Need some local Vipre Enterprise people

2010-05-13 Thread greg.sweers 
I need to talk to 4 or 5 local admins in the Tampa/Clearwater area.  PST
me off list.  Very cool..

 

Thx

 

Greg Sweers


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Hijacked Thread: All WAN over VPN? (Was: RE: Network/WAN question)

2010-05-13 Thread Andrew S. Baker 
*>>**If we have to run vpn over the top of it then the provider isn't
providing what you are paying for.*

Better safe than sorry.

Think of any multi-tenant hosting environment.  Regardless of how assuring
the vendor is with the customer, do you suppose that 100% of the traffic
traverse completely separate and distinct physical infrastructure?

If there is shared infrastructure, do you fully trust that the logical
separation that is employed will address both accidental and deliberate
tampering by someone at the vendor?  What happens with an innocent
configuration change that lets data from two tenants go through the same
area for some period of time?

Encryption "costs" less and less these days in terms of performance penalty.
 There no real reason not to do it for the vast majority of cases...

-ASB: http://XeeSM.com/AndrewBaker


On Thu, May 13, 2010 at 7:34 PM, James Hill wrote:

> If our governments can intercept/inspect encrypted traffic (which I'm told
> they can) then other less trustworthy people(although depending on where you
> live, the government may fall into that category too) can as well.
>
> Once data leaves your physical premises it really is in the hands of
> whoever has access to the various paths along the way to its destination.
>
> I don't think cleartext Telnet and email are a fair comparison.  Those
> things were never advertised as secure.  I'm talking about using a network
> that is supposed to be private/secure provided by a company that we are
> paying for this service.  If we have to run vpn over the top of it then the
> provider isn't providing what you are paying for.
>
>
> -Original Message-
> From: Ben Scott [mailto:mailvor...@gmail.com]
> Sent: Friday, 14 May 2010 9:19 AM
> To: NT System Admin Issues
> Subject: Re: Hijacked Thread: All WAN over VPN? (Was: RE: Network/WAN
> question)
>
> On Thu, May 13, 2010 at 5:53 PM, James Hill 
> wrote:
> > However if you feel you have to run a vpn then I'd say get a better
> provider.
>
>  I'd rather be safe than sorry.  People used to think cleartext Telnet
> wasn't worth worrying about either.  Or email.  Or whatever.
> They've always been proved wrong in time.  I don't want my employer to be
> the next statistic.  Especially given that industrial espionage is
> increasing at an astronomical pace.  All it would take is one guy working at
> the carrier getting paid off by the Chinese.  (Or the CIA, if you're not
> US.)
>
> -- Ben
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

re: XP Box inaccessible

2010-05-13 Thread Tammy 
Can you access the machine's registry from a machine on the network using 
remote registry? It has worked for me a few times. (assuming userinit.exe 
exists & is intact)

Worth a look to see if the userinit value in registry is hosed.

Key:
BrokenMachine\HKEY_LOCAL_MACHINE\Software\Microsoft\Windows 
NT\CurrentVersion\Winlogon

Normally the value for userinit is c:\windows\system32\userinit.exe,

Fix the value, disconnect registry & reboot the box.

Just in case they have windows installed to a different directory/drive etc 
though might want to check here first:

Brokenmachine\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session 
Manager\Environment

Regards,

Tammy Stewart (coppertop)
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: XP Box inaccessible

2010-05-13 Thread Peter van Houten 

Good idea (KVM) but even that would floor them technically! It would
probably be easier to step them through an XP CD boot in recovery mode :-)

--
Peter van Houten

On the 14 May, 2010 02:08, Ben Scott wrote the following:

On Thu, May 13, 2010 at 7:43 PM, Jon Harris  wrote:

It sounds like it is time to get a ticket and pack a bag ...


   Might be easier/cheaper to put the computer in a box and air freight
it to where the clue is.

   Or... hmm.  How about an IP KVM?  Tell the remote site to "go buy
one of these", and walk them through plugging in keyboard, video, and
mouse cables.  If they have a tech depot nearby, this could be same
day.

   Example product:
http://www.lantronix.com/it-management/kvm-over-ip/securelinx-spider.html

-- Ben



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: XP Box inaccessible

2010-05-13 Thread Peter van Houten 

I can only connect/disconnect to IPC$ using null credentials; anything
else causes "access denied" (apologies ~ typo'd RPC in the initial posting)

--
Peter van Houten

On the 14 May, 2010 02:08, Kurt Buff wrote the following:

Even IPC$? Just checking.

Can you run Nessus or Metasploit against it and get a shell?

Kurt

On Thu, May 13, 2010 at 16:53, Peter van Houten  wrote:

It is really odd the way it properly parses the login credentials but
won't accept the same credentials when one tries to map to a share,
remote regedit, computer management, etc (all rejected "access denied")

--
Peter van Houten

On the 14 May, 2010 01:43, Jon Harris wrote the following:


Sorry was not paying attention to that. Â It sounds like it is time to
get a ticket and pack a bag unless he has someone closer that could go
do the work.
Jon

On Thu, May 13, 2010 at 7:41 PM, James Hill
mailto:james.h...@superamart.com.au>>
wrote:

   He covered that one.

               What can't be done / makes no difference:

               4) Map drives to *any* shares from another box

   *From:* Jon Harris [mailto:jk.har...@gmail.com
  Â]
   *Sent:* Friday, 14 May 2010 9:40 AM

   *To:* NT System Admin Issues
   *Subject:* Re: XP Box inaccessible

   What about just mapping the drive's admin share and pulling what you
   need?

   Jon

   On Thu, May 13, 2010 at 7:34 PM, Peter van Houten
  Âmailto:peter...@gmail.com>>  wrote:

   Well ironically, it is far from "hung" but I know what you mean. There
   are a number of bugs that have this effect; the less elaborate just
   overwrite files such as userinit.exe with their own code, make a few
reg
   changes and cause the login problem.

   Type in the login and password, off it goes..."loading your personal
   settings"...but then instead of going to the desktop, it simply logs
   off.

   So the computer is "running" and one can observe certain
   processes remotely as I pointed out. One just can't get any %$#&@(&$!
   work done!

   --
   Peter van Houten

   On the 14 May, 2010 01:21, Jon Harris wrote the following:

   So what you have is a hung box some where between logon and logoff?
   Jon

   On Thu, May 13, 2010 at 7:09 PM, Peter van Houten
  Âmailto:peter...@gmail.com>

  Â>>  wrote:

       Thanks Jon; I probably didn't lay out my explanation properly
   but I do
       have remote access; it simply goes through the same login-logoff
   routine
       as a local login.

       --
       Peter van Houten

       On the 14 May, 2010 00:58, Jon Harris wrote the following:

           Isn't there a GPO that would turn on remote access for Domain
           Admins?
           If it is part of a domain and you have access to the Domain
           Controller
           then just have it restarted once or twice and you should be
good
           to go.
           Jon

           On Thu, May 13, 2010 at 6:26 PM, Peter van Houten
  Âmailto:peter...@gmail.com>
  Â>

  Â
  Â

Re: Network/WAN question

2010-05-13 Thread Phil Brutsche 
To be more specific, the 2610 is a pure layer 2 switch. Generally
speaking the 2x10 switches (2610, 2810, 2910) are all pure layer 2.

By "ProCurve 2600 series" I'm referring to the 2626, 2650 and their PoE
variants.

A "ProCurve 2800 series" would be a 2824 and a 2848.

On 5/13/2010 3:30 PM, jesse-r...@wi.rr.com wrote:
> Thanks for the info on the "light" layer 3.  I did NOT realize the 2610
> series had limitations.  The 2810's don't even DO layer 3 from my
> understanding.

-- 

Phil Brutsche
p...@optimumdata.com

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: XP Box inaccessible

2010-05-13 Thread Peter van Houten 

Appreciate it! The share function must get clobbered by the bug. If it
is Virut, then according to the blurb, plenty of executables become
infected. I have tried all the hidden shares and the RPC$ facility,
which was the only one I had success with. I'm not a programmer but from
what I understand, it is possible to effect change on a remote system
via the RPC mechanism.

--
Peter van Houten

On the 14 May, 2010 01:58, Jon Harris wrote the following:

Could the share be restricted some other way?  Hey trying to hand you a
straw that might become a rope.
Jon

On Thu, May 13, 2010 at 7:53 PM, Peter van Houten mailto:peter...@gmail.com>> wrote:

It is really odd the way it properly parses the login credentials but
won't accept the same credentials when one tries to map to a share,
remote regedit, computer management, etc (all rejected "access denied")

--
Peter van Houten

On the 14 May, 2010 01:43, Jon Harris wrote the following:

Sorry was not paying attention to that.  It sounds like it is
time to
get a ticket and pack a bag unless he has someone closer that
could go
do the work.
Jon

On Thu, May 13, 2010 at 7:41 PM, James Hill
mailto:james.h...@superamart.com.au>
>> wrote:

He covered that one.

What can't be done / makes no difference:

4) Map drives to *any* shares from another box

*From:* Jon Harris [mailto:jk.har...@gmail.com


>]
*Sent:* Friday, 14 May 2010 9:40 AM

*To:* NT System Admin Issues
*Subject:* Re: XP Box inaccessible

What about just mapping the drive's admin share and pulling
what you
need?

Jon

On Thu, May 13, 2010 at 7:34 PM, Peter van Houten
mailto:peter...@gmail.com>
>> wrote:

Well ironically, it is far from "hung" but I know what you
mean. There
are a number of bugs that have this effect; the less
elaborate just
overwrite files such as userinit.exe with their own code,
make a few reg
changes and cause the login problem.

Type in the login and password, off it goes..."loading your
personal
settings"...but then instead of going to the desktop, it
simply logs
off.

So the computer is "running" and one can observe certain
processes remotely as I pointed out. One just can't get any
%$#&@(&$!
work done!

--
Peter van Houten

On the 14 May, 2010 01:21, Jon Harris wrote the following:

So what you have is a hung box some where between logon and
logoff?
Jon

On Thu, May 13, 2010 at 7:09 PM, Peter van Houten
mailto:peter...@gmail.com>
>



>

>>


>

 wrote:

I have a XP Pro [fully patched :-) ] box on a
network that
has been
infected (probably Virut). It is the classic
login...loading
your
personal settings...logging off scenario.

RE: Hijacked Thread: All WAN over VPN? (Was: RE: Network/WAN question)

2010-05-13 Thread James Hill 
I think that's what it really comes down to.  If your network is sending 
banking information or other sensitive data then adding encryption and wearing 
extra tin foil hats is a good idea.

If I was after some companies info though I wouldn't bother with possibly 
complicated network intrusion.  Social engineering is far more effective.


-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com] 
Sent: Friday, 14 May 2010 9:58 AM
To: NT System Admin Issues
Subject: Re: Hijacked Thread: All WAN over VPN? (Was: RE: Network/WAN question)

  Risk management is always a case-by-case decision. 
-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: XP Box inaccessible

2010-05-13 Thread Ben Scott 
On Thu, May 13, 2010 at 7:43 PM, Jon Harris  wrote:
> It sounds like it is time to get a ticket and pack a bag ...

  Might be easier/cheaper to put the computer in a box and air freight
it to where the clue is.

  Or... hmm.  How about an IP KVM?  Tell the remote site to "go buy
one of these", and walk them through plugging in keyboard, video, and
mouse cables.  If they have a tech depot nearby, this could be same
day.

  Example product:
http://www.lantronix.com/it-management/kvm-over-ip/securelinx-spider.html

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: XP Box inaccessible

2010-05-13 Thread Kurt Buff 
Even IPC$? Just checking.

Can you run Nessus or Metasploit against it and get a shell?

Kurt

On Thu, May 13, 2010 at 16:53, Peter van Houten  wrote:
> It is really odd the way it properly parses the login credentials but
> won't accept the same credentials when one tries to map to a share,
> remote regedit, computer management, etc (all rejected "access denied")
>
> --
> Peter van Houten
>
> On the 14 May, 2010 01:43, Jon Harris wrote the following:
>>
>> Sorry was not paying attention to that.  It sounds like it is time to
>> get a ticket and pack a bag unless he has someone closer that could go
>> do the work.
>> Jon
>>
>> On Thu, May 13, 2010 at 7:41 PM, James Hill
>> mailto:james.h...@superamart.com.au>>
>> wrote:
>>
>>    He covered that one.
>>
>>                What can't be done / makes no difference:
>>
>>                4) Map drives to *any* shares from another box
>>
>>    *From:* Jon Harris [mailto:jk.har...@gmail.com
>>    ]
>>    *Sent:* Friday, 14 May 2010 9:40 AM
>>
>>    *To:* NT System Admin Issues
>>    *Subject:* Re: XP Box inaccessible
>>
>>    What about just mapping the drive's admin share and pulling what you
>>    need?
>>
>>    Jon
>>
>>    On Thu, May 13, 2010 at 7:34 PM, Peter van Houten
>>    mailto:peter...@gmail.com>> wrote:
>>
>>    Well ironically, it is far from "hung" but I know what you mean. There
>>    are a number of bugs that have this effect; the less elaborate just
>>    overwrite files such as userinit.exe with their own code, make a few
>> reg
>>    changes and cause the login problem.
>>
>>    Type in the login and password, off it goes..."loading your personal
>>    settings"...but then instead of going to the desktop, it simply logs
>>    off.
>>
>>    So the computer is "running" and one can observe certain
>>    processes remotely as I pointed out. One just can't get any %$#&@(&$!
>>    work done!
>>
>>    --
>>    Peter van Houten
>>
>>    On the 14 May, 2010 01:21, Jon Harris wrote the following:
>>
>>    So what you have is a hung box some where between logon and logoff?
>>    Jon
>>
>>    On Thu, May 13, 2010 at 7:09 PM, Peter van Houten
>>    mailto:peter...@gmail.com>
>>
>>    >> wrote:
>>
>>        Thanks Jon; I probably didn't lay out my explanation properly
>>    but I do
>>        have remote access; it simply goes through the same login-logoff
>>    routine
>>        as a local login.
>>
>>        --
>>        Peter van Houten
>>
>>        On the 14 May, 2010 00:58, Jon Harris wrote the following:
>>
>>            Isn't there a GPO that would turn on remote access for Domain
>>            Admins?
>>            If it is part of a domain and you have access to the Domain
>>            Controller
>>            then just have it restarted once or twice and you should be
>> good
>>            to go.
>>            Jon
>>
>>            On Thu, May 13, 2010 at 6:26 PM, Peter van Houten
>>    mailto:peter...@gmail.com>
>>    >
>>
>>    
>>    >
>>                I have a XP Pro [fully patched :-) ] box on a network that
>>            has been
>>                infected (probably Virut). It is the classic
>> login...loading
>>            your
>>                personal settings...logging off scenario.
>>
>>                Recovering the data and fixing the malware problem is easy.
>>            The real
>>                problem is that the box is 300 miles away, so I am trying
>> to
>>            avoid
>>                flying there tomorrow, just before the weekend.
>>
>>                What can't be done / makes no difference:
>>                ---
>>                1) Login locally (admin credentials make no difference)
>>                2) Login remotely using RDP or VNC, directly via VPN or via
>>            another box
>>                on the remote network (goes through the motions as above).
>>                2) Start in any form of safe mode.
>>                3) Restore to earlier date, last known good config.
>>                4) Map drives to *any* shares from another box
>>                5) Use any clever login scripts on the server
>>                6) Use psexec to run anything remotely.
>>                7) Instruct the user to step through anything technical :-(
>>
>>                What can be done:
>>                --
>>                1) Ping the box
>>                2) Netbios is enabled, so it shows in network
>>                3) Scan the IP and show ports 139 and 445 open
>>                4) Open and close a null RPC connection (enum, etc not
>>    helping)
>>
>>                My hope is that one of you boffins has a script that will,
>>            via RPC turn
>>                on the telnet s

Re: Hijacked Thread: All WAN over VPN? (Was: RE: Network/WAN question)

2010-05-13 Thread Ben Scott 
On Thu, May 13, 2010 at 7:37 PM, Jon Harris  wrote:
>>  And CIA doesn't monitor domestic US communications.  That's the NSA
>> and FBI's job.  ;-)
>
> And you actually believe they are not getting feed?

  I do not assume that.  Hence the "winky face emoticon".  :-)

  I wouldn't be surprised if the CIA has to have their own
unconstitutional domestic intelligence gathering operation, though.
The TLAs are notorious about not sharing with each other, often to
their own detriment, or that of the nation.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: XP Box inaccessible

2010-05-13 Thread Jon Harris 
Could the share be restricted some other way?  Hey trying to hand you a
straw that might become a rope.

Jon

On Thu, May 13, 2010 at 7:53 PM, Peter van Houten wrote:

> It is really odd the way it properly parses the login credentials but
> won't accept the same credentials when one tries to map to a share,
> remote regedit, computer management, etc (all rejected "access denied")
>
> --
> Peter van Houten
>
> On the 14 May, 2010 01:43, Jon Harris wrote the following:
>
>> Sorry was not paying attention to that.  It sounds like it is time to
>> get a ticket and pack a bag unless he has someone closer that could go
>> do the work.
>> Jon
>>
>> On Thu, May 13, 2010 at 7:41 PM, James Hill
>> mailto:james.h...@superamart.com.au>>
>> wrote:
>>
>>He covered that one.
>>
>>What can't be done / makes no difference:
>>
>>4) Map drives to *any* shares from another box
>>
>>*From:* Jon Harris [mailto:jk.har...@gmail.com
>>
>>]
>>*Sent:* Friday, 14 May 2010 9:40 AM
>>
>>*To:* NT System Admin Issues
>>*Subject:* Re: XP Box inaccessible
>>
>> What about just mapping the drive's admin share and pulling what you
>>need?
>>
>>Jon
>>
>>On Thu, May 13, 2010 at 7:34 PM, Peter van Houten
>>mailto:peter...@gmail.com>> wrote:
>>
>>Well ironically, it is far from "hung" but I know what you mean. There
>>are a number of bugs that have this effect; the less elaborate just
>>overwrite files such as userinit.exe with their own code, make a few
>> reg
>>changes and cause the login problem.
>>
>>Type in the login and password, off it goes..."loading your personal
>>settings"...but then instead of going to the desktop, it simply logs
>>off.
>>
>>So the computer is "running" and one can observe certain
>>processes remotely as I pointed out. One just can't get any %$#&@(&$!
>>work done!
>>
>>--
>>Peter van Houten
>>
>>On the 14 May, 2010 01:21, Jon Harris wrote the following:
>>
>>So what you have is a hung box some where between logon and logoff?
>>Jon
>>
>>On Thu, May 13, 2010 at 7:09 PM, Peter van Houten
>>mailto:peter...@gmail.com>
>>
>>>> wrote:
>>
>>Thanks Jon; I probably didn't lay out my explanation properly
>>but I do
>>have remote access; it simply goes through the same login-logoff
>>routine
>>as a local login.
>>
>>--
>>Peter van Houten
>>
>>On the 14 May, 2010 00:58, Jon Harris wrote the following:
>>
>>Isn't there a GPO that would turn on remote access for Domain
>>Admins?
>>If it is part of a domain and you have access to the Domain
>>Controller
>>then just have it restarted once or twice and you should be
>> good
>>to go.
>>Jon
>>
>>On Thu, May 13, 2010 at 6:26 PM, Peter van Houten
>>mailto:peter...@gmail.com>
>>>
>>
>>
>>>
>>I have a XP Pro [fully patched :-) ] box on a network that
>>has been
>>infected (probably Virut). It is the classic
>> login...loading
>>your
>>personal settings...logging off scenario.
>>
>>Recovering the data and fixing the malware problem is easy.
>>The real
>>problem is that the box is 300 miles away, so I am trying
>> to
>>avoid
>>flying there tomorrow, just before the weekend.
>>
>>What can't be done / makes no difference:
>>---
>>1) Login locally (admin credentials make no difference)
>>2) Login remotely using RDP or VNC, directly via VPN or via
>>another box
>>on the remote network (goes through the motions as above).
>>2) Start in any form of safe mode.
>>3) Restore to earlier date, last known good config.
>>4) Map drives to *any* shares from another box
>>5) Use any clever login scripts on the server
>>6) Use psexec to run anything remotely.
>>7) Instruct the user to step through anything technical :-(
>>
>>What can be done:
>>--
>>1) Ping the box
>>2) Netbios is enabled, so it shows in network
>>3) Scan the IP and show ports 139 and 445 open
>>4) Open and close a null RPC connection (enum, etc not
>>helping)
>>
>>My hope is that one of you boffins has a script that will,
>>via RPC turn
>>

Re: Hijacked Thread: All WAN over VPN? (Was: RE: Network/WAN question)

2010-05-13 Thread Ben Scott 
On Thu, May 13, 2010 at 7:34 PM, James Hill
 wrote:
> If our governments can intercept/inspect encrypted traffic
> (which I'm told they can) then other less trustworthy people
> ... can as well.

  The encryption used in well-known open standard systems (such as SSL
and IPsec) is believed to be proof against all publicly known attacks.
 Now, the NSA (or the Chinese intelligence agencies) may have
techniques not in the public domain, but I think it very unlikely that
less rarefied organizations ("other less trustworthy people") would.

  And even if some government has special techniques, it's likely they
still consume resources.  Such resources may be constrained.  Thus, if
you encrypt, you may still be protected.

  In short: If you encrypt, chances are good you are protected.  if
you're operating in the clear, you're guaranteed to be exposed.

> Once data leaves your physical premises it really is in the hands of whoever 
> has
> access to the various paths along the way to its destination.

  Which is *precisely* why I insist on using crypto.  Then it's back
in my hands.

> I don't think cleartext Telnet and email are a fair comparison.  Those things
> were never advertised as secure.

  Fair point.  Many still didn't think it was worth worrying about, though.

