RE: HIPAA Question
Again, I am no HIPAA expert, but most legislation in this respect is about transmitting data as a business. If a customer requests something, I don't believe it is generally held to the same standards and this certainly is an approach that auditors have been more than happy with in the past. What you must not do is send the patients data to a 3rd party unencrypted under any circumstances. Whether it's Hotmail or not isn't particularly relevant - some businesses use free email as their work addresses. You'd do a security assessment on them as with any other business (yes, it's not really a very good indicator!!). Due diligence is key. Back to the issue - customer requests something in a particular way ... make them aware of the issues and give them the choice. Really it sounds like the best enterprise solution would be to have a secure web portal, but that brings in a whole bucket-load of Internet facing risk too so unless you can do it right, don't do it at all! Talk to your auditors a P.S. beware of password protected files. It's usually absolutely trivial to break such schemes. Proper encryption should be used in all cases with a respected product (eg. PGP, etc.). From: James Kerr [mailto:cluster...@gmail.com] Sent: 14 May 2010 22:36 To: NT System Admin Issues Subject: Re: HIPAA Question Well what if you encrypted the data? ie: password protected zip file, then I dont believe you have a violation. - Original Message - From: Jeff Brown mailto:2jbr...@gmail.com To: NT System Admin Issues mailto:ntsysadmin@lyris.sunbelt-software.com Sent: Friday, May 14, 2010 5:30 PM Subject: Re: HIPAA Question I thought the hotmail reference was a total joke. protecting information, not having ID put together with personal medical information is only part of the equation. It is a violation to send pki over the internet CLEAR TEXT, which I believe anything sent to or from a hotmail account would fall into that category, so no matter what you did to secure the identity of the recipient, its still a violation, right? WARNING: The information in this email and any attachments is confidential and may be legally privileged. If you are not the named addressee, you must not use, copy or disclose this email (including any attachments) or the information in it save to the named addressee nor take any action in reliance on it. If you receive this email or any attachments in error, please notify the sender immediately and then delete the same and any copies. CLS Services Ltd × Registered in England No 4132704 × Registered Office: Exchange Tower × One Harbour Exchange Square × London E14 9GE ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Endpoint Securty - was HIPAA Question
You can use DLP products that can monitor pretty much anything you desire. The more powerful, then generally the more expensive! a From: Don Kuhlman [mailto:drkuhl...@yahoo.com] Sent: 14 May 2010 20:41 To: NT System Admin Issues Subject: Endpoint Securty - was HIPAA Question So a bit of a change in direction - does endpoint security actually watch files copied to internal network mapped drives and server shares or does it watch USB, Optical, peer to peer and those types of transfers? From what I hear about what we use, it mainly watches for usb or those types of file transfers vs you copying data to a shared drive on your server. Anyone know of any good write ups on how it works? I've read the sales literature on it but that doesn't tell much. Thanks Don K From: Ziots, Edward ezi...@lifespan.org To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Fri, May 14, 2010 10:41:45 AM Subject: RE: HIPAA Question Honestly, I am not amazed that the laptops was stolen and there was PHI/PII on them unencrypted. This along with unencrypted memory sticks are two of the biggest culprits and now would follow under the breach notifications, along with HITECH ACT, and the teeth it gave to HIPAA, it will probably help but not truly solve this type of issue. Endpoint security will also help, but you are going to reach a point in which you are hampering the users trying to do their work, which brings up more questions whether its their process that needs to change, or more security awareness training along with administrative punishment up to including termination for violation of the policies and procedures of the company, or being grossly negligent in this reguard. Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org From: paul d [mailto:pdw1...@hotmail.com] Sent: Friday, May 14, 2010 11:06 AM To: NT System Admin Issues Subject: RE: HIPAA Question All too true, John. And not just small offices either. CMS has a page that links breaches involving more than 500 people. I'm amazed at the number of incidents involving laptops that were stolen whose data was unencrypted. From: john.c...