> Consultant and Exchange MVP
>
> http://TheEssentialExchange.com
>
>
>
> *From:* Sam Cayze [mailto:sam.ca...@rollouts.com]
> *Sent:* Thursday, February 18, 2010 8:18 AM
>
> *To:* NT System Admin Issues
> *Subject:* RE: What is the latest version of RDP client for Win7?
>
>
>
> Ok!  I’ll try to find it again.
>
>
>
> Curious though, as to why it’s such a bad idea…
>
>
>
> *From:* Michael B. Smith [mailto:mich...@smithcons.com]
> *Sent:* Thursday, February 18, 2010 6:15 AM
>
> *To:* NT System Admin Issues
> *Subject:* RE: What is the latest version of RDP client for Win7?
>
>
>
> Sam –
>
>
>
> DON’T DO THAT.  Dramatic enough? :-)
>
>
>
> And like Carl asked, I’m interested to know where you read it. ‘Cuz I’ll
> try to get it fixed.
>
>
>
> Regards,
>
>
>
> Michael B. Smith
>
> Consultant and Exchange MVP
>
> http://TheEssentialExchange.com 
>
>
>
> *From:* Carl Houseman [mailto:c.house...@gmail.com]
> *Sent:* Wednesday, February 17, 2010 10:37 PM
>
> *To:* NT System Admin Issues
> *Subject:* RE: What is the latest version of RDP client for Win7?
>
>
>
> Where'd you read that?
>
>
>
> *From:* Sam Cayze [mailto:sam.ca...@rollouts.com]
> *Sent:* Wednesday, February 17, 2010 10:33 PM
>
> *To:* NT System Admin Issues
> *Subject:* RE: What is the latest version of RDP client for Win7?
>
>
>
> IP6 is disabled on the NIC(s).   Something I read to do when introducing
> Ex2010 into an IPv4 environment.
>
>
>
> *From:* Free, Bob [mailto:r...@pge.com]
> *Sent:* Wednesday, February 17, 2010 4:20 PM
> *To:* NT System Admin Issues
> *Subject:* RE: What is the latest version of RDP client for Win7?
>
>
>
> What do you mean by ip4 only?
>
>
>
> *From:* Sam Cayze [mailto:sam.ca...@rollouts.com]
> *Sent:* Tuesday, February 16, 2010 8:45 AM
> *To:* NT System Admin Issues
> *Subject:* RE: What is the latest version of RDP client for Win7?
>
>
>
> Having a terrible time getting an RDP session open to my first Srv08
> server.  Works 50% of the time.  Have to fire up the VMware Console to
> connect.  Once I log in through the console, I can then connect to the
> Srv08.
>
>
>
> Firewall is disabled.  ip4 only.
>
>
>
> ???
>
>
>  --
>
> *From:* Michael B. Smith [mailto:mich...@smithcons.com]
> *Sent:* Tuesday, February 16, 2010 10:41 AM
> *To:* NT System Admin Issues
> *Subject:* RE: What is the latest version of RDP client for Win7?
>
> That’s the same version I have (Win7 ultimate x64).
>
>
>
> Regards,
>
>
>
> Michael B. Smith
>
> Consultant and Exchange MVP
>
> http://TheEssentialExchange.com 
>
>
>
> *From:* Sam Cayze [mailto:sam.ca...@rollouts.com]
> *Sent:* Tuesday, February 16, 2010 11:35 AM
> *To:* NT System Admin Issues
> *Subject:* What is the latest version of RDP client for Win7?
>
>
>
> I have 6.1.7600; thought 7.x was out...
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Office 2007 upgrades

2010-02-18 Thread Paul Muhlbach 
John:
You may also want to consider the open License program.  If I recall
correctly, you can get into the licensing program and spread your costs
over the three year term.  if you purchase with Software assurance, then
you can renew the software assurance only at the end of year three which
will be significantly less than the cost of the original licensing.
The other benefit to software assurance is licensing for Office 2010
(when it is released) is then available to you with no additional
charges. 
Just a thought as I am investigating upgrades for one of the
organizations I do work with.
 
Hope that helps.
Regards,
Paul
 
 
 
Paul Muhlbach, A+, CNA, MCSE, MCT
APM Computer Services
Camrose, AB  
Phone 403-894-5802
email: pmuhl...@apmcomp.com 
 
 


>>> On 2/18/2010 at 6:49 AM, in message  "John Aldrich"
 wrote:


Ahh… Ok. I’ll look into what version of Office 2000 each user is
running. That’ll certainly matter, as you point out.
 



 

From:Angus Scott-Fleming [mailto:angu...@geoapps.com] 
Sent: Thursday, February 18, 2010 8:45 AM
To: NT System Admin Issues
Subject: Re: Office 2007 upgrades

 
On 17 Feb 2010 at 16:53, John Aldrich  wrote:
 
> I am looking at upgrading about 15 of my users from Office 2000
> Professional to Office 2007 Standard. Is this possible? My Zones rep
says
> his licensing team says it’s not and wants to sell me full Office
2007
> installs. 2007 Standard is pretty much what Office 2000 Professional
used to
> be, is it not? 
 
No, 2000 Pro included Access 2000, 2007 Std does not include Access
2007.
 
I would be Very Surprised if M$ lets you 'legally' upgrade from 2000 to
2007, skipping XP and 2003 in the process (and thus failing to fatten
M$'s bottom line) ;-).
 
OTOH the first link at "microsoft office upgrade licensing - Google
Search"
http://www.google.com/search?q=microsoft+office+upgrade+licensing 
suggests that you may be able to do that (!!)
 
2007 Microsoft Office system pricing and upgrade information

http://office.microsoft.com/en-us/suites/FX101754511033.aspx 

 
2007 Office Suites: Office Standard 2007

Qualifying Products for Upgrade: Microsoft Works 6.0–10; Microsoft
Works suite 2000–2006 or later; any 2000–2007 Microsoft Office
program or suite; any Microsoft Office XP suite except Office XP Student
and Teacher.

 

Good luck with this, but point your "Zones Rep" at that official M$
page.
 
HTH
 
Eh?
 
 
 
--
Angus Scott-Fleming
GeoApps, Tucson, Arizona
1-520-895-3270
~!
 
  
  

 
 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Dell Just Bought Kace

2010-02-18 Thread Steven Peck 
http://richardsiddaway.spaces.live.com/Blog/cns!43CFA46A74CF3E96!2758.entry
Another deal on a manning press book.

A nice resource of powershell based feeds can be found here:
http://pipes.yahoo.com/pipes/pipe.info?_id=uAmYy9xq3BGHcV361fC6Jw

Steven Peck


On Thu, Feb 18, 2010 at 10:43 AM, tony patton
 wrote:
> No probs,
>
> Might get round to PS someday.
>
> Regards
>
> Tony Patton
> Desktop Operations Cavan
> Ext 8078
> Direct Dial 049 435 2878
> email: tony.pat...@quinn-insurance.com
>
>
>
> From:
> Kurt Buff 
> To:
> "NT System Admin Issues" 
> Date:
> 18/02/2010 18:16
> Subject:
> Re: Dell Just Bought Kace
>
>
>
> Very nice. Thanks for that.
>
> On Thu, Feb 18, 2010 at 10:10, tony patton
>  wrote:
>> Here's a simple one I wrote to upgrade Flash, ran by 'cscript //nologo
>> UpgradeFlash.vbs '
>>
>> Not pretty or perfect, but does the job for us, was written in a rush,
>> have similar for FireFox and VNC
>>
>> I use the following batch file with the PC names in a txt file:
>>
>> --8<--
>> @echo off
>> @for /f %%i in (site_pcs.txt) do (
>>   �...@echo Upgrading %%i...
>>   �...@cscript //nologo UpgradeFlash.vbs %%i >>%%i.log 2>&1
>>   �...@echo Completed %%i...
>> )
>> @echo Batch file finished, check log files for details
>> --8<--
>>
>>
>> --8<--
>> Dim strInstallerFireFox 'The command to install the software package
>> Dim strInstallerActiveX
>> Dim strComputer 'The Computer
>> Dim objWMIService
>> Dim strProcess 'The process to terminate before running the command
>> Dim objProcess
>> Dim objFSO
>> Dim strFilePathFireFox 'The filename and path to the installer package
>> Dim strFilePathActiveX
>> Dim strDestinationFireFox 'the filename and path on the destination
>> computer
>> Dim strDestinationActiveX
>> Dim colProcess
>> Dim intProcessID 'The number assigned to the process that is created
>>
>> 'Set the variables
>> 'If there are no arguments, exit...
>> If WScript.Arguments.Count <> 1 Then
>>        WScript.Echo "No PC name was supplied, exitting script"
>>        WScript.Echo ""
>>        WScript.Echo "Usage: cscript /nologo InstallFlash10.vbs "
>>        WScript.Echo ""
>>        WScript.Quit
>> End If
>> strComputer = UCase(Trim(WScript.Arguments(0)))
>> 'Path of Flash plugin installer for FireFox on PC to be installed
>> strInstallerFireFox = "c:\install_flash_player.exe /silent"
>> 'Path of Flash ActiveX installer for FireFox on PC to be installed
>> strInstallerActiveX = "c:\install_flash_player_ax.exe /silent"
>> 'location of where the installers are to be copied from
>> strFilePathFireFox =
>> "\\domain\netlogon\packages\Flash10\install_flash_player.exe"
>> strFilePathActiveX =
>> "\\domain\netlogon\packages\Flash10\install_flash_player_ax.exe"
>> 'location of where the installers are to be copied to
>> strDestinationFireFox = "\\" & strComputer &
>> "\c$\install_flash_player.exe"
>> strDestinationActiveX = "\\" & strComputer &
>> "\c$\install_flash_player_ax.exe"
>>
>> WScript.Echo
>> "="
>>
>> 'Check to see if PC is on
>> If IsHostAlive(strComputer) = True Then
>>        WScript.Echo "PC " & strComputer & " is turned on"
>> Else
>>        WScript.Echo "PC " & strComputer & " is NOT turned on,
> exiting..."
>>        WScript.Quit
>> End If
>> 'Display the variables when it runs
>> WScript.Echo "Target Computer: " & strComputer
>> WScript.Echo "Command: " & strInstallerFireFox
>> WScript.Echo "Command: " & strInstallerActiveX
>> WScript.Echo "Package: " & strDestinationFireFox
>> WScript.Echo "Package: " & strDestinationActiveX
>>
>> 'Copy the installer package to the target PC
>> Set objFSO = CreateObject("Scripting.FileSystemObject")
>> Set objFileCopy = objFSO.GetFile(strFilePathFireFox)
>> objFileCopy.Copy (strDestinationFireFox)
>> Set objFileCopy = objFSO.GetFile(strFilePathActiveX)
>> objFileCopy.Copy (strDestinationActiveX)
>>
>> 'Start the installer for the FireFox Plugin
>> Set objWMIService =
>> GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer &
>> "\root\cimv2:Win32_Process")
>> errReturn = objWMIService.Create(strInstallerFireFox, Null, Null,
>> intProcessID)
>>
>> If errReturn = 0 Then
>> WScript.Echo "Flash FireFox plugin installer was started with a process
> ID
>> of " & intProcessID
>> Else
>> Wscript.Echo "Installer could not be started due to error " & errReturn
>> End If
>>
>> 'Start the installer for the ActiveX Plugin
>> errReturn = objWMIService.Create(strInstallerActiveX, Null, Null,
>> intProcessID)
>>
>> If errReturn = 0 Then
>>        WScript.Echo "Flash ActiveX installer was started with a process
>> ID of " & intProcessID
>> Else
>>        WScript.Echo "Installer could not be started due to error " &
>> errReturn
>> End If
>> WScript.Echo "Script completed for " & strComputer
>> WSc

RE: What is the latest version of RDP client for Win7?

2010-02-18 Thread Free, Bob 
Yes bad on any 2008 server

 

From: Sam Cayze [mailto:sam.ca...@rollouts.com] 
Sent: Thursday, February 18, 2010 6:15 AM
To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

Can you answer this:  Is it bad to do it on any 2008 machine, or just a
2008 machine that will host Exchange?

 

From: Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: Thursday, February 18, 2010 7:22 AM
To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

There are known problems with doing so. And, unfortunately, before you
ask me what they are - I'm not allowed to say.

 

Regards,

 

Michael B. Smith

Consultant and Exchange MVP

http://TheEssentialExchange.com

 

From: Sam Cayze [mailto:sam.ca...@rollouts.com] 
Sent: Thursday, February 18, 2010 8:18 AM
To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

Ok!  I'll try to find it again.

 

Curious though, as to why it's such a bad idea...

 

From: Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: Thursday, February 18, 2010 6:15 AM
To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

Sam -

 

DON'T DO THAT.  Dramatic enough? :-)

 

And like Carl asked, I'm interested to know where you read it. 'Cuz I'll
try to get it fixed.

 

Regards,

 

Michael B. Smith

Consultant and Exchange MVP

http://TheEssentialExchange.com

 

From: Carl Houseman [mailto:c.house...@gmail.com] 
Sent: Wednesday, February 17, 2010 10:37 PM
To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

Where'd you read that?

 

From: Sam Cayze [mailto:sam.ca...@rollouts.com] 
Sent: Wednesday, February 17, 2010 10:33 PM
To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

IP6 is disabled on the NIC(s).   Something I read to do when introducing
Ex2010 into an IPv4 environment.

 

From: Free, Bob [mailto:r...@pge.com] 
Sent: Wednesday, February 17, 2010 4:20 PM
To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

What do you mean by ip4 only?

 

From: Sam Cayze [mailto:sam.ca...@rollouts.com] 
Sent: Tuesday, February 16, 2010 8:45 AM
To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

Having a terrible time getting an RDP session open to my first Srv08
server.  Works 50% of the time.  Have to fire up the VMware Console to
connect.  Once I log in through the console, I can then connect to the
Srv08.

 

Firewall is disabled.  ip4 only.

 

???

 



From: Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: Tuesday, February 16, 2010 10:41 AM
To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

That's the same version I have (Win7 ultimate x64).

 

Regards,

 

Michael B. Smith

Consultant and Exchange MVP

http://TheEssentialExchange.com

 

From: Sam Cayze [mailto:sam.ca...@rollouts.com] 
Sent: Tuesday, February 16, 2010 11:35 AM
To: NT System Admin Issues
Subject: What is the latest version of RDP client for Win7?

 

I have 6.1.7600; thought 7.x was out...

 

 

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: What is the latest version of RDP client for Win7?

2010-02-18 Thread Free, Bob 
It is very strongly recommended by high level support people at MS NOT
to disable IPv6 because the entire testing and supportability matrix is
wrapped around IPv6 being enabled. BadThings(tm) can happen if it is
disabled

 

From: Sam Cayze [mailto:sam.ca...@rollouts.com] 
Sent: Wednesday, February 17, 2010 7:33 PM
To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

IP6 is disabled on the NIC(s).   Something I read to do when introducing
Ex2010 into an IPv4 environment.

 

From: Free, Bob [mailto:r...@pge.com] 
Sent: Wednesday, February 17, 2010 4:20 PM
To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

What do you mean by ip4 only?

 

From: Sam Cayze [mailto:sam.ca...@rollouts.com] 
Sent: Tuesday, February 16, 2010 8:45 AM
To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

 

Having a terrible time getting an RDP session open to my first Srv08
server.  Works 50% of the time.  Have to fire up the VMware Console to
connect.  Once I log in through the console, I can then connect to the
Srv08.

 

Firewall is disabled.  ip4 only.

 

???

 



From: Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: Tuesday, February 16, 2010 10:41 AM
To: NT System Admin Issues
Subject: RE: What is the latest version of RDP client for Win7?

That's the same version I have (Win7 ultimate x64).

 

Regards,

 

Michael B. Smith

Consultant and Exchange MVP

http://TheEssentialExchange.com

 

From: Sam Cayze [mailto:sam.ca...@rollouts.com] 
Sent: Tuesday, February 16, 2010 11:35 AM
To: NT System Admin Issues
Subject: What is the latest version of RDP client for Win7?

 

I have 6.1.7600; thought 7.x was out...

 

 

 

 

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

MS10-015 issue is rootkit, not patch

2010-02-18 Thread David Lum 
http://blogs.technet.com/msrc/archive/2010/02/17/update-restart-issues-after-installing-ms10-015-and-the-alureon-rootkit.aspx
David Lum // SYSTEMS ENGINEER
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Dell Just Bought Kace

2010-02-18 Thread tony patton 
No probs,

Might get round to PS someday.

Regards

Tony Patton
Desktop Operations Cavan
Ext 8078
Direct Dial 049 435 2878
email: tony.pat...@quinn-insurance.com



From:
Kurt Buff 
To:
"NT System Admin Issues" 
Date:
18/02/2010 18:16
Subject:
Re: Dell Just Bought Kace



Very nice. Thanks for that.