> I'm talking about using a network that is supposed to be private/secure
> provided by a company that we are paying for this service.  If we have to
> run vpn over the top of it then the provider isn't providing what you are
> paying for.

  Again: All it takes is one employee at the carrier who has been
bribed, or has a grudge, etc.  Or maybe someone at the carrier just
screws up and puts your connection on the same as someone else's
worm-infected network.  Or maybe the carrier's network itself is
compromised.  There have been countless high-profile news events about
third-party providers screwing the pooch that I don't consider this to
be fiction, or even theoretical speculation -- rather, I consider it
quite possible.

  You say you would not getting what you paid for, and you'd be right.
 So maybe that means you're entitled to getting your money back.  Your
security is still compromised.  And that's assuming you ever learn
about the compromise.

  Risk management is always a case-by-case decision.  Me, I'd rather
be sure.  Especially when good crypto tunnel implementations are
basically free these days.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: XP Box inaccessible

2010-05-13 Thread Peter van Houten 

It is really odd the way it properly parses the login credentials but
won't accept the same credentials when one tries to map to a share,
remote regedit, computer management, etc (all rejected "access denied")

--
Peter van Houten

On the 14 May, 2010 01:43, Jon Harris wrote the following:

Sorry was not paying attention to that.  It sounds like it is time to
get a ticket and pack a bag unless he has someone closer that could go
do the work.
Jon

On Thu, May 13, 2010 at 7:41 PM, James Hill
mailto:james.h...@superamart.com.au>> wrote:

He covered that one.

What can't be done / makes no difference:

4) Map drives to *any* shares from another box

*From:* Jon Harris [mailto:jk.har...@gmail.com
]
*Sent:* Friday, 14 May 2010 9:40 AM

*To:* NT System Admin Issues
*Subject:* Re: XP Box inaccessible

What about just mapping the drive's admin share and pulling what you
need?

Jon

On Thu, May 13, 2010 at 7:34 PM, Peter van Houten
mailto:peter...@gmail.com>> wrote:

Well ironically, it is far from "hung" but I know what you mean. There
are a number of bugs that have this effect; the less elaborate just
overwrite files such as userinit.exe with their own code, make a few reg
changes and cause the login problem.

Type in the login and password, off it goes..."loading your personal
settings"...but then instead of going to the desktop, it simply logs
off.

So the computer is "running" and one can observe certain
processes remotely as I pointed out. One just can't get any %$#&@(&$!
work done!

--
Peter van Houten

On the 14 May, 2010 01:21, Jon Harris wrote the following:

So what you have is a hung box some where between logon and logoff?
Jon

On Thu, May 13, 2010 at 7:09 PM, Peter van Houten
mailto:peter...@gmail.com>

>> wrote:

Thanks Jon; I probably didn't lay out my explanation properly
but I do
have remote access; it simply goes through the same login-logoff
routine
as a local login.

--
Peter van Houten

On the 14 May, 2010 00:58, Jon Harris wrote the following:

Isn't there a GPO that would turn on remote access for Domain
Admins?
If it is part of a domain and you have access to the Domain
Controller
then just have it restarted once or twice and you should be good
to go.
Jon

On Thu, May 13, 2010 at 6:26 PM, Peter van Houten
mailto:peter...@gmail.com>
>


  ~

Re: XP Box inaccessible

2010-05-13 Thread Peter van Houten 

Heh ~ first thing I tried.  See #4 below.

--
Peter van Houten

On the 14 May, 2010 01:39, Jon Harris wrote the following:

What about just mapping the drive's admin share and pulling what you need?
Jon

On Thu, May 13, 2010 at 7:34 PM, Peter van Houten mailto:peter...@gmail.com>> wrote:

Well ironically, it is far from "hung" but I know what you mean. There
are a number of bugs that have this effect; the less elaborate just
overwrite files such as userinit.exe with their own code, make a few reg
changes and cause the login problem.

Type in the login and password, off it goes..."loading your personal
settings"...but then instead of going to the desktop, it simply logs
off.

So the computer is "running" and one can observe certain
processes remotely as I pointed out. One just can't get any %$#&@(&$!
work done!

--
Peter van Houten

On the 14 May, 2010 01:21, Jon Harris wrote the following:

So what you have is a hung box some where between logon and logoff?
Jon

On Thu, May 13, 2010 at 7:09 PM, Peter van Houten
mailto:peter...@gmail.com>
>> wrote:

Thanks Jon; I probably didn't lay out my explanation
properly but I do
have remote access; it simply goes through the same
login-logoff routine
as a local login.

--
Peter van Houten

On the 14 May, 2010 00:58, Jon Harris wrote the following:

Isn't there a GPO that would turn on remote access for
Domain
Admins?
If it is part of a domain and you have access to the Domain
Controller
then just have it restarted once or twice and you should
be good
to go.
Jon

On Thu, May 13, 2010 at 6:26 PM, Peter van Houten
mailto:peter...@gmail.com>
>

  ~

Re: XP Box inaccessible

2010-05-13 Thread Jon Harris 
Sorry was not paying attention to that.  It sounds like it is time to get a
ticket and pack a bag unless he has someone closer that could go do the
work.

Jon

On Thu, May 13, 2010 at 7:41 PM, James Hill wrote:

>  He covered that one.
>
>
>
>What can't be done / makes no difference:
>
>4) Map drives to *any* shares from another box
>
>
>
>
>
> *From:* Jon Harris [mailto:jk.har...@gmail.com]
> *Sent:* Friday, 14 May 2010 9:40 AM
>
> *To:* NT System Admin Issues
> *Subject:* Re: XP Box inaccessible
>
>
>
> What about just mapping the drive's admin share and pulling what you need?
>
>
>
> Jon
>
> On Thu, May 13, 2010 at 7:34 PM, Peter van Houten 
> wrote:
>
> Well ironically, it is far from "hung" but I know what you mean. There
> are a number of bugs that have this effect; the less elaborate just
> overwrite files such as userinit.exe with their own code, make a few reg
> changes and cause the login problem.
>
> Type in the login and password, off it goes..."loading your personal
> settings"...but then instead of going to the desktop, it simply logs off.
>
> So the computer is "running" and one can observe certain
> processes remotely as I pointed out. One just can't get any %$#&@(&$!
> work done!
>
> --
> Peter van Houten
>
> On the 14 May, 2010 01:21, Jon Harris wrote the following:
>
> So what you have is a hung box some where between logon and logoff?
> Jon
>
> On Thu, May 13, 2010 at 7:09 PM, Peter van Houten 
> > wrote:
>
>Thanks Jon; I probably didn't lay out my explanation properly but I do
>have remote access; it simply goes through the same login-logoff routine
>as a local login.
>
>--
>Peter van Houten
>
>On the 14 May, 2010 00:58, Jon Harris wrote the following:
>
>Isn't there a GPO that would turn on remote access for Domain
>Admins?
>If it is part of a domain and you have access to the Domain
>Controller
>then just have it restarted once or twice and you should be good
>to go.
>Jon
>
>On Thu, May 13, 2010 at 6:26 PM, Peter van Houten
>mailto:peter...@gmail.com>
>
>>> wrote:
>
>I have a XP Pro [fully patched :-) ] box on a network that
>has been
>infected (probably Virut). It is the classic login...loading
>your
>personal settings...logging off scenario.
>
>Recovering the data and fixing the malware problem is easy.
>The real
>problem is that the box is 300 miles away, so I am trying to
>avoid
>flying there tomorrow, just before the weekend.
>
>What can't be done / makes no difference:
>---
>1) Login locally (admin credentials make no difference)
>2) Login remotely using RDP or VNC, directly via VPN or via
>another box
>on the remote network (goes through the motions as above).
>2) Start in any form of safe mode.
>3) Restore to earlier date, last known good config.
>4) Map drives to *any* shares from another box
>5) Use any clever login scripts on the server
>6) Use psexec to run anything remotely.
>7) Instruct the user to step through anything technical :-(
>
>What can be done:
>--
>1) Ping the box
>2) Netbios is enabled, so it shows in network
>3) Scan the IP and show ports 139 and 445 open
>4) Open and close a null RPC connection (enum, etc not helping)
>
>My hope is that one of you boffins has a script that will,
>via RPC turn
>on the telnet server, open port 23 and let me copy a
>document from the
>desktop [aarrgh] to USB. Or something equally as clever...
>
>TIA but please no advice on malware,
>
>--
>Peter van Houten
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>
>
>
>
>
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: XP Box inaccessible

2010-05-13 Thread James Hill 
He covered that one.

   What can't be done / makes no difference:
   4) Map drives to *any* shares from another box


From: Jon Harris [mailto:jk.har...@gmail.com]
Sent: Friday, 14 May 2010 9:40 AM
To: NT System Admin Issues
Subject: Re: XP Box inaccessible

What about just mapping the drive's admin share and pulling what you need?

Jon
On Thu, May 13, 2010 at 7:34 PM, Peter van Houten 
mailto:peter...@gmail.com>> wrote:
Well ironically, it is far from "hung" but I know what you mean. There
are a number of bugs that have this effect; the less elaborate just
overwrite files such as userinit.exe with their own code, make a few reg
changes and cause the login problem.

Type in the login and password, off it goes..."loading your personal
settings"...but then instead of going to the desktop, it simply logs off.

So the computer is "running" and one can observe certain
processes remotely as I pointed out. One just can't get any %$#&@(&$!
work done!

--
Peter van Houten

On the 14 May, 2010 01:21, Jon Harris wrote the following:
So what you have is a hung box some where between logon and logoff?
Jon

On Thu, May 13, 2010 at 7:09 PM, Peter van Houten 
mailto:peter...@gmail.com>
>> wrote:

   Thanks Jon; I probably didn't lay out my explanation properly but I do
   have remote access; it simply goes through the same login-logoff routine
   as a local login.

   --
   Peter van Houten

   On the 14 May, 2010 00:58, Jon Harris wrote the following:

   Isn't there a GPO that would turn on remote access for Domain
   Admins?
   If it is part of a domain and you have access to the Domain
   Controller
   then just have it restarted once or twice and you should be good
   to go.
   Jon

   On Thu, May 13, 2010 at 6:26 PM, Peter van Houten
   mailto:peter...@gmail.com> 
>
    
  ~






~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: XP Box inaccessible

2010-05-13 Thread Jon Harris 
What about just mapping the drive's admin share and pulling what you need?

Jon

On Thu, May 13, 2010 at 7:34 PM, Peter van Houten wrote:

> Well ironically, it is far from "hung" but I know what you mean. There
> are a number of bugs that have this effect; the less elaborate just
> overwrite files such as userinit.exe with their own code, make a few reg
> changes and cause the login problem.
>
> Type in the login and password, off it goes..."loading your personal
> settings"...but then instead of going to the desktop, it simply logs off.
>
> So the computer is "running" and one can observe certain
> processes remotely as I pointed out. One just can't get any %$#&@(&$!
> work done!
>
> --
> Peter van Houten
>
> On the 14 May, 2010 01:21, Jon Harris wrote the following:
>
>> So what you have is a hung box some where between logon and logoff?
>> Jon
>>
>> On Thu, May 13, 2010 at 7:09 PM, Peter van Houten > > wrote:
>>
>>Thanks Jon; I probably didn't lay out my explanation properly but I do
>>have remote access; it simply goes through the same login-logoff
>> routine
>>as a local login.
>>
>>--
>>Peter van Houten
>>
>>On the 14 May, 2010 00:58, Jon Harris wrote the following:
>>
>>Isn't there a GPO that would turn on remote access for Domain
>>Admins?
>>If it is part of a domain and you have access to the Domain
>>Controller
>>then just have it restarted once or twice and you should be good
>>to go.
>>Jon
>>
>>On Thu, May 13, 2010 at 6:26 PM, Peter van Houten
>>mailto:peter...@gmail.com>
>> >> wrote:
>>
>>I have a XP Pro [fully patched :-) ] box on a network that
>>has been
>>infected (probably Virut). It is the classic login...loading
>>your
>>personal settings...logging off scenario.
>>
>>Recovering the data and fixing the malware problem is easy.
>>The real
>>problem is that the box is 300 miles away, so I am trying to
>>avoid
>>flying there tomorrow, just before the weekend.
>>
>>What can't be done / makes no difference:
>>---
>>1) Login locally (admin credentials make no difference)
>>2) Login remotely using RDP or VNC, directly via VPN or via
>>another box
>>on the remote network (goes through the motions as above).
>>2) Start in any form of safe mode.
>>3) Restore to earlier date, last known good config.
>>4) Map drives to *any* shares from another box
>>5) Use any clever login scripts on the server
>>6) Use psexec to run anything remotely.
>>7) Instruct the user to step through anything technical :-(
>>
>>What can be done:
>>--
>>1) Ping the box
>>2) Netbios is enabled, so it shows in network
>>3) Scan the IP and show ports 139 and 445 open
>>4) Open and close a null RPC connection (enum, etc not helping)
>>
>>My hope is that one of you boffins has a script that will,
>>via RPC turn
>>on the telnet server, open port 23 and let me copy a
>>document from the
>>desktop [aarrgh] to USB. Or something equally as clever...
>>
>>TIA but please no advice on malware,
>>
>>--
>>Peter van Houten
>>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Hijacked Thread: All WAN over VPN? (Was: RE: Network/WAN question)

2010-05-13 Thread Jon Harris 
And you actually believe they are not getting feed?

Jon

On Thu, May 13, 2010 at 7:33 PM, Ben Scott  wrote:

> On Thu, May 13, 2010 at 7:24 PM, Jon Harris  wrote:
> > The CIA/NSF does not pay any one off.  They just twist an arm or two and
> > they have all the access they want.  At least that is what one of them
> did
> > out in CA about 2001 or 2002 when they put in their equipment into the
> AT&T
> > network and started listening.
>
>  Right, I said "not US".  :)  Outside the US the US government's
> wiretapping policies have little pull.  But I would still be surprised
> if the CIA wasn't watching PRC, AUS, UK, etc. -- just like I would be
> surprised if their intelligence organizations weren't watching us.
>
>  And CIA doesn't monitor domestic US communications.  That's the NSA
> and FBI's job.  ;-)
>
> -- Ben
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: XP Box inaccessible

2010-05-13 Thread Peter van Houten 

Well ironically, it is far from "hung" but I know what you mean. There
are a number of bugs that have this effect; the less elaborate just
overwrite files such as userinit.exe with their own code, make a few reg
changes and cause the login problem.

Type in the login and password, off it goes..."loading your personal
settings"...but then instead of going to the desktop, it simply logs off.

So the computer is "running" and one can observe certain
processes remotely as I pointed out. One just can't get any %$#&@(&$!
work done!

--
Peter van Houten

On the 14 May, 2010 01:21, Jon Harris wrote the following:

So what you have is a hung box some where between logon and logoff?
Jon

On Thu, May 13, 2010 at 7:09 PM, Peter van Houten mailto:peter...@gmail.com>> wrote:

Thanks Jon; I probably didn't lay out my explanation properly but I do
have remote access; it simply goes through the same login-logoff routine
as a local login.

--
Peter van Houten

On the 14 May, 2010 00:58, Jon Harris wrote the following:

Isn't there a GPO that would turn on remote access for Domain
Admins?
If it is part of a domain and you have access to the Domain
Controller
then just have it restarted once or twice and you should be good
to go.
Jon

On Thu, May 13, 2010 at 6:26 PM, Peter van Houten
mailto:peter...@gmail.com>
>> wrote:

I have a XP Pro [fully patched :-) ] box on a network that
has been
infected (probably Virut). It is the classic login...loading
your
personal settings...logging off scenario.

Recovering the data and fixing the malware problem is easy.
The real
problem is that the box is 300 miles away, so I am trying to
avoid
flying there tomorrow, just before the weekend.

What can't be done / makes no difference:
---
1) Login locally (admin credentials make no difference)
2) Login remotely using RDP or VNC, directly via VPN or via
another box
on the remote network (goes through the motions as above).
2) Start in any form of safe mode.
3) Restore to earlier date, last known good config.
4) Map drives to *any* shares from another box
5) Use any clever login scripts on the server
6) Use psexec to run anything remotely.
7) Instruct the user to step through anything technical :-(

What can be done:
--
1) Ping the box
2) Netbios is enabled, so it shows in network
3) Scan the IP and show ports 139 and 445 open
4) Open and close a null RPC connection (enum, etc not helping)

My hope is that one of you boffins has a script that will,
via RPC turn
on the telnet server, open port 23 and let me copy a
document from the
desktop [aarrgh] to USB. Or something equally as clever...

TIA but please no advice on malware,

--
Peter van Houten


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Hijacked Thread: All WAN over VPN? (Was: RE: Network/WAN question)

2010-05-13 Thread Jon Harris 
Yeah one of our 3 letter secret agency's that like to look at other peoples
email and what they are doing online.

Jon

On Thu, May 13, 2010 at 7:32 PM, Steven M. Caesare wrote:

>  NSF?
>
>
>
> Methinks you mean NSA
>
>
>
> J
>
>
>
> -sc
>
>
>
> *From:* Jon Harris [mailto:jk.har...@gmail.com]
> *Sent:* Thursday, May 13, 2010 7:25 PM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Hijacked Thread: All WAN over VPN? (Was: RE: Network/WAN
> question)
>
>
>
> The CIA/NSF does not pay any one off.  They just twist an arm or two and
> they have all the access they want.  At least that is what one of them did
> out in CA about 2001 or 2002 when they put in their equipment into the AT&T
> network and started listening.
>
>
>
> Jon
>
> On Thu, May 13, 2010 at 7:18 PM, Ben Scott  wrote:
>
> On Thu, May 13, 2010 at 5:53 PM, James Hill
>  wrote:
>
> > However if you feel you have to run a vpn then I'd say get a better
> provider.
>
>  I'd rather be safe than sorry.  People used to think cleartext
> Telnet wasn't worth worrying about either.  Or email.  Or whatever.
> They've always been proved wrong in time.  I don't want my employer to
> be the next statistic.  Especially given that industrial espionage is
> increasing at an astronomical pace.  All it would take is one guy
> working at the carrier getting paid off by the Chinese.  (Or the CIA,
> if you're not US.)
>
> -- Ben
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>
>
>
>
>
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Hijacked Thread: All WAN over VPN? (Was: RE: Network/WAN question)

2010-05-13 Thread James Hill 
If our governments can intercept/inspect encrypted traffic (which I'm told they 
can) then other less trustworthy people(although depending on where you live, 
the government may fall into that category too) can as well.

Once data leaves your physical premises it really is in the hands of whoever 
has access to the various paths along the way to its destination. 
 
I don't think cleartext Telnet and email are a fair comparison.  Those things 
were never advertised as secure.  I'm talking about using a network that is 
supposed to be private/secure provided by a company that we are paying for this 
service.  If we have to run vpn over the top of it then the provider isn't 
providing what you are paying for.


-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com] 
Sent: Friday, 14 May 2010 9:19 AM
To: NT System Admin Issues
Subject: Re: Hijacked Thread: All WAN over VPN? (Was: RE: Network/WAN question)

On Thu, May 13, 2010 at 5:53 PM, James Hill  
wrote:
> However if you feel you have to run a vpn then I'd say get a better provider.

  I'd rather be safe than sorry.  People used to think cleartext Telnet wasn't 
worth worrying about either.  Or email.  Or whatever.
They've always been proved wrong in time.  I don't want my employer to be the 
next statistic.  Especially given that industrial espionage is increasing at an 
astronomical pace.  All it would take is one guy working at the carrier getting 
paid off by the Chinese.  (Or the CIA, if you're not US.)

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Hijacked Thread: All WAN over VPN? (Was: RE: Network/WAN question)

2010-05-13 Thread Ben Scott 
On Thu, May 13, 2010 at 7:24 PM, Jon Harris  wrote:
> The CIA/NSF does not pay any one off.  They just twist an arm or two and
> they have all the access they want.  At least that is what one of them did
> out in CA about 2001 or 2002 when they put in their equipment into the AT&T
> network and started listening.

  Right, I said "not US".  :)  Outside the US the US government's
wiretapping policies have little pull.  But I would still be surprised
if the CIA wasn't watching PRC, AUS, UK, etc. -- just like I would be
surprised if their intelligence organizations weren't watching us.

  And CIA doesn't monitor domestic US communications.  That's the NSA
and FBI's job.  ;-)

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: HIPAA Question

2010-05-13 Thread Jon Harris 
Only someone that has done a lot of digging into HIPPA would know but that
is what I thought as well.

It is getting the correct person the password to the vault that concerns
me.  Anyone can send an email from any account and then get the
information.  Sending the connection information by email would be fine (I
think) if it is was an anonymous account.  It would concern me if someone
was to get the password for the vault that way.

Jon

On Thu, May 13, 2010 at 7:28 PM, John Aldrich
wrote:

> On Thu May 13 2010, you wrote:
> > No, I was just joking about the Hotmail bit. ;-)
> >
> > On 5/13/2010 5:49 PM, Jon Harris wrote:
> > > Do you really think that sending this kind of information thru a
> > > Hotmail/Yahoo/gmail is any better?  Maybe to send a link to one of the
> > > secure data transmission methods it would be an idea and maybe a good
> > > idea.  No owner information without a lot of digging to find the owner
> > > of the hotmail/yahoo/gmail account.
> > > I would second that if you do this then you have the receiver call
> > > into the office and get the password to the secure vaulted information
> > > or better yet make them come in and get it.
> > > Jon
> > >
> I really think that the combination of an "anonymous" Hotmail or Gmail or
> yahoo account *along with* the vault is a good solution. That way there's
> nothing obvious to tie it back to the original medical facility, in case
> there's someone "shoulder surfing" etc.
>
> --
> Thanks,
> John Aldrich
> Blueridge Industries
> IT Manager
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Hijacked Thread: All WAN over VPN? (Was: RE: Network/WAN question)

2010-05-13 Thread Steven M. Caesare 
NSF?