@pfsf.org To: ntsysadmin@lyris.sunbelt-software.com Date: Fri, 14 May 2010 09:43:22 -0400 Subject: RE: HIPAA Question A course of action that is reasonable and doable. Most of the responses in this thread are knee jerk over thinking of the issue. The sheer fact that you can fax a piece of PHI (fax transmissions aren't encrypted last time I checked) to a secure location should give you some idea of what's reasonable. As a part time consultant to a software reseller we've come across a disturbing fact - most small medical related offices have no real clue as to how or even why they have to follow HIPAA standards other than it's a Federal law and they signed some form saying they had watched the webinar and drank the koolaid. It's really very poorly implemented in these small offices because there is no ROI, compliance is a cost center and they only spend what is absolutely necessary - then something bad happens and they make an adjustment. John W. Cook Systems Administrator Partnership For Strong Families 315 SE 2nd Ave Gainesville, Fl 32601 Office (352) 393-2741 x320 Cell (352) 215-6944 Fax (352) 393-2746 MCSE, MCTS, MCP+I, A+, N+, VSP4, VTSP4 From: James Kerr [mailto:cluster...@gmail.com] Sent: Friday, May 14, 2010 9:19 AM To: NT System Admin Issues Subject: Re: HIPAA Question We have a consent form they must sign for us to send a fax or mailing so we could use that for emailing also. We can still send the data encrypted and give them the password over the phone. James - Original Message - From: paul d mailto:pdw1...@hotmail.com To: NT System Admin Issues mailto:ntsysadmin@lyris.sunbelt-software.com Sent: Friday, May 14, 2010 8:47 AM Subject: RE: HIPAA Question They're usually referred to as Privacy or Security officers. For example, a CISO. For HIPAA, there can also be a compliance officer. And, to the OP, you'll eventually have to come up with some way to electronically deliver the data as it's part of the meaningful use act; you have to be able to give a patient their medical record by electronic means if they so desire. Subject: RE: HIPAA Question Date: Fri, 14 May 2010 10:09:32 +0100 From: adav...@cls-services.com To: ntsysadmin@lyris.sunbelt-software.com Good God please don't do that! Password protected Word documents do not stand up to scrutiny. I don't work withy HIPAA at all, but I have worked within UK FSA and DPA guidelines
Weird folder redirection issue
I have configured Start Menu and Desktop redirection to a shared area on a fileserver via GPO. The idea is that the shortcuts for all our applications sit in this shared area, and the NTFS permissions on the shortcuts control what users can see/use. This seems to be working quite well - however, for one or two users, I get the error shown below when they log on [image: redirection.JPG] This only seems to happen on certain terminal servers (the users are logging in via Citrix XenApp), but whenever I try to recreate it with a test user, it works fine. Google is not showing me very many hints - has anyone seen this before, or have any idea what is causing it? Cheers, JRR -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~redirection.JPG
RE: Blackberry question
It's really not a BB issue. Easiest way I can think would be for user A to create appointment in their own calendar and invite user B. Then they would get a msg that they would have to accept. Pick a theme for their BB that shows upcoming appointment on their desktop so they can see them coming. From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Monday, May 17, 2010 4:31 PM To: NT System Admin Issues Subject: Re: Blackberry question I'm not aware of one. You can always remove the rights from UserA, or insist that UserA otherwise inform UserB of the appointment, or face flogging. Without any other info, this seems very much like a process-oriented problem. -ASB: http://XeeSM.com/AndrewBaker On Mon, May 17, 2010 at 3:49 PM, David Mazzaccaro david.mazzacc...@hudsonhhc.com wrote: Outlook 2003/Exchange 2003/BES 4 Is there a way to be notified when someone else puts an appointment directly on your calendar? For example: UserA has permission to add/remove appointments in UserB's calendar. UserA creates an appoinment in UserB's calendar. UserB doesn't know an appointment has been added unless they check their calendar or until a reminder goes off for that appointment. . ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Tracking Web users without using cookies
If you're interested in protecting your online privacy, you've probably taken steps like deleting browser cookies or turning on the private browsing features of Safari and Google Chrome. That's supposed to prevent Web sites from tracking you across repeat visits. But a forthcoming paper prepared by an Electronic Frontier Foundation technologist shows that they're not really effective at all http://news.cnet.com/8301-1009_3-20005185-83.html?tag=mncol;title Thoughts? David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Tracking Web users without using cookies