On Thu, Feb 18, 2010 at 10:10, tony patton
 wrote:
> Here's a simple one I wrote to upgrade Flash, ran by 'cscript //nologo
> UpgradeFlash.vbs '
>
> Not pretty or perfect, but does the job for us, was written in a rush,
> have similar for FireFox and VNC
>
> I use the following batch file with the PC names in a txt file:
>
> --8<--
> @echo off
> @for /f %%i in (site_pcs.txt) do (
>@echo Upgrading %%i...
>@cscript //nologo UpgradeFlash.vbs %%i >>%%i.log 2>&1
>@echo Completed %%i...
> )
> @echo Batch file finished, check log files for details
> --8<--
>
>
> --8<--
> Dim strInstallerFireFox 'The command to install the software package
> Dim strInstallerActiveX
> Dim strComputer 'The Computer
> Dim objWMIService
> Dim strProcess 'The process to terminate before running the command
> Dim objProcess
> Dim objFSO
> Dim strFilePathFireFox 'The filename and path to the installer package
> Dim strFilePathActiveX
> Dim strDestinationFireFox 'the filename and path on the destination
> computer
> Dim strDestinationActiveX
> Dim colProcess
> Dim intProcessID 'The number assigned to the process that is created
>
> 'Set the variables
> 'If there are no arguments, exit...
> If WScript.Arguments.Count <> 1 Then
>WScript.Echo "No PC name was supplied, exitting script"
>WScript.Echo ""
>WScript.Echo "Usage: cscript /nologo InstallFlash10.vbs "
>WScript.Echo ""
>WScript.Quit
> End If
> strComputer = UCase(Trim(WScript.Arguments(0)))
> 'Path of Flash plugin installer for FireFox on PC to be installed
> strInstallerFireFox = "c:\install_flash_player.exe /silent"
> 'Path of Flash ActiveX installer for FireFox on PC to be installed
> strInstallerActiveX = "c:\install_flash_player_ax.exe /silent"
> 'location of where the installers are to be copied from
> strFilePathFireFox =
> "\\domain\netlogon\packages\Flash10\install_flash_player.exe"
> strFilePathActiveX =
> "\\domain\netlogon\packages\Flash10\install_flash_player_ax.exe"
> 'location of where the installers are to be copied to
> strDestinationFireFox = "\\" & strComputer &
> "\c$\install_flash_player.exe"
> strDestinationActiveX = "\\" & strComputer &
> "\c$\install_flash_player_ax.exe"
>
> WScript.Echo
> "="
>
> 'Check to see if PC is on
> If IsHostAlive(strComputer) = True Then
>WScript.Echo "PC " & strComputer & " is turned on"
> Else
>WScript.Echo "PC " & strComputer & " is NOT turned on, 
exiting..."
>WScript.Quit
> End If
> 'Display the variables when it runs
> WScript.Echo "Target Computer: " & strComputer
> WScript.Echo "Command: " & strInstallerFireFox
> WScript.Echo "Command: " & strInstallerActiveX
> WScript.Echo "Package: " & strDestinationFireFox
> WScript.Echo "Package: " & strDestinationActiveX
>
> 'Copy the installer package to the target PC
> Set objFSO = CreateObject("Scripting.FileSystemObject")
> Set objFileCopy = objFSO.GetFile(strFilePathFireFox)
> objFileCopy.Copy (strDestinationFireFox)
> Set objFileCopy = objFSO.GetFile(strFilePathActiveX)
> objFileCopy.Copy (strDestinationActiveX)
>
> 'Start the installer for the FireFox Plugin
> Set objWMIService =
> GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer &
> "\root\cimv2:Win32_Process")
> errReturn = objWMIService.Create(strInstallerFireFox, Null, Null,
> intProcessID)
>
> If errReturn = 0 Then
> WScript.Echo "Flash FireFox plugin installer was started with a process 
ID
> of " & intProcessID
> Else
> Wscript.Echo "Installer could not be started due to error " & errReturn
> End If
>
> 'Start the installer for the ActiveX Plugin
> errReturn = objWMIService.Create(strInstallerActiveX, Null, Null,
> intProcessID)
>
> If errReturn = 0 Then
>WScript.Echo "Flash ActiveX installer was started with a process
> ID of " & intProcessID
> Else
>WScript.Echo "Installer could not be started due to error " &
> errReturn
> End If
> WScript.Echo "Script completed for " & strComputer
> WScript.Echo
> "="
> WScript.Quit
>
> Function IsHostAlive(strComputer)
>Set objPing =
> GetObject("winmgmts:{impersonationLevel=impersonate}")._
>ExecQuery("select * from Win32_PingStatus where address = '" &
> strComputer & "'")
>WScript.Echo "Attempting to ping PC " & strComputer
>'WScript.Echo "  Is PC switched on? ..."
>For Each objStatus in objPing
>'

RE: Cisco servers?

2010-02-18 Thread Kennedy, Jim 

They have a new server line and they are teaming up with someone to do VM's on 
them. That is the extent of my knowledge.


-Original Message-
From: Maglinger, Paul [mailto:pmaglin...@scvl.com] 
Sent: Thursday, February 18, 2010 1:38 PM
To: NT System Admin Issues
Subject: RE: Cisco servers?

I haven't seen anything about that.

-Original Message-
From: Steven M. Caesare [mailto:scaes...@caesare.com] 
Sent: Wednesday, February 17, 2010 9:10 AM
To: NT System Admin Issues
Subject: RE: Cisco servers?

Did I hear something about them OEM'ing Fujitsu blade servers or
something like that?

-sc

> -Original Message-
> From: Maglinger, Paul [mailto:pmaglin...@scvl.com]
> Sent: Wednesday, February 17, 2010 10:08 AM
> To: NT System Admin Issues
> Subject: Cisco servers?
> 
> Just got an email from our Cisco rep that Cisco now "does servers".
I'm not
> talking about the Cisco branded HPs.  These look entirely different.
Anyone
> out there heard anything about them (aside from what the sales people
tell
> you)?
> 
> 
> Paul
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Cisco servers?

2010-02-18 Thread Maglinger, Paul 
I haven't seen anything about that.

-Original Message-
From: Steven M. Caesare [mailto:scaes...@caesare.com] 
Sent: Wednesday, February 17, 2010 9:10 AM
To: NT System Admin Issues
Subject: RE: Cisco servers?

Did I hear something about them OEM'ing Fujitsu blade servers or
something like that?

-sc

> -Original Message-
> From: Maglinger, Paul [mailto:pmaglin...@scvl.com]
> Sent: Wednesday, February 17, 2010 10:08 AM
> To: NT System Admin Issues
> Subject: Cisco servers?
> 
> Just got an email from our Cisco rep that Cisco now "does servers".
I'm not
> talking about the Cisco branded HPs.  These look entirely different.
Anyone
> out there heard anything about them (aside from what the sales people
tell
> you)?
> 
> 
> Paul
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Dell Just Bought Kace

2010-02-18 Thread Kurt Buff 
Very nice. Thanks for that.

On Thu, Feb 18, 2010 at 10:10, tony patton
 wrote:
> Here's a simple one I wrote to upgrade Flash, ran by 'cscript //nologo
> UpgradeFlash.vbs '
>
> Not pretty or perfect, but does the job for us, was written in a rush,
> have similar for FireFox and VNC
>
> I use the following batch file with the PC names in a txt file:
>
> --8<--
> @echo off
> @for /f %%i in (site_pcs.txt) do (
>   �...@echo Upgrading %%i...
>   �...@cscript //nologo UpgradeFlash.vbs %%i >>%%i.log 2>&1
>   �...@echo Completed %%i...
> )
> @echo Batch file finished, check log files for details
> --8<--
>
>
> --8<--
> Dim strInstallerFireFox 'The command to install the software package
> Dim strInstallerActiveX
> Dim strComputer 'The Computer
> Dim objWMIService
> Dim strProcess 'The process to terminate before running the command
> Dim objProcess
> Dim objFSO
> Dim strFilePathFireFox 'The filename and path to the installer package
> Dim strFilePathActiveX
> Dim strDestinationFireFox 'the filename and path on the destination
> computer
> Dim strDestinationActiveX
> Dim colProcess
> Dim intProcessID 'The number assigned to the process that is created
>
> 'Set the variables
> 'If there are no arguments, exit...
> If WScript.Arguments.Count <> 1 Then
>        WScript.Echo "No PC name was supplied, exitting script"
>        WScript.Echo ""
>        WScript.Echo "Usage: cscript /nologo InstallFlash10.vbs "
>        WScript.Echo ""
>        WScript.Quit
> End If
> strComputer = UCase(Trim(WScript.Arguments(0)))
> 'Path of Flash plugin installer for FireFox on PC to be installed
> strInstallerFireFox = "c:\install_flash_player.exe /silent"
> 'Path of Flash ActiveX installer for FireFox on PC to be installed
> strInstallerActiveX = "c:\install_flash_player_ax.exe /silent"
> 'location of where the installers are to be copied from
> strFilePathFireFox =
> "\\domain\netlogon\packages\Flash10\install_flash_player.exe"
> strFilePathActiveX =
> "\\domain\netlogon\packages\Flash10\install_flash_player_ax.exe"
> 'location of where the installers are to be copied to
> strDestinationFireFox = "\\" & strComputer &
> "\c$\install_flash_player.exe"
> strDestinationActiveX = "\\" & strComputer &
> "\c$\install_flash_player_ax.exe"
>
> WScript.Echo
> "="
>
> 'Check to see if PC is on
> If IsHostAlive(strComputer) = True Then
>        WScript.Echo "PC " & strComputer & " is turned on"
> Else
>        WScript.Echo "PC " & strComputer & " is NOT turned on, exiting..."
>        WScript.Quit
> End If
> 'Display the variables when it runs
> WScript.Echo "Target Computer: " & strComputer
> WScript.Echo "Command: " & strInstallerFireFox
> WScript.Echo "Command: " & strInstallerActiveX
> WScript.Echo "Package: " & strDestinationFireFox
> WScript.Echo "Package: " & strDestinationActiveX
>
> 'Copy the installer package to the target PC
> Set objFSO = CreateObject("Scripting.FileSystemObject")
> Set objFileCopy = objFSO.GetFile(strFilePathFireFox)
> objFileCopy.Copy (strDestinationFireFox)
> Set objFileCopy = objFSO.GetFile(strFilePathActiveX)
> objFileCopy.Copy (strDestinationActiveX)
>
> 'Start the installer for the FireFox Plugin
> Set objWMIService =
> GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer &
> "\root\cimv2:Win32_Process")
> errReturn = objWMIService.Create(strInstallerFireFox, Null, Null,
> intProcessID)
>
> If errReturn = 0 Then
> WScript.Echo "Flash FireFox plugin installer was started with a process ID
> of " & intProcessID
> Else
> Wscript.Echo "Installer could not be started due to error " & errReturn
> End If
>
> 'Start the installer for the ActiveX Plugin
> errReturn = objWMIService.Create(strInstallerActiveX, Null, Null,
> intProcessID)
>
> If errReturn = 0 Then
>        WScript.Echo "Flash ActiveX installer was started with a process
> ID of " & intProcessID
> Else
>        WScript.Echo "Installer could not be started due to error " &
> errReturn
> End If
> WScript.Echo "Script completed for " & strComputer
> WScript.Echo
> "="
> WScript.Quit
>
> Function IsHostAlive(strComputer)
>        Set objPing =
> GetObject("winmgmts:{impersonationLevel=impersonate}")._
>        ExecQuery("select * from Win32_PingStatus where address = '" &
> strComputer & "'")
>        WScript.Echo "Attempting to ping PC " & strComputer
>        'WScript.Echo "  Is PC switched on? ..."
>        For Each objStatus in objPing
>                ' If there is no response, PC is not on or reachable
>        If IsNull(objStatus.StatusCode) or objStatus.StatusCode <> 0 Then
>                IsHostAlive = False
>        Else
>                IsHostAlive = True
>                End If
>        Next
> End Function

Re: Dell Just Bought Kace

2010-02-18 Thread Kurt Buff 
When I ordered this book, I got a choice of a free volume to go with
it - two were on offer, and I chose their ADSI book.

I can't remember what the other one was, but I didn't find it nearly
as compelling.

On Thu, Feb 18, 2010 at 10:06, Michael B. Smith  wrote:
> I haven't read their 2.0 book. The 1.0 book was pretty good.
>
> Manning publishing, who does Bruce Payette's "PowerShell in Action", had an 
> ebook special on it for something ridiculous like $10 in November/December. 
> That's the one I acquired.
>
> Regards,
>
> Michael B. Smith
> Consultant and Exchange MVP
> http://TheEssentialExchange.com
>
>
> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Thursday, February 18, 2010 1:00 PM
> To: NT System Admin Issues
> Subject: Re: Dell Just Bought Kace
>
> I just bought Windows Powershell 2.0 TFM, by Jones and Hicks.
>
> I'm putting it underneath my pillow tonight. Heh.
>
> Kurt
>
> On Thu, Feb 18, 2010 at 09:56, Michael B. Smith  wrote:
>> PowerShell v2, yes. It has a fairly robust remoting implementation.
>>
>> In v1, I still wrapped lots of scripts around psexec.
>>
>> Regards,
>>
>> Michael B. Smith
>> Consultant and Exchange MVP
>> http://TheEssentialExchange.com
>>
>>
>> -Original Message-
>> From: Kurt Buff [mailto:kurt.b...@gmail.com]
>> Sent: Thursday, February 18, 2010 12:53 PM
>> To: NT System Admin Issues
>> Subject: Re: Dell Just Bought Kace
>>
>> psexec is a bit simple, but it does do an awful lot.
>>
>> Time to start gearing up for powershell, though. I think it can do all that 
>> psexec does, and more. I'm going to find out...
>>
>> Kurt
>>
>> On Thu, Feb 18, 2010 at 09:48, Matthew W. Ross  
>> wrote:
>>> I'm waiting for somebody with more programing experience than myself to 
>>> make a good frontend to SysInternals PSexec.exe (and their other tools.) 
>>> Pushing scripts/silent .MSI installs is completely doable with that 
>>> software without a client on the machine.
>>>
>>>
>>> --Matt Ross
>>> Ephrata School District
>>>
>>>
>>> - Original Message -
>>> From: Kurt Buff
>>> [mailto:kurt.b...@gmail.com]
>>> To: NT System Admin Issues
>>> [mailto:ntsysad...@lyris.sunbelt-software.com]
>>> Sent: Thu, 18 Feb 2010
>>> 09:11:10 -0800
>>> Subject: Re: Dell Just Bought Kace
>>>
>>>
 I'm not a big fan of software client installs. I do wish these
 companies would figure out how to do more of this stuff without
 loading extra software onto all of my machines.

 It's memory bloat and more software on the desktop means more
 security risks as well.

 Blech.

 Kurt

 On Thu, Feb 18, 2010 at 06:11, Tom Miller  wrote:
 > I've been looking into getting a KBox as well.  I currently use
 > Microsoft Configuration Manager - a behemoth of a product - and am
 > looking at alternatives.  The KBox has a Dell Updates section
 > which might be of use,
 as
 > we are a Dell shop as well.
 >
 > The Microsoft product is okay, but very cumbersome and don't get
 > me
 started
 > on getting the blasted client installed.. (KBox client
 > installs very easily).
 >
 >
 >
 > Tom Miller
 > Engineer, Information Technology
 > Hampton-Newport News Community Services Board
 > 757-788-0528
 >
  tony patton  2/18/2010 6:05 AM
  >>>
 > Discovered that bit of info couple of weeks ago, but couldn't post it.
 >
 > We're waiting on the Finance director to sign off on the purchase
 > of a KBOX 1100 for the past month.
 >
 > The Dell acquisition sort of throws a spanner in the works, as my
 > boss is adamant that we'll get a better price from Dell on it.
 >
 > Hopefully we'll be the owner of one very shortly.
 >
 > They've changed their licensing structure last month, the
 > different modules used to be licensed separately, now they are all 
 > included.
 > It's worked out the same for us as we were looking for the
 > Security Scanning and Asset modules.
 > If you were just getting the basic box, it'll now work out a bit
 > more expensive, but still a lot cheaper than most of the alternatives.
 >
 > The best thing about the purchase, is that they're now using Dell
 > servers, pretty important factor for us as we're 100% dell, apart from 
 > the Netapps.
 >
 > Regards
 >
 > Tony Patton
 > Desktop Operations Cavan
 > Ext 8078
 > Direct Dial 049 435 2878
 > email: tony.pat...@quinn-insurance.com
 >
 >
 >
 > From:
 > Kurt Buff 
 > To:
 > "NT System Admin Issues" 
 > Date:
 > 17/02/2010 22:20
 > Subject:
 > Dell Just Bought Kace
 >
 >
 >
 > Discussion warranted, I presume.
 >
 > Can you customise software installs? In particular, I'd like to
 > customise FF and Adobe Reader installs - turn of javascript in
 > Reader, and add in NTLM auth and a few oth

Re: Dell Just Bought Kace

2010-02-18 Thread tony patton 
Here's a simple one I wrote to upgrade Flash, ran by 'cscript //nologo 
UpgradeFlash.vbs '

Not pretty or perfect, but does the job for us, was written in a rush, 
have similar for FireFox and VNC

I use the following batch file with the PC names in a txt file:

--8<--
@echo off
@for /f %%i in (site_pcs.txt) do (
@echo Upgrading %%i...
@cscript //nologo UpgradeFlash.vbs %%i >>%%i.log 2>&1
@echo Completed %%i...
)
@echo Batch file finished, check log files for details
--8<--


--8<--
Dim strInstallerFireFox 'The command to install the software package
Dim strInstallerActiveX
Dim strComputer 'The Computer
Dim objWMIService
Dim strProcess 'The process to terminate before running the command
Dim objProcess
Dim objFSO
Dim strFilePathFireFox 'The filename and path to the installer package
Dim strFilePathActiveX
Dim strDestinationFireFox 'the filename and path on the destination 
computer
Dim strDestinationActiveX
Dim colProcess
Dim intProcessID 'The number assigned to the process that is created

'Set the variables
'If there are no arguments, exit...
If WScript.Arguments.Count <> 1 Then
WScript.Echo "No PC name was supplied, exitting script"
WScript.Echo ""
WScript.Echo "Usage: cscript /nologo InstallFlash10.vbs "
WScript.Echo ""
WScript.Quit
End If
strComputer = UCase(Trim(WScript.Arguments(0)))
'Path of Flash plugin installer for FireFox on PC to be installed
strInstallerFireFox = "c:\install_flash_player.exe /silent"
'Path of Flash ActiveX installer for FireFox on PC to be installed
strInstallerActiveX = "c:\install_flash_player_ax.exe /silent"
'location of where the installers are to be copied from
strFilePathFireFox = 
"\\domain\netlogon\packages\Flash10\install_flash_player.exe"
strFilePathActiveX = 
"\\domain\netlogon\packages\Flash10\install_flash_player_ax.exe"
'location of where the installers are to be copied to
strDestinationFireFox = "\\" & strComputer & 
"\c$\install_flash_player.exe"
strDestinationActiveX = "\\" & strComputer & 
"\c$\install_flash_player_ax.exe"

WScript.Echo 
"="

'Check to see if PC is on
If IsHostAlive(strComputer) = True Then
WScript.Echo "PC " & strComputer & " is turned on"
Else
WScript.Echo "PC " & strComputer & " is NOT turned on, exiting..."
WScript.Quit
End If
'Display the variables when it runs
WScript.Echo "Target Computer: " & strComputer
WScript.Echo "Command: " & strInstallerFireFox
WScript.Echo "Command: " & strInstallerActiveX
WScript.Echo "Package: " & strDestinationFireFox
WScript.Echo "Package: " & strDestinationActiveX

'Copy the installer package to the target PC
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFileCopy = objFSO.GetFile(strFilePathFireFox)
objFileCopy.Copy (strDestinationFireFox)
Set objFileCopy = objFSO.GetFile(strFilePathActiveX)
objFileCopy.Copy (strDestinationActiveX)

'Start the installer for the FireFox Plugin
Set objWMIService = 
GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & 
"\root\cimv2:Win32_Process")
errReturn = objWMIService.Create(strInstallerFireFox, Null, Null, 
intProcessID)

If errReturn = 0 Then
WScript.Echo "Flash FireFox plugin installer was started with a process ID 
of " & intProcessID
Else
Wscript.Echo "Installer could not be started due to error " & errReturn
End If

'Start the installer for the ActiveX Plugin
errReturn = objWMIService.Create(strInstallerActiveX, Null, Null, 
intProcessID)

If errReturn = 0 Then
WScript.Echo "Flash ActiveX installer was started with a process 
ID of " & intProcessID
Else
WScript.Echo "Installer could not be started due to error " & 
errReturn
End If
WScript.Echo "Script completed for " & strComputer
WScript.Echo 
"="
WScript.Quit

Function IsHostAlive(strComputer)
Set objPing = 
GetObject("winmgmts:{impersonationLevel=impersonate}")._
ExecQuery("select * from Win32_PingStatus where address = '" & 
strComputer & "'")
WScript.Echo "Attempting to ping PC " & strComputer
'WScript.Echo "  Is PC switched on? ..."
For Each objStatus in objPing
' If there is no response, PC is not on or reachable
If IsNull(objStatus.StatusCode) or objStatus.StatusCode <> 0 Then 
IsHostAlive = False
Else
IsHostAlive = True
End If
Next
End Function
--8<--

Regards

Tony Patton
Desktop Operations Cavan
Ext 8078
Direct Dial 049 435 2878
email: tony.pat...@quinn-insurance.com


http://www.quinn-insurance.com

RE: Dell Just Bought Kace

2010-02-18 Thread Michael B. Smith 
I haven't read their 2.0 book. The 1.0 book was pretty good.