 

Methinks you mean NSA 

 

J

 

-sc

 

From: Jon Harris [mailto:jk.har...@gmail.com] 
Sent: Thursday, May 13, 2010 7:25 PM
To: NT System Admin Issues
Subject: Re: Hijacked Thread: All WAN over VPN? (Was: RE: Network/WAN
question)

 

The CIA/NSF does not pay any one off.  They just twist an arm or two and
they have all the access they want.  At least that is what one of them
did out in CA about 2001 or 2002 when they put in their equipment into
the AT&T network and started listening.

 

Jon

On Thu, May 13, 2010 at 7:18 PM, Ben Scott  wrote:

On Thu, May 13, 2010 at 5:53 PM, James Hill
 wrote:

> However if you feel you have to run a vpn then I'd say get a better
provider.

 I'd rather be safe than sorry.  People used to think cleartext
Telnet wasn't worth worrying about either.  Or email.  Or whatever.
They've always been proved wrong in time.  I don't want my employer to
be the next statistic.  Especially given that industrial espionage is
increasing at an astronomical pace.  All it would take is one guy
working at the carrier getting paid off by the Chinese.  (Or the CIA,
if you're not US.)

-- Ben


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: HIPAA Question

2010-05-13 Thread John Aldrich 
On Thu May 13 2010, you wrote:
> No, I was just joking about the Hotmail bit. ;-)
> 
> On 5/13/2010 5:49 PM, Jon Harris wrote:
> > Do you really think that sending this kind of information thru a
> > Hotmail/Yahoo/gmail is any better?  Maybe to send a link to one of the
> > secure data transmission methods it would be an idea and maybe a good
> > idea.  No owner information without a lot of digging to find the owner
> > of the hotmail/yahoo/gmail account.
> > I would second that if you do this then you have the receiver call
> > into the office and get the password to the secure vaulted information
> > or better yet make them come in and get it.
> > Jon
> > 
I really think that the combination of an "anonymous" Hotmail or Gmail or 
yahoo account *along with* the vault is a good solution. That way there's 
nothing obvious to tie it back to the original medical facility, in case 
there's someone "shoulder surfing" etc.

-- 
Thanks,
John Aldrich
Blueridge Industries
IT Manager

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Hijacked Thread: All WAN over VPN? (Was: RE: Network/WAN question)

2010-05-13 Thread Jon Harris 
The CIA/NSF does not pay any one off.  They just twist an arm or two and
they have all the access they want.  At least that is what one of them did
out in CA about 2001 or 2002 when they put in their equipment into the AT&T
network and started listening.

Jon

On Thu, May 13, 2010 at 7:18 PM, Ben Scott  wrote:

> On Thu, May 13, 2010 at 5:53 PM, James Hill
>  wrote:
> > However if you feel you have to run a vpn then I'd say get a better
> provider.
>
>  I'd rather be safe than sorry.  People used to think cleartext
> Telnet wasn't worth worrying about either.  Or email.  Or whatever.
> They've always been proved wrong in time.  I don't want my employer to
> be the next statistic.  Especially given that industrial espionage is
> increasing at an astronomical pace.  All it would take is one guy
> working at the carrier getting paid off by the Chinese.  (Or the CIA,
> if you're not US.)
>
> -- Ben
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: XP Box inaccessible

2010-05-13 Thread Jon Harris 
So what you have is a hung box some where between logon and logoff?

Jon

On Thu, May 13, 2010 at 7:09 PM, Peter van Houten wrote:

> Thanks Jon; I probably didn't lay out my explanation properly but I do
> have remote access; it simply goes through the same login-logoff routine
> as a local login.
>
> --
> Peter van Houten
>
> On the 14 May, 2010 00:58, Jon Harris wrote the following:
>
>> Isn't there a GPO that would turn on remote access for Domain Admins?
>> If it is part of a domain and you have access to the Domain Controller
>> then just have it restarted once or twice and you should be good to go.
>> Jon
>>
>> On Thu, May 13, 2010 at 6:26 PM, Peter van Houten >  > wrote:
>>
>>I have a XP Pro [fully patched :-) ] box on a network that has been
>>infected (probably Virut). It is the classic login...loading your
>>personal settings...logging off scenario.
>>
>>Recovering the data and fixing the malware problem is easy. The real
>>problem is that the box is 300 miles away, so I am trying to avoid
>>flying there tomorrow, just before the weekend.
>>
>>What can't be done / makes no difference:
>>---
>>1) Login locally (admin credentials make no difference)
>>2) Login remotely using RDP or VNC, directly via VPN or via another box
>>on the remote network (goes through the motions as above).
>>2) Start in any form of safe mode.
>>3) Restore to earlier date, last known good config.
>>4) Map drives to *any* shares from another box
>>5) Use any clever login scripts on the server
>>6) Use psexec to run anything remotely.
>>7) Instruct the user to step through anything technical :-(
>>
>>What can be done:
>>--
>>1) Ping the box
>>2) Netbios is enabled, so it shows in network
>>3) Scan the IP and show ports 139 and 445 open
>>4) Open and close a null RPC connection (enum, etc not helping)
>>
>>My hope is that one of you boffins has a script that will, via RPC turn
>>on the telnet server, open port 23 and let me copy a document from the
>>desktop [aarrgh] to USB. Or something equally as clever...
>>
>>TIA but please no advice on malware,
>>
>>--
>>Peter van Houten
>>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Hijacked Thread: All WAN over VPN? (Was: RE: Network/WAN question)

2010-05-13 Thread Ben Scott 
On Thu, May 13, 2010 at 5:53 PM, James Hill
 wrote:
> However if you feel you have to run a vpn then I'd say get a better provider.

  I'd rather be safe than sorry.  People used to think cleartext
Telnet wasn't worth worrying about either.  Or email.  Or whatever.
They've always been proved wrong in time.  I don't want my employer to
be the next statistic.  Especially given that industrial espionage is
increasing at an astronomical pace.  All it would take is one guy
working at the carrier getting paid off by the Chinese.  (Or the CIA,
if you're not US.)

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: XP Box inaccessible

2010-05-13 Thread Peter van Houten 

Thanks Jon; I probably didn't lay out my explanation properly but I do
have remote access; it simply goes through the same login-logoff routine
as a local login.

--
Peter van Houten

On the 14 May, 2010 00:58, Jon Harris wrote the following:

Isn't there a GPO that would turn on remote access for Domain Admins?
If it is part of a domain and you have access to the Domain Controller
then just have it restarted once or twice and you should be good to go.
Jon

On Thu, May 13, 2010 at 6:26 PM, Peter van Houten mailto:peter...@gmail.com>> wrote:

I have a XP Pro [fully patched :-) ] box on a network that has been
infected (probably Virut). It is the classic login...loading your
personal settings...logging off scenario.

Recovering the data and fixing the malware problem is easy. The real
problem is that the box is 300 miles away, so I am trying to avoid
flying there tomorrow, just before the weekend.

What can't be done / makes no difference:
---
1) Login locally (admin credentials make no difference)
2) Login remotely using RDP or VNC, directly via VPN or via another box
on the remote network (goes through the motions as above).
2) Start in any form of safe mode.
3) Restore to earlier date, last known good config.
4) Map drives to *any* shares from another box
5) Use any clever login scripts on the server
6) Use psexec to run anything remotely.
7) Instruct the user to step through anything technical :-(

What can be done:
--
1) Ping the box
2) Netbios is enabled, so it shows in network
3) Scan the IP and show ports 139 and 445 open
4) Open and close a null RPC connection (enum, etc not helping)

My hope is that one of you boffins has a script that will, via RPC turn
on the telnet server, open port 23 and let me copy a document from the
desktop [aarrgh] to USB. Or something equally as clever...

TIA but please no advice on malware,

--
Peter van Houten


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: XP Box inaccessible

2010-05-13 Thread Jon Harris 
Isn't there a GPO that would turn on remote access for Domain Admins?  If it
is part of a domain and you have access to the Domain Controller then just
have it restarted once or twice and you should be good to go.

Jon

On Thu, May 13, 2010 at 6:26 PM, Peter van Houten wrote:

> I have a XP Pro [fully patched :-) ] box on a network that has been
> infected (probably Virut). It is the classic login...loading your
> personal settings...logging off scenario.
>
> Recovering the data and fixing the malware problem is easy. The real
> problem is that the box is 300 miles away, so I am trying to avoid
> flying there tomorrow, just before the weekend.
>
> What can't be done / makes no difference:
> ---
> 1) Login locally (admin credentials make no difference)
> 2) Login remotely using RDP or VNC, directly via VPN or via another box
> on the remote network (goes through the motions as above).
> 2) Start in any form of safe mode.
> 3) Restore to earlier date, last known good config.
> 4) Map drives to *any* shares from another box
> 5) Use any clever login scripts on the server
> 6) Use psexec to run anything remotely.
> 7) Instruct the user to step through anything technical :-(
>
> What can be done:
> --
> 1) Ping the box
> 2) Netbios is enabled, so it shows in network
> 3) Scan the IP and show ports 139 and 445 open
> 4) Open and close a null RPC connection (enum, etc not helping)
>
> My hope is that one of you boffins has a script that will, via RPC turn
> on the telnet server, open port 23 and let me copy a document from the
> desktop [aarrgh] to USB. Or something equally as clever...
>
> TIA but please no advice on malware,
>
> --
> Peter van Houten
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: HIPAA Question

2010-05-13 Thread James Kerr 




No, I was just joking about the Hotmail bit. ;-)

On 5/13/2010 5:49 PM, Jon Harris wrote:

  Do you really think that sending this kind of information thru a
Hotmail/Yahoo/gmail is any better?  Maybe to send a link to one of the
secure data transmission methods it would be an idea and maybe a good
idea.  No owner information without a lot of digging to find the owner
of the hotmail/yahoo/gmail account.
   
  I would second that if you do this then you have the receiver
call into the office and get the password to the secure vaulted
information or better yet make them come in and get it.
   
  Jon
  
  
  On Thu, May 13, 2010 at 5:42 PM, James Kerr 
wrote:
  

You know, I was going to add to my
last email. "I guess we should open a hotmail account for these types
of issues" :-)

  
  -
Original Message - 
  From:
  John Aldrich
  
  To:
  NT
System Admin Issues 
  
  
  Sent:
Thursday, May 13, 2010 4:51 PM
  Subject:
RE: HIPAA Question
  
  
  
  
  
  Well, you could
always go set up a Yahoo or Gmail account for this sort of thing and in
no way identify the company. J
   
  
  
  
   
  
  
  
  From: James Kerr [mailto:cluster...@gmail.com]
  
  Sent: Thursday, May 13, 2010 4:39 PM
  
  To: NT System Admin Issues
  
  Subject: Re: HIPAA Question 
  
  
  
   
  
  I told the
practice manager not to send it because I believed that the email
address itself is PHI and even if you encrypt the data the email
address is still out there as well as ours and we are obviously a
company that deals in HIV/AIDS. I also told her "what if a family
member opens that email that is not aware of this persons status and
the person doesn't want that family member to know?". They are going to
have to find another way.
  
  
   
  
  
  James 
  
  
  


-
Original Message - 


From: Ziots, Edward 




To: NT
System Admin Issues 




Sent: Thursday, May 13, 2010 4:30 PM


Subject: RE: HIPAA Question


 

True, what you are
emailing is PHI to the email address, that doesn’t always equate to a
human being (Emails can be forged), and thus the release of that
information to someone other than the person that it is truly intended
for, could constitute a breach of Privacy/Security Regulations under
HIPAA. 
 
I would use this as
a guideline, but I would look to your legal/IS compliance department
for more guidance accordingly. This really should be a discussion
between the Doctor and the patient accordingly. 
 

  ePHI
= Electronic Protected Health
Information 


  
Medical record number, account
number or SSN 
Patient demographic data, e.g.,
address, date of birth, date of death, sex, e-mail / web address

Dates of service, e.g., date of
admission, discharge 
Medical records,
reports, test results, appointment dates 
  

 
 
1) 
E-mail is not confidential, nor should it be
utilized to send information of a confidential nature. 
2) 
E-mails should not be used to communicate
sensitive medical information,
such as information
regarding sexually transmitted diseases, AIDS/HIV,
mental health, developmental disability, or substance abuse.
 
Hope that helps a
little, honestly, I wouldn’t send it, because there is no assurance
that the person you are sending it to are whom they say they are. 
EZ
 

Edward Ziots
CISSP,MCSA,MCP+I,Security
+,Network +,CCA
Network Engineer
Lifespan Organization
401-639-3505
ezi...@lifespan.org

 



From: paul d [mailto:pdw1...@hotmail.com]

Sent: Thursday, May 13, 2010 3:59 PM

To: NT System Admin Issues

Subject: RE: HIPAA Question 



 
I'm not sure what you mean by "viral load." 
However, if that is a lab result, the fact that you're emailing it to
him constitutes PHI (email address).  HIPAA, as it is interpreted now,
defines email as an "addressable" not a requirement.  But, if something
happened (sent to wrong email, for example), I doubt you could convince
CMS that it wasn't a violation.

You could use Pkzip to encrypt a file with the information and then
email that.  The newer versions of pkzip use AES.


From: cluster...@gmail.com
To: ntsysadmin@lyris.sunbelt-software.com
Subject: HIPAA Question
Date: Thu, 13 May 2010 15:2

RE: XP Box inaccessible

2010-05-13 Thread James Hill 
Boot from CD, USB, or PXE with some sort of linux distro or winpe that gives 
you access to the drive and network.

Something else that MAY work is a startup script (not a logon script) that 
copies the required data.  These are run when computer policies are applied 
which is before you get the logon screen.  


-Original Message-
From: Peter van Houten [mailto:peter...@gmail.com] 
Sent: Friday, 14 May 2010 8:27 AM
To: NT System Admin Issues
Subject: XP Box inaccessible

I have a XP Pro [fully patched :-) ] box on a network that has been infected 
(probably Virut). It is the classic login...loading your personal 
settings...logging off scenario.

Recovering the data and fixing the malware problem is easy. The real problem is 
that the box is 300 miles away, so I am trying to avoid flying there tomorrow, 
just before the weekend.

What can't be done / makes no difference:
---
1) Login locally (admin credentials make no difference)
2) Login remotely using RDP or VNC, directly via VPN or via another box on the 
remote network (goes through the motions as above).
2) Start in any form of safe mode.
3) Restore to earlier date, last known good config.
4) Map drives to *any* shares from another box
5) Use any clever login scripts on the server
6) Use psexec to run anything remotely.
7) Instruct the user to step through anything technical :-(

What can be done:
--
1) Ping the box
2) Netbios is enabled, so it shows in network
3) Scan the IP and show ports 139 and 445 open
4) Open and close a null RPC connection (enum, etc not helping)

My hope is that one of you boffins has a script that will, via RPC turn on the 
telnet server, open port 23 and let me copy a document from the desktop 
[aarrgh] to USB. Or something equally as clever...

TIA but please no advice on malware,

--
Peter van Houten

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Hijacked Thread: All WAN over VPN? (Was: RE: Network/WAN question)

2010-05-13 Thread Andrew S. Baker 
MPLS networks are really semi-private, not 100% private.  I would still
recommend encryption within an MPLS network, and most carriers offer that
option.

-ASB: http://XeeSM.com/AndrewBaker


On Thu, May 13, 2010 at 5:53 PM, James Hill wrote:

> To me the fact you don't need vpn is one of the main selling point for
> these products (and mpls networks in general).
>
> MPLS networks seem to have been more common place here in Aus than the US
> until recently.  I certainly haven't bothered with vpn's for many years now
> as they just add more complexity.
>
> I can understand why some people add the extra layer of security though.
>  However if you feel you have to run a vpn then I'd say get a better
> provider.
>
>
> -Original Message-
> From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
> Sent: Friday, 14 May 2010 6:34 AM
> To: NT System Admin Issues
> Subject: Hijacked Thread: All WAN over VPN? (Was: RE: Network/WAN question)
>
> I have a related question:
>
> If you are separated, site to site, with a large layer 2 fiber network...
> would you put the traffic between routers over a VPN? Or is it common place
> for companies to "trust their providers" not to have a man in the middle,
> and just route?
>
> I can't imagine anybody actually does this without an IPSec or OpenVPN
> tunnel of some kind... But I'm curious if there are.
>
>
> --Matt Ross
> Ephrata School District
>
>
> - Original Message -
> From: Kim Longenbaugh
> [mailto:k...@colonialsavings.com]
> To: NT System Admin Issues
> [mailto:ntsysad...@lyris.sunbelt-software.com]
> Sent: Thu, 13 May 2010
> 13:05:09 -0700
> Subject: RE: Network/WAN question
>
>
> > It sounds like you have 10 PPP circuits to your remote sites, each
> > currently a T1.  You're replacing the T1s with Ethernet circuits.
> >
> > Just replace this:
> > >Main Site (172.20.x.x) -- T1 Wan link (192.168.x.x) -- Remote
> > Site
> > >(172.21.x.x)
> >
> > With this:
> > >Main Site (172.20.x.x) -- Ethernet "Wan" link (192.168.x.x)
> > >--
> > Remote Site
> > >(172.21.x.x)
> >
> > Your broadcast and collision domains would remain separate, just like
> > they are now.
> >
> > Unless your existing routers have the Ethernet port to handle the new
> > Ethernet "Wan", you'd have to do your routing with the L3 switches
> > anyway, so why not dump the routers and have just one piece of network
> > gear at each remote site to manage.
> >
> >
> > How would this work without routing?  How's traffic on 172.20.x.x get
> > to 172.21.x.x, since those are separate subnets?
> >
> > >When setting up the Fiber, because layer 2, I do NOT have to have a
> > >seperate network for that WAN link anymore.  I can set it up like:
> > >Main Site (172.20.x.x) -- Fiber Link --- Remote Site
> > (172.21.x.x)
> >
> >
> >
> >
> >
> > -Original Message-
> > From: jesse-r...@wi.rr.com [mailto:jesse-r...@wi.rr.com]
> > Sent: Thursday, May 13, 2010 2:42 PM
> > To: NT System Admin Issues
> > Subject: Network/WAN question
> >
> >
> > Hello.  Looking for input on our current/proposed network.
> >
> > We have 10 sites.  Each site is connected via T1 lines.  There is a
> > router at each site that handles the routing.
> >
> > We are replacing the T1 lines with fiber.  The company leasing us the
> > fiber is handing off an ethernet port at each site (all layer 2).
> >
> > My question is... Our current WAN setup with the T1s looks like this:
> >
> > Main Site (172.20.x.x) -- T1 Wan link (192.168.x.x) -- Remote
> > Site
> > (172.21.x.x)
> >
> > The WAN link itself is on it's own network.
> >
> > When setting up the Fiber, because layer 2, I do NOT have to have a
> > seperate network for that WAN link anymore.  I can set it up like:
> > Main Site (172.20.x.x) -- Fiber Link --- Remote Site
> > (172.21.x.x)
> >
> > The downside with this is, broadcasts would still travel over the
> > Fiber link since the WAN link is not on a seperate network. It does
> > however, simplify things for me a bit.
> >
> > The question is, which of the two methods would you use?   Putting the
> > Fiber WAN link on it's own network or, not?
> >
> > One other question.  Since my HP switches at the main/remote sites are
> > able to do IP Routing, would you also remove the routers (which are
> > needed with the current T1 WAN links) completly from the enviroment
> > and do all routing at the switch level?  I'm leaning towards doing
> > this and ditching the routers.
> >
> > Thanks.
> > J
> >
> >
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

XP Box inaccessible

2010-05-13 Thread Peter van Houten 

I have a XP Pro [fully patched :-) ] box on a network that has been
infected (probably Virut). It is the classic login...loading your
personal settings...logging off scenario.

Recovering the data and fixing the malware problem is easy. The real
problem is that the box is 300 miles away, so I am trying to avoid
flying there tomorrow, just before the weekend.

What can't be done / makes no difference:
---
1) Login locally (admin credentials make no difference)
2) Login remotely using RDP or VNC, directly via VPN or via another box
on the remote network (goes through the motions as above).
2) Start in any form of safe mode.
3) Restore to earlier date, last known good config.
4) Map drives to *any* shares from another box
5) Use any clever login scripts on the server
6) Use psexec to run anything remotely.
7) Instruct the user to step through anything technical :-(

What can be done:
--
1) Ping the box
2) Netbios is enabled, so it shows in network
3) Scan the IP and show ports 139 and 445 open
4) Open and close a null RPC connection (enum, etc not helping)

My hope is that one of you boffins has a script that will, via RPC turn
on the telnet server, open port 23 and let me copy a document from the
desktop [aarrgh] to USB. Or something equally as clever...

TIA but please no advice on malware,

--
Peter van Houten

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Hijacked Thread: All WAN over VPN? (Was: RE: Network/WAN question)

2010-05-13 Thread Rohyans, Aaron 
This is where technologies such as GETVPN come into play - tunnel-less IPSec 
encryption on an any-to-any network.  Generally speaking, it only works on 
private networks (such as MPLS) where every IP Address is routable throughout 
all sites, but it can work over the Internet if engineered to do so (such as 
the case with mGRE).  

Aaron T. Rohyans
Senior Network Engineer
CCIE #21945, CCSP, CCNA, CQS-Firewall, CQS-IPS, CQS-VPN, ISSP, CISP, JNCIA-ER
DPSciences Corporation
7400 N. Shadeland Ave., Suite 245
Indianapolis, IN 46250
Office:  (317) 348-0099
Fax:   (317) 849-7134
arohy...@dpsciences.com
http://www.dpsciences.com/
"I want an Anti-Virus system that sends Arnold back in time to kill the hacker 
as a small child before he invents the virus..."
"There are 10 kinds of people in this world... those who can read binary, and 
those who can't"


-Original Message-
From: James Hill [mailto:james.h...@superamart.com.au] 
Sent: Thursday, May 13, 2010 5:54 PM
To: NT System Admin Issues
Subject: RE: Hijacked Thread: All WAN over VPN? (Was: RE: Network/WAN question)

To me the fact you don't need vpn is one of the main selling point for these 
products (and mpls networks in general). 