On Tue, May 18, 2010 at 9:16 AM, David Lum david@nwea.org wrote: http://news.cnet.com/8301-1009_3-20005185-83.html?tag=mncol;title The actual paper is at: https://panopticlick.eff.org/browser-uniqueness.pdf The math is above my head. The rest seems somewhat plausible. Basically looking at a variety of attributes detectable via JavaScript, ActiveX controls, Flash, Java, etc. Things like installed components, their version numbers, available fonts, etc. Combined with existing techniques (like IP address tracking) reportedly yields very good results. (But I suspect just IP address tracking yields very good results.) My take: I wouldn't expect this to be a current risk. Most browsers come pre-configured to allow cookies, and most users never change that, so tracking can be easily accomplished via cookies for most users. Most sites don't have reason to bother with more than that. (Especially since it's usually easier to provide an incentive to allow cookies for the site.) Beyond cookies, unless your IP address changes constantly, tracking you is trivial. So I don't see a ROI for implementing this kind of tracking. If someone is sufficiently motivated to do all this, they're likely motivated to do other things. Like tap your phonelines or bug your house. This assessment may change in the future if privacy-guarding features enjoy increased adoption. They do mention that tools like NoScript, used to implement deny-by-default for all client-side scripting, make things considerably more challenging. They do mention that using popular sites would work. (XSS left as an exercise for the reader, apparently.) But again, it's likely much easier to just provide an incentive to allow scripting for a site. You need JavaScript to see the funny picture of the cat/college student doing something stupid/boobies, or whatever. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: HIPAA Question
As copied from the HHS.gov site - Must the HIPAA Privacy Rule's minimum necessary standard to be applied to uses or disclosure that are authorized by an individual? Answer: No. Uses and disclosures that are authorized by the individual are exempt from the minimum necessary requirements. Does the HIPAA Privacy Rule permit a doctor, laboratory, or other health care provider to share patient health information for treatment purposes by fax, e-mail, or over the phone? Answer: Yes. The Privacy Rule allows covered health care providers to share protected health information for treatment purposes without patient authorization, as long as they use reasonable safeguards when doing so. These treatment communications may occur orally or in writing, by phone, fax, e-mail, or otherwise. Note the statement reasonable safeguards - there is no hard and fast this is what you have to do it all boils down to taking steps to protect the data. If you can show that reasonable care was taken (as in password protected docs) you have fulfilled your obligation. It may not be ideal but it fulfills the intent of the law. John W. Cook Systems Administrator Partnership For Strong Families 315 SE 2nd Ave Gainesville, Fl 32601 Office (352) 393-2741 x320 Cell (352) 215-6944 Fax (352) 393-2746 MCSE, MCTS, MCP+I, A+, N+, VSP4, VTSP4 From: Alan Davies [mailto:adav...@cls-services.com] Sent: Tuesday, May 18, 2010 4:37 AM To: NT System Admin Issues Subject: RE: HIPAA Question Again, I am no HIPAA expert, but most legislation in this respect is about transmitting data as a business. If a customer requests something, I don't believe it is generally held to the same standards and this certainly is an approach that auditors have been more than happy with in the past. What you must not do is send the patients data to a 3rd party unencrypted under any circumstances. Whether it's Hotmail or not isn't particularly relevant - some businesses use free email as their work addresses. You'd do a security assessment on them as with any other business (yes, it's not really a very good indicator!!). Due diligence is key. Back to the issue - customer requests something in a particular way ... make them aware of the issues and give them the choice. Really it sounds like the best enterprise solution would be to have a secure web portal, but that brings in a whole bucket-load of Internet facing risk too so unless you can do it right, don't do it at all! Talk to your auditors a P.S. beware of password protected files. It's usually absolutely trivial to break such schemes. Proper encryption should be used in all cases with a respected product (eg. PGP, etc.). From: James Kerr [mailto:cluster...@gmail.com] Sent: 14 May 2010 22:36 To: NT System Admin Issues Subject: Re: HIPAA Question Well what if you encrypted the data? ie: password protected zip file, then I dont believe you have a violation. - Original Message - From: Jeff Brownmailto:2jbr...