Manning publishing, who does Bruce Payette's "PowerShell in Action", had an 
ebook special on it for something ridiculous like $10 in November/December. 
That's the one I acquired.

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com


-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Thursday, February 18, 2010 1:00 PM
To: NT System Admin Issues
Subject: Re: Dell Just Bought Kace

I just bought Windows Powershell 2.0 TFM, by Jones and Hicks.

I'm putting it underneath my pillow tonight. Heh.

Kurt

On Thu, Feb 18, 2010 at 09:56, Michael B. Smith  wrote:
> PowerShell v2, yes. It has a fairly robust remoting implementation.
>
> In v1, I still wrapped lots of scripts around psexec.
>
> Regards,
>
> Michael B. Smith
> Consultant and Exchange MVP
> http://TheEssentialExchange.com
>
>
> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Thursday, February 18, 2010 12:53 PM
> To: NT System Admin Issues
> Subject: Re: Dell Just Bought Kace
>
> psexec is a bit simple, but it does do an awful lot.
>
> Time to start gearing up for powershell, though. I think it can do all that 
> psexec does, and more. I'm going to find out...
>
> Kurt
>
> On Thu, Feb 18, 2010 at 09:48, Matthew W. Ross  
> wrote:
>> I'm waiting for somebody with more programing experience than myself to make 
>> a good frontend to SysInternals PSexec.exe (and their other tools.) Pushing 
>> scripts/silent .MSI installs is completely doable with that software without 
>> a client on the machine.
>>
>>
>> --Matt Ross
>> Ephrata School District
>>
>>
>> - Original Message -
>> From: Kurt Buff
>> [mailto:kurt.b...@gmail.com]
>> To: NT System Admin Issues
>> [mailto:ntsysad...@lyris.sunbelt-software.com]
>> Sent: Thu, 18 Feb 2010
>> 09:11:10 -0800
>> Subject: Re: Dell Just Bought Kace
>>
>>
>>> I'm not a big fan of software client installs. I do wish these 
>>> companies would figure out how to do more of this stuff without 
>>> loading extra software onto all of my machines.
>>>
>>> It's memory bloat and more software on the desktop means more 
>>> security risks as well.
>>>
>>> Blech.
>>>
>>> Kurt
>>>
>>> On Thu, Feb 18, 2010 at 06:11, Tom Miller  wrote:
>>> > I've been looking into getting a KBox as well.  I currently use 
>>> > Microsoft Configuration Manager - a behemoth of a product - and am 
>>> > looking at alternatives.  The KBox has a Dell Updates section 
>>> > which might be of use,
>>> as
>>> > we are a Dell shop as well.
>>> >
>>> > The Microsoft product is okay, but very cumbersome and don't get 
>>> > me
>>> started
>>> > on getting the blasted client installed.. (KBox client 
>>> > installs very easily).
>>> >
>>> >
>>> >
>>> > Tom Miller
>>> > Engineer, Information Technology
>>> > Hampton-Newport News Community Services Board
>>> > 757-788-0528
>>> >
>>>  tony patton  2/18/2010 6:05 AM
>>>  >>>
>>> > Discovered that bit of info couple of weeks ago, but couldn't post it.
>>> >
>>> > We're waiting on the Finance director to sign off on the purchase 
>>> > of a KBOX 1100 for the past month.
>>> >
>>> > The Dell acquisition sort of throws a spanner in the works, as my 
>>> > boss is adamant that we'll get a better price from Dell on it.
>>> >
>>> > Hopefully we'll be the owner of one very shortly.
>>> >
>>> > They've changed their licensing structure last month, the 
>>> > different modules used to be licensed separately, now they are all 
>>> > included.
>>> > It's worked out the same for us as we were looking for the 
>>> > Security Scanning and Asset modules.
>>> > If you were just getting the basic box, it'll now work out a bit 
>>> > more expensive, but still a lot cheaper than most of the alternatives.
>>> >
>>> > The best thing about the purchase, is that they're now using Dell 
>>> > servers, pretty important factor for us as we're 100% dell, apart from 
>>> > the Netapps.
>>> >
>>> > Regards
>>> >
>>> > Tony Patton
>>> > Desktop Operations Cavan
>>> > Ext 8078
>>> > Direct Dial 049 435 2878
>>> > email: tony.pat...@quinn-insurance.com
>>> >
>>> >
>>> >
>>> > From:
>>> > Kurt Buff 
>>> > To:
>>> > "NT System Admin Issues" 
>>> > Date:
>>> > 17/02/2010 22:20
>>> > Subject:
>>> > Dell Just Bought Kace
>>> >
>>> >
>>> >
>>> > Discussion warranted, I presume.
>>> >
>>> > Can you customise software installs? In particular, I'd like to 
>>> > customise FF and Adobe Reader installs - turn of javascript in 
>>> > Reader, and add in NTLM auth and a few other things that we do 
>>> > manually here with FF.
>>> >
>>> > Kurt
>>> >
>>> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ 
>>> > ~   ~
>>> >
>>> >
>>> > ==
>>> > =
>>> > =
>>> > http://www.quinn-insurance.com
>>> >
>>> > This e-mail is intended only for the addressee na

Re: Dell Just Bought Kace

2010-02-18 Thread Kurt Buff 
I just bought Windows Powershell 2.0 TFM, by Jones and Hicks.

I'm putting it underneath my pillow tonight. Heh.

Kurt

On Thu, Feb 18, 2010 at 09:56, Michael B. Smith  wrote:
> PowerShell v2, yes. It has a fairly robust remoting implementation.
>
> In v1, I still wrapped lots of scripts around psexec.
>
> Regards,
>
> Michael B. Smith
> Consultant and Exchange MVP
> http://TheEssentialExchange.com
>
>
> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Thursday, February 18, 2010 12:53 PM
> To: NT System Admin Issues
> Subject: Re: Dell Just Bought Kace
>
> psexec is a bit simple, but it does do an awful lot.
>
> Time to start gearing up for powershell, though. I think it can do all that 
> psexec does, and more. I'm going to find out...
>
> Kurt
>
> On Thu, Feb 18, 2010 at 09:48, Matthew W. Ross  
> wrote:
>> I'm waiting for somebody with more programing experience than myself to make 
>> a good frontend to SysInternals PSexec.exe (and their other tools.) Pushing 
>> scripts/silent .MSI installs is completely doable with that software without 
>> a client on the machine.
>>
>>
>> --Matt Ross
>> Ephrata School District
>>
>>
>> - Original Message -
>> From: Kurt Buff
>> [mailto:kurt.b...@gmail.com]
>> To: NT System Admin Issues
>> [mailto:ntsysad...@lyris.sunbelt-software.com]
>> Sent: Thu, 18 Feb 2010
>> 09:11:10 -0800
>> Subject: Re: Dell Just Bought Kace
>>
>>
>>> I'm not a big fan of software client installs. I do wish these
>>> companies would figure out how to do more of this stuff without
>>> loading extra software onto all of my machines.
>>>
>>> It's memory bloat and more software on the desktop means more
>>> security risks as well.
>>>
>>> Blech.
>>>
>>> Kurt
>>>
>>> On Thu, Feb 18, 2010 at 06:11, Tom Miller  wrote:
>>> > I've been looking into getting a KBox as well.  I currently use
>>> > Microsoft Configuration Manager - a behemoth of a product - and am
>>> > looking at alternatives.  The KBox has a Dell Updates section which
>>> > might be of use,
>>> as
>>> > we are a Dell shop as well.
>>> >
>>> > The Microsoft product is okay, but very cumbersome and don't get me
>>> started
>>> > on getting the blasted client installed.. (KBox client installs
>>> > very easily).
>>> >
>>> >
>>> >
>>> > Tom Miller
>>> > Engineer, Information Technology
>>> > Hampton-Newport News Community Services Board
>>> > 757-788-0528
>>> >
>>>  tony patton  2/18/2010 6:05 AM
>>>  >>>
>>> > Discovered that bit of info couple of weeks ago, but couldn't post it.
>>> >
>>> > We're waiting on the Finance director to sign off on the purchase
>>> > of a KBOX 1100 for the past month.
>>> >
>>> > The Dell acquisition sort of throws a spanner in the works, as my
>>> > boss is adamant that we'll get a better price from Dell on it.
>>> >
>>> > Hopefully we'll be the owner of one very shortly.
>>> >
>>> > They've changed their licensing structure last month, the different
>>> > modules used to be licensed separately, now they are all included.
>>> > It's worked out the same for us as we were looking for the Security
>>> > Scanning and Asset modules.
>>> > If you were just getting the basic box, it'll now work out a bit
>>> > more expensive, but still a lot cheaper than most of the alternatives.
>>> >
>>> > The best thing about the purchase, is that they're now using Dell
>>> > servers, pretty important factor for us as we're 100% dell, apart from 
>>> > the Netapps.
>>> >
>>> > Regards
>>> >
>>> > Tony Patton
>>> > Desktop Operations Cavan
>>> > Ext 8078
>>> > Direct Dial 049 435 2878
>>> > email: tony.pat...@quinn-insurance.com
>>> >
>>> >
>>> >
>>> > From:
>>> > Kurt Buff 
>>> > To:
>>> > "NT System Admin Issues" 
>>> > Date:
>>> > 17/02/2010 22:20
>>> > Subject:
>>> > Dell Just Bought Kace
>>> >
>>> >
>>> >
>>> > Discussion warranted, I presume.
>>> >
>>> > Can you customise software installs? In particular, I'd like to
>>> > customise FF and Adobe Reader installs - turn of javascript in
>>> > Reader, and add in NTLM auth and a few other things that we do
>>> > manually here with FF.
>>> >
>>> > Kurt
>>> >
>>> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>>> > ~   ~
>>> >
>>> >
>>> > ===
>>> > =
>>> > http://www.quinn-insurance.com
>>> >
>>> > This e-mail is intended only for the addressee named above. The
>>> > contents should not be copied nor disclosed to any other person.
>>> > Any views or opinions expressed are solely those of the sender and
>>> > do not necessarily represent those of QUINN-Insurance, unless
>>> > otherwise specifically stated . As internet communications are not
>>> > secure, QUINN-Insurance is not responsible for the contents of this
>>> > message nor responsible for any change made to this message after
>>> > it was sent by the original sender. Although virus scanning is used
>>> > on all inbound and outb

RE: Dell Just Bought Kace

2010-02-18 Thread Michael B. Smith 
PowerShell v2, yes. It has a fairly robust remoting implementation.

In v1, I still wrapped lots of scripts around psexec.

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com


-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Thursday, February 18, 2010 12:53 PM
To: NT System Admin Issues
Subject: Re: Dell Just Bought Kace

psexec is a bit simple, but it does do an awful lot.

Time to start gearing up for powershell, though. I think it can do all that 
psexec does, and more. I'm going to find out...

Kurt

On Thu, Feb 18, 2010 at 09:48, Matthew W. Ross  wrote:
> I'm waiting for somebody with more programing experience than myself to make 
> a good frontend to SysInternals PSexec.exe (and their other tools.) Pushing 
> scripts/silent .MSI installs is completely doable with that software without 
> a client on the machine.
>
>
> --Matt Ross
> Ephrata School District
>
>
> - Original Message -
> From: Kurt Buff
> [mailto:kurt.b...@gmail.com]
> To: NT System Admin Issues
> [mailto:ntsysad...@lyris.sunbelt-software.com]
> Sent: Thu, 18 Feb 2010
> 09:11:10 -0800
> Subject: Re: Dell Just Bought Kace
>
>
>> I'm not a big fan of software client installs. I do wish these 
>> companies would figure out how to do more of this stuff without 
>> loading extra software onto all of my machines.
>>
>> It's memory bloat and more software on the desktop means more 
>> security risks as well.
>>
>> Blech.
>>
>> Kurt
>>
>> On Thu, Feb 18, 2010 at 06:11, Tom Miller  wrote:
>> > I've been looking into getting a KBox as well.  I currently use 
>> > Microsoft Configuration Manager - a behemoth of a product - and am 
>> > looking at alternatives.  The KBox has a Dell Updates section which 
>> > might be of use,
>> as
>> > we are a Dell shop as well.
>> >
>> > The Microsoft product is okay, but very cumbersome and don't get me
>> started
>> > on getting the blasted client installed.. (KBox client installs 
>> > very easily).
>> >
>> >
>> >
>> > Tom Miller
>> > Engineer, Information Technology
>> > Hampton-Newport News Community Services Board
>> > 757-788-0528
>> >
>>  tony patton  2/18/2010 6:05 AM 
>>  >>>
>> > Discovered that bit of info couple of weeks ago, but couldn't post it.
>> >
>> > We're waiting on the Finance director to sign off on the purchase 
>> > of a KBOX 1100 for the past month.
>> >
>> > The Dell acquisition sort of throws a spanner in the works, as my 
>> > boss is adamant that we'll get a better price from Dell on it.
>> >
>> > Hopefully we'll be the owner of one very shortly.
>> >
>> > They've changed their licensing structure last month, the different 
>> > modules used to be licensed separately, now they are all included.
>> > It's worked out the same for us as we were looking for the Security 
>> > Scanning and Asset modules.
>> > If you were just getting the basic box, it'll now work out a bit 
>> > more expensive, but still a lot cheaper than most of the alternatives.
>> >
>> > The best thing about the purchase, is that they're now using Dell 
>> > servers, pretty important factor for us as we're 100% dell, apart from the 
>> > Netapps.
>> >
>> > Regards
>> >
>> > Tony Patton
>> > Desktop Operations Cavan
>> > Ext 8078
>> > Direct Dial 049 435 2878
>> > email: tony.pat...@quinn-insurance.com
>> >
>> >
>> >
>> > From:
>> > Kurt Buff 
>> > To:
>> > "NT System Admin Issues" 
>> > Date:
>> > 17/02/2010 22:20
>> > Subject:
>> > Dell Just Bought Kace
>> >
>> >
>> >
>> > Discussion warranted, I presume.
>> >
>> > Can you customise software installs? In particular, I'd like to 
>> > customise FF and Adobe Reader installs - turn of javascript in 
>> > Reader, and add in NTLM auth and a few other things that we do 
>> > manually here with FF.
>> >
>> > Kurt
>> >
>> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ 
>> > ~   ~
>> >
>> >
>> > ===
>> > =
>> > http://www.quinn-insurance.com
>> >
>> > This e-mail is intended only for the addressee named above. The 
>> > contents should not be copied nor disclosed to any other person. 
>> > Any views or opinions expressed are solely those of the sender and 
>> > do not necessarily represent those of QUINN-Insurance, unless 
>> > otherwise specifically stated . As internet communications are not 
>> > secure, QUINN-Insurance is not responsible for the contents of this 
>> > message nor responsible for any change made to this message after 
>> > it was sent by the original sender. Although virus scanning is used 
>> > on all inbound and outbound e-mail, we advise you to carry out your 
>> > own virus check before opening any attachment. We cannot accept 
>> > liability for any damage
>> sustained
>> > as a result of any software viruses.
>> >
>> > ===
>> > =
>> >
>> > QUINN-Life Direct

Re: Dell Just Bought Kace

2010-02-18 Thread Kurt Buff 
psexec is a bit simple, but it does do an awful lot.

Time to start gearing up for powershell, though. I think it can do all
that psexec does, and more. I'm going to find out...