MPLS networks seem to have been more common place here in Aus than the US until 
recently.  I certainly haven't bothered with vpn's for many years now as they 
just add more complexity.

I can understand why some people add the extra layer of security though.  
However if you feel you have to run a vpn then I'd say get a better provider.


-Original Message-
From: Matthew W. Ross [mailto:mr...@ephrataschools.org] 
Sent: Friday, 14 May 2010 6:34 AM
To: NT System Admin Issues
Subject: Hijacked Thread: All WAN over VPN? (Was: RE: Network/WAN question)

I have a related question:

If you are separated, site to site, with a large layer 2 fiber network... would 
you put the traffic between routers over a VPN? Or is it common place for 
companies to "trust their providers" not to have a man in the middle, and just 
route?

I can't imagine anybody actually does this without an IPSec or OpenVPN tunnel 
of some kind... But I'm curious if there are.


--Matt Ross
Ephrata School District


- Original Message -
From: Kim Longenbaugh
[mailto:k...@colonialsavings.com]
To: NT System Admin Issues
[mailto:ntsysad...@lyris.sunbelt-software.com]
Sent: Thu, 13 May 2010
13:05:09 -0700
Subject: RE: Network/WAN question


> It sounds like you have 10 PPP circuits to your remote sites, each 
> currently a T1.  You're replacing the T1s with Ethernet circuits.
> 
> Just replace this:
> >Main Site (172.20.x.x) -- T1 Wan link (192.168.x.x) -- Remote
> Site
> >(172.21.x.x)
> 
> With this: 
> >Main Site (172.20.x.x) -- Ethernet "Wan" link (192.168.x.x) 
> >--
> Remote Site
> >(172.21.x.x)
> 
> Your broadcast and collision domains would remain separate, just like 
> they are now.
> 
> Unless your existing routers have the Ethernet port to handle the new 
> Ethernet "Wan", you'd have to do your routing with the L3 switches 
> anyway, so why not dump the routers and have just one piece of network 
> gear at each remote site to manage.
> 
> 
> How would this work without routing?  How's traffic on 172.20.x.x get 
> to 172.21.x.x, since those are separate subnets?
> 
> >When setting up the Fiber, because layer 2, I do NOT have to have a 
> >seperate network for that WAN link anymore.  I can set it up like:
> >Main Site (172.20.x.x) -- Fiber Link --- Remote Site
> (172.21.x.x)
> 
> 
> 
> 
> 
> -Original Message-
> From: jesse-r...@wi.rr.com [mailto:jesse-r...@wi.rr.com]
> Sent: Thursday, May 13, 2010 2:42 PM
> To: NT System Admin Issues
> Subject: Network/WAN question
> 
> 
> Hello.  Looking for input on our current/proposed network.
> 
> We have 10 sites.  Each site is connected via T1 lines.  There is a 
> router at each site that handles the routing.
> 
> We are replacing the T1 lines with fiber.  The company leasing us the 
> fiber is handing off an ethernet port at each site (all layer 2).
> 
> My question is... Our current WAN setup with the T1s looks like this:
> 
> Main Site (172.20.x.x) -- T1 Wan link (192.168.x.x) -- Remote 
> Site
> (172.21.x.x)
> 
> The WAN link itself is on it's own network.
> 
> When setting up the Fiber, because layer 2, I do NOT have to have a 
> seperate network for that WAN link anymore.  I can set it up like:
> Main Site (172.20.x.x) -- Fiber Link --- Remote Site
> (172.21.x.x)
> 
> The downside with this is, broadcasts would still travel over the 
> Fiber link since the WAN link is not on a seperate network. It does 
> however, simplify things for me a bit.
> 
> The question is, which of the two methods would you use?   Putting the
> Fiber WAN link on it's own network or, not?
> 
> One other question.  Since my HP switches at the main/remote sites are 
> able to do IP Routing, would you also remove the routers (which are 
> needed with the current T1 WAN links

RE: Hijacked Thread: All WAN over VPN? (Was: RE: Network/WAN question)

2010-05-13 Thread James Hill 
To me the fact you don't need vpn is one of the main selling point for these 
products (and mpls networks in general). 

MPLS networks seem to have been more common place here in Aus than the US until 
recently.  I certainly haven't bothered with vpn's for many years now as they 
just add more complexity.

I can understand why some people add the extra layer of security though.  
However if you feel you have to run a vpn then I'd say get a better provider.


-Original Message-
From: Matthew W. Ross [mailto:mr...@ephrataschools.org] 
Sent: Friday, 14 May 2010 6:34 AM
To: NT System Admin Issues
Subject: Hijacked Thread: All WAN over VPN? (Was: RE: Network/WAN question)

I have a related question:

If you are separated, site to site, with a large layer 2 fiber network... would 
you put the traffic between routers over a VPN? Or is it common place for 
companies to "trust their providers" not to have a man in the middle, and just 
route?

I can't imagine anybody actually does this without an IPSec or OpenVPN tunnel 
of some kind... But I'm curious if there are.


--Matt Ross
Ephrata School District


- Original Message -
From: Kim Longenbaugh
[mailto:k...@colonialsavings.com]
To: NT System Admin Issues
[mailto:ntsysad...@lyris.sunbelt-software.com]
Sent: Thu, 13 May 2010
13:05:09 -0700
Subject: RE: Network/WAN question


> It sounds like you have 10 PPP circuits to your remote sites, each 
> currently a T1.  You're replacing the T1s with Ethernet circuits.
> 
> Just replace this:
> >Main Site (172.20.x.x) -- T1 Wan link (192.168.x.x) -- Remote
> Site
> >(172.21.x.x)
> 
> With this: 
> >Main Site (172.20.x.x) -- Ethernet "Wan" link (192.168.x.x) 
> >--
> Remote Site
> >(172.21.x.x)
> 
> Your broadcast and collision domains would remain separate, just like 
> they are now.
> 
> Unless your existing routers have the Ethernet port to handle the new 
> Ethernet "Wan", you'd have to do your routing with the L3 switches 
> anyway, so why not dump the routers and have just one piece of network 
> gear at each remote site to manage.
> 
> 
> How would this work without routing?  How's traffic on 172.20.x.x get 
> to 172.21.x.x, since those are separate subnets?
> 
> >When setting up the Fiber, because layer 2, I do NOT have to have a 
> >seperate network for that WAN link anymore.  I can set it up like:
> >Main Site (172.20.x.x) -- Fiber Link --- Remote Site
> (172.21.x.x)
> 
> 
> 
> 
> 
> -Original Message-
> From: jesse-r...@wi.rr.com [mailto:jesse-r...@wi.rr.com]
> Sent: Thursday, May 13, 2010 2:42 PM
> To: NT System Admin Issues
> Subject: Network/WAN question
> 
> 
> Hello.  Looking for input on our current/proposed network.
> 
> We have 10 sites.  Each site is connected via T1 lines.  There is a 
> router at each site that handles the routing.
> 
> We are replacing the T1 lines with fiber.  The company leasing us the 
> fiber is handing off an ethernet port at each site (all layer 2).
> 
> My question is... Our current WAN setup with the T1s looks like this:
> 
> Main Site (172.20.x.x) -- T1 Wan link (192.168.x.x) -- Remote 
> Site
> (172.21.x.x)
> 
> The WAN link itself is on it's own network.
> 
> When setting up the Fiber, because layer 2, I do NOT have to have a 
> seperate network for that WAN link anymore.  I can set it up like:
> Main Site (172.20.x.x) -- Fiber Link --- Remote Site
> (172.21.x.x)
> 
> The downside with this is, broadcasts would still travel over the 
> Fiber link since the WAN link is not on a seperate network. It does 
> however, simplify things for me a bit.
> 
> The question is, which of the two methods would you use?   Putting the
> Fiber WAN link on it's own network or, not?
> 
> One other question.  Since my HP switches at the main/remote sites are 
> able to do IP Routing, would you also remove the routers (which are 
> needed with the current T1 WAN links) completly from the enviroment 
> and do all routing at the switch level?  I'm leaning towards doing 
> this and ditching the routers.
> 
> Thanks.
> J
> 
> 
> 
> 
> 
> mail2web.com - What can On Demand Business Solutions do for you?
> http://link.mail2web.com/Business/SharePoint
> 
> 
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
> 
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
> 
> 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Hijacked Thread: All WAN over VPN? (Was: RE: Network/WAN question)

2010-05-13 Thread Ben Scott 
On Thu, May 13, 2010 at 5:37 PM, Kim Longenbaugh
 wrote:
> How would you implement between sites?  With a VPN?  If so, then why not
> just buy internet circuits instead of PPP circuits ...

  Because "Internet circuits" generally mean you're standing in line
with everyone else, including the guy down the street torrenting every
Linux distro known to man, hordes of compromised zombie PCs, etc.
Dedicated circuits generally have dedicated resources, SLA, CIR, etc.

  I would still always recommend some kind of encryption between
sites.  I wouldn't trust the carrier to keep my stuff secure even if I
generally liked the carrier, and I regard most carriers as only a few
steps removed from evil incarnate.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: HIPAA Question

2010-05-13 Thread Jon Harris 
Do you really think that sending this kind of information thru a
Hotmail/Yahoo/gmail is any better?  Maybe to send a link to one of the
secure data transmission methods it would be an idea and maybe a good idea.
No owner information without a lot of digging to find the owner of the
hotmail/yahoo/gmail account.

I would second that if you do this then you have the receiver call into the
office and get the password to the secure vaulted information or better yet
make them come in and get it.

Jon

On Thu, May 13, 2010 at 5:42 PM, James Kerr  wrote:

>  You know, I was going to add to my last email. "I guess we should open a
> hotmail account for these types of issues" :-)
>
>  - Original Message -
> *From:* John Aldrich 
> *To:* NT System Admin Issues 
>  *Sent:* Thursday, May 13, 2010 4:51 PM
> *Subject:* RE: HIPAA Question
>
>  Well, you could always go set up a Yahoo or Gmail account for this sort
> of thing and in no way identify the company. J
>
>
>
> [image: John-Aldrich][image: Tile-Tools]
>
>
>
> *From:* James Kerr [mailto:cluster...@gmail.com]
> *Sent:* Thursday, May 13, 2010 4:39 PM
> *To:* NT System Admin Issues
> *Subject:* Re: HIPAA Question
>
>
>
> I told the practice manager not to send it because I believed that the
> email address itself is PHI and even if you encrypt the data the email
> address is still out there as well as ours and we are obviously a company
> that deals in HIV/AIDS. I also told her "what if a family member opens that
> email that is not aware of this persons status and the person doesn't want
> that family member to know?". They are going to have to find another way.
>
>
>
> James
>
>  - Original Message -
>
> *From:* Ziots, Edward 
>
> *To:* NT System Admin Issues 
>
> *Sent:* Thursday, May 13, 2010 4:30 PM
>
> *Subject:* RE: HIPAA Question
>
>
>
> True, what you are emailing is PHI to the email address, that doesn’t
> always equate to a human being (Emails can be forged), and thus the release
> of that information to someone other than the person that it is truly
> intended for, could constitute a breach of Privacy/Security Regulations
> under HIPAA.
>
>
>
> I would use this as a guideline, but I would look to your legal/IS
> compliance department for more guidance accordingly. This really should be a
> discussion between the Doctor and the patient accordingly.
>
>
>
>- *ePHI **= Electronic Protected Health Information*
>
>
> - Medical record number, account number or SSN
>   - Patient demographic data, e.g., address, date of birth, date of
>   death, sex, e-mail / web address
>   - Dates of service, e.g., date of admission, discharge
>   - *Medical records*, reports, *test results*, appointment dates
>
>
>
>
>
> 1)  E-mail is not confidential, nor should it be utilized to send
> information of a confidential nature.
>
> 2)  E-mails should not be used to communicate sensitive medical *
> information*, such as *information* regarding sexually transmitted
> diseases, AIDS/*HIV*, mental health, developmental disability, or
> substance abuse.
>
>
>
> Hope that helps a little, honestly, I wouldn’t send it, because there is no
> assurance that the person you are sending it to are whom they say they are.
>
> EZ
>
>
>
> Edward Ziots
>
> CISSP,MCSA,MCP+I,Security +,Network +,CCA
>
> Network Engineer
>
> Lifespan Organization
>
> 401-639-3505
>
> ezi...@lifespan.org
>
>
>
> *From:* paul d [mailto:pdw1...@hotmail.com]
> *Sent:* Thursday, May 13, 2010 3:59 PM
> *To:* NT System Admin Issues
> *Subject:* RE: HIPAA Question
>
>
>
> I'm not sure what you mean by "viral load."  However, if that is a lab
> result, the fact that you're emailing it to him constitutes PHI (email
> address).  HIPAA, as it is interpreted now, defines email as an
> "addressable" not a requirement.  But, if something happened (sent to wrong
> email, for example), I doubt you could convince CMS that it wasn't a
> violation.
>
> You could use Pkzip to encrypt a file with the information and then email
> that.  The newer versions of pkzip use AES.
>  --
>
> From: cluster...@gmail.com
> To: ntsysadmin@lyris.sunbelt-software.com
> Subject: HIPAA Question
> Date: Thu, 13 May 2010 15:22:20 -0400
>
> Guys, I have a quick HIPAA question. We work with people infected with
> HIV. A patient that lives out of state is asking us to email him info about
> his viral load. Any suggestions for how to email that info or get that info
> to him somehow? If the email content doesn't contain identifying info, is it
> ok?
>
>
>
> James
>
>
>
>
>
>
>  --
>
> The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with
> Hotmail. Get 
> busy.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~

Re: Network/WAN question

2010-05-13 Thread Ben Scott 
On Thu, May 13, 2010 at 3:42 PM, jesse-r...@wi.rr.com
 wrote:
> The question is, which of the two methods would you use?   Putting the
> Fiber WAN link on it's own network or, not?

  I would definitely assign a different IP subnet for the fiber
network, and use routing between all sites.  There's all sorts of
reasons to do this.  Minimize broadcast traffic.  Minimize change vs
your existing config.  Diagnostics.  Possibility of access control in
the future.  Makes it easy to change back to providers/technologies
that don't give you an Ethernet interface.  Etc.

> Since my HP switches at the main/remote sites are able
> to do IP Routing, would you also remove the routers ... and do all routing
> at the switch level?

  That depends on the amount of traffic and the capabilities of the
switches in question.  The routing functionality in many switches is
very limited, both in terms of features and performance.  I don't know
enough about HP's layer 3 stuff to comment on that.  Just know that
not all routers are created equal.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Network/WAN question

2010-05-13 Thread James Hill 
I'd keep the separate WAN subnets.

I'd also keep the routers at each end.  You never know if you'll need to add a 
feature down the track that needs a true router rather than a L3 switch.

We have a similar configuration with routers at the remote offices but only a 
Layer 3 switch at head office.  Now that we are looking at WAN redundancy the 
L3 switch has become an issue (as it only has Ethernet ports).

-Original Message-
From: jesse-r...@wi.rr.com [mailto:jesse-r...@wi.rr.com] 
Sent: Friday, 14 May 2010 5:42 AM
To: NT System Admin Issues
Subject: Network/WAN question


Hello.  Looking for input on our current/proposed network.

We have 10 sites.  Each site is connected via T1 lines.  There is a router at 
each site that handles the routing.

We are replacing the T1 lines with fiber.  The company leasing us the fiber is 
handing off an ethernet port at each site (all layer 2).

My question is... Our current WAN setup with the T1s looks like this:

Main Site (172.20.x.x) -- T1 Wan link (192.168.x.x) -- Remote Site
(172.21.x.x)

The WAN link itself is on it's own network.

When setting up the Fiber, because layer 2, I do NOT have to have a seperate 
network for that WAN link anymore.  I can set it up like:
Main Site (172.20.x.x) -- Fiber Link --- Remote Site (172.21.x.x)

The downside with this is, broadcasts would still travel over the Fiber link 
since the WAN link is not on a seperate network. It does however, simplify 
things for me a bit.

The question is, which of the two methods would you use?   Putting the
Fiber WAN link on it's own network or, not?

One other question.  Since my HP switches at the main/remote sites are able to 
do IP Routing, would you also remove the routers (which are needed with the 
current T1 WAN links) completly from the enviroment and do all routing at the 
switch level?  I'm leaning towards doing this and ditching the routers.

Thanks.
J





mail2web.com - What can On Demand Business Solutions do for you?
http://link.mail2web.com/Business/SharePoint



~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: HIPAA Question

2010-05-13 Thread James Kerr 
You know, I was going to add to my last email. "I guess we should open a 
hotmail account for these types of issues" :-)
  - Original Message - 
  From: John Aldrich 
  To: NT System Admin Issues 
  Sent: Thursday, May 13, 2010 4:51 PM
  Subject: RE: HIPAA Question


  Well, you could always go set up a Yahoo or Gmail account for this sort of 
thing and in no way identify the company. J

   



   

  From: James Kerr [mailto:cluster...@gmail.com] 
  Sent: Thursday, May 13, 2010 4:39 PM
  To: NT System Admin Issues
  Subject: Re: HIPAA Question

   

  I told the practice manager not to send it because I believed that the email 
address itself is PHI and even if you encrypt the data the email address is 
still out there as well as ours and we are obviously a company that deals in 
HIV/AIDS. I also told her "what if a family member opens that email that is not 
aware of this persons status and the person doesn't want that family member to 
know?". They are going to have to find another way.

   

  James 

- Original Message - 

From: Ziots, Edward 

To: NT System Admin Issues 

Sent: Thursday, May 13, 2010 4:30 PM

Subject: RE: HIPAA Question

 

True, what you are emailing is PHI to the email address, that doesn't 
always equate to a human being (Emails can be forged), and thus the release of 
that information to someone other than the person that it is truly intended 
for, could constitute a breach of Privacy/Security Regulations under HIPAA. 

 

I would use this as a guideline, but I would look to your legal/IS 
compliance department for more guidance accordingly. This really should be a 
discussion between the Doctor and the patient accordingly. 

 

  a.. ePHI = Electronic Protected Health Information 
a.. Medical record number, account number or SSN 
b.. Patient demographic data, e.g., address, date of birth, date of 
death, sex, e-mail / web address 
c.. Dates of service, e.g., date of admission, discharge 
d.. Medical records, reports, test results, appointment dates 
 

 

1)  E-mail is not confidential, nor should it be utilized to send 
information of a confidential nature. 

2)  E-mails should not be used to communicate sensitive medical 
information, such as information regarding sexually transmitted diseases, 
AIDS/HIV, mental health, developmental disability, or substance abuse.

 

Hope that helps a little, honestly, I wouldn't send it, because there is no 
assurance that the person you are sending it to are whom they say they are. 

EZ

 

Edward Ziots

CISSP,MCSA,MCP+I,Security +,Network +,CCA

Network Engineer

Lifespan Organization

401-639-3505

ezi...@lifespan.org

 

From: paul d [mailto:pdw1...@hotmail.com] 
Sent: Thursday, May 13, 2010 3:59 PM
To: NT System Admin Issues
Subject: RE: HIPAA Question

 

I'm not sure what you mean by "viral load."  However, if that is a lab 
result, the fact that you're emailing it to him constitutes PHI (email 
address).  HIPAA, as it is interpreted now, defines email as an "addressable" 
not a requirement.  But, if something happened (sent to wrong email, for 
example), I doubt you could convince CMS that it wasn't a violation.

You could use Pkzip to encrypt a file with the information and then email 
that.  The newer versions of pkzip use AES.




From: cluster...@gmail.com
To: ntsysadmin@lyris.sunbelt-software.com
Subject: HIPAA Question
Date: Thu, 13 May 2010 15:22:20 -0400

Guys, I have a quick HIPAA question. We work with people infected with HIV. 
A patient that lives out of state is asking us to email him info about his 
viral load. Any suggestions for how to email that info or get that info to him 
somehow? If the email content doesn't contain identifying info, is it ok? 

 

James

 

  




The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with 
Hotmail. Get busy. 

 

  

  

 


 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~<><>

RE: Hijacked Thread: All WAN over VPN? (Was: RE: Network/WAN question)

2010-05-13 Thread Kim Longenbaugh 
How would you implement between sites?  With a VPN?  If so, then why not
just buy internet circuits instead of PPP circuits, since (at least in
my experience) the recurring cost for the circuits is less than the cost
of PPP circuits.  The initial extra outlay for the VPN solution will be
offset at some point by the reduction in circuit costs.

 

KBL

 

From: Andrew S. Baker [mailto:asbz...@gmail.com] 
Sent: Thursday, May 13, 2010 4:22 PM
To: NT System Admin Issues
Subject: Re: Hijacked Thread: All WAN over VPN? (Was: RE: Network/WAN
question)

 

Always encrypt between sites...


-ASB: http://XeeSM.com/AndrewBaker



On Thu, May 13, 2010 at 4:33 PM, Matthew W. Ross
 wrote:

I have a related question:

If you are separated, site to site, with a large layer 2 fiber
network... would you put the traffic between routers over a VPN? Or is
it common place for companies to "trust their providers" not to have a
man in the middle, and just route?

I can't imagine anybody actually does this without an IPSec or OpenVPN
tunnel of some kind... But I'm curious if there are.