@gmail.com To: NT System Admin Issuesmailto:ntsysadmin@lyris.sunbelt-software.com Sent: Friday, May 14, 2010 5:30 PM Subject: Re: HIPAA Question I thought the hotmail reference was a total joke. protecting information, not having ID put together with personal medical information is only part of the equation. It is a violation to send pki over the internet CLEAR TEXT, which I believe anything sent to or from a hotmail account would fall into that category, so no matter what you did to secure the identity of the recipient, its still a violation, right? WARNING: The information in this email and any attachments is confidential and may be legally privileged. If you are not the named addressee, you must not use, copy or disclose this email (including any attachments) or the information in it save to the named addressee nor take any action in reliance on it. If you receive this email or any attachments in error, please notify the sender immediately and then delete the same and any copies. CLS Services Ltd × Registered in England No 4132704 × Registered Office: Exchange Tower × One Harbour Exchange Square × London E14 9GE CONFIDENTIALITY STATEMENT: The information transmitted, or contained or attached to or with this Notice is intended only for the person or entity to which it is addressed and may contain Protected Health Information (PHI), confidential and/or privileged material. Any review, transmission, dissemination, or other use of, and taking any action in reliance upon this information by persons or entities other than the intended recipient without the express written consent of the sender are prohibited. This information may be protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other Federal and Florida laws. Improper or
Re: HIPAA Question
Thanks for that info John. James - Original Message - From: John Cook To: NT System Admin Issues Sent: Tuesday, May 18, 2010 9:54 AM Subject: RE: HIPAA Question As copied from the HHS.gov site - Must the HIPAA Privacy Rule's minimum necessary standard to be applied to uses or disclosure that are authorized by an individual? Answer: No. Uses and disclosures that are authorized by the individual are exempt from the minimum necessary requirements. Does the HIPAA Privacy Rule permit a doctor, laboratory, or other health care provider to share patient health information for treatment purposes by fax, e-mail, or over the phone? Answer: Yes. The Privacy Rule allows covered health care providers to share protected health information for treatment purposes without patient authorization, as long as they use reasonable safeguards when doing so. These treatment communications may occur orally or in writing, by phone, fax, e-mail, or otherwise. Note the statement reasonable safeguards - there is no hard and fast this is what you have to do it all boils down to taking steps to protect the data. If you can show that reasonable care was taken (as in password protected docs) you have fulfilled your obligation. It may not be ideal but it fulfills the intent of the law. John W. Cook Systems Administrator Partnership For Strong Families 315 SE 2nd Ave Gainesville, Fl 32601 Office (352) 393-2741 x320 Cell (352) 215-6944 Fax (352) 393-2746 MCSE, MCTS, MCP+I, A+, N+, VSP4, VTSP4 From: Alan Davies [mailto:adav...@cls-services.com] Sent: Tuesday, May 18, 2010 4:37 AM To: NT System Admin Issues Subject: RE: HIPAA Question Again, I am no HIPAA expert, but most legislation in this respect is about transmitting data as a business. If a customer requests something, I don't believe it is generally held to the same standards and this certainly is an approach that auditors have been more than happy with in the past. What you must not do is send the patients data to a 3rd party unencrypted under any circumstances. Whether it's Hotmail or not isn't particularly relevant - some businesses use free email as their work addresses. You'd do a security assessment on them as with any other business (yes, it's not really a very good indicator!!). Due diligence is key. Back to the issue - customer requests something in a particular way ... make them aware of the issues and give them the choice. Really it sounds like the best enterprise solution would be to have a secure web portal, but that brings in a whole bucket-load of Internet facing risk too so unless you can do it right, don't do it at all! Talk to your auditors a P.S. beware of password protected files. It's usually absolutely trivial to break such schemes. Proper encryption should be used in all cases with a respected product (eg. PGP, etc.). -- From: James Kerr [mailto:cluster...@gmail.com] Sent: 14 May 2010 22:36 To: NT System Admin Issues Subject: Re: HIPAA Question Well what if you encrypted the data? ie: password protected zip file, then I dont believe you have a violation. - Original Message - From: Jeff Brown To: NT System Admin Issues Sent: Friday, May 14, 2010 5:30 PM Subject: Re: HIPAA Question I thought the hotmail reference was a total joke. protecting information, not having ID put together with personal medical information is only part of the equation. It is a violation to send pki over the internet CLEAR TEXT, which I believe anything sent to or from a hotmail account would fall into that category, so no matter what you did to secure the identity of the recipient, its still a violation, right? WARNING: The information in this email and any attachments is confidential and may be legally privileged. If you are not the named addressee, you must not use, copy or disclose this email (including any attachments) or the information in it save to the named addressee nor take any action in reliance on it. If you receive this email or any attachments in error, please notify the sender immediately and then delete the same and any copies. CLS Services Ltd × Registered in England No 4132704 × Registered Office: Exchange Tower × One Harbour Exchange Square × London E14 9GE -- CONFIDENTIALITY STATEMENT: The information transmitted, or contained or attached to or with this Notice is intended only for the person