Kurt

On Thu, Feb 18, 2010 at 09:48, Matthew W. Ross  wrote:
> I'm waiting for somebody with more programing experience than myself to make 
> a good frontend to SysInternals PSexec.exe (and their other tools.) Pushing 
> scripts/silent .MSI installs is completely doable with that software without 
> a client on the machine.
>
>
> --Matt Ross
> Ephrata School District
>
>
> - Original Message -
> From: Kurt Buff
> [mailto:kurt.b...@gmail.com]
> To: NT System Admin Issues
> [mailto:ntsysad...@lyris.sunbelt-software.com]
> Sent: Thu, 18 Feb 2010
> 09:11:10 -0800
> Subject: Re: Dell Just Bought Kace
>
>
>> I'm not a big fan of software client installs. I do wish these
>> companies would figure out how to do more of this stuff without
>> loading extra software onto all of my machines.
>>
>> It's memory bloat and more software on the desktop means more security
>> risks as well.
>>
>> Blech.
>>
>> Kurt
>>
>> On Thu, Feb 18, 2010 at 06:11, Tom Miller  wrote:
>> > I've been looking into getting a KBox as well.  I currently use Microsoft
>> > Configuration Manager - a behemoth of a product - and am looking at
>> > alternatives.  The KBox has a Dell Updates section which might be of use,
>> as
>> > we are a Dell shop as well.
>> >
>> > The Microsoft product is okay, but very cumbersome and don't get me
>> started
>> > on getting the blasted client installed.. (KBox client installs very
>> > easily).
>> >
>> >
>> >
>> > Tom Miller
>> > Engineer, Information Technology
>> > Hampton-Newport News Community Services Board
>> > 757-788-0528
>> >
>>  tony patton  2/18/2010 6:05 AM >>>
>> > Discovered that bit of info couple of weeks ago, but couldn't post it.
>> >
>> > We're waiting on the Finance director to sign off on the purchase of a
>> > KBOX 1100 for the past month.
>> >
>> > The Dell acquisition sort of throws a spanner in the works, as my boss is
>> > adamant that we'll get a better price from Dell on it.
>> >
>> > Hopefully we'll be the owner of one very shortly.
>> >
>> > They've changed their licensing structure last month, the different
>> > modules used to be licensed separately, now they are all included.
>> > It's worked out the same for us as we were looking for the Security
>> > Scanning and Asset modules.
>> > If you were just getting the basic box, it'll now work out a bit more
>> > expensive, but still a lot cheaper than most of the alternatives.
>> >
>> > The best thing about the purchase, is that they're now using Dell servers,
>> > pretty important factor for us as we're 100% dell, apart from the Netapps.
>> >
>> > Regards
>> >
>> > Tony Patton
>> > Desktop Operations Cavan
>> > Ext 8078
>> > Direct Dial 049 435 2878
>> > email: tony.pat...@quinn-insurance.com
>> >
>> >
>> >
>> > From:
>> > Kurt Buff 
>> > To:
>> > "NT System Admin Issues" 
>> > Date:
>> > 17/02/2010 22:20
>> > Subject:
>> > Dell Just Bought Kace
>> >
>> >
>> >
>> > Discussion warranted, I presume.
>> >
>> > Can you customise software installs? In particular, I'd like to
>> > customise FF and Adobe Reader installs - turn of javascript in Reader,
>> > and add in NTLM auth and a few other things that we do manually here
>> > with FF.
>> >
>> > Kurt
>> >
>> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> > ~   ~
>> >
>> >
>> > 
>> > http://www.quinn-insurance.com
>> >
>> > This e-mail is intended only for the addressee named above. The contents
>> > should not be copied nor disclosed to any other person. Any views or
>> > opinions expressed are solely those of the sender and
>> > do not necessarily represent those of QUINN-Insurance, unless otherwise
>> > specifically stated . As internet communications are not secure,
>> > QUINN-Insurance is not responsible for the contents of this message nor
>> > responsible for any change made to this message after it was sent by the
>> > original sender. Although virus scanning is used on all inbound and
>> > outbound e-mail, we advise you to carry out your own virus check before
>> > opening any attachment. We cannot accept liability for any damage
>> sustained
>> > as a result of any software viruses.
>> >
>> > 
>> >
>> > QUINN-Life Direct Limited is regulated by the Financial Regulator.
>> > QUINN-Insurance Limited is regulated by the Financial Regulator and
>> > regulated by the Financial Services Authority for the conduct of UK
>> > business.
>> >
>> > 
>> >
>> > QUINN-Life Direct Limited is registered in Ireland, registration number
>> > 292374 and is a private company limited by shares.
>> > QUINN-Insurance Limited i

Re: Dell Just Bought Kace

2010-02-18 Thread Matthew W. Ross 
I'm waiting for somebody with more programing experience than myself to make a 
good frontend to SysInternals PSexec.exe (and their other tools.) Pushing 
scripts/silent .MSI installs is completely doable with that software without a 
client on the machine.


--Matt Ross
Ephrata School District


- Original Message -
From: Kurt Buff
[mailto:kurt.b...@gmail.com]
To: NT System Admin Issues
[mailto:ntsysad...@lyris.sunbelt-software.com]
Sent: Thu, 18 Feb 2010
09:11:10 -0800
Subject: Re: Dell Just Bought Kace


> I'm not a big fan of software client installs. I do wish these
> companies would figure out how to do more of this stuff without
> loading extra software onto all of my machines.
> 
> It's memory bloat and more software on the desktop means more security
> risks as well.
> 
> Blech.
> 
> Kurt
> 
> On Thu, Feb 18, 2010 at 06:11, Tom Miller  wrote:
> > I've been looking into getting a KBox as well.  I currently use Microsoft
> > Configuration Manager - a behemoth of a product - and am looking at
> > alternatives.  The KBox has a Dell Updates section which might be of use,
> as
> > we are a Dell shop as well.
> >
> > The Microsoft product is okay, but very cumbersome and don't get me
> started
> > on getting the blasted client installed.. (KBox client installs very
> > easily).
> >
> >
> >
> > Tom Miller
> > Engineer, Information Technology
> > Hampton-Newport News Community Services Board
> > 757-788-0528
> >
>  tony patton  2/18/2010 6:05 AM >>>
> > Discovered that bit of info couple of weeks ago, but couldn't post it.
> >
> > We're waiting on the Finance director to sign off on the purchase of a
> > KBOX 1100 for the past month.
> >
> > The Dell acquisition sort of throws a spanner in the works, as my boss is
> > adamant that we'll get a better price from Dell on it.
> >
> > Hopefully we'll be the owner of one very shortly.
> >
> > They've changed their licensing structure last month, the different
> > modules used to be licensed separately, now they are all included.
> > It's worked out the same for us as we were looking for the Security
> > Scanning and Asset modules.
> > If you were just getting the basic box, it'll now work out a bit more
> > expensive, but still a lot cheaper than most of the alternatives.
> >
> > The best thing about the purchase, is that they're now using Dell servers,
> > pretty important factor for us as we're 100% dell, apart from the Netapps.
> >
> > Regards
> >
> > Tony Patton
> > Desktop Operations Cavan
> > Ext 8078
> > Direct Dial 049 435 2878
> > email: tony.pat...@quinn-insurance.com
> >
> >
> >
> > From:
> > Kurt Buff 
> > To:
> > "NT System Admin Issues" 
> > Date:
> > 17/02/2010 22:20
> > Subject:
> > Dell Just Bought Kace
> >
> >
> >
> > Discussion warranted, I presume.
> >
> > Can you customise software installs? In particular, I'd like to
> > customise FF and Adobe Reader installs - turn of javascript in Reader,
> > and add in NTLM auth and a few other things that we do manually here
> > with FF.
> >
> > Kurt
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> > ~   ~
> >
> >
> > 
> > http://www.quinn-insurance.com
> >
> > This e-mail is intended only for the addressee named above. The contents
> > should not be copied nor disclosed to any other person. Any views or
> > opinions expressed are solely those of the sender and
> > do not necessarily represent those of QUINN-Insurance, unless otherwise
> > specifically stated . As internet communications are not secure,
> > QUINN-Insurance is not responsible for the contents of this message nor
> > responsible for any change made to this message after it was sent by the
> > original sender. Although virus scanning is used on all inbound and
> > outbound e-mail, we advise you to carry out your own virus check before
> > opening any attachment. We cannot accept liability for any damage
> sustained
> > as a result of any software viruses.
> >
> > 
> >
> > QUINN-Life Direct Limited is regulated by the Financial Regulator.
> > QUINN-Insurance Limited is regulated by the Financial Regulator and
> > regulated by the Financial Services Authority for the conduct of UK
> > business.
> >
> > 
> >
> > QUINN-Life Direct Limited is registered in Ireland, registration number
> > 292374 and is a private company limited by shares.
> > QUINN-Insurance Limited is registered in Ireland, registration number
> > 240768 and is a private company limited by shares.
> > Both companies have their head office at Dublin Road, Cavan, Co. Cavan.
> >
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> > ~   ~
> >
> > Confidentiality Notice: This e-mail message, includ

RE: Microsoft training courses blocked

2010-02-18 Thread Maglinger, Paul 
Custom XML Court Ruling's Impact on Microsoft Learning Products
Following a recent court ruling, we have temporarily removed all virtual hard 
drive (VHD) images that contain Office 2003 and Office 2007 from impacted 
Microsoft Learning products. We apologize for the inconvenience. We are working 
quickly to make these images available as soon as possible. As soon as we have 
an exact timing of the solution, we will inform you through this Web site.
*   What is the background to this issue?
Microsoft is updating its Office 2003 and 2007 products to comply with a recent 
U.S. court order. In the United States and United States territories, we have 
temporarily blocked access to all Courseware virtual hard drive (VHD) images 
that contain Office 2003 and Office 2007 from the MCT Download Center for 
updating. We apologize for the inconvenience. We are working quickly to make 
these images available as soon as possible.
*   Which Microsoft Learning products and services are affected?
Please review the list of affected Microsoft Learning products (download XLSX, 
47 KB)
*   Are customers allowed to continue using non-remediated Microsoft 
Learning products that they've already downloaded?
Yes. If you downloaded or purchased the affected Microsoft Learning products 
(including products related to Microsoft Office Word as well as other 
Office-related products) earlier, you can continue to use them.
*   How long will it be before I can access these products again?
We are still analyzing the situation and working on the solution; therefore we 
don't know the exact timing of the resolution. We will provide ongoing updates 
through our regular channels as we gain more understanding of the scope of this 
issue.
*   Is this for U.S. and U.S. territories only?
Yes, except for e-learning and online lab products which have been removed and 
will impact customers worldwide. If you are outside the U.S. and U.S. 
territories, you can access all VHDs in the MCT Download Center by selecting 
English for "Learning Product Language" and click GO.

I was told this affects the Exchange 2010 course I was going to take, as well 
as Sharepoint, even going back early versions of SQL.  I'm waiting for more 
information.
-Paul

-Original Message-
From: Steven M. Caesare [mailto:scaes...@caesare.com] 
Sent: Thursday, February 18, 2010 11:13 AM
To: NT System Admin Issues
Subject: RE: Microsoft training courses blocked

Any info on what XML case it was?

-sc

> -Original Message-
> From: Maglinger, Paul [mailto:pmaglin...@scvl.com]
> Sent: Thursday, February 18, 2010 12:08 PM
> To: NT System Admin Issues
> Subject: Microsoft training courses blocked
> 
> I just got a phone call from our local training center that because Microsoft
> lost the XML case, all courses involving software with XML have been blocked
> until they can re-write the course.  No estimate on how long this is going to
> last.  If you're already in the middle of a course you can continue it.
> Otherwise we get to sit and wait...
> 
> Paul
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Microsoft training courses blocked

2010-02-18 Thread Steven M. Caesare 
Oooh, right.

That's going to hurt.

-sc

> -Original Message-
> From: David W. McSpadden [mailto:dav...@imcu.com]
> Sent: Thursday, February 18, 2010 12:32 PM
> To: NT System Admin Issues
> Subject: Re: Microsoft training courses blocked
> 
> The case where Microsoft can not sell Office because they are using
some
> xml code that another company has the patent too???
> 
> --
> From: "Steven M. Caesare" 
> Sent: Thursday, February 18, 2010 12:13 PM
> To: "NT System Admin Issues" 
> Subject: RE: Microsoft training courses blocked
> 
> > Any info on what XML case it was?
> >
> > -sc
> >
> >> -Original Message-
> >> From: Maglinger, Paul [mailto:pmaglin...@scvl.com]
> >> Sent: Thursday, February 18, 2010 12:08 PM
> >> To: NT System Admin Issues
> >> Subject: Microsoft training courses blocked
> >>
> >> I just got a phone call from our local training center that because
> >> Microsoft lost the XML case, all courses involving software with
XML
> >> have been blocked until they can re-write the course.  No estimate
on
> >> how long this is going to last.  If you're already in the middle of
a
> >> course you can continue it.
> >> Otherwise we get to sit and wait...
> >>
> >> Paul
> >>
> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~
> >>   ~
> >
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
> >   ~
> >
> >
> 
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Microsoft training courses blocked

2010-02-18 Thread David W. McSpadden 
The case where Microsoft can not sell Office because they are using some xml 
code that another company has the patent too???


--
From: "Steven M. Caesare" 
Sent: Thursday, February 18, 2010 12:13 PM
To: "NT System Admin Issues" 
Subject: RE: Microsoft training courses blocked


Any info on what XML case it was?

-sc


-Original Message-
From: Maglinger, Paul [mailto:pmaglin...@scvl.com]
Sent: Thursday, February 18, 2010 12:08 PM
To: NT System Admin Issues
Subject: Microsoft training courses blocked

I just got a phone call from our local training center that because 
Microsoft
lost the XML case, all courses involving software with XML have been 
blocked
until they can re-write the course.  No estimate on how long this is 
going to

last.  If you're already in the middle of a course you can continue it.
Otherwise we get to sit and wait...

Paul

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
  ~



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: MS Server licensing and vm servers

2010-02-18 Thread Stefan Jafs 
I you need to purchase 2 sockets, not just 1.

Stefan

On Thu, Feb 18, 2010 at 12:11 PM, Joseph Heaton  wrote:

> Also, don't try installing vms on a separate host.  The unlimited vms
> only applies to the single host, not spread across multiples...
>
> >>> Jason Morris  2/18/2010 9:10 AM >>>
>  An interesting thing to note for anybody running VMware ESX. If you
> purchase the Windows DataCenter Server license, you can use that for
> unlimited windows servers on a VMware host. It's not limited to Hyper-V
> only. Just make sure your VMware host meets the licensing for the Data
> Center server you purchased.
>
> Jason
>
> -Original Message-
> From: Eldridge, Dave [mailto:d...@parkviewmc.com]
> Sent: Thursday, February 18, 2010 11:07 AM
> To: NT System Admin Issues
> Subject: RE: MS Server licensing and vm servers
>
> +1
>
> -Original Message-
> From: Steven Peck [mailto:sep...@gmail.com]
> Sent: Thursday, February 18, 2010 9:57 AM
> To: NT System Admin Issues
> Subject: Re: MS Server licensing and vm servers
>
> We use the datacenter license for our VMware farm.
>
> On Thu, Feb 18, 2010 at 8:33 AM, Sean Rector 
> wrote:
> > Yep...we've found the DC licensing to have helped us
> tremendously...and with the
> > right hardware, it's a godsend!
> >
> >
> >
> > Sean Rector, MCSE
> >
> >
> >
> > From: Andrew S. Baker [mailto:asbz...@gmail.com]
> > Sent: Thursday, February 18, 2010 9:25 AM
> > To: NT System Admin Issues
> > Subject: Re: MS Server licensing and vm servers
> >
> >
> >
> > Windows Standard should give you 1 extra license. Enterprise gives 4
> as
> > you've noted, and DataCenter gives unlimited.
> >
> > It's a very good consideration if you're looking at Hyper-V
> >
> > -ASB: http://xeesm.com/AndrewBaker
> > Sent from my Verizon Smartphone
> >
> > 
> >
> > From: "Tom Miller" 
> >
> > Date: Thu, 18 Feb 2010 09:15:07 -0500
> >
> > To: NT System Admin Issues
> >
> > Subject: MS Server licensing and vm servers
> >
> >
> >
> > Hi All,
> >
> >
> >
> > I had a review yesterday with a MS licensing specialist which I found
> very
> > helpful.  One thing I learned that I didn't know was that for each
> Windows
> > 2008 Standard license I purchase, I have two additional Windows 2008
> > Standard licenses as VM servers, as long as those VM servers reside
> on the
> > same hardware that the original 2008 is installed onto.  And that's
> four
> > additional licenses for Enterprise Servers.
> >
> >
> >
> > So, how are you all using this?  I use XenServer and have a number
> of
> > virtual servers on a SAN, but can't use the "vm" licensing model
> here.  I
> > suppose it might help in a small office where I need more than one
> server
> > (DC, Exchange, file and print) but just one box would be fine?
> >
> >
> >
> > Just asking for options/suggestions.
> >
> >
> >
> > Regards,
> >
> >
> >
> >
> >
> >
> >
> > Tom Miller
> > Engineer, Information Technology
> > Hampton-Newport News Community Services Board
> > 757-788-0528
> >
> > Confidentiality Notice: This e-mail message, including attachments,
> is for
> > the sole use of the intended recipient(s) and may contain
> confidential and
> > privileged information. Any unauthorized review, use, disclosure, or
> > distribution is prohibited. If you are not the intended recipient,
> please
> > contact the sender by reply e-mail and destroy all copies of the
> original
> > message.
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > Information Technology Manager
> > Virginia Opera Association
> >
> > E-Mail: sean.rec...@vaopera.org
> > Phone:(757) 213-4548 (direct line)
> > {+}
> >
> > Virginia Opera's 35th Anniversary Season  The One You Love
> >
> > Celebrate with a 2009-2010 subscription:
> > La Bohème   |   The Daughter of the Regiment   |   Don Giovanni   |
> Porgy
> > and BessSM
> >
> > Visit us online at www.VaOpera.org  or call
> 1-866-OPERA-VA
> >
> > The vision of Virginia Opera is to enrich lives through the powerful
> > integration of music, voice and human drama.
> >
> > 
> >
> > This e-mail and any attached files are confidential and intended
> solely for
> > the intended recipient(s). Unless otherwise specified, persons
> unnamed as
> > recipients may not read, distribute, copy or alter this e-mail. Any
> views or
> > opinions expressed in this e-mail belong to the author and may not
> > necessarily represent those of Virginia Opera. Although precautions
> have
> > been taken to ensure no viruses are present, Virginia Opera cannot
> accept
> > responsibility for any loss or damage that may arise from the use of
> this
> > e-mail or attachments.
> >
> > {*}
> >
> >
> >
> >
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>
>
> This message contains confidential information and is intended only for
> the intended recipient(s). If you are not the named recipient you

Re: MS Server licensing and vm servers

2010-02-18 Thread Jon Harris 
Amen to that.  I had one large server running 6 VM's with the office
purchasing 2 licenses for standard server.  The large server was running
2008 AS or ES what ever they called it.  I would think if the data was
housed on a SAN or NAS that would work under the licensing.  Go directly to
Micorsoft and get them to answer your question.  I would do that 3 times
just to make sure and get alll of their responses in writing.