--Matt Ross
Ephrata School District


- Original Message -
From: Kim Longenbaugh
[mailto:k...@colonialsavings.com]
To: NT System Admin Issues
[mailto:ntsysad...@lyris.sunbelt-software.com]
Sent: Thu, 13 May 2010
13:05:09 -0700
Subject: RE: Network/WAN question


> It sounds like you have 10 PPP circuits to your remote sites, each
> currently a T1.  You're replacing the T1s with Ethernet circuits.
>
> Just replace this:
> >Main Site (172.20.x.x) -- T1 Wan link (192.168.x.x) -- Remote
> Site
> >(172.21.x.x)
>
> With this:
> >Main Site (172.20.x.x) -- Ethernet "Wan" link (192.168.x.x)
--
> Remote Site
> >(172.21.x.x)
>
> Your broadcast and collision domains would remain separate, just like
> they are now.
>
> Unless your existing routers have the Ethernet port to handle the new
> Ethernet "Wan", you'd have to do your routing with the L3 switches
> anyway, so why not dump the routers and have just one piece of network
> gear at each remote site to manage.
>
>
> How would this work without routing?  How's traffic on 172.20.x.x get
to
> 172.21.x.x, since those are separate subnets?
>
> >When setting up the Fiber, because layer 2, I do NOT have to have a
> >seperate network for that WAN link anymore.  I can set it up like:
> >Main Site (172.20.x.x) -- Fiber Link --- Remote Site
> (172.21.x.x)
>
>
>
>
>
> -Original Message-
> From: jesse-r...@wi.rr.com [mailto:jesse-r...@wi.rr.com]
> Sent: Thursday, May 13, 2010 2:42 PM
> To: NT System Admin Issues
> Subject: Network/WAN question
>
>
> Hello.  Looking for input on our current/proposed network.
>
> We have 10 sites.  Each site is connected via T1 lines.  There is a
> router
> at each site that handles the routing.
>
> We are replacing the T1 lines with fiber.  The company leasing us the
> fiber
> is handing off an ethernet port at each site (all layer 2).
>
> My question is... Our current WAN setup with the T1s looks like this:
>
> Main Site (172.20.x.x) -- T1 Wan link (192.168.x.x) -- Remote
> Site
> (172.21.x.x)
>
> The WAN link itself is on it's own network.
>
> When setting up the Fiber, because layer 2, I do NOT have to have a
> seperate network for that WAN link anymore.  I can set it up like:
> Main Site (172.20.x.x) -- Fiber Link --- Remote Site
> (172.21.x.x)
>
> The downside with this is, broadcasts would still travel over the
Fiber
> link since the WAN link is not on a seperate network. It does however,
> simplify things for me a bit.
>
> The question is, which of the two methods would you use?   Putting the
> Fiber WAN link on it's own network or, not?
>
> One other question.  Since my HP switches at the main/remote sites are
> able
> to do IP Routing, would you also remove the routers (which are needed
> with
> the current T1 WAN links) completly from the enviroment and do all
> routing
> at the switch level?  I'm leaning towards doing this and ditching the
> routers.
>
> Thanks.
> J
>

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Hijacked Thread: All WAN over VPN? (Was : RE: Network/WAN question)

2010-05-13 Thread Matthew W. Ross 
I thought so. Thanks for the sanity check.


--Matt Ross
Ephrata School District


- Original Message -
From: Andrew S. Baker
[mailto:asbz...@gmail.com]
To: NT System Admin Issues
[mailto:ntsysad...@lyris.sunbelt-software.com]
Sent: Thu, 13 May 2010
14:21:35 -0700
Subject: Re: Hijacked Thread: All WAN over VPN? (Was: RE:
Network/WAN question)


> Always encrypt between sites...
> 
> -ASB: http://XeeSM.com/AndrewBaker
> 
> 
> On Thu, May 13, 2010 at 4:33 PM, Matthew W. Ross
> wrote:
> 
> > I have a related question:
> >
> > If you are separated, site to site, with a large layer 2 fiber network...
> > would you put the traffic between routers over a VPN? Or is it common
> place
> > for companies to "trust their providers" not to have a man in the middle,
> > and just route?
> >
> > I can't imagine anybody actually does this without an IPSec or OpenVPN
> > tunnel of some kind... But I'm curious if there are.
> >
> >
> > --Matt Ross
> > Ephrata School District
> >
> >
> > - Original Message -
> > From: Kim Longenbaugh
> > [mailto:k...@colonialsavings.com]
> > To: NT System Admin Issues
> > [mailto:ntsysad...@lyris.sunbelt-software.com]
> > Sent: Thu, 13 May 2010
> > 13:05:09 -0700
> > Subject: RE: Network/WAN question
> >
> >
> > > It sounds like you have 10 PPP circuits to your remote sites, each
> > > currently a T1.  You're replacing the T1s with Ethernet circuits.
> > >
> > > Just replace this:
> > > >Main Site (172.20.x.x) -- T1 Wan link (192.168.x.x) -- Remote
> > > Site
> > > >(172.21.x.x)
> > >
> > > With this:
> > > >Main Site (172.20.x.x) -- Ethernet "Wan" link (192.168.x.x) --
> > > Remote Site
> > > >(172.21.x.x)
> > >
> > > Your broadcast and collision domains would remain separate, just like
> > > they are now.
> > >
> > > Unless your existing routers have the Ethernet port to handle the new
> > > Ethernet "Wan", you'd have to do your routing with the L3 switches
> > > anyway, so why not dump the routers and have just one piece of network
> > > gear at each remote site to manage.
> > >
> > >
> > > How would this work without routing?  How's traffic on 172.20.x.x get to
> > > 172.21.x.x, since those are separate subnets?
> > >
> > > >When setting up the Fiber, because layer 2, I do NOT have to have a
> > > >seperate network for that WAN link anymore.  I can set it up like:
> > > >Main Site (172.20.x.x) -- Fiber Link --- Remote Site
> > > (172.21.x.x)
> > >
> > >
> > >
> > >
> > >
> > > -Original Message-
> > > From: jesse-r...@wi.rr.com [mailto:jesse-r...@wi.rr.com]
> > > Sent: Thursday, May 13, 2010 2:42 PM
> > > To: NT System Admin Issues
> > > Subject: Network/WAN question
> > >
> > >
> > > Hello.  Looking for input on our current/proposed network.
> > >
> > > We have 10 sites.  Each site is connected via T1 lines.  There is a
> > > router
> > > at each site that handles the routing.
> > >
> > > We are replacing the T1 lines with fiber.  The company leasing us the
> > > fiber
> > > is handing off an ethernet port at each site (all layer 2).
> > >
> > > My question is... Our current WAN setup with the T1s looks like this:
> > >
> > > Main Site (172.20.x.x) -- T1 Wan link (192.168.x.x) -- Remote
> > > Site
> > > (172.21.x.x)
> > >
> > > The WAN link itself is on it's own network.
> > >
> > > When setting up the Fiber, because layer 2, I do NOT have to have a
> > > seperate network for that WAN link anymore.  I can set it up like:
> > > Main Site (172.20.x.x) -- Fiber Link --- Remote Site
> > > (172.21.x.x)
> > >
> > > The downside with this is, broadcasts would still travel over the Fiber
> > > link since the WAN link is not on a seperate network. It does however,
> > > simplify things for me a bit.
> > >
> > > The question is, which of the two methods would you use?   Putting the
> > > Fiber WAN link on it's own network or, not?
> > >
> > > One other question.  Since my HP switches at the main/remote sites are
> > > able
> > > to do IP Routing, would you also remove the routers (which are needed
> > > with
> > > the current T1 WAN links) completly from the enviroment and do all
> > > routing
> > > at the switch level?  I'm leaning towards doing this and ditching the
> > > routers.
> > >
> > > Thanks.
> > > J
> > >
> >
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Any one use new bulid of acornis for backup and recovery?

2010-05-13 Thread justino garcia 
Wanted to know is it more stable bulid, any have issues with it backing up
in the December Bulid?

How about the sanpapi, has that issue been fixed?

On Thu, May 13, 2010 at 5:18 PM, Andrew S. Baker  wrote:

> Because?
>
> -ASB: http://XeeSM.com/AndrewBaker
>
>
> On Thu, May 13, 2010 at 4:26 PM, justino garcia 
> wrote:
>
>> Any one use new bulid of acornis for backup and recovery?
>> The april bulid..
>>
>> --
>> Justin
>> IT-TECH
>>
>>
>>
>>
>>
>>
>
>
>
>
>


-- 
Justin
IT-TECH

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Hijacked Thread: All WAN over VPN? (Was: RE: Network/WAN question)

2010-05-13 Thread Andrew S. Baker 
Always encrypt between sites...

-ASB: http://XeeSM.com/AndrewBaker


On Thu, May 13, 2010 at 4:33 PM, Matthew W. Ross
wrote:

> I have a related question:
>
> If you are separated, site to site, with a large layer 2 fiber network...
> would you put the traffic between routers over a VPN? Or is it common place
> for companies to "trust their providers" not to have a man in the middle,
> and just route?
>
> I can't imagine anybody actually does this without an IPSec or OpenVPN
> tunnel of some kind... But I'm curious if there are.
>
>
> --Matt Ross
> Ephrata School District
>
>
> - Original Message -
> From: Kim Longenbaugh
> [mailto:k...@colonialsavings.com]
> To: NT System Admin Issues
> [mailto:ntsysad...@lyris.sunbelt-software.com]
> Sent: Thu, 13 May 2010
> 13:05:09 -0700
> Subject: RE: Network/WAN question
>
>
> > It sounds like you have 10 PPP circuits to your remote sites, each
> > currently a T1.  You're replacing the T1s with Ethernet circuits.
> >
> > Just replace this:
> > >Main Site (172.20.x.x) -- T1 Wan link (192.168.x.x) -- Remote
> > Site
> > >(172.21.x.x)
> >
> > With this:
> > >Main Site (172.20.x.x) -- Ethernet "Wan" link (192.168.x.x) --
> > Remote Site
> > >(172.21.x.x)
> >
> > Your broadcast and collision domains would remain separate, just like
> > they are now.
> >
> > Unless your existing routers have the Ethernet port to handle the new
> > Ethernet "Wan", you'd have to do your routing with the L3 switches
> > anyway, so why not dump the routers and have just one piece of network
> > gear at each remote site to manage.
> >
> >
> > How would this work without routing?  How's traffic on 172.20.x.x get to
> > 172.21.x.x, since those are separate subnets?
> >
> > >When setting up the Fiber, because layer 2, I do NOT have to have a
> > >seperate network for that WAN link anymore.  I can set it up like:
> > >Main Site (172.20.x.x) -- Fiber Link --- Remote Site
> > (172.21.x.x)
> >
> >
> >
> >
> >
> > -Original Message-
> > From: jesse-r...@wi.rr.com [mailto:jesse-r...@wi.rr.com]
> > Sent: Thursday, May 13, 2010 2:42 PM
> > To: NT System Admin Issues
> > Subject: Network/WAN question
> >
> >
> > Hello.  Looking for input on our current/proposed network.
> >
> > We have 10 sites.  Each site is connected via T1 lines.  There is a
> > router
> > at each site that handles the routing.
> >
> > We are replacing the T1 lines with fiber.  The company leasing us the
> > fiber
> > is handing off an ethernet port at each site (all layer 2).
> >
> > My question is... Our current WAN setup with the T1s looks like this:
> >
> > Main Site (172.20.x.x) -- T1 Wan link (192.168.x.x) -- Remote
> > Site
> > (172.21.x.x)
> >
> > The WAN link itself is on it's own network.
> >
> > When setting up the Fiber, because layer 2, I do NOT have to have a
> > seperate network for that WAN link anymore.  I can set it up like:
> > Main Site (172.20.x.x) -- Fiber Link --- Remote Site
> > (172.21.x.x)
> >
> > The downside with this is, broadcasts would still travel over the Fiber
> > link since the WAN link is not on a seperate network. It does however,
> > simplify things for me a bit.
> >
> > The question is, which of the two methods would you use?   Putting the
> > Fiber WAN link on it's own network or, not?
> >
> > One other question.  Since my HP switches at the main/remote sites are
> > able
> > to do IP Routing, would you also remove the routers (which are needed
> > with
> > the current T1 WAN links) completly from the enviroment and do all
> > routing
> > at the switch level?  I'm leaning towards doing this and ditching the
> > routers.
> >
> > Thanks.
> > J
> >
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Paetec outage?

2010-05-13 Thread Richard Stovall 
Anyone else with Paetec internet service experiencing issues?

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Any one use new bulid of acornis for backup and recovery?

2010-05-13 Thread Andrew S. Baker 
Because?

-ASB: http://XeeSM.com/AndrewBaker


On Thu, May 13, 2010 at 4:26 PM, justino garcia wrote:

> Any one use new bulid of acornis for backup and recovery?
> The april bulid..
>
> --
> Justin
> IT-TECH
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: StoreGrid ?

2010-05-13 Thread Andrew S. Baker 
Hmmm...  Backup is free but client side software is not?

It's certainly something worth testing, especially at those prices.

Not good enough for home use, though.  Drats.

-ASB: http://XeeSM.com/AndrewBaker


On Thu, May 13, 2010 at 4:14 PM, Angus Scott-Fleming wrote:

> Anybody using their software to back up a server and replicate it offsite?
> Pricing is certainly right.
>
> Onsite Backup Software for Network based Disk to Disk Backup for SMBs and
> ROBOs
> http://www.storegrid.com/online-backup/network-backup.php
>
> --
> Angus Scott-Fleming
> GeoApps, Tucson, Arizona
> 1-520-290-5038
> Security Blog: http://geoapps.com/
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: SIMPLE FILE SHARING

2010-05-13 Thread Rod Trent 
You could also manage it using a Privilege Management app.

 

From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] 
Sent: Thursday, May 13, 2010 5:02 PM
To: NT System Admin Issues
Subject: Re: SIMPLE FILE SHARING

 

You could run it as a computer start-up script, forgoing the need for local
admin rights.

--
ME2



On Thu, May 13, 2010 at 10:11 AM, Jonathan Link 
wrote:

In this day and I age, I presume that system administrators aren't allowing
users to run as local admins...

 

On Thu, May 13, 2010 at 12:51 PM, Weatherford, Chad 
wrote:

We created a batch file that makes a registry change to do this




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: OT: XenApp 6 Pre-Install Questions

2010-05-13 Thread Harry Singh 
Thanks for the info James.

So technically, I don't have to buy new RDS cals, since i already have 2003
TS Cals, if all i'm doing is standing-up a new XenApp6 farm and publishing
applications ?



On Thu, May 13, 2010 at 4:56 PM, James Rankin  wrote:

> PS 4.5 servers can be joined to Xen5 farms but not Xen6. Xen6 servers can't
> be added to anything except Xen6 farms. Xen6 is exclusively 2008 R2.
>
> Our Windows 2003 CALs are still working for RDS on 2008 R2
>
> Pass on the last question. We are steadily moving our licenses from PS4.5
> to the Xen 5/6 pool, but I didn't get involved in this. However, for legacy
> x86 apps, I built a 2003 PS4.5 server and joined it to my Xen5 farm. I am
> going to run this last server in the Xen5 farm alongside the new Xen6 one to
> accomodate apps that don't like x64 / 2008 or both. The web interface is
> linked up to the Xen5 and Xen6 farms, so users have all their published apps
> available from both farms from a single XenApp PlugIn instance. YMMV
>
>
> On 13 May 2010 17:27, Harry Singh  wrote:
>
>> All:
>>
>> I have a few basic questions when it comes to XenApp 6 that i haven't
>> found (yet) the answers to via the Citrix eDoc directory:
>>
>>
>>- I currently have a PS 4.0 farm; can i introduce XenApp 6 to this
>>farm? I'm pretty sure the answer is no, but looking for confirmation.
>>- I have a windows 2003 TS server issuing TS Cals that were purchased
>>years ago. Do i need to purchase new TS Cals for windows 2008 remote 
>> desktop
>>services for XenApp 6 ?
>>- If i bring up a new farm, i still need the PS 4.0 farm up and
>>running for legacy app support, and log onto mycitrix and generate a new
>>license file for XenApp 6, will that pose a problem for the PS 4 server? 
>> I'm
>>thinking i would have to re-point the PS 4.0 server to the new licensing
>>server, but i've never introduced a new farm and don't know the small
>>nuances as a result.
>>
>>
>> Hoping you can shed some light,
>>
>>
>>
>> Harry.
>>
>>
>>
>>
>>
>>
>
>
> --
> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
> the machine wrong figures, will the right answers come out?' I am not able
> rightly to apprehend the kind of confusion of ideas that could provoke such
> a question."
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: SIMPLE FILE SHARING

2010-05-13 Thread Micheal Espinola Jr 
Well, that wasn't phrased properly now was it...  forgoing the need of a
logged-in local admin.  How's that?  :-)

--
ME2


On Thu, May 13, 2010 at 2:02 PM, Micheal Espinola Jr <
michealespin...@gmail.com> wrote:

> You could run it as a computer start-up script, forgoing the need for local
> admin rights.
>
> --
> ME2
>
>
>
> On Thu, May 13, 2010 at 10:11 AM, Jonathan Link 
> wrote:
>
>> In this day and I age, I presume that system administrators aren't
>> allowing users to run as local admins...
>>
>>
>> On Thu, May 13, 2010 at 12:51 PM, Weatherford, Chad <
>> cweatherf...@scvl.com> wrote:
>>
>>> We created a batch file that makes a registry change to do this
>>>
>>>
>>>
>>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>>> ~   ~
>>>
>>>
>>
>>
>>
>>
>>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: SIMPLE FILE SHARING

2010-05-13 Thread Micheal Espinola Jr 
You could run it as a computer start-up script, forgoing the need for local
admin rights.

--
ME2


On Thu, May 13, 2010 at 10:11 AM, Jonathan Link wrote:

> In this day and I age, I presume that system administrators aren't allowing
> users to run as local admins...
>
>
> On Thu, May 13, 2010 at 12:51 PM, Weatherford, Chad  > wrote:
>
>> We created a batch file that makes a registry change to do this
>>
>>
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: OT: XenApp 6 Pre-Install Questions

2010-05-13 Thread James Rankin 
PS 4.5 servers can be joined to Xen5 farms but not Xen6. Xen6 servers can't
be added to anything except Xen6 farms. Xen6 is exclusively 2008 R2.

Our Windows 2003 CALs are still working for RDS on 2008 R2

Pass on the last question. We are steadily moving our licenses from PS4.5 to
the Xen 5/6 pool, but I didn't get involved in this. However, for legacy x86
apps, I built a 2003 PS4.5 server and joined it to my Xen5 farm. I am going
to run this last server in the Xen5 farm alongside the new Xen6 one to
accomodate apps that don't like x64 / 2008 or both. The web interface is
linked up to the Xen5 and Xen6 farms, so users have all their published apps
available from both farms from a single XenApp PlugIn instance. YMMV

On 13 May 2010 17:27, Harry Singh  wrote:

> All:
>
> I have a few basic questions when it comes to XenApp 6 that i haven't found
> (yet) the answers to via the Citrix eDoc directory:
>
>
>- I currently have a PS 4.0 farm; can i introduce XenApp 6 to this
>farm? I'm pretty sure the answer is no, but looking for confirmation.
>- I have a windows 2003 TS server issuing TS Cals that were purchased
>years ago. Do i need to purchase new TS Cals for windows 2008 remote 
> desktop
>services for XenApp 6 ?
>- If i bring up a new farm, i still need the PS 4.0 farm up and running
>for legacy app support, and log onto mycitrix and generate a new license
>file for XenApp 6, will that pose a problem for the PS 4 server? I'm
>thinking i would have to re-point the PS 4.0 server to the new licensing
>server, but i've never introduced a new farm and don't know the small
>nuances as a result.
>
>
> Hoping you can shed some light,
>
>
>
> Harry.
>
>
>
>
>
>


-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: HIPAA Question

2010-05-13 Thread John Aldrich 
Well, you could always go set up a Yahoo or Gmail account for this sort of
thing and in no way identify the company. J

 

John-AldrichTile-Tools

 

From: James Kerr [mailto:cluster...@gmail.com] 
Sent: Thursday, May 13, 2010 4:39 PM
To: NT System Admin Issues
Subject: Re: HIPAA Question

 

I told the practice manager not to send it because I believed that the email
address itself is PHI and even if you encrypt the data the email address is
still out there as well as ours and we are obviously a company that deals in
HIV/AIDS. I also told her "what if a family member opens that email that is
not aware of this persons status and the person doesn't want that family
member to know?". They are going to have to find another way.

 

James 

- Original Message - 

From: Ziots, Edward   

To: NT System Admin Issues   

Sent: Thursday, May 13, 2010 4:30 PM

Subject: RE: HIPAA Question

 

True, what you are emailing is PHI to the email address, that doesn't always
equate to a human being (Emails can be forged), and thus the release of that
information to someone other than the person that it is truly intended for,
could constitute a breach of Privacy/Security Regulations under HIPAA. 

 

I would use this as a guideline, but I would look to your legal/IS
compliance department for more guidance accordingly. This really should be a
discussion between the Doctor and the patient accordingly. 

 

*   ePHI = Electronic Protected Health Information 

*   Medical record number, account number or SSN 
*   Patient demographic data, e.g., address, date of birth, date of
death, sex, e-mail / web address 
*   Dates of service, e.g., date of admission, discharge 
*   Medical records, reports, test results, appointment dates 

 

 

1)  E-mail is not confidential, nor should it be utilized to send
information of a confidential nature. 

2)  E-mails should not be used to communicate sensitive medical
information, such as information regarding sexually transmitted diseases,
AIDS/HIV, mental health, developmental disability, or substance abuse.

 

Hope that helps a little, honestly, I wouldn't send it, because there is no
assurance that the person you are sending it to are whom they say they are. 

EZ

 

Edward Ziots

CISSP,MCSA,MCP+I,Security +,Network +,CCA

Network Engineer

Lifespan Organization

401-639-3505

ezi...@lifespan.org

 

From: paul d [mailto:pdw1...@hotmail.com] 
Sent: Thursday, May 13, 2010 3:59 PM
To: NT System Admin Issues
Subject: RE: HIPAA Question

 

I'm not sure what you mean by "viral load."  However, if that is a lab
result, the fact that you're emailing it to him constitutes PHI (email
address).  HIPAA, as it is interpreted now, defines email as an
"addressable" not a requirement.  But, if something happened (sent to wrong
email, for example), I doubt you could convince CMS that it wasn't a
violation.