Re: Scripting IP Changes on remote devices
Thanks for the input Ben/Jon. I'll take a look at the Microsoft Script Center and then maybe I'll have a better idea what Ben was talking about. Jonathan, I'd say that's definitely food for thought. I'd have to discuss with my peers if there's any specific reason all servers are configured statically or if it's just carry over from old school thinking. - Sean On Fri, May 14, 2010 at 2:13 PM, Jonathan Link jonathan.l...@gmail.comwrote: Any reason to have static? Consider DHCP with reservations so this kind of transition could be managed centrally in the future? As long as your rolling out the script you could have it switch from static to dynic and be done. Of course all this is predicated on not having a major reasons to be static. On Friday, May 14, 2010, Brian Desmond br...@briandesmond.com wrote: This is fairly easy to do with WMI. You just want to iterate through the IPEnabled adapters collection and there are methods to stamp WINS and DNS servers. I’d suggest inspecting the current settings and using that data to decide whether you stamp or not. WINS is a simple primary/secondary stamp, DNS is a collection you need to clear and populate. Thanks,Brian desmondbr...@briandesmond.com c – 312.731.3132 From: Sean Martin [mailto:seanmarti...@gmail.com] Sent: Friday, May 14, 2010 2:43 PM To: NT System Admin Issues Subject: Scripting IP Changes on remote devices Good Morning/Afternoon, I'm looking for a little assistance with automating IP changes on several hundred servers. The vast majority will be Windows 2003 but there may be some Windows 2000 boxes mixed in there. I'm going to need to change the DNS and WINS IP addresses on our servers with static assignments. I'm thinking VB would be the best language to use, unfortunately I'm not real strong with VB so I was hoping someone might have some already written code I could manipulate (certainly not asking anyone to write anything for me!). The main problem is that I can't rely on any continuity amongst the servers. Meaning, the interface names may not be the same (LAN Connection X), and some servers may have multiple NICs for which I only need to modify one. I was hoping it would be possible to query the current configuration of the NICs and identify ones with DNS IP 1 = X and then modify those to DNS IP 1 = Y. I'd like to do this for the primary and secondary DNS and WINs references. Any pointers at all would be much appreciated. - Sean ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Scripting IP Changes on remote devices
+1 If you are going to do the work of manually configuring specific IP addresses, why not do it in a way that is centrally manageable? Although you did say servers... I would still go with DHCP possible. -- ME2 On Fri, May 14, 2010 at 3:13 PM, Jonathan Link jonathan.l...@gmail.comwrote: Any reason to have static? Consider DHCP with reservations so this kind of transition could be managed centrally in the future? As long as your rolling out the script you could have it switch from static to dynic and be done. Of course all this is predicated on not having a major reasons to be static. On Friday, May 14, 2010, Brian Desmond br...@briandesmond.com wrote: This is fairly easy to do with WMI. You just want to iterate through the IPEnabled adapters collection and there are methods to stamp WINS and DNS servers. I’d suggest inspecting the current settings and using that data to decide whether you stamp or not. WINS is a simple primary/secondary stamp, DNS is a collection you need to clear and populate. Thanks,Brian desmondbr...@briandesmond.com c – 312.731.3132 From: Sean Martin [mailto:seanmarti...@gmail.com] Sent: Friday, May 14, 2010 2:43 PM To: NT System Admin Issues Subject: Scripting IP Changes on remote devices Good Morning/Afternoon, I'm looking for a little assistance with automating IP changes on several hundred servers. The vast majority will be Windows 2003 but there may be some Windows 2000 boxes mixed in there. I'm going to need to change the DNS and WINS IP addresses on our servers with static assignments. I'm thinking VB would be the best language to use, unfortunately I'm not real strong with VB so I was hoping someone might have some already written code I could manipulate (certainly not asking anyone to write anything for me!). The main problem is that I can't rely on any continuity amongst the servers. Meaning, the interface names may not be the same (LAN Connection X), and some servers may have multiple NICs for which I only need to modify one. I was hoping it would be possible to query the current configuration of the NICs and identify ones with DNS IP 1 = X and then modify those to DNS IP 1 = Y. I'd like to do this for the primary and secondary DNS and WINs references. Any pointers at all would be much appreciated. - Sean ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Possible false-positive for Vipre