Jon

On Thu, Feb 18, 2010 at 9:25 AM, Andrew S. Baker  wrote:

> Windows Standard should give you 1 extra license. Enterprise gives 4 as
> you've noted, and DataCenter gives unlimited.
>
> It's a very good consideration if you're looking at Hyper-V
>
>
> -ASB: http://xeesm.com/AndrewBaker
> Sent from my Verizon Smartphone
> --
> *From: *"Tom Miller" 
> *Date: *Thu, 18 Feb 2010 09:15:07 -0500
> *To: *NT System Admin Issues
> *Subject: *MS Server licensing and vm servers
>
> Hi All,
>
> I had a review yesterday with a MS licensing specialist which I found very
> helpful.  One thing I learned that I didn't know was that for each Windows
> 2008 Standard license I purchase, I have two additional Windows 2008
> Standard licenses as VM servers, as long as those VM servers reside on the
> same hardware that the original 2008 is installed onto.  And that's four
> additional licenses for Enterprise Servers.
>
> So, how are you all using this?  I use XenServer and have a number of
> virtual servers on a SAN, but can't use the "vm" licensing model here.  I
> suppose it might help in a small office where I need more than one server
> (DC, Exchange, file and print) but just one box would be fine?
>
> Just asking for options/suggestions.
>
> Regards,
>
>
>
> Tom Miller
> Engineer, Information Technology
> Hampton-Newport News Community Services Board
> 757-788-0528
>
> Confidentiality Notice: This e-mail message, including attachments, is for
> the sole use of the intended recipient(s) and may contain confidential and
> privileged information. Any unauthorized review, use, disclosure, or
> distribution is prohibited. If you are not the intended recipient, please
> contact the sender by reply e-mail and destroy all copies of the original
> message.
>
>
>
>
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Microsoft training courses blocked

2010-02-18 Thread Steven M. Caesare 
Any info on what XML case it was?

-sc

> -Original Message-
> From: Maglinger, Paul [mailto:pmaglin...@scvl.com]
> Sent: Thursday, February 18, 2010 12:08 PM
> To: NT System Admin Issues
> Subject: Microsoft training courses blocked
> 
> I just got a phone call from our local training center that because Microsoft
> lost the XML case, all courses involving software with XML have been blocked
> until they can re-write the course.  No estimate on how long this is going to
> last.  If you're already in the middle of a course you can continue it.
> Otherwise we get to sit and wait...
> 
> Paul
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: MS Server licensing and vm servers

2010-02-18 Thread Joseph Heaton 
Also, don't try installing vms on a separate host.  The unlimited vms
only applies to the single host, not spread across multiples...

>>> Jason Morris  2/18/2010 9:10 AM >>>
An interesting thing to note for anybody running VMware ESX. If you
purchase the Windows DataCenter Server license, you can use that for
unlimited windows servers on a VMware host. It's not limited to Hyper-V
only. Just make sure your VMware host meets the licensing for the Data
Center server you purchased.

Jason

-Original Message-
From: Eldridge, Dave [mailto:d...@parkviewmc.com] 
Sent: Thursday, February 18, 2010 11:07 AM
To: NT System Admin Issues
Subject: RE: MS Server licensing and vm servers

+1

-Original Message-
From: Steven Peck [mailto:sep...@gmail.com] 
Sent: Thursday, February 18, 2010 9:57 AM
To: NT System Admin Issues
Subject: Re: MS Server licensing and vm servers

We use the datacenter license for our VMware farm.

On Thu, Feb 18, 2010 at 8:33 AM, Sean Rector 
wrote:
> Yep...we've found the DC licensing to have helped us
tremendously...and with the
> right hardware, it's a godsend!
>
>
>
> Sean Rector, MCSE
>
>
>
> From: Andrew S. Baker [mailto:asbz...@gmail.com] 
> Sent: Thursday, February 18, 2010 9:25 AM
> To: NT System Admin Issues
> Subject: Re: MS Server licensing and vm servers
>
>
>
> Windows Standard should give you 1 extra license. Enterprise gives 4
as
> you've noted, and DataCenter gives unlimited.
>
> It's a very good consideration if you're looking at Hyper-V
>
> -ASB: http://xeesm.com/AndrewBaker 
> Sent from my Verizon Smartphone
>
> 
>
> From: "Tom Miller" 
>
> Date: Thu, 18 Feb 2010 09:15:07 -0500
>
> To: NT System Admin Issues
>
> Subject: MS Server licensing and vm servers
>
>
>
> Hi All,
>
>
>
> I had a review yesterday with a MS licensing specialist which I found
very
> helpful.  One thing I learned that I didn't know was that for each
Windows
> 2008 Standard license I purchase, I have two additional Windows 2008
> Standard licenses as VM servers, as long as those VM servers reside
on the
> same hardware that the original 2008 is installed onto.  And that's
four
> additional licenses for Enterprise Servers.
>
>
>
> So, how are you all using this?  I use XenServer and have a number
of
> virtual servers on a SAN, but can't use the "vm" licensing model
here.  I
> suppose it might help in a small office where I need more than one
server
> (DC, Exchange, file and print) but just one box would be fine?
>
>
>
> Just asking for options/suggestions.
>
>
>
> Regards,
>
>
>
>
>
>
>
> Tom Miller
> Engineer, Information Technology
> Hampton-Newport News Community Services Board
> 757-788-0528
>
> Confidentiality Notice: This e-mail message, including attachments,
is for
> the sole use of the intended recipient(s) and may contain
confidential and
> privileged information. Any unauthorized review, use, disclosure, or
> distribution is prohibited. If you are not the intended recipient,
please
> contact the sender by reply e-mail and destroy all copies of the
original
> message.
>
>
>
>
>
>
>
>
>
> Information Technology Manager
> Virginia Opera Association
>
> E-Mail: sean.rec...@vaopera.org 
> Phone:(757) 213-4548 (direct line)
> {+}
>
> Virginia Opera's 35th Anniversary Season  The One You Love
>
> Celebrate with a 2009-2010 subscription:
> La Bohème   |   The Daughter of the Regiment   |   Don Giovanni   |  
Porgy
> and BessSM
>
> Visit us online at www.VaOpera.org or call 1-866-OPERA-VA
>
> The vision of Virginia Opera is to enrich lives through the powerful
> integration of music, voice and human drama.
>
> 
>
> This e-mail and any attached files are confidential and intended
solely for
> the intended recipient(s). Unless otherwise specified, persons
unnamed as
> recipients may not read, distribute, copy or alter this e-mail. Any
views or
> opinions expressed in this e-mail belong to the author and may not
> necessarily represent those of Virginia Opera. Although precautions
have
> been taken to ensure no viruses are present, Virginia Opera cannot
accept
> responsibility for any loss or damage that may arise from the use of
this
> e-mail or attachments.
>
> {*}
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~



This message contains confidential information and is intended only for
the intended recipient(s). If you are not the named recipient you should
not read, distribute or copy this e-mail. Please notify the sender
immediately via e-mail if you have received this e-mail by mistake;
then, delete this e-mail from your system.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

--
The pages accompanying this email transmission contain information from

Re: Dell Just Bought Kace

2010-02-18 Thread Kurt Buff 
I'm not a big fan of software client installs. I do wish these
companies would figure out how to do more of this stuff without
loading extra software onto all of my machines.

It's memory bloat and more software on the desktop means more security
risks as well.

Blech.

Kurt

On Thu, Feb 18, 2010 at 06:11, Tom Miller  wrote:
> I've been looking into getting a KBox as well.  I currently use Microsoft
> Configuration Manager - a behemoth of a product - and am looking at
> alternatives.  The KBox has a Dell Updates section which might be of use, as
> we are a Dell shop as well.
>
> The Microsoft product is okay, but very cumbersome and don't get me started
> on getting the blasted client installed.. (KBox client installs very
> easily).
>
>
>
> Tom Miller
> Engineer, Information Technology
> Hampton-Newport News Community Services Board
> 757-788-0528
>
 tony patton  2/18/2010 6:05 AM >>>
> Discovered that bit of info couple of weeks ago, but couldn't post it.
>
> We're waiting on the Finance director to sign off on the purchase of a
> KBOX 1100 for the past month.
>
> The Dell acquisition sort of throws a spanner in the works, as my boss is
> adamant that we'll get a better price from Dell on it.
>
> Hopefully we'll be the owner of one very shortly.
>
> They've changed their licensing structure last month, the different
> modules used to be licensed separately, now they are all included.
> It's worked out the same for us as we were looking for the Security
> Scanning and Asset modules.
> If you were just getting the basic box, it'll now work out a bit more
> expensive, but still a lot cheaper than most of the alternatives.
>
> The best thing about the purchase, is that they're now using Dell servers,
> pretty important factor for us as we're 100% dell, apart from the Netapps.
>
> Regards
>
> Tony Patton
> Desktop Operations Cavan
> Ext 8078
> Direct Dial 049 435 2878
> email: tony.pat...@quinn-insurance.com
>
>
>
> From:
> Kurt Buff 
> To:
> "NT System Admin Issues" 
> Date:
> 17/02/2010 22:20
> Subject:
> Dell Just Bought Kace
>
>
>
> Discussion warranted, I presume.
>
> Can you customise software installs? In particular, I'd like to
> customise FF and Adobe Reader installs - turn of javascript in Reader,
> and add in NTLM auth and a few other things that we do manually here
> with FF.
>
> Kurt
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>
> 
> http://www.quinn-insurance.com
>
> This e-mail is intended only for the addressee named above. The contents
> should not be copied nor disclosed to any other person. Any views or
> opinions expressed are solely those of the sender and
> do not necessarily represent those of QUINN-Insurance, unless otherwise
> specifically stated . As internet communications are not secure,
> QUINN-Insurance is not responsible for the contents of this message nor
> responsible for any change made to this message after it was sent by the
> original sender. Although virus scanning is used on all inbound and
> outbound e-mail, we advise you to carry out your own virus check before
> opening any attachment. We cannot accept liability for any damage sustained
> as a result of any software viruses.
>
> 
>
> QUINN-Life Direct Limited is regulated by the Financial Regulator.
> QUINN-Insurance Limited is regulated by the Financial Regulator and
> regulated by the Financial Services Authority for the conduct of UK
> business.
>
> 
>
> QUINN-Life Direct Limited is registered in Ireland, registration number
> 292374 and is a private company limited by shares.
> QUINN-Insurance Limited is registered in Ireland, registration number
> 240768 and is a private company limited by shares.
> Both companies have their head office at Dublin Road, Cavan, Co. Cavan.
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> Confidentiality Notice: This e-mail message, including attachments, is for
> the sole use of the intended recipient(s) and may contain confidential and
> privileged information. Any unauthorized review, use, disclosure, or
> distribution is prohibited. If you are not the intended recipient, please
> contact the sender by reply e-mail and destroy all copies of the original
> message.
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Gpupdate /force not forcing update

2010-02-18 Thread John Hornbuckle 
Ah, okay. That makes sense.

My goal was to change the group policy that was applied to the computer, and 
the policy is based on group membership. But I guess group policy and group 
membership aren't the same thing, and gpupdate would have no way of knowing 
that membership changed. It would just refresh policies based on what it 
THOUGHT group membership was, which apparently wouldn't chain until a reboot.



John



From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org]
Sent: Thursday, February 18, 2010 10:25 AM
To: NT System Admin Issues
Subject: RE: Gpupdate /force not forcing update

Correct. This isn't a group policy change, it was a membership change to a 
group. That requires a relog, in the case of a machine a restart.


From: James Rankin [mailto:kz2...@googlemail.com]
Sent: Thursday, February 18, 2010 10:20 AM
To: NT System Admin Issues
Subject: Re: Gpupdate /force not forcing update

Don't access tokens for group memberships only get updated when you log out 
(user) or restart (machine)? I may be completely wrong...I last paid attention 
to this sort of thing back in the Win2K days.
On 18 February 2010 14:47, John Hornbuckle 
mailto:john.hornbuc...@taylor.k12.fl.us>> 
wrote:
I just had a bit of weirdness with a machine not updating its group policy the 
way I expected.

Yesterday I removed a machine (Vista) from a group using ADUC. Today when I ran 
gpresult on the machine, it still showed that it was a member of the group. The 
time stamp of the last policy update was recent, and I checked the DC the 
machine had gotten the update from and confirmed that that DC knew the machine 
was no longer a member of the group. Yet the machine still thought it was.

So I ran gpupdate /force, then another gpresult after that. Same thing-the 
machine still showed as being a member of the group I had removed it from 
nearly 24 hours earlier.

Lastly, I rebooted the machine. Logged back in, ran gpresult, and all was fine. 
The machine was no longer a member of the group.

My question is, why didn't gpupdate /force accomplish this? If a reboot was 
necessary for the change to apply, normally gpupdate will tell me that. It 
didn't, though.

Is this a bug, or by design?



John Hornbuckle
MIS Department
Taylor County School District
www.taylor.k12.fl.us







NOTICE: Florida has a broad public records law. Most written communications to 
or from this entity are public records that will be disclosed to the public and 
the media upon request. E-mail communications may be subject to public 
disclosure.



--
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the 
machine wrong figures, will the right answers come out?' I am not able rightly 
to apprehend the kind of confusion of ideas that could provoke such a question."











NOTICE: Florida has a broad public records law. Most written communications to 
or from this entity are public records that will be disclosed to the public and 
the media upon request. E-mail communications may be subject to public 
disclosure.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: MS Server licensing and vm servers

2010-02-18 Thread Jason Morris 
An interesting thing to note for anybody running VMware ESX. If you purchase 
the Windows DataCenter Server license, you can use that for unlimited windows 
servers on a VMware host. It's not limited to Hyper-V only. Just make sure your 
VMware host meets the licensing for the Data Center server you purchased.

Jason

-Original Message-
From: Eldridge, Dave [mailto:d...@parkviewmc.com] 
Sent: Thursday, February 18, 2010 11:07 AM
To: NT System Admin Issues
Subject: RE: MS Server licensing and vm servers

+1

-Original Message-
From: Steven Peck [mailto:sep...@gmail.com] 
Sent: Thursday, February 18, 2010 9:57 AM
To: NT System Admin Issues
Subject: Re: MS Server licensing and vm servers

We use the datacenter license for our VMware farm.

On Thu, Feb 18, 2010 at 8:33 AM, Sean Rector  wrote:
> Yep...we've found the DC licensing to have helped us tremendously...and with 
> the
> right hardware, it's a godsend!
>
>
>
> Sean Rector, MCSE
>
>
>
> From: Andrew S. Baker [mailto:asbz...@gmail.com]
> Sent: Thursday, February 18, 2010 9:25 AM
> To: NT System Admin Issues
> Subject: Re: MS Server licensing and vm servers
>
>
>
> Windows Standard should give you 1 extra license. Enterprise gives 4 as
> you've noted, and DataCenter gives unlimited.
>
> It's a very good consideration if you're looking at Hyper-V
>
> -ASB: http://xeesm.com/AndrewBaker
> Sent from my Verizon Smartphone
>
> 
>
> From: "Tom Miller" 
>
> Date: Thu, 18 Feb 2010 09:15:07 -0500
>
> To: NT System Admin Issues
>
> Subject: MS Server licensing and vm servers
>
>
>
> Hi All,
>
>
>
> I had a review yesterday with a MS licensing specialist which I found very
> helpful.  One thing I learned that I didn't know was that for each Windows
> 2008 Standard license I purchase, I have two additional Windows 2008
> Standard licenses as VM servers, as long as those VM servers reside on the
> same hardware that the original 2008 is installed onto.  And that's four
> additional licenses for Enterprise Servers.
>
>
>
> So, how are you all using this?  I use XenServer and have a number of
> virtual servers on a SAN, but can't use the "vm" licensing model here.  I
> suppose it might help in a small office where I need more than one server
> (DC, Exchange, file and print) but just one box would be fine?
>
>
>
> Just asking for options/suggestions.
>
>
>
> Regards,
>
>
>
>
>
>
>
> Tom Miller
> Engineer, Information Technology
> Hampton-Newport News Community Services Board
> 757-788-0528
>
> Confidentiality Notice: This e-mail message, including attachments, is for
> the sole use of the intended recipient(s) and may contain confidential and
> privileged information. Any unauthorized review, use, disclosure, or
> distribution is prohibited. If you are not the intended recipient, please
> contact the sender by reply e-mail and destroy all copies of the original
> message.
>
>
>
>
>
>
>
>
>
> Information Technology Manager
> Virginia Opera Association
>
> E-Mail: sean.rec...@vaopera.org
> Phone:    (757) 213-4548 (direct line)
> {+}
>
> Virginia Opera's 35th Anniversary Season  The One You Love
>
> Celebrate with a 2009-2010 subscription:
> La Bohème   |   The Daughter of the Regiment   |   Don Giovanni   |   Porgy
> and BessSM
>
> Visit us online at www.VaOpera.org or call 1-866-OPERA-VA
>
> The vision of Virginia Opera is to enrich lives through the powerful
> integration of music, voice and human drama.
>
> 
>
> This e-mail and any attached files are confidential and intended solely for
> the intended recipient(s). Unless otherwise specified, persons unnamed as
> recipients may not read, distribute, copy or alter this e-mail. Any views or
> opinions expressed in this e-mail belong to the author and may not
> necessarily represent those of Virginia Opera. Although precautions have
> been taken to ensure no viruses are present, Virginia Opera cannot accept
> responsibility for any loss or damage that may arise from the use of this
> e-mail or attachments.
>
> {*}
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~



This message contains confidential information and is intended only for the 
intended recipient(s). If you are not the named recipient you should not read, 
distribute or copy this e-mail. Please notify the sender immediately via e-mail 
if you have received this e-mail by mistake; then, delete this e-mail from your 
system.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

--
The pages accompanying this email transmission contain information from MJMC, 
Inc., which
is confidential and/or privileged. The information is to be for the use of the 
individual
or entity named on this cover sheet. If you are not the in

Microsoft training courses blocked

2010-02-18 Thread Maglinger, Paul 
I just got a phone call from our local training center that because Microsoft 
lost the XML case, all courses involving software with XML have been blocked 
until they can re-write the course.  No estimate on how long this is going to 
last.  If you're already in the middle of a course you can continue it. 
Otherwise we get to sit and wait...