You could use Pkzip to encrypt a file with the information and then email
that.  The newer versions of pkzip use AES.


  _  


From: cluster...@gmail.com
To: ntsysadmin@lyris.sunbelt-software.com
Subject: HIPAA Question
Date: Thu, 13 May 2010 15:22:20 -0400

Guys, I have a quick HIPAA question. We work with people infected with HIV.
A patient that lives out of state is asking us to email him info about his
viral load. Any suggestions for how to email that info or get that info to
him somehow? If the email content doesn't contain identifying info, is it
ok? 

 

James

 

 

 


  _  


The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with
Hotmail. Get busy.
  

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~<><>

Re: HIPAA Question

2010-05-13 Thread John Cook 
Me too, what in an email address points to a specific person?

- Original Message -
From: Kurt Buff 
To: NT System Admin Issues 
Sent: Thu May 13 16:45:37 2010
Subject: Re: HIPAA Question

Really? I doubt it.

On Thu, May 13, 2010 at 12:57, Jonathan Link  wrote:
> The email address would be identifying info...
>
>
> On Thu, May 13, 2010 at 3:22 PM, James Kerr  wrote:
>>
>> Guys, I have a quick HIPAA question. We work with people infected with
>> HIV. A patient that lives out of state is asking us to email him info about
>> his viral load. Any suggestions for how to email that info or get that info
>> to him somehow? If the email content doesn't contain identifying info, is it
>> ok?
>>
>> James

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


CONFIDENTIALITY STATEMENT: The information transmitted, or contained or 
attached to or with this Notice is intended only for the person or entity to 
which it is addressed and may contain Protected Health Information (PHI), 
confidential and/or privileged material. Any review, transmission, 
dissemination, or other use of, and taking any action in reliance upon this 
information by persons or entities other than the intended recipient without 
the express written consent of the sender are prohibited. This information may 
be protected by the Health Insurance Portability and Accountability Act of 1996 
(HIPAA), and other Federal and Florida laws. Improper or unauthorized use or 
disclosure of this information could result in civil and/or criminal penalties.
 Consider the environment. Please don't print this e-mail unless you really 
need to.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: HIPAA Question

2010-05-13 Thread Kurt Buff 
Wait...

Do you mean that the email address provides sufficient identity to
prove that the patient is really asking, and it can be sent to him, or
something else?

On Thu, May 13, 2010 at 12:57, Jonathan Link  wrote:
> The email address would be identifying info...
>
>
> On Thu, May 13, 2010 at 3:22 PM, James Kerr  wrote:
>>
>> Guys, I have a quick HIPAA question. We work with people infected with
>> HIV. A patient that lives out of state is asking us to email him info about
>> his viral load. Any suggestions for how to email that info or get that info
>> to him somehow? If the email content doesn't contain identifying info, is it
>> ok?
>>
>> James
>>
>>
>>
>>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: HIPAA Question

2010-05-13 Thread Ziots, Edward 
http://www.hhs.gov/ocr/privacy/hipaa/faq/use/index.html (Privacy
questions site) 

 

Also has the person given signed consent for the disclosure of his/her
EPHI, if not then defintely you shouldn't send it. 

 

Usually there are secure methods of sending EPHI either by email
encryption, (payload plus EMAIL are sent to a vault) an authorization
email is sent to the subject of the organization email with a code, and
the code plus another key piece of information that only the user knows
is used to retrieve the email from the vault, with the information about
the EPHI, so the email and its payload are encrypted accordingly. 

 

Again the policies and proceedures should have this spelled out pretty
well, if they don't defintely discuss with your legal/compliance folks,
because they should have this documented for compliance reasons along
with enforceable policy, to 'save the company bacon"

 

Z

 

Edward Ziots

CISSP,MCSA,MCP+I,Security +,Network +,CCA

Network Engineer

Lifespan Organization

401-639-3505

ezi...@lifespan.org

 

From: James Kerr [mailto:cluster...@gmail.com] 
Sent: Thursday, May 13, 2010 4:39 PM
To: NT System Admin Issues
Subject: Re: HIPAA Question

 

I told the practice manager not to send it because I believed that the
email address itself is PHI and even if you encrypt the data the email
address is still out there as well as ours and we are obviously a
company that deals in HIV/AIDS. I also told her "what if a family member
opens that email that is not aware of this persons status and the person
doesn't want that family member to know?". They are going to have to
find another way.

 

James 

- Original Message - 

From: Ziots, Edward   

To: NT System Admin Issues
  

Sent: Thursday, May 13, 2010 4:30 PM

Subject: RE: HIPAA Question

 

True, what you are emailing is PHI to the email address, that
doesn't always equate to a human being (Emails can be forged), and thus
the release of that information to someone other than the person that it
is truly intended for, could constitute a breach of Privacy/Security
Regulations under HIPAA. 

 

I would use this as a guideline, but I would look to your
legal/IS compliance department for more guidance accordingly. This
really should be a discussion between the Doctor and the patient
accordingly. 

 

*   ePHI = Electronic Protected Health Information 

*   Medical record number, account number or SSN 
*   Patient demographic data, e.g., address, date of
birth, date of death, sex, e-mail / web address 
*   Dates of service, e.g., date of admission,
discharge 
*   Medical records, reports, test results,
appointment dates 

 

 

1)  E-mail is not confidential, nor should it be utilized to
send information of a confidential nature. 

2)  E-mails should not be used to communicate sensitive
medical information, such as information regarding sexually transmitted
diseases, AIDS/HIV, mental health, developmental disability, or
substance abuse.

 

Hope that helps a little, honestly, I wouldn't send it, because
there is no assurance that the person you are sending it to are whom
they say they are. 

EZ

 

Edward Ziots

CISSP,MCSA,MCP+I,Security +,Network +,CCA

Network Engineer

Lifespan Organization

401-639-3505

ezi...@lifespan.org

 

From: paul d [mailto:pdw1...@hotmail.com] 
Sent: Thursday, May 13, 2010 3:59 PM
To: NT System Admin Issues
Subject: RE: HIPAA Question

 

I'm not sure what you mean by "viral load."  However, if that is
a lab result, the fact that you're emailing it to him constitutes PHI
(email address).  HIPAA, as it is interpreted now, defines email as an
"addressable" not a requirement.  But, if something happened (sent to
wrong email, for example), I doubt you could convince CMS that it wasn't
a violation.

You could use Pkzip to encrypt a file with the information and
then email that.  The newer versions of pkzip use AES.





From: cluster...@gmail.com
To: ntsysadmin@lyris.sunbelt-software.com
Subject: HIPAA Question
Date: Thu, 13 May 2010 15:22:20 -0400

Guys, I have a quick HIPAA question. We work with people
infected with HIV. A patient that lives out of state is asking us to
email him info about his viral load. Any suggestions for how to email
that info or get that info to him somehow? If the email content doesn't
contain identifying info, is it ok? 

 

James

 

 

 





The New Busy think 9 to 5 is a cute idea. C

RE: Network/WAN question

2010-05-13 Thread Kim Longenbaugh 
Hi, Jesse,
I think that ditching the routers is the best idea for the reasons
you've stated.

Of course, you'll want to keep the routers so when the next carrier
change comes around and you get T1s again, you will already have them.

Kim

-Original Message-
From: jesse-r...@wi.rr.com [mailto:jesse-r...@wi.rr.com] 
Sent: Thursday, May 13, 2010 3:37 PM
To: NT System Admin Issues
Subject: RE: Network/WAN question

Hi Kim.
Regarding the current HP routers. Yes, they DO have 2 ethernet ports, so
I
could use the routers at the remote sites INSTEAD of layer 3 switches
for
the routing.  That's one of the things I need to decide -> Use the
router
for the routing, or ditch the router and use the layer 3 switches.  :-) 
I'm leaning towards ditching the routers at the moment, to simplify, and
just do everything at the switches...

J 

Original Message:
-
From: Kim Longenbaugh k...@colonialsavings.com
Date: Thu, 13 May 2010 15:05:09 -0500
To: ntsysadmin@lyris.sunbelt-software.com
Subject: RE: Network/WAN question


It sounds like you have 10 PPP circuits to your remote sites, each
currently a T1.  You're replacing the T1s with Ethernet circuits.  

Just replace this:
>Main Site (172.20.x.x) -- T1 Wan link (192.168.x.x) -- Remote
Site
>(172.21.x.x)

With this: 
>Main Site (172.20.x.x) -- Ethernet "Wan" link (192.168.x.x) --
Remote Site
>(172.21.x.x)

Your broadcast and collision domains would remain separate, just like
they are now.

Unless your existing routers have the Ethernet port to handle the new
Ethernet "Wan", you'd have to do your routing with the L3 switches
anyway, so why not dump the routers and have just one piece of network
gear at each remote site to manage.


How would this work without routing?  How's traffic on 172.20.x.x get to
172.21.x.x, since those are separate subnets?

>When setting up the Fiber, because layer 2, I do NOT have to have a
>seperate network for that WAN link anymore.  I can set it up like:
>Main Site (172.20.x.x) -- Fiber Link --- Remote Site
(172.21.x.x)





-Original Message-
From: jesse-r...@wi.rr.com [mailto:jesse-r...@wi.rr.com] 
Sent: Thursday, May 13, 2010 2:42 PM
To: NT System Admin Issues
Subject: Network/WAN question


Hello.  Looking for input on our current/proposed network.

We have 10 sites.  Each site is connected via T1 lines.  There is a
router
at each site that handles the routing.

We are replacing the T1 lines with fiber.  The company leasing us the
fiber
is handing off an ethernet port at each site (all layer 2).

My question is... Our current WAN setup with the T1s looks like this:

Main Site (172.20.x.x) -- T1 Wan link (192.168.x.x) -- Remote
Site
(172.21.x.x)

The WAN link itself is on it's own network.

When setting up the Fiber, because layer 2, I do NOT have to have a
seperate network for that WAN link anymore.  I can set it up like:
Main Site (172.20.x.x) -- Fiber Link --- Remote Site
(172.21.x.x)

The downside with this is, broadcasts would still travel over the Fiber
link since the WAN link is not on a seperate network. It does however,
simplify things for me a bit.

The question is, which of the two methods would you use?   Putting the
Fiber WAN link on it's own network or, not?

One other question.  Since my HP switches at the main/remote sites are
able
to do IP Routing, would you also remove the routers (which are needed
with
the current T1 WAN links) completly from the enviroment and do all
routing
at the switch level?  I'm leaning towards doing this and ditching the
routers.

Thanks.
J





mail2web.com - What can On Demand Business Solutions do for you?
http://link.mail2web.com/Business/SharePoint



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~



mail2web.com - Microsoft(r) Exchange solutions from a leading provider -
http://link.mail2web.com/Business/Exchange



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: HIPAA Question

2010-05-13 Thread Kurt Buff 
Really? I doubt it.

On Thu, May 13, 2010 at 12:57, Jonathan Link  wrote:
> The email address would be identifying info...
>
>
> On Thu, May 13, 2010 at 3:22 PM, James Kerr  wrote:
>>
>> Guys, I have a quick HIPAA question. We work with people infected with
>> HIV. A patient that lives out of state is asking us to email him info about
>> his viral load. Any suggestions for how to email that info or get that info
>> to him somehow? If the email content doesn't contain identifying info, is it
>> ok?
>>
>> James

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: HIPAA Question

2010-05-13 Thread James Kerr 
I told the practice manager not to send it because I believed that the email 
address itself is PHI and even if you encrypt the data the email address is 
still out there as well as ours and we are obviously a company that deals in 
HIV/AIDS. I also told her "what if a family member opens that email that is not 
aware of this persons status and the person doesn't want that family member to 
know?". They are going to have to find another way.

James 
  - Original Message - 
  From: Ziots, Edward 
  To: NT System Admin Issues 
  Sent: Thursday, May 13, 2010 4:30 PM
  Subject: RE: HIPAA Question


  True, what you are emailing is PHI to the email address, that doesn't always 
equate to a human being (Emails can be forged), and thus the release of that 
information to someone other than the person that it is truly intended for, 
could constitute a breach of Privacy/Security Regulations under HIPAA. 

   

  I would use this as a guideline, but I would look to your legal/IS compliance 
department for more guidance accordingly. This really should be a discussion 
between the Doctor and the patient accordingly. 

   

a.. ePHI = Electronic Protected Health Information 
  a.. Medical record number, account number or SSN 
  b.. Patient demographic data, e.g., address, date of birth, date of 
death, sex, e-mail / web address 
  c.. Dates of service, e.g., date of admission, discharge 
  d.. Medical records, reports, test results, appointment dates 
   

   

  1)  E-mail is not confidential, nor should it be utilized to send 
information of a confidential nature. 

  2)  E-mails should not be used to communicate sensitive medical 
information, such as information regarding sexually transmitted diseases, 
AIDS/HIV, mental health, developmental disability, or substance abuse.

   

  Hope that helps a little, honestly, I wouldn't send it, because there is no 
assurance that the person you are sending it to are whom they say they are. 

  EZ

   

  Edward Ziots

  CISSP,MCSA,MCP+I,Security +,Network +,CCA

  Network Engineer

  Lifespan Organization

  401-639-3505

  ezi...@lifespan.org

   

  From: paul d [mailto:pdw1...@hotmail.com] 
  Sent: Thursday, May 13, 2010 3:59 PM
  To: NT System Admin Issues
  Subject: RE: HIPAA Question

   

  I'm not sure what you mean by "viral load."  However, if that is a lab 
result, the fact that you're emailing it to him constitutes PHI (email 
address).  HIPAA, as it is interpreted now, defines email as an "addressable" 
not a requirement.  But, if something happened (sent to wrong email, for 
example), I doubt you could convince CMS that it wasn't a violation.

  You could use Pkzip to encrypt a file with the information and then email 
that.  The newer versions of pkzip use AES.


--

  From: cluster...@gmail.com
  To: ntsysadmin@lyris.sunbelt-software.com
  Subject: HIPAA Question
  Date: Thu, 13 May 2010 15:22:20 -0400

  Guys, I have a quick HIPAA question. We work with people infected with HIV. A 
patient that lives out of state is asking us to email him info about his viral 
load. Any suggestions for how to email that info or get that info to him 
somehow? If the email content doesn't contain identifying info, is it ok? 

   

  James

   

  


--

  The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with 
Hotmail. Get busy. 

   

 


 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Office 2010 Pricing

2010-05-13 Thread Jonathan Link 
Office has always been Microsoft's cash cow.  The OS is the gateway drug...

On Thu, May 13, 2010 at 4:29 PM, Sam Cayze  wrote:

>  Yikes.  Windows 7 was cheaper.  (Just looked, VL = $130/Seat)  Doesn’t
> make sense to me.
>
>
>
> *From:* Jonathan Link [mailto:jonathan.l...@gmail.com]
> *Sent:* Thursday, May 13, 2010 2:41 PM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Office 2010 Pricing
>
>
>
> That seems consistent with what I was quotes a few months ago for Office
> 2007.
>
>
>
>
>
> On Thu, May 13, 2010 at 3:36 PM, Phil Brutsche 
> wrote:
>
> Sounds about right. Softchoice lists VL Office Standard 2010 at $370-ish.
>
> When we bought Office 2003 Pro VL w/o SA it was just shy of $500 per,
> and the pricing I see for Office Professional Plus 2007 *and* Office
> Professional Plus 2010 is about that.
>
> Point is, VL pricing hasn't changed much over the years.
>
>
> On 5/13/2010 2:16 PM, Sam Cayze wrote:
> > Anyone have Volume License Pricing on Office 2010 yet?  I’ve been quoted
> > *$330* for Office Standard without SA, and told that MS is not offering
> > upgrade pricing anymore for their office suites.
>
> --
>
> Phil Brutsche
> p...@optimumdata.com
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>
>
>
>
>
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Network/WAN question

2010-05-13 Thread jesse-r...@wi.rr.com 
Hi Kim.
Regarding the current HP routers. Yes, they DO have 2 ethernet ports, so I
could use the routers at the remote sites INSTEAD of layer 3 switches for
the routing.  That's one of the things I need to decide -> Use the router
for the routing, or ditch the router and use the layer 3 switches.  :-) 
I'm leaning towards ditching the routers at the moment, to simplify, and
just do everything at the switches...

J 

Original Message:
-
From: Kim Longenbaugh k...@colonialsavings.com
Date: Thu, 13 May 2010 15:05:09 -0500
To: ntsysadmin@lyris.sunbelt-software.com
Subject: RE: Network/WAN question


It sounds like you have 10 PPP circuits to your remote sites, each
currently a T1.  You're replacing the T1s with Ethernet circuits.  

Just replace this:
>Main Site (172.20.x.x) -- T1 Wan link (192.168.x.x) -- Remote
Site
>(172.21.x.x)

With this: 
>Main Site (172.20.x.x) -- Ethernet "Wan" link (192.168.x.x) --
Remote Site
>(172.21.x.x)

Your broadcast and collision domains would remain separate, just like
they are now.

Unless your existing routers have the Ethernet port to handle the new
Ethernet "Wan", you'd have to do your routing with the L3 switches
anyway, so why not dump the routers and have just one piece of network
gear at each remote site to manage.


How would this work without routing?  How's traffic on 172.20.x.x get to
172.21.x.x, since those are separate subnets?

>When setting up the Fiber, because layer 2, I do NOT have to have a
>seperate network for that WAN link anymore.  I can set it up like:
>Main Site (172.20.x.x) -- Fiber Link --- Remote Site
(172.21.x.x)





-Original Message-
From: jesse-r...@wi.rr.com [mailto:jesse-r...@wi.rr.com] 
Sent: Thursday, May 13, 2010 2:42 PM
To: NT System Admin Issues
Subject: Network/WAN question


Hello.  Looking for input on our current/proposed network.

We have 10 sites.  Each site is connected via T1 lines.  There is a
router
at each site that handles the routing.

We are replacing the T1 lines with fiber.  The company leasing us the
fiber
is handing off an ethernet port at each site (all layer 2).

My question is... Our current WAN setup with the T1s looks like this:

Main Site (172.20.x.x) -- T1 Wan link (192.168.x.x) -- Remote
Site
(172.21.x.x)

The WAN link itself is on it's own network.

When setting up the Fiber, because layer 2, I do NOT have to have a
seperate network for that WAN link anymore.  I can set it up like:
Main Site (172.20.x.x) -- Fiber Link --- Remote Site
(172.21.x.x)

The downside with this is, broadcasts would still travel over the Fiber
link since the WAN link is not on a seperate network. It does however,
simplify things for me a bit.

The question is, which of the two methods would you use?   Putting the
Fiber WAN link on it's own network or, not?

One other question.  Since my HP switches at the main/remote sites are
able
to do IP Routing, would you also remove the routers (which are needed
with
the current T1 WAN links) completly from the enviroment and do all
routing
at the switch level?  I'm leaning towards doing this and ditching the
routers.

Thanks.
J





mail2web.com - What can On Demand Business Solutions do for you?
http://link.mail2web.com/Business/SharePoint



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~



mail2web.com - Microsoft® Exchange solutions from a leading provider -
http://link.mail2web.com/Business/Exchange



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: HIPAA Question

2010-05-13 Thread John Cook 
Put it into a passworded Word doc and verbally give them the password.


From: James Kerr 
To: NT System Admin Issues 
Sent: Thu May 13 15:22:20 2010
Subject: HIPAA Question

Guys, I have a quick HIPAA question. We work with people infected with HIV. A 
patient that lives out of state is asking us to email him info about his viral 
load. Any suggestions for how to email that info or get that info to him 
somehow? If the email content doesn't contain identifying info, is it ok?

James






CONFIDENTIALITY STATEMENT: The information transmitted, or contained or 
attached to or with this Notice is intended only for the person or entity to 
which it is addressed and may contain Protected Health Information (PHI), 
confidential and/or privileged material. Any review, transmission, 
dissemination, or other use of, and taking any action in reliance upon this 
information by persons or entities other than the intended recipient without 
the express written consent of the sender are prohibited. This information may 
be protected by the Health Insurance Portability and Accountability Act of 1996 
(HIPAA), and other Federal and Florida laws. Improper or unauthorized use or 
disclosure of this information could result in civil and/or criminal penalties.
Consider the environment. Please don't print this e-mail unless you really need 
to.

This email and any attached files are confidential and intended solely for the 
intended recipient(s). If you are not the named recipient you should not read, 
distribute, copy or alter this email. Any views or opinions expressed in this 
email are those of the author and do not represent those of the company. 
Warning: Although precautions have been taken to make sure no viruses are 
present in this email, the company cannot accept responsibility for any loss or 
damage that arise from the use of this email or attachments.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Hijacked Thread: All WAN over VPN? (Was: RE : Network/WAN question)

2010-05-13 Thread Matthew W. Ross 
I have a related question:

If you are separated, site to site, with a large layer 2 fiber network... would 
you put the traffic between routers over a VPN? Or is it common place for 
companies to "trust their providers" not to have a man in the middle, and just 
route?

I can't imagine anybody actually does this without an IPSec or OpenVPN tunnel 
of some kind... But I'm curious if there are.