waves hand This is not the forum you are looking for. -- ME2 On Mon, May 17, 2010 at 7:21 AM, John Aldrich jaldr...@blueridgecarpet.comwrote: An app that is supposed to keep your flash drives “clean” is called “flash disinfector” and Vipre Enterprise is alerting on it as containing a Trojan. Anyone got any clue whether this is a valid alert? [image: John-Aldrich][image: Tile-Tools] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~image002.jpgimage001.jpg
RE: Possible false-positive for Vipre
This is not the forum I am looking for. Whoa dude you need to watch that hand waving. I just about left Mos Eisley.. _ From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Tuesday, May 18, 2010 1:02 PM To: NT System Admin Issues Subject: Re: Possible false-positive for Vipre waves hand This is not the forum you are looking for. -- ME2 On Mon, May 17, 2010 at 7:21 AM, John Aldrich jaldr...@blueridgecarpet.com wrote: An app that is supposed to keep your flash drives clean is called flash disinfector and Vipre Enterprise is alerting on it as containing a Trojan. Anyone got any clue whether this is a valid alert? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~image001.jpgimage002.jpg
RE: Possible false-positive for Vipre
I'm afraid my mission to bring you to Alderaan(Vipre Forum) has failed. I've placed information vital to the survival of the rebellion(your PC) into the memory systems of this R2 unit. **Memory** http://supportforums.sunbeltsoftware.com/ From: David W. McSpadden [mailto:dav...@imcu.com] Sent: Tuesday, May 18, 2010 1:04 PM To: NT System Admin Issues Subject: RE: Possible false-positive for Vipre This is not the forum I am looking for. Whoa dude you need to watch that hand waving. I just about left Mos Eisley From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Tuesday, May 18, 2010 1:02 PM To: NT System Admin Issues Subject: Re: Possible false-positive for Vipre waves hand This is not the forum you are looking for. -- ME2 On Mon, May 17, 2010 at 7:21 AM, John Aldrich jaldr...@blueridgecarpet.com wrote: An app that is supposed to keep your flash drives clean is called flash disinfector and Vipre Enterprise is alerting on it as containing a Trojan. Anyone got any clue whether this is a valid alert? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~image001.jpgimage002.jpg
RE: Quest ActiveRoles
Hmmm, I just got an email from an engineer in Brazil for a case a pre-sales engineer opened on ARS. We have ARD for a long time and a case is trying to be made for an upgrade. Since ARD came from FastLane, the support was still out of Halifax last I heard but I'm not sure about ARS. @ Steven- YMMV but the right sales rep can help with licensing...BTDT And that's about as specific as I am going to get. :-] -Original Message- From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Thursday, May 06, 2010 4:39 PM To: NT System Admin Issues Subject: RE: Quest ActiveRoles Quest's support for this is out of Canada most likely (Atlantic Time - very cold)...I could double check but I'd put money on Canada. ARS is a solid product - I've used it at several customers. Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 -Original Message- From: Steven Peck [mailto:sep...@gmail.com] Sent: Thursday, May 06, 2010 6:37 PM To: NT System Admin Issues Subject: Re: Quest ActiveRoles I use the free AD cmdlets which are nice. A friend who uses it and is not subscribed and his comments were: 'works for our environment. tech support is over seas so difficult to get.' 'worst complaint is licensing. Quest wants license for each and every account that it sees' As a result of the licensing issue, they are switching to Microsoft Identity Management. They have a rather large and complex environment where they are doing essentially a hosted Exchange implementation (60,000 mailboxes) for a number of of trusted domains connected in. And that's about as specific as I am going to get. Steven On Thu, May 6, 2010 at 3:40 PM, Rubens Almeida rubensalme...@gmail.com wrote: I don't know how we'd manage an AD with nearly 89k objects without it! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Possible false-positive for Vipre
... boring conversation anyway On Tue, May 18, 2010 at 1:14 PM, greg.swe...@actsconsulting.net wrote: I'm afraid my mission to bring you to Alderaan(Vipre Forum) has failed. I've placed information vital to the survival of the rebellion(your PC) into the memory systems of this R2 unit. **Memory** http://supportforums.sunbeltsoftware.com/ *From:* David W. McSpadden [mailto:dav...@imcu.com] *Sent:* Tuesday, May 18, 2010 1:04 PM *To:* NT System Admin Issues *Subject:* RE: Possible false-positive for Vipre This is not the forum I am looking for. Whoa dude you need to watch that hand waving. I just about left Mos Eisley…. -- *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com] *Sent:* Tuesday, May 18, 2010 1:02 PM *To:* NT System Admin Issues *Subject:* Re: Possible false-positive for Vipre waves hand This is not the forum you are looking for. -- ME2 On Mon, May 17, 2010 at 7:21 AM, John Aldrich jaldr...@blueridgecarpet.com wrote: An app that is supposed to keep your flash drives “clean” is called “flash disinfector” and Vipre Enterprise is alerting on it as containing a Trojan. Anyone got any clue whether this is a valid alert? [image: John-Aldrich][image: Tile-Tools] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~image001.jpgimage002.jpg