Paul 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: MS Server licensing and vm servers

2010-02-18 Thread Eldridge, Dave 
+1

-Original Message-
From: Steven Peck [mailto:sep...@gmail.com] 
Sent: Thursday, February 18, 2010 9:57 AM
To: NT System Admin Issues
Subject: Re: MS Server licensing and vm servers

We use the datacenter license for our VMware farm.

On Thu, Feb 18, 2010 at 8:33 AM, Sean Rector  wrote:
> Yep...we've found the DC licensing to have helped us tremendously...and with 
> the
> right hardware, it's a godsend!
>
>
>
> Sean Rector, MCSE
>
>
>
> From: Andrew S. Baker [mailto:asbz...@gmail.com]
> Sent: Thursday, February 18, 2010 9:25 AM
> To: NT System Admin Issues
> Subject: Re: MS Server licensing and vm servers
>
>
>
> Windows Standard should give you 1 extra license. Enterprise gives 4 as
> you've noted, and DataCenter gives unlimited.
>
> It's a very good consideration if you're looking at Hyper-V
>
> -ASB: http://xeesm.com/AndrewBaker
> Sent from my Verizon Smartphone
>
> 
>
> From: "Tom Miller" 
>
> Date: Thu, 18 Feb 2010 09:15:07 -0500
>
> To: NT System Admin Issues
>
> Subject: MS Server licensing and vm servers
>
>
>
> Hi All,
>
>
>
> I had a review yesterday with a MS licensing specialist which I found very
> helpful.  One thing I learned that I didn't know was that for each Windows
> 2008 Standard license I purchase, I have two additional Windows 2008
> Standard licenses as VM servers, as long as those VM servers reside on the
> same hardware that the original 2008 is installed onto.  And that's four
> additional licenses for Enterprise Servers.
>
>
>
> So, how are you all using this?  I use XenServer and have a number of
> virtual servers on a SAN, but can't use the "vm" licensing model here.  I
> suppose it might help in a small office where I need more than one server
> (DC, Exchange, file and print) but just one box would be fine?
>
>
>
> Just asking for options/suggestions.
>
>
>
> Regards,
>
>
>
>
>
>
>
> Tom Miller
> Engineer, Information Technology
> Hampton-Newport News Community Services Board
> 757-788-0528
>
> Confidentiality Notice: This e-mail message, including attachments, is for
> the sole use of the intended recipient(s) and may contain confidential and
> privileged information. Any unauthorized review, use, disclosure, or
> distribution is prohibited. If you are not the intended recipient, please
> contact the sender by reply e-mail and destroy all copies of the original
> message.
>
>
>
>
>
>
>
>
>
> Information Technology Manager
> Virginia Opera Association
>
> E-Mail: sean.rec...@vaopera.org
> Phone:    (757) 213-4548 (direct line)
> {+}
>
> Virginia Opera's 35th Anniversary Season  The One You Love
>
> Celebrate with a 2009-2010 subscription:
> La Bohème   |   The Daughter of the Regiment   |   Don Giovanni   |   Porgy
> and BessSM
>
> Visit us online at www.VaOpera.org or call 1-866-OPERA-VA
>
> The vision of Virginia Opera is to enrich lives through the powerful
> integration of music, voice and human drama.
>
> 
>
> This e-mail and any attached files are confidential and intended solely for
> the intended recipient(s). Unless otherwise specified, persons unnamed as
> recipients may not read, distribute, copy or alter this e-mail. Any views or
> opinions expressed in this e-mail belong to the author and may not
> necessarily represent those of Virginia Opera. Although precautions have
> been taken to ensure no viruses are present, Virginia Opera cannot accept
> responsibility for any loss or damage that may arise from the use of this
> e-mail or attachments.
>
> {*}
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~



This message contains confidential information and is intended only for the 
intended recipient(s). If you are not the named recipient you should not read, 
distribute or copy this e-mail. Please notify the sender immediately via e-mail 
if you have received this e-mail by mistake; then, delete this e-mail from your 
system.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Adobe Download Manager heads-up & warning

2010-02-18 Thread Jon Harris 
Thanks for that information I have been installing it guess I need to do
some uninstalls now.

Jon

On Thu, Feb 18, 2010 at 8:45 AM, Angus Scott-Fleming wrote:

> I have been uninstalling this whenever I see it, so it's good to see that
> my
> suspicious nature has paid off.
>
> --- Included Stuff Follows ---
> SecurityUpdates for Adobe Reader, Acrobat - Krebs on Security Update
>
>If you decide to do without Adobe Reader and uninstall it, you might
>want to nix the Adobe Download Manager as well. Researcher Aviv Raff
> points to
>some nifty work he´s done which shows that Adobe´s Download Manager -
> which
>ships with all new versions of Flash and Reader - can be forced to
> reinstall
>an application that´s been removed, such as Reader. According to Raff, a
> Web
>site could hijack the Adobe Download manager to download and install any
> of
>the following:
>
>* Adobe Flash 10
>* Adobe Reader 9.3
>* Adobe Reader 8.2
>* Adobe Air 1.5.3
>* ARH tool - allows silent installation of Adobe Air applications
>* Google Toolbar 6.3
>* McAfee Security Scan Plus
>* New York Times Reader (via Adobe Air)
>* Fanbase (via Adobe Air)
>* Acrobat.com desktop shortcut
>
>Raff writes: "So, even if you use an alternative PDF reader, an attacker
>can force you to download and install Adobe Reader, and then exploit the
> (yet
>to be patched, but now known) vulnerability. The attacker can also
> exploit 0-
>day vulnerabilities in any of the other products mentioned above." Read
> more
>on his findings at this link here.
>
> - Included Stuff Ends -
> More here with links:
>
> http://www.krebsonsecurity.com/2010/02/security-updates-for-adobe-reader-acrobat/
>
> See also:
>Aviv Raff On .NET - May the force be with you
>http://aviv.raffon.net/2010/02/15/MayTheForceBeWithYou.aspx
>
> ASF Note: According to Aviv Raffon, Firefox users should disable or
> uninstall
> the Adobe Download Manager extension in addition to uninstalling the Adobe
> Download Manager program.
>
> Of course, if you're constitutionally paranoid like me ;-) you won't have
> either installed [grin].
>
> Angus
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: MS Server licensing and vm servers

2010-02-18 Thread Steven Peck 
We use the datacenter license for our VMware farm.

On Thu, Feb 18, 2010 at 8:33 AM, Sean Rector  wrote:
> Yep…we’ve found the DC licensing to have helped us tremendously…and with the
> right hardware, it’s a godsend!
>
>
>
> Sean Rector, MCSE
>
>
>
> From: Andrew S. Baker [mailto:asbz...@gmail.com]
> Sent: Thursday, February 18, 2010 9:25 AM
> To: NT System Admin Issues
> Subject: Re: MS Server licensing and vm servers
>
>
>
> Windows Standard should give you 1 extra license. Enterprise gives 4 as
> you've noted, and DataCenter gives unlimited.
>
> It's a very good consideration if you're looking at Hyper-V
>
> -ASB: http://xeesm.com/AndrewBaker
> Sent from my Verizon Smartphone
>
> 
>
> From: "Tom Miller" 
>
> Date: Thu, 18 Feb 2010 09:15:07 -0500
>
> To: NT System Admin Issues
>
> Subject: MS Server licensing and vm servers
>
>
>
> Hi All,
>
>
>
> I had a review yesterday with a MS licensing specialist which I found very
> helpful.  One thing I learned that I didn't know was that for each Windows
> 2008 Standard license I purchase, I have two additional Windows 2008
> Standard licenses as VM servers, as long as those VM servers reside on the
> same hardware that the original 2008 is installed onto.  And that's four
> additional licenses for Enterprise Servers.
>
>
>
> So, how are you all using this?  I use XenServer and have a number of
> virtual servers on a SAN, but can't use the "vm" licensing model here.  I
> suppose it might help in a small office where I need more than one server
> (DC, Exchange, file and print) but just one box would be fine?
>
>
>
> Just asking for options/suggestions.
>
>
>
> Regards,
>
>
>
>
>
>
>
> Tom Miller
> Engineer, Information Technology
> Hampton-Newport News Community Services Board
> 757-788-0528
>
> Confidentiality Notice: This e-mail message, including attachments, is for
> the sole use of the intended recipient(s) and may contain confidential and
> privileged information. Any unauthorized review, use, disclosure, or
> distribution is prohibited. If you are not the intended recipient, please
> contact the sender by reply e-mail and destroy all copies of the original
> message.
>
>
>
>
>
>
>
>
>
> Information Technology Manager
> Virginia Opera Association
>
> E-Mail: sean.rec...@vaopera.org
> Phone:    (757) 213-4548 (direct line)
> {+}
>
> Virginia Opera's 35th Anniversary Season  The One You Love
>
> Celebrate with a 2009-2010 subscription:
> La Bohème   |   The Daughter of the Regiment   |   Don Giovanni   |   Porgy
> and BessSM
>
> Visit us online at www.VaOpera.org or call 1-866-OPERA-VA
>
> The vision of Virginia Opera is to enrich lives through the powerful
> integration of music, voice and human drama.
>
> 
>
> This e-mail and any attached files are confidential and intended solely for
> the intended recipient(s). Unless otherwise specified, persons unnamed as
> recipients may not read, distribute, copy or alter this e-mail. Any views or
> opinions expressed in this e-mail belong to the author and may not
> necessarily represent those of Virginia Opera. Although precautions have
> been taken to ensure no viruses are present, Virginia Opera cannot accept
> responsibility for any loss or damage that may arise from the use of this
> e-mail or attachments.
>
> {*}
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: iPhones With Exchange 2003

2010-02-18 Thread Sam Cayze 
Hi,
This topic has come up and been address many times recently.  Check the
archives of the Ntlist and the Exchange List:
http://lyris.sunbelt-software.com/read/?forum=ntsysadmin

Sam

 

-Original Message-
From: Robert Jackson [mailto:r...@walkermartyn.co.uk] 
Sent: Thursday, February 18, 2010 10:47 AM
To: NT System Admin Issues
Subject: iPhones With Exchange 2003

Is it possible to have an iPhone connecting to an Exchange 2003 server?
If
so do I need any additional software to be loaded onto our Exchange
server?

Also how secure are the comms between the iPhone and the Exchange Server
and will it work in much the same way as a Blackberry (where mail read
on the Blackberry, is marked as read within Outlook and visa versa)?


Regards,
Rab.
===
Robert Jackson  Phone: +44 (0) 141 332
7999
Software Engineer Fax:  +44 (0) 141 331
2820
Walker Martyn Ltd
1 Park Circus PlaceEmail:
r...@walkermartyn.co.uk
Glasgow G3 6AH, Scotland   Web:
http://www.walkermartyn.co.uk
===



The information in this internet E-mail is confidential and is intended
solely for the addressee. Access, copying or re-use of information in it
by anyone else is unauthorised. Any views or opinions presented are
solely those of the author and do not necessarily represent those of
Walker Martyn Ltd or any of its affiliates. If you are not the intended
recipient please contact  administra...@walkermartyn.co.uk

Walker Martyn Ltd, company number SC197533. Company is registered in
Scotland and has its registered office at 1 Park Circus Place, Glasgow
G3 6AH, UK.





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: iPhones With Exchange 2003

2010-02-18 Thread Damien Solodow 
Yes, no, not at all, yes.
--
Sent using BlackBerry


- Original Message -
From: Robert Jackson 
To: NT System Admin Issues 
Sent: Thu Feb 18 11:47:29 2010
Subject: iPhones With Exchange 2003

Is it possible to have an iPhone connecting to an Exchange 2003 server?
If
so do I need any additional software to be loaded onto our Exchange
server?

Also how secure are the comms between the iPhone and the Exchange Server
and will it work in much the same way as a Blackberry (where mail read
on
the Blackberry, is marked as read within Outlook and visa versa)?


Regards,
Rab.
===
Robert Jackson  Phone: +44 (0) 141 332
7999
Software Engineer Fax:  +44 (0) 141 331
2820
Walker Martyn Ltd
1 Park Circus PlaceEmail:
r...@walkermartyn.co.uk
Glasgow G3 6AH, Scotland   Web:
http://www.walkermartyn.co.uk
===



The information in this internet E-mail is confidential and is intended
solely for the addressee. Access, copying or re-use of information in it
by anyone else is unauthorised. Any views or opinions presented are
solely those of the author and do not necessarily represent those of
Walker Martyn Ltd or any of its affiliates. If you are not the
intended recipient please contact  administra...@walkermartyn.co.uk

Walker Martyn Ltd, company number SC197533. Company is 
registered in Scotland and has its registered office at 1 Park
Circus Place, Glasgow G3 6AH, UK.





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

iPhones With Exchange 2003

2010-02-18 Thread Robert Jackson 
Is it possible to have an iPhone connecting to an Exchange 2003 server?
If
so do I need any additional software to be loaded onto our Exchange
server?

Also how secure are the comms between the iPhone and the Exchange Server
and will it work in much the same way as a Blackberry (where mail read
on
the Blackberry, is marked as read within Outlook and visa versa)?


Regards,
Rab.
===
Robert Jackson  Phone: +44 (0) 141 332
7999
Software Engineer Fax:  +44 (0) 141 331
2820
Walker Martyn Ltd
1 Park Circus PlaceEmail:
r...@walkermartyn.co.uk
Glasgow G3 6AH, Scotland   Web:
http://www.walkermartyn.co.uk
===



The information in this internet E-mail is confidential and is intended
solely for the addressee. Access, copying or re-use of information in it
by anyone else is unauthorised. Any views or opinions presented are
solely those of the author and do not necessarily represent those of
Walker Martyn Ltd or any of its affiliates. If you are not the
intended recipient please contact  administra...@walkermartyn.co.uk

Walker Martyn Ltd, company number SC197533. Company is 
registered in Scotland and has its registered office at 1 Park
Circus Place, Glasgow G3 6AH, UK.





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

R: CISCO VPN Client

2010-02-18 Thread HELP_PC 
Did you try NCP Secure Entry Client ?
 
GuidoElia
HELPPC
 

  _  

Da: Rohyans, Aaron [mailto:arohy...@dpsciences.com] 
Inviato: giovedì 18 febbraio 2010 17.33
A: NT System Admin Issues
Oggetto: RE: CISCO VPN Client



If you guys are using the newest AnyConnect version (v2.4.0202), there is an 
issue with DNS resolution that has yet to be fixed.  You'll definitely see 
issues with Exchange 2007... the solution is to downgrade one step until the 
bug is fixed.

 

Just FYI...

 

Thanks!

 

Aaron T. Rohyans
Senior Network Engineer

CCIE #21945, CCSP, CCNA, CQS-Firewall, CQS-IPS, CQS-VPN, ISSP, CISP, JNCIA-ER

DPSciences Corporation
7400 N. Shadeland Ave., Suite 245

Indianapolis, IN 46250
Office:  (317) 348-0099
Fax:   (317) 849-7134
arohy...@dpsciences.com
http://www.dpsciences.com/

"I want an Anti-Virus system that sends Arnold back in time to kill the hacker 
as a small child before he invents the virus..."

"There are 10 kinds of people in this world... those who can read binary, and 
those who can't"

 

From: Ray [mailto:rz...@qwest.net] 
Sent: Thursday, February 18, 2010 11:21 AM
To: NT System Admin Issues
Subject: RE: CISCO VPN Client

 

The error I got was "The VPN client driver has encountered an error".  This 
just happened last night, didn't put any effort into looking at it. 

 

This morning I overhead one of our programmers saying he was having issues 
connecting, so he was getting the client, but then he couldn't seem to RDP to 
his work PC.  Unfortunately he didn't bother to get the exact error messages.  

 

 

-Original Message-
From: Terry Dickson [mailto:te...@treasurer.state.ks.us] 
Sent: Thursday, February 18, 2010 9:08 AM
To: NT System Admin Issues
Subject: RE: CISCO VPN Client

 

Not that I can help, but what issues?  We still use the Cisco VPN Client and 
many of our machines are Win7 64 machines.  Since Cisco will not make a 64bit 
version of the VPN Client we are looking at the anyconnect solution also.

 

-Original Message-

From: Ray [mailto:rz...@qwest.net] 

Sent: Thursday, February 18, 2010 9:48 AM

To: NT System Admin Issues

Subject: RE: CISCO VPN Client

 

We're starting to see some issues with Win7 64 clients connecting. 

 

-Original Message-

From: David W. McSpadden [mailto:dav...@imcu.com]

Sent: Thursday, February 18, 2010 8:19 AM

To: NT System Admin Issues

Subject: Re: CISCO VPN Client

 

The AnyConnect from Cisco uses a cert and is webbased, it is very easy to work 
with and the users are happy with it.

 

 

--

From: "Charlie Kaiser" 

Sent: Thursday, February 18, 2010 10:14 AM

To: "NT System Admin Issues" 

Subject: RE: CISCO VPN Client

 

> Hmmm. Yeah; that's a lot of overhead. Seems a shame to have to switch apps

> because of a bad guy. That's an effective DOS attack, eh? I'd hesitate to

> switch apps because I'd be afraid they'd do the same thing. But I don't 

> know

> the AnyConnect app either.

> 

> I seem to remember the VPN client could use certs as part of the auth. I

> wonder if that feature could be utilized to block non-client access? I

> haven't used the Cisco client for a year or so so I don't recall the

> available options.

> 

> 

> ***

> Charlie Kaiser

> charl...@golden-eagle.org

> Kingman, AZ

> ***

> 

>> -Original Message-

>> From: David W. McSpadden [mailto:dav...@imcu.com]

>> Sent: Thursday, February 18, 2010 7:59 AM

>> To: NT System Admin Issues

>> Subject: Re: CISCO VPN Client

>> 

>> They change every 20 or 30 hits.

>> Mostly out of country.

>> I started by setting up rules to block them but then I had

>> about 100 rules to block and it became an all day job.

>> Easier to move the authorized users to AnyConnect which is

>> supported and kill the VPN Client which has end of lifed anyway.

>> 

>> 

>> --

>> From: "Charlie Kaiser" 

>> Sent: Thursday, February 18, 2010 9:54 AM

>> To: "NT System Admin Issues" 

>> Subject: RE: CISCO VPN Client

>> 

>> > Is there a way you can block the source IP(s) before they

>> get to the

>> > VPN endpoint?