--Matt Ross
Ephrata School District


- Original Message -
From: Kim Longenbaugh
[mailto:k...@colonialsavings.com]
To: NT System Admin Issues
[mailto:ntsysad...@lyris.sunbelt-software.com]
Sent: Thu, 13 May 2010
13:05:09 -0700
Subject: RE: Network/WAN question


> It sounds like you have 10 PPP circuits to your remote sites, each
> currently a T1.  You're replacing the T1s with Ethernet circuits.  
> 
> Just replace this:
> >Main Site (172.20.x.x) -- T1 Wan link (192.168.x.x) -- Remote
> Site
> >(172.21.x.x)
> 
> With this: 
> >Main Site (172.20.x.x) -- Ethernet "Wan" link (192.168.x.x) --
> Remote Site
> >(172.21.x.x)
> 
> Your broadcast and collision domains would remain separate, just like
> they are now.
> 
> Unless your existing routers have the Ethernet port to handle the new
> Ethernet "Wan", you'd have to do your routing with the L3 switches
> anyway, so why not dump the routers and have just one piece of network
> gear at each remote site to manage.
> 
> 
> How would this work without routing?  How's traffic on 172.20.x.x get to
> 172.21.x.x, since those are separate subnets?
> 
> >When setting up the Fiber, because layer 2, I do NOT have to have a
> >seperate network for that WAN link anymore.  I can set it up like:
> >Main Site (172.20.x.x) -- Fiber Link --- Remote Site
> (172.21.x.x)
> 
> 
> 
> 
> 
> -Original Message-
> From: jesse-r...@wi.rr.com [mailto:jesse-r...@wi.rr.com] 
> Sent: Thursday, May 13, 2010 2:42 PM
> To: NT System Admin Issues
> Subject: Network/WAN question
> 
> 
> Hello.  Looking for input on our current/proposed network.
> 
> We have 10 sites.  Each site is connected via T1 lines.  There is a
> router
> at each site that handles the routing.
> 
> We are replacing the T1 lines with fiber.  The company leasing us the
> fiber
> is handing off an ethernet port at each site (all layer 2).
> 
> My question is... Our current WAN setup with the T1s looks like this:
> 
> Main Site (172.20.x.x) -- T1 Wan link (192.168.x.x) -- Remote
> Site
> (172.21.x.x)
> 
> The WAN link itself is on it's own network.
> 
> When setting up the Fiber, because layer 2, I do NOT have to have a
> seperate network for that WAN link anymore.  I can set it up like:
> Main Site (172.20.x.x) -- Fiber Link --- Remote Site
> (172.21.x.x)
> 
> The downside with this is, broadcasts would still travel over the Fiber
> link since the WAN link is not on a seperate network. It does however,
> simplify things for me a bit.
> 
> The question is, which of the two methods would you use?   Putting the
> Fiber WAN link on it's own network or, not?
> 
> One other question.  Since my HP switches at the main/remote sites are
> able
> to do IP Routing, would you also remove the routers (which are needed
> with
> the current T1 WAN links) completly from the enviroment and do all
> routing
> at the switch level?  I'm leaning towards doing this and ditching the
> routers.
> 
> Thanks.
> J
> 
> 
> 
> 
> 
> mail2web.com - What can On Demand Business Solutions do for you?
> http://link.mail2web.com/Business/SharePoint
> 
> 
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
> 
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
> 
> 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Office 2010 Pricing

2010-05-13 Thread Sam Cayze 
Yikes.  Windows 7 was cheaper.  (Just looked, VL = $130/Seat)  Doesn't
make sense to me.

 

From: Jonathan Link [mailto:jonathan.l...@gmail.com] 
Sent: Thursday, May 13, 2010 2:41 PM
To: NT System Admin Issues
Subject: Re: Office 2010 Pricing

 

That seems consistent with what I was quotes a few months ago for Office
2007.



 

On Thu, May 13, 2010 at 3:36 PM, Phil Brutsche 
wrote:

Sounds about right. Softchoice lists VL Office Standard 2010 at
$370-ish.

When we bought Office 2003 Pro VL w/o SA it was just shy of $500 per,
and the pricing I see for Office Professional Plus 2007 *and* Office
Professional Plus 2010 is about that.

Point is, VL pricing hasn't changed much over the years.


On 5/13/2010 2:16 PM, Sam Cayze wrote:
> Anyone have Volume License Pricing on Office 2010 yet?  I've been
quoted
> *$330* for Office Standard without SA, and told that MS is not
offering
> upgrade pricing anymore for their office suites.

--

Phil Brutsche
p...@optimumdata.com


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Network/WAN question

2010-05-13 Thread jesse-r...@wi.rr.com 
Hi Phil,
To clarify.

The sites that I'm considering using an HP 2610-48 as a router have <100
devices (6 remote sites resemeble this).  The 3 remaining remote sites have
300-600 devices, but the routing switch at those sites is a 5300 (in one
case) and 5400 (in the other two cases).

I defeinitely plan to set up ALL remote sites with a different subnet (as I
already have in place).  My bigger question was, would you still put the
WAN link on a seperate network from EITHER the local or remote site.  Make
sense what I'm asking  (I'm not sure I'm explaining it well)?   

Right now, I'm leaning towards keeping the fiber WAN links on a seperate
network from the main site and remote sites (just like my T1s are on a
seperate network) -- this way NO broadcast traffic at all crosses the WAN
links ever.

Thanks for the info on the "light" layer 3.  I did NOT realize the 2610
series had limitations.  The 2810's don't even DO layer 3 from my
understanding.


JR




Original Message:
-
From: Phil Brutsche p...@optimumdata.com
Date: Thu, 13 May 2010 14:59:48 -0500
To: ntsysadmin@lyris.sunbelt-software.com
Subject: Re: Network/WAN question


I would put each remote office in it's own subnet, just like you do now.
The broadcast traffic you mention is a good reason to do so. Another
good reason is it will minimize the changes going into your environment.

Be careful with the HP switches - not all of them are fully functional
layer 3 switches.

They might do hardware IP routing but the design of the routing engine
is such that they are limited to 128 MAC addresses and support a limited
number of static routes. HP calls the feature set "light layer 3".
Examples are the ProCurve 2600 series and ProCurve 2800 series.

I don't think that limit will be a problem for the branch offices - if
you had a large enough environment where you had 100+ ethernet-attached
devices at one or more branches you would not be asking us these
questions - but it is something to keep in mind for HQ.



mail2web LIVE – Free email based on Microsoft® Exchange technology -
http://link.mail2web.com/LIVE



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: HIPAA Question

2010-05-13 Thread Ziots, Edward 
True, what you are emailing is PHI to the email address, that doesn't
always equate to a human being (Emails can be forged), and thus the
release of that information to someone other than the person that it is
truly intended for, could constitute a breach of Privacy/Security
Regulations under HIPAA. 

 

I would use this as a guideline, but I would look to your legal/IS
compliance department for more guidance accordingly. This really should
be a discussion between the Doctor and the patient accordingly. 

 

*   ePHI = Electronic Protected Health Information 

*   Medical record number, account number or SSN 
*   Patient demographic data, e.g., address, date of birth,
date of death, sex, e-mail / web address 
*   Dates of service, e.g., date of admission, discharge 
*   Medical records, reports, test results, appointment
dates 

 

 

1)  E-mail is not confidential, nor should it be utilized to send
information of a confidential nature. 

2)  E-mails should not be used to communicate sensitive medical
information, such as information regarding sexually transmitted
diseases, AIDS/HIV, mental health, developmental disability, or
substance abuse.

 

Hope that helps a little, honestly, I wouldn't send it, because there is
no assurance that the person you are sending it to are whom they say
they are. 

EZ

 

Edward Ziots

CISSP,MCSA,MCP+I,Security +,Network +,CCA

Network Engineer

Lifespan Organization

401-639-3505

ezi...@lifespan.org

 

From: paul d [mailto:pdw1...@hotmail.com] 
Sent: Thursday, May 13, 2010 3:59 PM
To: NT System Admin Issues
Subject: RE: HIPAA Question

 

I'm not sure what you mean by "viral load."  However, if that is a lab
result, the fact that you're emailing it to him constitutes PHI (email
address).  HIPAA, as it is interpreted now, defines email as an
"addressable" not a requirement.  But, if something happened (sent to
wrong email, for example), I doubt you could convince CMS that it wasn't
a violation.

You could use Pkzip to encrypt a file with the information and then
email that.  The newer versions of pkzip use AES.



From: cluster...@gmail.com
To: ntsysadmin@lyris.sunbelt-software.com
Subject: HIPAA Question
Date: Thu, 13 May 2010 15:22:20 -0400

Guys, I have a quick HIPAA question. We work with people infected with
HIV. A patient that lives out of state is asking us to email him info
about his viral load. Any suggestions for how to email that info or get
that info to him somehow? If the email content doesn't contain
identifying info, is it ok? 

 

James

 

 

 



The New Busy think 9 to 5 is a cute idea. Combine multiple calendars
with Hotmail. Get busy.
  

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Any one use new bulid of acornis for backup and recovery?

2010-05-13 Thread justino garcia 
Any one use new bulid of acornis for backup and recovery?
The april bulid..

-- 
Justin
IT-TECH

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Network/WAN question

2010-05-13 Thread jesse-r...@wi.rr.com 
The remote sites range from 60 computers (most of them) up to 300-600
computers (only three sites this size).  So minimal broadcast traffic on
some sites, a possible of a fair amount at other sites.



Original Message:
-
From: Kurt Buff kurt.b...@gmail.com
Date: Thu, 13 May 2010 12:54:53 -0700
To: ntsysadmin@lyris.sunbelt-software.com
Subject: Re: Network/WAN question



1) If you've got an IP numbering scheme that works for you at all of
your sites currently, why change it?

2) How big are the sites, and do you have an idea of what current
broadcast traffic is at each site?

Kurt

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~



mail2web LIVE – Free email based on Microsoft® Exchange technology -
http://link.mail2web.com/LIVE



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

StoreGrid ?

2010-05-13 Thread Angus Scott-Fleming 
Anybody using their software to back up a server and replicate it offsite?  
Pricing is certainly right.

Onsite Backup Software for Network based Disk to Disk Backup for SMBs and ROBOs
http://www.storegrid.com/online-backup/network-backup.php

--
Angus Scott-Fleming
GeoApps, Tucson, Arizona
1-520-290-5038
Security Blog: http://geoapps.com/





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Network/WAN question

2010-05-13 Thread Kim Longenbaugh 
It sounds like you have 10 PPP circuits to your remote sites, each
currently a T1.  You're replacing the T1s with Ethernet circuits.  

Just replace this:
>Main Site (172.20.x.x) -- T1 Wan link (192.168.x.x) -- Remote
Site
>(172.21.x.x)

With this: 
>Main Site (172.20.x.x) -- Ethernet "Wan" link (192.168.x.x) --
Remote Site
>(172.21.x.x)

Your broadcast and collision domains would remain separate, just like
they are now.

Unless your existing routers have the Ethernet port to handle the new
Ethernet "Wan", you'd have to do your routing with the L3 switches
anyway, so why not dump the routers and have just one piece of network
gear at each remote site to manage.


How would this work without routing?  How's traffic on 172.20.x.x get to
172.21.x.x, since those are separate subnets?

>When setting up the Fiber, because layer 2, I do NOT have to have a
>seperate network for that WAN link anymore.  I can set it up like:
>Main Site (172.20.x.x) -- Fiber Link --- Remote Site
(172.21.x.x)





-Original Message-
From: jesse-r...@wi.rr.com [mailto:jesse-r...@wi.rr.com] 
Sent: Thursday, May 13, 2010 2:42 PM
To: NT System Admin Issues
Subject: Network/WAN question


Hello.  Looking for input on our current/proposed network.

We have 10 sites.  Each site is connected via T1 lines.  There is a
router
at each site that handles the routing.

We are replacing the T1 lines with fiber.  The company leasing us the
fiber
is handing off an ethernet port at each site (all layer 2).

My question is... Our current WAN setup with the T1s looks like this:

Main Site (172.20.x.x) -- T1 Wan link (192.168.x.x) -- Remote
Site
(172.21.x.x)

The WAN link itself is on it's own network.

When setting up the Fiber, because layer 2, I do NOT have to have a
seperate network for that WAN link anymore.  I can set it up like:
Main Site (172.20.x.x) -- Fiber Link --- Remote Site
(172.21.x.x)

The downside with this is, broadcasts would still travel over the Fiber
link since the WAN link is not on a seperate network. It does however,
simplify things for me a bit.

The question is, which of the two methods would you use?   Putting the
Fiber WAN link on it's own network or, not?

One other question.  Since my HP switches at the main/remote sites are
able
to do IP Routing, would you also remove the routers (which are needed
with
the current T1 WAN links) completly from the enviroment and do all
routing
at the switch level?  I'm leaning towards doing this and ditching the
routers.

Thanks.
J





mail2web.com - What can On Demand Business Solutions do for you?
http://link.mail2web.com/Business/SharePoint



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Network/WAN question

2010-05-13 Thread Phil Brutsche 
I would put each remote office in it's own subnet, just like you do now.
The broadcast traffic you mention is a good reason to do so. Another
good reason is it will minimize the changes going into your environment.

Be careful with the HP switches - not all of them are fully functional
layer 3 switches.

They might do hardware IP routing but the design of the routing engine
is such that they are limited to 128 MAC addresses and support a limited
number of static routes. HP calls the feature set "light layer 3".
Examples are the ProCurve 2600 series and ProCurve 2800 series.

I don't think that limit will be a problem for the branch offices - if
you had a large enough environment where you had 100+ ethernet-attached
devices at one or more branches you would not be asking us these
questions - but it is something to keep in mind for HQ.

On 5/13/2010 2:42 PM, jesse-r...@wi.rr.com wrote:
> The question is, which of the two methods would you use?   Putting the
> Fiber WAN link on it's own network or, not?
> 
> One other question.  Since my HP switches at the main/remote sites are able
> to do IP Routing, would you also remove the routers (which are needed with
> the current T1 WAN links) completly from the enviroment and do all routing
> at the switch level?  I'm leaning towards doing this and ditching the
> routers.

-- 

Phil Brutsche
p...@optimumdata.com

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: HIPAA Question

2010-05-13 Thread paul d 

I'm not sure what you mean by "viral load."  However, if that is a lab result, 
the fact that you're emailing it to him constitutes PHI (email address).  
HIPAA, as it is interpreted now, defines email as an "addressable" not a 
requirement.  But, if something happened (sent to wrong email, for example), I 
doubt you could convince CMS that it wasn't a violation.

You could use Pkzip to encrypt a file with the information and then email that. 
 The newer versions of pkzip use AES.

From: cluster...@gmail.com
To: ntsysadmin@lyris.sunbelt-software.com
Subject: HIPAA Question
Date: Thu, 13 May 2010 15:22:20 -0400










Guys, I have a quick HIPAA question. We work with 
people infected with HIV. A patient that lives out of state is asking us to 
email him info about his viral load. Any suggestions for how to email that info 
or get that info to him somehow? If the email content doesn't contain 
identifying info, is it ok? 
 
James
 



 

  
_
The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with 
Hotmail. 
http://www.windowslive.com/campaign/thenewbusy?tile=multicalendar&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: HIPAA Question

2010-05-13 Thread Jonathan Link 
The email address would be identifying info...



On Thu, May 13, 2010 at 3:22 PM, James Kerr  wrote:

>  Guys, I have a quick HIPAA question. We work with people infected with
> HIV. A patient that lives out of state is asking us to email him info about
> his viral load. Any suggestions for how to email that info or get that info
> to him somehow? If the email content doesn't contain identifying info, is it
> ok?
>
> James
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Network/WAN question

2010-05-13 Thread John Aldrich 
Well, it seems to me that if you keep the routers in place, you don't have
to worry about all the extra network traffic going out over the WAN, but I'm
not a networking expert, so I could be mistaken about that.




-Original Message-
From: jesse-r...@wi.rr.com [mailto:jesse-r...@wi.rr.com] 
Sent: Thursday, May 13, 2010 3:42 PM
To: NT System Admin Issues
Subject: Network/WAN question


Hello.  Looking for input on our current/proposed network.

We have 10 sites.  Each site is connected via T1 lines.  There is a router
at each site that handles the routing.

We are replacing the T1 lines with fiber.  The company leasing us the fiber
is handing off an ethernet port at each site (all layer 2).

My question is... Our current WAN setup with the T1s looks like this:

Main Site (172.20.x.x) -- T1 Wan link (192.168.x.x) -- Remote Site
(172.21.x.x)

The WAN link itself is on it's own network.

When setting up the Fiber, because layer 2, I do NOT have to have a
seperate network for that WAN link anymore.  I can set it up like:
Main Site (172.20.x.x) -- Fiber Link --- Remote Site (172.21.x.x)

The downside with this is, broadcasts would still travel over the Fiber
link since the WAN link is not on a seperate network. It does however,
simplify things for me a bit.

The question is, which of the two methods would you use?   Putting the
Fiber WAN link on it's own network or, not?

One other question.  Since my HP switches at the main/remote sites are able
to do IP Routing, would you also remove the routers (which are needed with
the current T1 WAN links) completly from the enviroment and do all routing
at the switch level?  I'm leaning towards doing this and ditching the
routers.

Thanks.
J





mail2web.com - What can On Demand Business Solutions do for you?
http://link.mail2web.com/Business/SharePoint



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Network/WAN question

2010-05-13 Thread Kurt Buff 
On Thu, May 13, 2010 at 12:42, jesse-r...@wi.rr.com
 wrote:
>
> Hello.  Looking for input on our current/proposed network.
>
> We have 10 sites.  Each site is connected via T1 lines.  There is a router
> at each site that handles the routing.
>
> We are replacing the T1 lines with fiber.  The company leasing us the fiber
> is handing off an ethernet port at each site (all layer 2).
>
> My question is... Our current WAN setup with the T1s looks like this:
>
> Main Site (172.20.x.x) -- T1 Wan link (192.168.x.x) -- Remote Site
> (172.21.x.x)
>
> The WAN link itself is on it's own network.
>
> When setting up the Fiber, because layer 2, I do NOT have to have a
> seperate network for that WAN link anymore.  I can set it up like:
> Main Site (172.20.x.x) -- Fiber Link --- Remote Site (172.21.x.x)
>
> The downside with this is, broadcasts would still travel over the Fiber
> link since the WAN link is not on a seperate network. It does however,
> simplify things for me a bit.
>
> The question is, which of the two methods would you use?   Putting the
> Fiber WAN link on it's own network or, not?
>
> One other question.  Since my HP switches at the main/remote sites are able
> to do IP Routing, would you also remove the routers (which are needed with
> the current T1 WAN links) completly from the enviroment and do all routing
> at the switch level?  I'm leaning towards doing this and ditching the
> routers.
>
> Thanks.
> J

1) If you've got an IP numbering scheme that works for you at all of
your sites currently, why change it?

2) How big are the sites, and do you have an idea of what current
broadcast traffic is at each site?

Kurt

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: VBS script issue

2010-05-13 Thread Carl Houseman 
Have the script copy the autheticat.exe to the %temp% area and run it from
there instead.  If it needs other supporting files in that folder, copy those
too.

 

And since it's not supposed to complete, change that True to a False, else
the script will stall the user login until it times out.

 

From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] 
Sent: Thursday, May 13, 2010 3:40 PM
To: NT System Admin Issues
Subject: RE: VBS script issue

 

I did. The exe does not complete.it is supposed to keep running in the
background until logoff.

 

From: Carl Houseman [mailto:c.house...@gmail.com] 
Sent: Thursday, May 13, 2010 3:27 PM
To: NT System Admin Issues
Subject: RE: VBS script issue

 

Did you keep the 0,True arguments as in my example?  You should get the
errorlevel return of the .exe if you wait for it complete.

 

From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] 
Sent: Thursday, May 13, 2010 3:12 PM
To: NT System Admin Issues
Subject: RE: VBS script issue

 

Very good idea. Status returns empty, but at least I now know for sure the
script is firing.

 

From: Carl Houseman [mailto:c.house...@gmail.com] 
Sent: Thursday, May 13, 2010 1:07 PM
To: NT System Admin Issues
Subject: RE: VBS script issue

 

Write an event with the returned status value of WshShell.Run.  This will
confirm the script ran and tell you if the process creation was successful.

 

iStatus=WshShell.run(\\netbiosDomainName\netlogon\VBS\m86\authenticat.exe
RA[x.x.x.x],0,True)

WshShell.LogEvent 4,"authenticat.exe status returned: " & iStatus

 

Carl

 

From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] 
Sent: Thursday, May 13, 2010 8:59 AM
To: NT System Admin Issues
Subject: VBS script issue

 

Simple user script assigned to the user via GPO for logon. Calls a run and
runs an exe so they authenticate to our webfilter.  Domain Name has been
munged. It fails to run when they login but if I just double click it as they
are logged in it runs just fine. Gotta be something simple I am missing here.
This is on XP SP3 workstations in a native 2008 domain.

 

on error resume next

Set WshShell = WScript.CreateObject("WScript.Shell")

WshShell.Run "\\netbiosDomainName\netlogon\VBS\m86\authenticat.exe
RA[x.x.x.x]"

 

 

 

 

 

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Network/WAN question

2010-05-13 Thread jesse-r...@wi.rr.com 

Hello.  Looking for input on our current/proposed network.

We have 10 sites.  Each site is connected via T1 lines.  There is a router
at each site that handles the routing.

We are replacing the T1 lines with fiber.  The company leasing us the fiber
is handing off an ethernet port at each site (all layer 2).

My question is... Our current WAN setup with the T1s looks like this:

Main Site (172.20.x.x) -- T1 Wan link (192.168.x.x) -- Remote Site
(172.21.x.x)

The WAN link itself is on it's own network.

When setting up the Fiber, because layer 2, I do NOT have to have a
seperate network for that WAN link anymore.  I can set it up like:
Main Site (172.20.x.x) -- Fiber Link --- Remote Site (172.21.x.x)

The downside with this is, broadcasts would still travel over the Fiber
link since the WAN link is not on a seperate network. It does however,
simplify things for me a bit.

The question is, which of the two methods would you use?   Putting the
Fiber WAN link on it's own network or, not?

One other question.  Since my HP switches at the main/remote sites are able
to do IP Routing, would you also remove the routers (which are needed with
the current T1 WAN links) completly from the enviroment and do all routing
at the switch level?  I'm leaning towards doing this and ditching the
routers.