RE: Possible false-positive for Vipre
Help me Augie Ben-Doggie; you're my only hope... *** Charlie Kaiser charl...@golden-eagle.org Kingman, AZ *** -Original Message- From: greg.swe...@actsconsulting.net [mailto:greg.swe...@actsconsulting.net] Sent: Tuesday, May 18, 2010 10:14 AM To: NT System Admin Issues Subject: RE: Possible false-positive for Vipre I'm afraid my mission to bring you to Alderaan(Vipre Forum) has failed. I've placed information vital to the survival of the rebellion(your PC) into the memory systems of this R2 unit. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Possible false-positive for Vipre
Don't you mean ME2 unit? _ From: greg.swe...@actsconsulting.net [mailto:greg.swe...@actsconsulting.net] Sent: Tuesday, May 18, 2010 1:14 PM To: NT System Admin Issues Subject: RE: Possible false-positive for Vipre I'm afraid my mission to bring you to Alderaan(Vipre Forum) has failed. I've placed information vital to the survival of the rebellion(your PC) into the memory systems of this R2 unit. **Memory** http://supportforums.sunbeltsoftware.com/ From: David W. McSpadden [mailto:dav...@imcu.com] Sent: Tuesday, May 18, 2010 1:04 PM To: NT System Admin Issues Subject: RE: Possible false-positive for Vipre This is not the forum I am looking for. Whoa dude you need to watch that hand waving. I just about left Mos Eisley.. _ From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Tuesday, May 18, 2010 1:02 PM To: NT System Admin Issues Subject: Re: Possible false-positive for Vipre waves hand This is not the forum you are looking for. -- ME2 On Mon, May 17, 2010 at 7:21 AM, John Aldrich jaldr...@blueridgecarpet.com wrote: An app that is supposed to keep your flash drives clean is called flash disinfector and Vipre Enterprise is alerting on it as containing a Trojan. Anyone got any clue whether this is a valid alert? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~image001.jpgimage002.jpg
Re: Wierd logoff / restart issue
Kill it with fire. -- ME2 On Sat, May 15, 2010 at 4:47 AM, Steven M. Caesare scaes...@caesare.comwrote: Nuke it from orbit... it's the only way to be sure. -sc -Original Message- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Friday, May 14, 2010 11:15 PM To: NT System Admin Issues Subject: Wierd logoff / restart issue Got a laptop running XP Pro. It's had some malware on it that has been particularlly difficult to find. The only way I found it was to reboot into safe mode, command-prompt only and run a scan on it. The malware was My Web Search and one other (sorry, I don't recall.) The laptop has one small issue left, but I'm not sure if it's caused by malware or is the after-effects of the malware. It doesn't want to shut down, ever. It sits there saying logging off until you push and hold the power button. I really don't want to have to rebuild this laptop, as I don't have a restore disk for it -- Thanks, John Aldrich Blueridge Industries IT Manager ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Possible false-positive for Vipre
I thought the R2 was the upgraded unit of the ME2, more memory and faster processor. J From: David W. McSpadden [mailto:dav...@imcu.com] Sent: Tuesday, May 18, 2010 1:31 PM To: NT System Admin Issues Subject: RE: Possible false-positive for Vipre Don't you mean ME2 unit? From: greg.swe...@actsconsulting.net [mailto:greg.swe...@actsconsulting.net] Sent: Tuesday, May 18, 2010 1:14 PM To: NT System Admin Issues Subject: RE: Possible false-positive for Vipre I'm afraid my mission to bring you to Alderaan(Vipre Forum) has failed. I've placed information vital to the survival of the rebellion(your PC) into the memory systems of this R2 unit. **Memory** http://supportforums.sunbeltsoftware.com/ From: David W. McSpadden [mailto:dav...@imcu.com] Sent: Tuesday, May 18, 2010 1:04 PM To: NT System Admin Issues Subject: RE: Possible false-positive for Vipre This is not the forum I am looking for. Whoa dude you need to watch that hand waving. I just about left Mos Eisley From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Tuesday, May 18, 2010 1:02 PM To: NT System Admin Issues Subject: Re: Possible false-positive for Vipre waves hand This is not the forum you are looking for. -- ME2 On Mon, May 17, 2010 at 7:21 AM, John Aldrich jaldr...@blueridgecarpet.com wrote: An app that is supposed to keep your flash drives clean is called flash disinfector and Vipre Enterprise is alerting on it as containing a Trojan. Anyone got any clue whether this is a valid alert? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~image001.jpgimage002.jpg
RE: Possible false-positive for Vipre