>> >

>> > ***

>> > Charlie Kaiser

>> > charl...@golden-eagle.org

>> > Kingman, AZ

>> > ***

>> >

>> >> -Original Message-

>> >> From: David W. McSpadden [mailto:dav...@imcu.com]

>> >> Sent: Thursday, February 18, 2010 7:45 AM

>> >> To: NT System Admin Issues

>> >> Subject: Re: CISCO VPN Client

>> >>

>> >> I have Kiwi Syslogger setup to email me every failed attempt to

>> >> authenticate through the VPN.

>> >> It went from 2 or 3 a day from lusers to 2500 to 5000 a

>> day and all

>> >> accounts I don't have in AD and all originating from the

>> VPN tunnel.

>> >> So disabling the tunnel didn't work, had to remove the

>> reference to

>> >> the tunnel entirely.  Now we are back to 2 or 3 a day.

>> >>

>> >>

>> >> From: Bob Fr

RE: CISCO VPN Client

2010-02-18 Thread Rohyans, Aaron 
If you guys are using the newest AnyConnect version (v2.4.0202), there is an 
issue with DNS resolution that has yet to be fixed.  You'll definitely see 
issues with Exchange 2007... the solution is to downgrade one step until the 
bug is fixed.

Just FYI...

Thanks!

Aaron T. Rohyans
Senior Network Engineer
CCIE #21945, CCSP, CCNA, CQS-Firewall, CQS-IPS, CQS-VPN, ISSP, CISP, JNCIA-ER
DPSciences Corporation
7400 N. Shadeland Ave., Suite 245
Indianapolis, IN 46250
Office:  (317) 348-0099
Fax:   (317) 849-7134
arohy...@dpsciences.com
http://www.dpsciences.com/
"I want an Anti-Virus system that sends Arnold back in time to kill the hacker 
as a small child before he invents the virus..."
"There are 10 kinds of people in this world... those who can read binary, and 
those who can't"

From: Ray [mailto:rz...@qwest.net]
Sent: Thursday, February 18, 2010 11:21 AM
To: NT System Admin Issues
Subject: RE: CISCO VPN Client


The error I got was "The VPN client driver has encountered an error".  This 
just happened last night, didn't put any effort into looking at it.



This morning I overhead one of our programmers saying he was having issues 
connecting, so he was getting the client, but then he couldn't seem to RDP to 
his work PC.  Unfortunately he didn't bother to get the exact error messages.





-Original Message-
From: Terry Dickson [mailto:te...@treasurer.state.ks.us]
Sent: Thursday, February 18, 2010 9:08 AM
To: NT System Admin Issues
Subject: RE: CISCO VPN Client



Not that I can help, but what issues?  We still use the Cisco VPN Client and 
many of our machines are Win7 64 machines.  Since Cisco will not make a 64bit 
version of the VPN Client we are looking at the anyconnect solution also.



-Original Message-

From: Ray [mailto:rz...@qwest.net]

Sent: Thursday, February 18, 2010 9:48 AM

To: NT System Admin Issues

Subject: RE: CISCO VPN Client



We're starting to see some issues with Win7 64 clients connecting.



-Original Message-

From: David W. McSpadden [mailto:dav...@imcu.com]

Sent: Thursday, February 18, 2010 8:19 AM

To: NT System Admin Issues

Subject: Re: CISCO VPN Client



The AnyConnect from Cisco uses a cert and is webbased, it is very easy to work 
with and the users are happy with it.





--

From: "Charlie Kaiser" 

Sent: Thursday, February 18, 2010 10:14 AM

To: "NT System Admin Issues" 

Subject: RE: CISCO VPN Client



> Hmmm. Yeah; that's a lot of overhead. Seems a shame to have to switch apps

> because of a bad guy. That's an effective DOS attack, eh? I'd hesitate to

> switch apps because I'd be afraid they'd do the same thing. But I don't

> know

> the AnyConnect app either.

>

> I seem to remember the VPN client could use certs as part of the auth. I

> wonder if that feature could be utilized to block non-client access? I

> haven't used the Cisco client for a year or so so I don't recall the

> available options.

>

>

> ***

> Charlie Kaiser

> charl...@golden-eagle.org

> Kingman, AZ

> ***

>

>> -Original Message-

>> From: David W. McSpadden [mailto:dav...@imcu.com]

>> Sent: Thursday, February 18, 2010 7:59 AM

>> To: NT System Admin Issues

>> Subject: Re: CISCO VPN Client

>>

>> They change every 20 or 30 hits.

>> Mostly out of country.

>> I started by setting up rules to block them but then I had

>> about 100 rules to block and it became an all day job.

>> Easier to move the authorized users to AnyConnect which is

>> supported and kill the VPN Client which has end of lifed anyway.

>>

>>

>> --

>> From: "Charlie Kaiser" 

>> Sent: Thursday, February 18, 2010 9:54 AM

>> To: "NT System Admin Issues" 

>> Subject: RE: CISCO VPN Client

>>

>> > Is there a way you can block the source IP(s) before they

>> get to the

>> > VPN endpoint?

>> >

>> > ***

>> > Charlie Kaiser

>> > charl...@golden-eagle.org

>> > Kingman, AZ

>> > ***

>> >

>> >> -Original Message-

>> >> From: David W. McSpadden [mailto:dav...@imcu.com]

>> >> Sent: Thursday, February 18, 2010 7:45 AM

>> >> To: NT System Admin Issues

>> >> Subject: Re: CISCO VPN Client

>> >>

>> >> I have Kiwi Syslogger setup to email me every failed attempt to

>> >> authenticate through the VPN.

>> >> It went from 2 or 3 a day from lusers to 2500 to 5000 a

>> day and all

>> >> accounts I don't have in AD and all originating from the

>> VPN tunnel.

>> >> So disabling the tunnel didn't work, had to remove the

>> reference to

>> >> the tunnel entirely.  Now we are back to 2 or 3 a day.

>> >>

>> >>

>> >> From: Bob Fronk 

>> >> Sent: Thursday, February 18, 2010 9:25 AM

>> >> To: NT System Admin Issues

>> >> 

>> >> Subject: RE: CISCO VPN Client

>> >>

>> >>

>> >> How did you

RE: MS Server licensing and vm servers

2010-02-18 Thread Sean Rector 
Yep...we've found the DC licensing to have helped us tremendously...and
with the right hardware, it's a godsend!

 

Sean Rector, MCSE

 

From: Andrew S. Baker [mailto:asbz...@gmail.com] 
Sent: Thursday, February 18, 2010 9:25 AM
To: NT System Admin Issues
Subject: Re: MS Server licensing and vm servers

 

Windows Standard should give you 1 extra license. Enterprise gives 4 as
you've noted, and DataCenter gives unlimited. 

It's a very good consideration if you're looking at Hyper-V


-ASB: http://xeesm.com/AndrewBaker
Sent from my Verizon Smartphone



From: "Tom Miller"  

Date: Thu, 18 Feb 2010 09:15:07 -0500

To: NT System Admin Issues

Subject: MS Server licensing and vm servers

 

Hi All,

 

I had a review yesterday with a MS licensing specialist which I found
very helpful.  One thing I learned that I didn't know was that for each
Windows 2008 Standard license I purchase, I have two additional Windows
2008 Standard licenses as VM servers, as long as those VM servers reside
on the same hardware that the original 2008 is installed onto.  And
that's four additional licenses for Enterprise Servers.

 

So, how are you all using this?  I use XenServer and have a number of
virtual servers on a SAN, but can't use the "vm" licensing model here.
I suppose it might help in a small office where I need more than one
server (DC, Exchange, file and print) but just one box would be fine?

 

Just asking for options/suggestions.  

 

Regards,

 

 

 

Tom Miller
Engineer, Information Technology
Hampton-Newport News Community Services Board
757-788-0528 

Confidentiality Notice: This e-mail message, including attachments, is
for the sole use of the intended recipient(s) and may contain
confidential and privileged information. Any unauthorized review, use,
disclosure, or distribution is prohibited. If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all
copies of the original message. 

 

 

 

 

Virginia Opera's 35th Anniversary Season The One You Love

Celebrate with a 2009-2010 subscription: 
La Boh?me?|?The Daughter of the Regiment?|?Don Giovanni?|?Porgy and BessSM

Visit us online at www.VaOpera.org or call 1-866-OPERA-VA

The vision of Virginia Opera is to enrich lives through the powerful 
integration of music, voice and human drama.

This e-mail and any attached files are confidential and intended solely for the 
intended recipient(s). Unless otherwise specified, persons unnamed as 
recipients may not read, distribute, copy or alter this e-mail. Any views or 
opinions expressed in this e-mail belong to the author and may not necessarily 
represent those of Virginia Opera. Although precautions have been taken to 
ensure no viruses are present, Virginia Opera cannot accept responsibility for 
any loss or damage that may arise from the use of this e-mail or attachments.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: network topology

2010-02-18 Thread Michael B. Smith 
WHY? That just seems silly. You're going to have lots extra DCs running around 
providing no benefit whatsoever.


1.   Yes. But it won't be secure.

2.   Exchange will work in a resource forest. Dunno about A/V - most of 
them don't deploy very well in multi-domain environments.

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: 2jbr...@gmail.com [mailto:2jbr...@gmail.com]
Sent: Thursday, February 18, 2010 10:48 AM
To: NT System Admin Issues
Subject: network topology

I work for a small company that is a collection of small companies. Currently 
one domain with offices in several locations in 2 states, Ok and Az. Owners 
want to create separate domains, not child domains. Each division would have 
their own DC's and independent AD structure. I am hoping someone can just give 
"big picture" yes/no's to where we are trying to go. More typically it would be 
setup like this: c...@domain.com(parent co); 
co...@domain.com; 
co...@domain.com and 
co...@domain.com. What we want looks more like this: 
c...@domain1.com; 
c...@domain2.com, etc.

1. Can we do this without being stupid on one physical network(all offices 
currently connected with IPSEC tunnels, use VLAN switching to separate domains)
2. Can we setup co1 domain as "management" domain and give exchange access to 
members of other domains; central AV management, etc...?

LOTS of details not provided, IK, just getting started here. We are currently 
running w2k3 servers and E2k3. New domains will be created on W2k8R2 servers 
and E2K7.

Thanks for any help/discussion.

Jeff





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: network topology

2010-02-18 Thread Don Guyer 
Are you doing this for security auditing reasons? We recently went
through this and ended up creating a separate A/V management server as
well as separate Exchange environment. Wasn't too bad since they are a
small user base and we used all VMs when creating the new servers. It
was more of a PITA when it came time to move workstations to the new
domain (profiles, mailboxes, etc).

 

Don Guyer

Systems Engineer - Information Services

Prudential, Fox & Roach/Trident Group

431 W. Lancaster Avenue

Devon, PA 19333

Direct: (610) 993-3299

Fax: (610) 650-5306

don.gu...@prufoxroach.com

 

From: 2jbr...@gmail.com [mailto:2jbr...@gmail.com] 
Sent: Thursday, February 18, 2010 10:48 AM
To: NT System Admin Issues
Subject: network topology

 

I work for a small company that is a collection of small companies.
Currently one domain with offices in several locations in 2 states, Ok
and Az. Owners want to create separate domains, not child domains. Each
division would have their own DC's and independent AD structure. I am
hoping someone can just give "big picture" yes/no's to where we are
trying to go. More typically it would be setup like this:
c...@domain.com(parent co); co...@domain.com; co...@domain.com and
co...@domain.com. What we want looks more like this: c...@domain1.com;
c...@domain2.com, etc.

1. Can we do this without being stupid on one physical network(all
offices currently connected with IPSEC tunnels, use VLAN switching to
separate domains)
2. Can we setup co1 domain as "management" domain and give exchange
access to members of other domains; central AV management, etc...?

LOTS of details not provided, IK, just getting started here. We are
currently running w2k3 servers and E2k3. New domains will be created on
W2k8R2 servers and E2K7.

Thanks for any help/discussion.

Jeff 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: CISCO VPN Client

2010-02-18 Thread Ray 
The error I got was "The VPN client driver has encountered an error".  This
just happened last night, didn't put any effort into looking at it. 

 

This morning I overhead one of our programmers saying he was having issues
connecting, so he was getting the client, but then he couldn't seem to RDP
to his work PC.  Unfortunately he didn't bother to get the exact error
messages.  

 

 

-Original Message-
From: Terry Dickson [mailto:te...@treasurer.state.ks.us] 
Sent: Thursday, February 18, 2010 9:08 AM
To: NT System Admin Issues
Subject: RE: CISCO VPN Client

 

Not that I can help, but what issues?  We still use the Cisco VPN Client and
many of our machines are Win7 64 machines.  Since Cisco will not make a
64bit version of the VPN Client we are looking at the anyconnect solution
also.

 

-Original Message-

From: Ray [mailto:rz...@qwest.net] 

Sent: Thursday, February 18, 2010 9:48 AM

To: NT System Admin Issues

Subject: RE: CISCO VPN Client

 

We're starting to see some issues with Win7 64 clients connecting. 

 

-Original Message-

From: David W. McSpadden [mailto:dav...@imcu.com]

Sent: Thursday, February 18, 2010 8:19 AM

To: NT System Admin Issues

Subject: Re: CISCO VPN Client

 

The AnyConnect from Cisco uses a cert and is webbased, it is very easy to
work with and the users are happy with it.

 

 

--

From: "Charlie Kaiser" 

Sent: Thursday, February 18, 2010 10:14 AM

To: "NT System Admin Issues" 

Subject: RE: CISCO VPN Client

 

> Hmmm. Yeah; that's a lot of overhead. Seems a shame to have to switch apps

> because of a bad guy. That's an effective DOS attack, eh? I'd hesitate to

> switch apps because I'd be afraid they'd do the same thing. But I don't 

> know

> the AnyConnect app either.

> 

> I seem to remember the VPN client could use certs as part of the auth. I

> wonder if that feature could be utilized to block non-client access? I

> haven't used the Cisco client for a year or so so I don't recall the

> available options.

> 

> 

> ***

> Charlie Kaiser

> charl...@golden-eagle.org

> Kingman, AZ

> ***

> 

>> -Original Message-

>> From: David W. McSpadden [mailto:dav...@imcu.com]

>> Sent: Thursday, February 18, 2010 7:59 AM

>> To: NT System Admin Issues

>> Subject: Re: CISCO VPN Client

>> 

>> They change every 20 or 30 hits.

>> Mostly out of country.

>> I started by setting up rules to block them but then I had

>> about 100 rules to block and it became an all day job.

>> Easier to move the authorized users to AnyConnect which is

>> supported and kill the VPN Client which has end of lifed anyway.

>> 

>> 

>> --

>> From: "Charlie Kaiser" 

>> Sent: Thursday, February 18, 2010 9:54 AM

>> To: "NT System Admin Issues" 

>> Subject: RE: CISCO VPN Client

>> 

>> > Is there a way you can block the source IP(s) before they

>> get to the

>> > VPN endpoint?

>> >

>> > ***

>> > Charlie Kaiser

>> > charl...@golden-eagle.org

>> > Kingman, AZ

>> > ***

>> >

>> >> -Original Message-

>> >> From: David W. McSpadden [mailto:dav...@imcu.com]

>> >> Sent: Thursday, February 18, 2010 7:45 AM

>> >> To: NT System Admin Issues

>> >> Subject: Re: CISCO VPN Client

>> >>

>> >> I have Kiwi Syslogger setup to email me every failed attempt to

>> >> authenticate through the VPN.

>> >> It went from 2 or 3 a day from lusers to 2500 to 5000 a

>> day and all

>> >> accounts I don't have in AD and all originating from the

>> VPN tunnel.

>> >> So disabling the tunnel didn't work, had to remove the

>> reference to

>> >> the tunnel entirely.  Now we are back to 2 or 3 a day.

>> >>

>> >>

>> >> From: Bob Fronk 

>> >> Sent: Thursday, February 18, 2010 9:25 AM

>> >> To: NT System Admin Issues

>> >> 

>> >> Subject: RE: CISCO VPN Client

>> >>

>> >>

>> >> How did you discover this was happening?

>> >>

>> >>

>> >>

>> >> From: David W. McSpadden [mailto:dav...@imcu.com]

>> >> Sent: Wednesday, February 17, 2010 1:30 PM

>> >> To: NT System Admin Issues

>> >> Subject: Re: CISCO VPN Client

>> >>

>> >>

>> >>

>> >> Ok.  I am looking at that area under Remote VPN in

>> Configuration and

>> >> someone has my VPN Client info and they are trying a Brute Force

>> >> Vocab attack to my AD's.  So I have moved all my users to

>> AnyConnect

>> >> and I am ready to remove the VPN Client from the ASA or

>> disable it...

>> >>

>> >>

>> >>

>> >> From: Jon Harris 

>> >>

>> >> Sent: Wednesday, February 17, 2010 1:24 PM

>> >>

>> >> To: NT System Admin Issues

>> >> 

>> >>

>> >> Subject: Re: CISCO VPN Client

>> >>

>> >>

>> >>

>> >> Why are you getting rid of the VPN client?  You don't

>> remove it you

>> >>

Archive data

2010-02-18 Thread David Lum 
Do any of you guys have an automated method for migrating old, unused user data 
off your primary servers? I'm talking about data users don't want to have 
deleted, but they maintain for "I might need it someday" purposes.

To accommodate this I would think a cheap RAID1 NAS should be sufficient, there 
is no need for high-speed, multiple user access. I'm thinking it would be a 
very cheap way to pull a TB or so off our SAN
David Lum // SYSTEMS ENGINEER
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: network topology

2010-02-18 Thread Charlie Kaiser 
Why? What's the driving force behind the move to separate forests rather
than separate domains (that's effectively what you're doing). While there
are reasons that could drive that, there are a lot of reasons to avoid it as
well. Documenting the reasons goes a long way towards determining the
structure. 

If you're going to share resources, you will need to set up forest trusts
and allow plenty of stuff between them. At that point you may as well have a
single forest; it's much easier.

If there's any need for any shared resources, I'd be looking at a single
forest model and working through the management concerns one by one. I'd
actually probably start with a single domain model and have to prove why it
couldn't work. The issues are often political rather than technical.