Thanks.
J





mail2web.com – What can On Demand Business Solutions do for you?
http://link.mail2web.com/Business/SharePoint



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Office 2010 Pricing

2010-05-13 Thread Jonathan Link 
That seems consistent with what I was quotes a few months ago for Office
2007.



On Thu, May 13, 2010 at 3:36 PM, Phil Brutsche  wrote:

> Sounds about right. Softchoice lists VL Office Standard 2010 at $370-ish.
>
> When we bought Office 2003 Pro VL w/o SA it was just shy of $500 per,
> and the pricing I see for Office Professional Plus 2007 *and* Office
> Professional Plus 2010 is about that.
>
> Point is, VL pricing hasn't changed much over the years.
>
> On 5/13/2010 2:16 PM, Sam Cayze wrote:
> > Anyone have Volume License Pricing on Office 2010 yet?  I’ve been quoted
> > *$330* for Office Standard without SA, and told that MS is not offering
> > upgrade pricing anymore for their office suites.
>
> --
>
> Phil Brutsche
> p...@optimumdata.com
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: VBS script issue

2010-05-13 Thread Kennedy, Jim 
I did. The exe does not complete...it is supposed to keep running in the 
background until logoff.

From: Carl Houseman [mailto:c.house...@gmail.com]
Sent: Thursday, May 13, 2010 3:27 PM
To: NT System Admin Issues
Subject: RE: VBS script issue

Did you keep the 0,True arguments as in my example?  You should get the 
errorlevel return of the .exe if you wait for it complete.

From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org]
Sent: Thursday, May 13, 2010 3:12 PM
To: NT System Admin Issues
Subject: RE: VBS script issue

Very good idea. Status returns empty, but at least I now know for sure the 
script is firing.

From: Carl Houseman [mailto:c.house...@gmail.com]
Sent: Thursday, May 13, 2010 1:07 PM
To: NT System Admin Issues
Subject: RE: VBS script issue

Write an event with the returned status value of WshShell.Run.  This will 
confirm the script ran and tell you if the process creation was successful.

iStatus=WshShell.run(\\netbiosDomainName\netlogon\VBS\m86\authenticat.exe 
RA[x.x.x.x],0,True)
WshShell.LogEvent 4,"authenticat.exe status returned: " & iStatus

Carl

From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org]
Sent: Thursday, May 13, 2010 8:59 AM
To: NT System Admin Issues
Subject: VBS script issue

Simple user script assigned to the user via GPO for logon. Calls a run and runs 
an exe so they authenticate to our webfilter.  Domain Name has been munged. It 
fails to run when they login but if I just double click it as they are logged 
in it runs just fine. Gotta be something simple I am missing here. This is on 
XP SP3 workstations in a native 2008 domain.

on error resume next
Set WshShell = WScript.CreateObject("WScript.Shell")
WshShell.Run "\\netbiosDomainName\netlogon\VBS\m86\authenticat.exe RA[x.x.x.x]"



















~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Office 2010 Pricing

2010-05-13 Thread Phil Brutsche 
Sounds about right. Softchoice lists VL Office Standard 2010 at $370-ish.

When we bought Office 2003 Pro VL w/o SA it was just shy of $500 per,
and the pricing I see for Office Professional Plus 2007 *and* Office
Professional Plus 2010 is about that.

Point is, VL pricing hasn't changed much over the years.

On 5/13/2010 2:16 PM, Sam Cayze wrote:
> Anyone have Volume License Pricing on Office 2010 yet?  I’ve been quoted
> *$330* for Office Standard without SA, and told that MS is not offering
> upgrade pricing anymore for their office suites.

-- 

Phil Brutsche
p...@optimumdata.com


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Windows 7 RDP client, connecting to windows 2003 r2 TS, issue (times out)

2010-05-13 Thread justino garcia 
NO vpn, just a straight connection, on windows XP it worked fine.
I did not check the ping results, I will see.

On Thu, May 13, 2010 at 3:30 PM, Carl Houseman  wrote:

>  What's the connection method (VPN?) and her ping results to your TS?
>
>
>
> Carl
>
>
>
> *From:* justino garcia [mailto:jgarciaitl...@gmail.com]
> *Sent:* Thursday, May 13, 2010 3:06 PM
>
> *To:* NT System Admin Issues
> *Subject:* Windows 7 RDP client, connecting to windows 2003 r2 TS, issue
> (times out)
>
>
>
>
> Windows 7 RDP client, connecting to windows 2003 r2 TS, issue
>
> I have a client, who connects to TS using her new laptop, with windows 7
> home premium, and RDP but was never able since she bought about one month
> ago.
>
> She only gets about 1/3 of the screen (i.e. wallpaper) to show up, then
> it timeout.
>
> I tested on my windows 7 laptop no issues.
>
> I did turn of windows 7 firewall, to see if that would of helped and still
> my client can't connect (times out).
>
> She trying to connect using the RDP client built-in to windows 7
> home premium, and to a TS windows 2003 server r2 sp2.
>
>
>
> Any suggestions?? Any one seen this and had a solution?
>
>
>
>
>
> thanks
> --
> Justin
> IT-TECH
>
>
>
>
>
>
>
>
>
>


-- 
Justin
IT-TECH

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Windows 7 RDP client, connecting to windows 2003 r2 TS, issue (times out)

2010-05-13 Thread Carl Houseman 
What's the connection method (VPN?) and her ping results to your TS?

 

Carl

 

From: justino garcia [mailto:jgarciaitl...@gmail.com] 
Sent: Thursday, May 13, 2010 3:06 PM
To: NT System Admin Issues
Subject: Windows 7 RDP client, connecting to windows 2003 r2 TS, issue (times
out)

 


Windows 7 RDP client, connecting to windows 2003 r2 TS, issue

I have a client, who connects to TS using her new laptop, with windows 7 home
premium, and RDP but was never able since she bought about one month ago.

She only gets about 1/3 of the screen (i.e. wallpaper) to show up, then it
timeout.

I tested on my windows 7 laptop no issues.

I did turn of windows 7 firewall, to see if that would of helped and still my
client can't connect (times out).

She trying to connect using the RDP client built-in to windows 7 home
premium, and to a TS windows 2003 server r2 sp2.

 

Any suggestions?? Any one seen this and had a solution?

 

 

thanks
-- 
Justin
IT-TECH

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: SIMPLE FILE SHARING

2010-05-13 Thread Jonathan Link 
I took advantage of Conficker in the media last year to lock it down.
Several of the partners had seen the story on 60 minutes, which made my
request a slam dunk.  A year later, I have no complaints.  Although, as part
of my lockdown, I had to create a general account that allowed users to have
admin rights, when they need them to install software, so it's not as
complete a lock down as I would like.  That being said, users haven't
installed stuff they shouldn't, AND we've had no malware infestations.



On Thu, May 13, 2010 at 2:59 PM, Jon Harris  wrote:

> Yeah right, way too many are still forced to allow this devilish behavior.
>
> Jon
>
> On Thu, May 13, 2010 at 1:13 PM, Weatherford, Chad 
> wrote:
>
>>
>>
>>
>>
>> True…
>>
>>
>>
>> *From:* Jonathan Link [mailto:jonathan.l...@gmail.com]
>> *Sent:* Thursday, May 13, 2010 12:11 PM
>>
>> *To:* NT System Admin Issues
>> *Subject:* Re: SIMPLE FILE SHARING
>>
>>
>>
>> In this day and I age, I presume that system administrators aren't
>> allowing users to run as local admins...
>>
>> On Thu, May 13, 2010 at 12:51 PM, Weatherford, Chad <
>> cweatherf...@scvl.com> wrote:
>>
>> We created a batch file that makes a registry change to do this
>>
>>
>>
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: VBS script issue

2010-05-13 Thread Carl Houseman 
Did you keep the 0,True arguments as in my example?  You should get the
errorlevel return of the .exe if you wait for it complete.

 

From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] 
Sent: Thursday, May 13, 2010 3:12 PM
To: NT System Admin Issues
Subject: RE: VBS script issue

 

Very good idea. Status returns empty, but at least I now know for sure the
script is firing.

 

From: Carl Houseman [mailto:c.house...@gmail.com] 
Sent: Thursday, May 13, 2010 1:07 PM
To: NT System Admin Issues
Subject: RE: VBS script issue

 

Write an event with the returned status value of WshShell.Run.  This will
confirm the script ran and tell you if the process creation was successful.

 

iStatus=WshShell.run(\\netbiosDomainName\netlogon\VBS\m86\authenticat.exe
RA[x.x.x.x],0,True)

WshShell.LogEvent 4,"authenticat.exe status returned: " & iStatus

 

Carl

 

From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] 
Sent: Thursday, May 13, 2010 8:59 AM
To: NT System Admin Issues
Subject: VBS script issue

 

Simple user script assigned to the user via GPO for logon. Calls a run and
runs an exe so they authenticate to our webfilter.  Domain Name has been
munged. It fails to run when they login but if I just double click it as they
are logged in it runs just fine. Gotta be something simple I am missing here.
This is on XP SP3 workstations in a native 2008 domain.

 

on error resume next

Set WshShell = WScript.CreateObject("WScript.Shell")

WshShell.Run "\\netbiosDomainName\netlogon\VBS\m86\authenticat.exe
RA[x.x.x.x]"

 

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Windows 7 con't

2010-05-13 Thread Cameron 
We see OU's fine, but the laptops are not showing up in it, even though if
you search for them you will find them and they are listed as being in that
OU.

On Thu, May 13, 2010 at 2:13 PM, Steven Peck  wrote:

> That sounds more like an OU permissions issue.  We had that where we
> couldn't see some OUs but doing a search would show systems.  Gr on AD
> admins who do things on a whim.
>
>
> On Wed, May 12, 2010 at 2:06 PM, Cameron  wrote:
>
>> Another strange thing is that both machines do not show up in AD Computer
>> list...but if you search for them it finds them...
>>
>>
>> On Wed, May 12, 2010 at 4:35 PM, John Aldrich <
>> jaldr...@blueridgecarpet.com> wrote:
>>
>>>   Check the firewall? Seriously, I had that problem with the new Vista
>>> machine we have. I forgot to disable the firewall and it didn’t want to
>>> install.
>>>
>>>
>>>
>>> [image: John-Aldrich][image: Tile-Tools]
>>>
>>>
>>>
>>> *From:* Cameron [mailto:cameron.orl...@gmail.com]
>>> *Sent:* Wednesday, May 12, 2010 4:24 PM
>>> *To:* NT System Admin Issues
>>> *Subject:* Windows 7 con't
>>>
>>>
>>>
>>> Good day all,
>>>
>>>
>>>
>>> Windows 7 (32bit) - two laptops, same make and model.
>>>
>>> Installing Vipre - one no problem, second...denied!
>>>
>>> I cannot map the admin shares on the laptop.
>>>
>>>
>>>
>>> I setup one machine (the one that works) and a coworker setup the other.
>>> I have been all through it and can't figure out what the heck is going on.
>>> I've been searching google for answers and can't find the answer. I'm sure
>>> it's something really simple. I have added the reg entry as some people have
>>> suggested and that didn't work.
>>>
>>>
>>>
>>> Any ideas?
>>>
>>> Cheers,
>>>
>>> Cameron
>>>
>>> who is REALLY starting to dislike Win 7 in a domain
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>>
>>
>>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~<><>

HIPAA Question

2010-05-13 Thread James Kerr 
Guys, I have a quick HIPAA question. We work with people infected with HIV. A 
patient that lives out of state is asking us to email him info about his viral 
load. Any suggestions for how to email that info or get that info to him 
somehow? If the email content doesn't contain identifying info, is it ok? 

James
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Office 2010 Pricing

2010-05-13 Thread Sam Cayze 
Anyone have Volume License Pricing on Office 2010 yet?  I've been quoted
$330 for Office Standard without SA, and told that MS is not offering
upgrade pricing anymore for their office suites.

 

Yikes!  Seem high?

 

The MS License Advisor is of course down right now :(

 

Sam


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: VBS script issue

2010-05-13 Thread Kennedy, Jim 
Very good idea. Status returns empty, but at least I now know for sure the 
script is firing.

From: Carl Houseman [mailto:c.house...@gmail.com]
Sent: Thursday, May 13, 2010 1:07 PM
To: NT System Admin Issues
Subject: RE: VBS script issue

Write an event with the returned status value of WshShell.Run.  This will 
confirm the script ran and tell you if the process creation was successful.

iStatus=WshShell.run(\\netbiosDomainName\netlogon\VBS\m86\authenticat.exe 
RA[x.x.x.x],0,True)
WshShell.LogEvent 4,"authenticat.exe status returned: " & iStatus

Carl

From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org]
Sent: Thursday, May 13, 2010 8:59 AM
To: NT System Admin Issues
Subject: VBS script issue

Simple user script assigned to the user via GPO for logon. Calls a run and runs 
an exe so they authenticate to our webfilter.  Domain Name has been munged. It 
fails to run when they login but if I just double click it as they are logged 
in it runs just fine. Gotta be something simple I am missing here. This is on 
XP SP3 workstations in a native 2008 domain.

on error resume next
Set WshShell = WScript.CreateObject("WScript.Shell")
WshShell.Run "\\netbiosDomainName\netlogon\VBS\m86\authenticat.exe RA[x.x.x.x]"











~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Windows 7 RDP client, connecting to windows 2003 r2 TS, issue (times out)

2010-05-13 Thread justino garcia 
Windows 7 RDP client, connecting to windows 2003 r2 TS, issue
I have a client, who connects to TS using her new laptop, with windows 7
home premium, and RDP but was never able since she bought about one month
ago.
She only gets about 1/3 of the screen (i.e. wallpaper) to show up, then
it timeout.
I tested on my windows 7 laptop no issues.
I did turn of windows 7 firewall, to see if that would of helped and still
my client can't connect (times out).
She trying to connect using the RDP client built-in to windows 7
home premium, and to a TS windows 2003 server r2 sp2.

Any suggestions?? Any one seen this and had a solution?


thanks
-- 
Justin
IT-TECH

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: How does one test the Vipre premium enterprise firewall and web filter? Safe way.

2010-05-13 Thread justino garcia 
So using ads blocking, I do that to block facebook, twitter, and youtube?
Just curious?

On Wed, May 12, 2010 at 9:55 AM, Alex Eckelberry  wrote:

>  (answered off-list)
>
>
>
> *From:* justino garcia [mailto:jgarciaitl...@gmail.com]
> *Sent:* Tuesday, May 11, 2010 7:21 PM
> *To:* NT System Admin Issues
> *Subject:* How does one test the Vipre premium enterprise firewall and web
> filter? Safe way.
>
>
>
>
> How does one test the vipre permium enteprise firewall and web fliter? Safe
> way.
>
> ???
>
>
>
> Thanks
> --
> Justin
> IT-TECH
>
>
>
>
>
>
>
>
>
>


-- 
Justin
IT-TECH

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: SIMPLE FILE SHARING

2010-05-13 Thread Jon Harris 
Yeah right, way too many are still forced to allow this devilish behavior.

Jon

On Thu, May 13, 2010 at 1:13 PM, Weatherford, Chad wrote:

>
>
>
>
> True…
>
>
>
> *From:* Jonathan Link [mailto:jonathan.l...@gmail.com]
> *Sent:* Thursday, May 13, 2010 12:11 PM
>
> *To:* NT System Admin Issues
> *Subject:* Re: SIMPLE FILE SHARING
>
>
>
> In this day and I age, I presume that system administrators aren't allowing
> users to run as local admins...
>
> On Thu, May 13, 2010 at 12:51 PM, Weatherford, Chad 
> wrote:
>
> We created a batch file that makes a registry change to do this
>
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>
>
>
>
>
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Windows 7 con't

2010-05-13 Thread Steven Peck 
That sounds more like an OU permissions issue.  We had that where we
couldn't see some OUs but doing a search would show systems.  Gr on AD
admins who do things on a whim.

On Wed, May 12, 2010 at 2:06 PM, Cameron  wrote:

> Another strange thing is that both machines do not show up in AD Computer
> list...but if you search for them it finds them...
>
>
> On Wed, May 12, 2010 at 4:35 PM, John Aldrich <
> jaldr...@blueridgecarpet.com> wrote:
>
>>   Check the firewall? Seriously, I had that problem with the new Vista
>> machine we have. I forgot to disable the firewall and it didn’t want to
>> install.
>>
>>
>>
>> [image: John-Aldrich][image: Tile-Tools]
>>
>>
>>
>> *From:* Cameron [mailto:cameron.orl...@gmail.com]
>> *Sent:* Wednesday, May 12, 2010 4:24 PM
>> *To:* NT System Admin Issues
>> *Subject:* Windows 7 con't
>>
>>
>>
>> Good day all,
>>
>>
>>
>> Windows 7 (32bit) - two laptops, same make and model.
>>
>> Installing Vipre - one no problem, second...denied!
>>
>> I cannot map the admin shares on the laptop.
>>
>>
>>
>> I setup one machine (the one that works) and a coworker setup the other. I
>> have been all through it and can't figure out what the heck is going on.
>> I've been searching google for answers and can't find the answer. I'm sure
>> it's something really simple. I have added the reg entry as some people have
>> suggested and that didn't work.
>>
>>
>>
>> Any ideas?
>>
>> Cheers,
>>
>> Cameron
>>
>> who is REALLY starting to dislike Win 7 in a domain
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~<><>

Re: SIMPLE FILE SHARING

2010-05-13 Thread Jonathan Link 
I said I presume.



On Thu, May 13, 2010 at 1:17 PM, Rod Trent  wrote:

>  rggghhh
>
>
>
> *From:* Jonathan Link [mailto:jonathan.l...@gmail.com]
> *Sent:* Thursday, May 13, 2010 1:11 PM
>
> *To:* NT System Admin Issues
> *Subject:* Re: SIMPLE FILE SHARING
>
>
>
> In this day and I age, I presume that system administrators aren't allowing
> users to run as local admins...
>
> On Thu, May 13, 2010 at 12:51 PM, Weatherford, Chad 
> wrote:
>
> We created a batch file that makes a registry change to do this
>
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>
>
>
>
>
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: SIMPLE FILE SHARING

2010-05-13 Thread Rod Trent 
rggghhh

 

From: Jonathan Link [mailto:jonathan.l...@gmail.com] 
Sent: Thursday, May 13, 2010 1:11 PM
To: NT System Admin Issues
Subject: Re: SIMPLE FILE SHARING

 

In this day and I age, I presume that system administrators aren't allowing
users to run as local admins...

On Thu, May 13, 2010 at 12:51 PM, Weatherford, Chad 
wrote:

We created a batch file that makes a registry change to do this




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: SIMPLE FILE SHARING

2010-05-13 Thread Weatherford, Chad 
 

 

True...

 

From: Jonathan Link [mailto:jonathan.l...@gmail.com] 
Sent: Thursday, May 13, 2010 12:11 PM
To: NT System Admin Issues
Subject: Re: SIMPLE FILE SHARING

 

In this day and I age, I presume that system administrators aren't
allowing users to run as local admins...

On Thu, May 13, 2010 at 12:51 PM, Weatherford, Chad
 wrote:

We created a batch file that makes a registry change to do this




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: SIMPLE FILE SHARING

2010-05-13 Thread Jonathan Link 
In this day and I age, I presume that system administrators aren't allowing
users to run as local admins...

On Thu, May 13, 2010 at 12:51 PM, Weatherford, Chad
wrote:

> We created a batch file that makes a registry change to do this
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: VBS script issue

2010-05-13 Thread Carl Houseman 
Write an event with the returned status value of WshShell.Run.  This will
confirm the script ran and tell you if the process creation was successful.

 

iStatus=WshShell.run(\\netbiosDomainName\netlogon\VBS\m86\authenticat.exe
RA[x.x.x.x],0,True)

WshShell.LogEvent 4,"authenticat.exe status returned: " & iStatus

 

Carl

 

From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] 
Sent: Thursday, May 13, 2010 8:59 AM
To: NT System Admin Issues
Subject: VBS script issue

 

Simple user script assigned to the user via GPO for logon. Calls a run and
runs an exe so they authenticate to our webfilter.  Domain Name has been
munged. It fails to run when they login but if I just double click it as they
are logged in it runs just fine. Gotta be something simple I am missing here.
This is on XP SP3 workstations in a native 2008 domain.

 

on error resume next

Set WshShell = WScript.CreateObject("WScript.Shell")

WshShell.Run "\\netbiosDomainName\netlogon\VBS\m86\authenticat.exe
RA[x.x.x.x]"

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: citrix xenapp

2010-05-13 Thread S Powell 
thanks everyone!!

no, the google thing below is _MY_ sig...  ^_^  not added by google.
Google.com  Learn it. Live it. Love it.


yes I've tried it from outside my network, A VERY good idea, and no joy...

i'll check port 1594  but I've never seen that in any of the docs...



On Thu, May 13, 2010 at 05:38, James Rankin  wrote:

> What error do you get when you try to access the Web interface externally?
> Do you have your STAs set up correctly? Most external problems I get can be
> traced back to STAs, usually with them running on the wrong port for the XML
> service.
>
>
> On 12 May 2010 21:58, S Powell  wrote:
>
>> Hi
>>
>> I'm trying to get Citrix Xenapp web set up, and cannot get it to work
>> externally.
>> Internally it works just fin but not through our firewall, (isa server
>> 2006).
>>
>>
>> I've been through their docs, and so far no joy.  MS, Isaserver.org,
>> Citrix all, I've done everything I can think of.
>>
>> Do any  of you have Xenapp web and ISA working? if so how?
>>
>>
>> Thanks in advance.
>>
>> ./s
>>
>> Google.  Learn it. Live it. Love it.
>>
>>
>>
>>
>>
>>
>
>
> --
> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
> the machine wrong figures, will the right answers come out?' I am not able
> rightly to apprehend the kind of confusion of ideas that could provoke such
> a question."
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

  1   2   >