***
Charlie Kaiser
charl...@golden-eagle.org
Kingman, AZ
***  

> -Original Message-
> From: 2jbr...@gmail.com [mailto:2jbr...@gmail.com] 
> Sent: Thursday, February 18, 2010 8:48 AM
> To: NT System Admin Issues
> Subject: network topology
> 
> I work for a small company that is a collection of small 
> companies. Currently one domain with offices in several 
> locations in 2 states, Ok and Az. Owners want to create 
> separate domains, not child domains. Each division would have 
> their own DC's and independent AD structure. I am hoping 
> someone can just give "big picture" yes/no's to where we are 
> trying to go. More typically it would be setup like this: 
> c...@domain.com(parent co); co...@domain.com; co...@domain.com 
> and co...@domain.com. What we want looks more like this: 
> c...@domain1.com; c...@domain2.com, etc.
> 
> 1. Can we do this without being stupid on one physical 
> network(all offices currently connected with IPSEC tunnels, 
> use VLAN switching to separate domains) 2. Can we setup co1 
> domain as "management" domain and give exchange access to 
> members of other domains; central AV management, etc...?
> 
> LOTS of details not provided, IK, just getting started here. 
> We are currently running w2k3 servers and E2k3. New domains 
> will be created on W2k8R2 servers and E2K7.
> 
> Thanks for any help/discussion.
> 
> Jeff 
> 
>  
> 
>  
> 
> 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: CISCO VPN Client

2010-02-18 Thread Terry Dickson 
Not that I can help, but what issues?  We still use the Cisco VPN Client and 
many of our machines are Win7 64 machines.  Since Cisco will not make a 64bit 
version of the VPN Client we are looking at the anyconnect solution also.

-Original Message-
From: Ray [mailto:rz...@qwest.net] 
Sent: Thursday, February 18, 2010 9:48 AM
To: NT System Admin Issues
Subject: RE: CISCO VPN Client

We're starting to see some issues with Win7 64 clients connecting. 

-Original Message-
From: David W. McSpadden [mailto:dav...@imcu.com]
Sent: Thursday, February 18, 2010 8:19 AM
To: NT System Admin Issues
Subject: Re: CISCO VPN Client

The AnyConnect from Cisco uses a cert and is webbased, it is very easy to work 
with and the users are happy with it.


--
From: "Charlie Kaiser" 
Sent: Thursday, February 18, 2010 10:14 AM
To: "NT System Admin Issues" 
Subject: RE: CISCO VPN Client

> Hmmm. Yeah; that's a lot of overhead. Seems a shame to have to switch apps
> because of a bad guy. That's an effective DOS attack, eh? I'd hesitate to
> switch apps because I'd be afraid they'd do the same thing. But I don't 
> know
> the AnyConnect app either.
>
> I seem to remember the VPN client could use certs as part of the auth. I
> wonder if that feature could be utilized to block non-client access? I
> haven't used the Cisco client for a year or so so I don't recall the
> available options.
>
>
> ***
> Charlie Kaiser
> charl...@golden-eagle.org
> Kingman, AZ
> ***
>
>> -Original Message-
>> From: David W. McSpadden [mailto:dav...@imcu.com]
>> Sent: Thursday, February 18, 2010 7:59 AM
>> To: NT System Admin Issues
>> Subject: Re: CISCO VPN Client
>>
>> They change every 20 or 30 hits.
>> Mostly out of country.
>> I started by setting up rules to block them but then I had
>> about 100 rules to block and it became an all day job.
>> Easier to move the authorized users to AnyConnect which is
>> supported and kill the VPN Client which has end of lifed anyway.
>>
>>
>> --
>> From: "Charlie Kaiser" 
>> Sent: Thursday, February 18, 2010 9:54 AM
>> To: "NT System Admin Issues" 
>> Subject: RE: CISCO VPN Client
>>
>> > Is there a way you can block the source IP(s) before they
>> get to the
>> > VPN endpoint?
>> >
>> > ***
>> > Charlie Kaiser
>> > charl...@golden-eagle.org
>> > Kingman, AZ
>> > ***
>> >
>> >> -Original Message-
>> >> From: David W. McSpadden [mailto:dav...@imcu.com]
>> >> Sent: Thursday, February 18, 2010 7:45 AM
>> >> To: NT System Admin Issues
>> >> Subject: Re: CISCO VPN Client
>> >>
>> >> I have Kiwi Syslogger setup to email me every failed attempt to
>> >> authenticate through the VPN.
>> >> It went from 2 or 3 a day from lusers to 2500 to 5000 a
>> day and all
>> >> accounts I don't have in AD and all originating from the
>> VPN tunnel.
>> >> So disabling the tunnel didn't work, had to remove the
>> reference to
>> >> the tunnel entirely.  Now we are back to 2 or 3 a day.
>> >>
>> >>
>> >> From: Bob Fronk 
>> >> Sent: Thursday, February 18, 2010 9:25 AM
>> >> To: NT System Admin Issues
>> >> 
>> >> Subject: RE: CISCO VPN Client
>> >>
>> >>
>> >> How did you discover this was happening?
>> >>
>> >>
>> >>
>> >> From: David W. McSpadden [mailto:dav...@imcu.com]
>> >> Sent: Wednesday, February 17, 2010 1:30 PM
>> >> To: NT System Admin Issues
>> >> Subject: Re: CISCO VPN Client
>> >>
>> >>
>> >>
>> >> Ok.  I am looking at that area under Remote VPN in
>> Configuration and
>> >> someone has my VPN Client info and they are trying a Brute Force
>> >> Vocab attack to my AD's.  So I have moved all my users to
>> AnyConnect
>> >> and I am ready to remove the VPN Client from the ASA or
>> disable it...
>> >>
>> >>
>> >>
>> >> From: Jon Harris 
>> >>
>> >> Sent: Wednesday, February 17, 2010 1:24 PM
>> >>
>> >> To: NT System Admin Issues
>> >> 
>> >>
>> >> Subject: Re: CISCO VPN Client
>> >>
>> >>
>> >>
>> >> Why are you getting rid of the VPN client?  You don't
>> remove it you
>> >> disable it on the ASA.  Just make sure all the rules are
>> correct for
>> >> the ASA first.
>> >>
>> >>
>> >>
>> >> Jon
>> >>
>> >> On Wed, Feb 17, 2010 at 1:13 PM, David W. McSpadden
>> 
>> >> wrote:
>> >>
>> >>
>> >>
>> >> Actually on the ASA.  I think I have it found now but I am still
>> >> testing.
>> >>
>> >> From: Jon Harris 
>> >>
>> >> Sent: Wednesday, February 17, 2010 12:10 PM
>> >>
>> >> To: NT System Admin Issues
>> >> 
>> >>
>> >> Subject: Re: CISCO VPN Client
>> >>
>> >>
>> >>
>> >> Remove it is the best, they install into the same root directory
>> >> under Program Files but have separate directories under
>> that.  They

RE: CISCO VPN Client

2010-02-18 Thread Ray 
We're starting to get more people upgrading their home computers. I'm one of
those people. 

-Original Message-
From: David W. McSpadden [mailto:dav...@imcu.com] 
Sent: Thursday, February 18, 2010 8:57 AM
To: NT System Admin Issues
Subject: Re: CISCO VPN Client

Don't have any of those yet so I don't know how to work with them.


--
From: "Ray" 
Sent: Thursday, February 18, 2010 10:48 AM
To: "NT System Admin Issues" 
Subject: RE: CISCO VPN Client

> We're starting to see some issues with Win7 64 clients connecting.
>
> -Original Message-
> From: David W. McSpadden [mailto:dav...@imcu.com]
> Sent: Thursday, February 18, 2010 8:19 AM
> To: NT System Admin Issues
> Subject: Re: CISCO VPN Client
>
> The AnyConnect from Cisco uses a cert and is webbased, it is very easy to
> work with and the users are happy with it.
>
>
> --
> From: "Charlie Kaiser" 
> Sent: Thursday, February 18, 2010 10:14 AM
> To: "NT System Admin Issues" 
> Subject: RE: CISCO VPN Client
>
>> Hmmm. Yeah; that's a lot of overhead. Seems a shame to have to switch 
>> apps
>> because of a bad guy. That's an effective DOS attack, eh? I'd hesitate to
>> switch apps because I'd be afraid they'd do the same thing. But I don't
>> know
>> the AnyConnect app either.
>>
>> I seem to remember the VPN client could use certs as part of the auth. I
>> wonder if that feature could be utilized to block non-client access? I
>> haven't used the Cisco client for a year or so so I don't recall the
>> available options.
>>
>>
>> ***
>> Charlie Kaiser
>> charl...@golden-eagle.org
>> Kingman, AZ
>> ***
>>
>>> -Original Message-
>>> From: David W. McSpadden [mailto:dav...@imcu.com]
>>> Sent: Thursday, February 18, 2010 7:59 AM
>>> To: NT System Admin Issues
>>> Subject: Re: CISCO VPN Client
>>>
>>> They change every 20 or 30 hits.
>>> Mostly out of country.
>>> I started by setting up rules to block them but then I had
>>> about 100 rules to block and it became an all day job.
>>> Easier to move the authorized users to AnyConnect which is
>>> supported and kill the VPN Client which has end of lifed anyway.
>>>
>>>
>>> --
>>> From: "Charlie Kaiser" 
>>> Sent: Thursday, February 18, 2010 9:54 AM
>>> To: "NT System Admin Issues" 
>>> Subject: RE: CISCO VPN Client
>>>
>>> > Is there a way you can block the source IP(s) before they
>>> get to the
>>> > VPN endpoint?
>>> >
>>> > ***
>>> > Charlie Kaiser
>>> > charl...@golden-eagle.org
>>> > Kingman, AZ
>>> > ***
>>> >
>>> >> -Original Message-
>>> >> From: David W. McSpadden [mailto:dav...@imcu.com]
>>> >> Sent: Thursday, February 18, 2010 7:45 AM
>>> >> To: NT System Admin Issues
>>> >> Subject: Re: CISCO VPN Client
>>> >>
>>> >> I have Kiwi Syslogger setup to email me every failed attempt to
>>> >> authenticate through the VPN.
>>> >> It went from 2 or 3 a day from lusers to 2500 to 5000 a
>>> day and all
>>> >> accounts I don't have in AD and all originating from the
>>> VPN tunnel.
>>> >> So disabling the tunnel didn't work, had to remove the
>>> reference to
>>> >> the tunnel entirely.  Now we are back to 2 or 3 a day.
>>> >>
>>> >>
>>> >> From: Bob Fronk 
>>> >> Sent: Thursday, February 18, 2010 9:25 AM
>>> >> To: NT System Admin Issues
>>> >> 
>>> >> Subject: RE: CISCO VPN Client
>>> >>
>>> >>
>>> >> How did you discover this was happening?
>>> >>
>>> >>
>>> >>
>>> >> From: David W. McSpadden [mailto:dav...@imcu.com]
>>> >> Sent: Wednesday, February 17, 2010 1:30 PM
>>> >> To: NT System Admin Issues
>>> >> Subject: Re: CISCO VPN Client
>>> >>
>>> >>
>>> >>
>>> >> Ok.  I am looking at that area under Remote VPN in
>>> Configuration and
>>> >> someone has my VPN Client info and they are trying a Brute Force
>>> >> Vocab attack to my AD's.  So I have moved all my users to
>>> AnyConnect
>>> >> and I am ready to remove the VPN Client from the ASA or
>>> disable it...
>>> >>
>>> >>
>>> >>
>>> >> From: Jon Harris 
>>> >>
>>> >> Sent: Wednesday, February 17, 2010 1:24 PM
>>> >>
>>> >> To: NT System Admin Issues
>>> >> 
>>> >>
>>> >> Subject: Re: CISCO VPN Client
>>> >>
>>> >>
>>> >>
>>> >> Why are you getting rid of the VPN client?  You don't
>>> remove it you
>>> >> disable it on the ASA.  Just make sure all the rules are
>>> correct for
>>> >> the ASA first.
>>> >>
>>> >>
>>> >>
>>> >> Jon
>>> >>
>>> >> On Wed, Feb 17, 2010 at 1:13 PM, David W. McSpadden
>>> 
>>> >> wrote:
>>> >>
>>> >>
>>> >>
>>> >> Actually on the ASA.  I think I have it found now but I am still
>>> >> testing.
>>> >>
>>> >> From: Jon Harris 
>>> >>
>>> >> Sent: Wednesday, February 17, 2010 12:10 PM
>>> >>
>>> >> To: NT System A

RE: network topology

2010-02-18 Thread Ray 
What data do they want to "share"? 

 

From: 2jbr...@gmail.com [mailto:2jbr...@gmail.com] 
Sent: Thursday, February 18, 2010 8:48 AM
To: NT System Admin Issues
Subject: network topology

 

I work for a small company that is a collection of small companies.
Currently one domain with offices in several locations in 2 states, Ok and
Az. Owners want to create separate domains, not child domains. Each division
would have their own DC's and independent AD structure. I am hoping someone
can just give "big picture" yes/no's to where we are trying to go. More
typically it would be setup like this: c...@domain.com(parent co);
co...@domain.com; co...@domain.com and co...@domain.com. What we want looks
more like this: c...@domain1.com; c...@domain2.com, etc.

1. Can we do this without being stupid on one physical network(all offices
currently connected with IPSEC tunnels, use VLAN switching to separate
domains)
2. Can we setup co1 domain as "management" domain and give exchange access
to members of other domains; central AV management, etc...?

LOTS of details not provided, IK, just getting started here. We are
currently running w2k3 servers and E2k3. New domains will be created on
W2k8R2 servers and E2K7.

Thanks for any help/discussion.

Jeff 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: CISCO VPN Client

2010-02-18 Thread David W. McSpadden 

Don't have any of those yet so I don't know how to work with them.


--
From: "Ray" 
Sent: Thursday, February 18, 2010 10:48 AM
To: "NT System Admin Issues" 
Subject: RE: CISCO VPN Client


We're starting to see some issues with Win7 64 clients connecting.

-Original Message-
From: David W. McSpadden [mailto:dav...@imcu.com]
Sent: Thursday, February 18, 2010 8:19 AM
To: NT System Admin Issues
Subject: Re: CISCO VPN Client

The AnyConnect from Cisco uses a cert and is webbased, it is very easy to
work with and the users are happy with it.


--
From: "Charlie Kaiser" 
Sent: Thursday, February 18, 2010 10:14 AM
To: "NT System Admin Issues" 
Subject: RE: CISCO VPN Client

Hmmm. Yeah; that's a lot of overhead. Seems a shame to have to switch 
apps

because of a bad guy. That's an effective DOS attack, eh? I'd hesitate to
switch apps because I'd be afraid they'd do the same thing. But I don't
know
the AnyConnect app either.

I seem to remember the VPN client could use certs as part of the auth. I
wonder if that feature could be utilized to block non-client access? I
haven't used the Cisco client for a year or so so I don't recall the
available options.


***
Charlie Kaiser
charl...@golden-eagle.org
Kingman, AZ
***


-Original Message-
From: David W. McSpadden [mailto:dav...@imcu.com]
Sent: Thursday, February 18, 2010 7:59 AM
To: NT System Admin Issues
Subject: Re: CISCO VPN Client

They change every 20 or 30 hits.
Mostly out of country.
I started by setting up rules to block them but then I had
about 100 rules to block and it became an all day job.
Easier to move the authorized users to AnyConnect which is
supported and kill the VPN Client which has end of lifed anyway.


--
From: "Charlie Kaiser" 
Sent: Thursday, February 18, 2010 9:54 AM
To: "NT System Admin Issues" 
Subject: RE: CISCO VPN Client

> Is there a way you can block the source IP(s) before they
get to the
> VPN endpoint?
>
> ***
> Charlie Kaiser
> charl...@golden-eagle.org
> Kingman, AZ
> ***
>
>> -Original Message-
>> From: David W. McSpadden [mailto:dav...@imcu.com]
>> Sent: Thursday, February 18, 2010 7:45 AM
>> To: NT System Admin Issues
>> Subject: Re: CISCO VPN Client
>>
>> I have Kiwi Syslogger setup to email me every failed attempt to
>> authenticate through the VPN.
>> It went from 2 or 3 a day from lusers to 2500 to 5000 a
day and all
>> accounts I don't have in AD and all originating from the
VPN tunnel.
>> So disabling the tunnel didn't work, had to remove the
reference to
>> the tunnel entirely.  Now we are back to 2 or 3 a day.
>>
>>
>> From: Bob Fronk 
>> Sent: Thursday, February 18, 2010 9:25 AM
>> To: NT System Admin Issues
>> 
>> Subject: RE: CISCO VPN Client
>>
>>
>> How did you discover this was happening?
>>
>>
>>
>> From: David W. McSpadden [mailto:dav...@imcu.com]
>> Sent: Wednesday, February 17, 2010 1:30 PM
>> To: NT System Admin Issues
>> Subject: Re: CISCO VPN Client
>>
>>
>>
>> Ok.  I am looking at that area under Remote VPN in
Configuration and
>> someone has my VPN Client info and they are trying a Brute Force
>> Vocab attack to my AD's.  So I have moved all my users to
AnyConnect
>> and I am ready to remove the VPN Client from the ASA or
disable it...
>>
>>
>>
>> From: Jon Harris 
>>
>> Sent: Wednesday, February 17, 2010 1:24 PM
>>
>> To: NT System Admin Issues
>> 
>>
>> Subject: Re: CISCO VPN Client
>>
>>
>>
>> Why are you getting rid of the VPN client?  You don't
remove it you
>> disable it on the ASA.  Just make sure all the rules are
correct for
>> the ASA first.
>>
>>
>>
>> Jon
>>
>> On Wed, Feb 17, 2010 at 1:13 PM, David W. McSpadden

>> wrote:
>>
>>
>>
>> Actually on the ASA.  I think I have it found now but I am still
>> testing.
>>
>> From: Jon Harris 
>>
>> Sent: Wednesday, February 17, 2010 12:10 PM
>>
>> To: NT System Admin Issues
>> 
>>
>> Subject: Re: CISCO VPN Client
>>
>>
>>
>> Remove it is the best, they install into the same root directory
>> under Program Files but have separate directories under
that.  They
>> are separate programs as Microsoft sees them.
>>
>>
>>
>> Jon
>>
>> On Wed, Feb 17, 2010 at 8:07 AM, David W. McSpadden

>> wrote:
>>
>> Anyone point me on how to Disable the old CISCO VPN Client
and leave
>> the AnyConnect still enabled?
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource
hog! ~ ~
>   ~
>


~ Finally, powerful endpoint security that ISN'T a re

  1   2   >