Move along, move along... --Matt Ross Ephrata School District - Original Message - From: greg.swe...@actsconsulting.net To: NT System Admin Issues [mailto:ntsysad...@lyris.sunbelt-software.com] Sent: Tue, 18 May 2010 10:42:00 -0700 Subject: RE: Possible false-positive for Vipre I thought the R2 was the upgraded unit of the ME2, more memory and faster processor. J From: David W. McSpadden [mailto:dav...@imcu.com] Sent: Tuesday, May 18, 2010 1:31 PM To: NT System Admin Issues Subject: RE: Possible false-positive for Vipre Don't you mean ME2 unit? From: greg.swe...@actsconsulting.net [mailto:greg.swe...@actsconsulting.net] Sent: Tuesday, May 18, 2010 1:14 PM To: NT System Admin Issues Subject: RE: Possible false-positive for Vipre I'm afraid my mission to bring you to Alderaan(Vipre Forum) has failed. I've placed information vital to the survival of the rebellion(your PC) into the memory systems of this R2 unit. **Memory** http://supportforums.sunbeltsoftware.com/ From: David W. McSpadden [mailto:dav...@imcu.com] Sent: Tuesday, May 18, 2010 1:04 PM To: NT System Admin Issues Subject: RE: Possible false-positive for Vipre This is not the forum I am looking for. Whoa dude you need to watch that hand waving. I just about left Mos Eisley From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Tuesday, May 18, 2010 1:02 PM To: NT System Admin Issues Subject: Re: Possible false-positive for Vipre waves hand This is not the forum you are looking for. -- ME2 On Mon, May 17, 2010 at 7:21 AM, John Aldrich jaldr...@blueridgecarpet.com wrote: An app that is supposed to keep your flash drives clean is called flash disinfector and Vipre Enterprise is alerting on it as containing a Trojan. Anyone got any clue whether this is a valid alert? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Scripting IP Changes on remote devices
There are places that prefer not to enable DHCP on server subnets for security reasons. Also, managing DHCP reservations will be a non-trivial operational workload in a dynamic data center. -Malcolm From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Tuesday, May 18, 2010 11:52 To: NT System Admin Issues Subject: Re: Scripting IP Changes on remote devices +1 If you are going to do the work of manually configuring specific IP addresses, why not do it in a way that is centrally manageable? Although you did say servers... I would still go with DHCP possible. -- ME2 On Fri, May 14, 2010 at 3:13 PM, Jonathan Link jonathan.l...@gmail.com wrote: Any reason to have static? Consider DHCP with reservations so this kind of transition could be managed centrally in the future? As long as your rolling out the script you could have it switch from static to dynic and be done. Of course all this is predicated on not having a major reasons to be static. On Friday, May 14, 2010, Brian Desmond br...@briandesmond.com wrote: This is fairly easy to do with WMI. You just want to iterate through the IPEnabled adapters collection and there are methods to stamp WINS and DNS servers. I'd suggest inspecting the current settings and using that data to decide whether you stamp or not. WINS is a simple primary/secondary stamp, DNS is a collection you need to clear and populate. Thanks,Brian desmondbr...@briandesmond.com c - 312.731.3132 From: Sean Martin [mailto:seanmarti...@gmail.com] Sent: Friday, May 14, 2010 2:43 PM To: NT System Admin Issues Subject: Scripting IP Changes on remote devices Good Morning/Afternoon, I'm looking for a little assistance with automating IP changes on several hundred servers. The vast majority will be Windows 2003 but there may be some Windows 2000 boxes mixed in there. I'm going to need to change the DNS and WINS IP addresses on our servers with static assignments. I'm thinking VB would be the best language to use, unfortunately I'm not real strong with VB so I was hoping someone might have some already written code I could manipulate (certainly not asking anyone to write anything for me!). The main problem is that I can't rely on any continuity amongst the servers. Meaning, the interface names may not be the same (LAN Connection X), and some servers may have multiple NICs for which I only need to modify one. I was hoping it would be possible to query the current configuration of the NICs and identify ones with DNS IP 1 = X and then modify those to DNS IP 1 = Y. I'd like to do this for the primary and secondary DNS and WINs references. Any pointers at all would be much appreciated. - Sean ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Scripting IP Changes on remote devices
So I've heard and have worked in similar environments, but, I have never heard a convincing argument for it as a security concern. It can be quite easy in a properly planned and operated environment. I honestly dont take any aspects of IT as trivial, and I think that anything that allows for centralized control to be paramount in IT operations. As far as workload goes, I have found DHCP reservations to require less workload than independently configured hosts. Independently configured hosts are going to require more man-hours and leg work, or a good deal of scripting skill. Centralized control via DHCP is also going to be easier to hand-off to other administrators. -- ME2 On Tue, May 18, 2010 at 10:54 AM, Malcolm Reitz malcolm.re...@live.comwrote: There are places that prefer not to enable DHCP on server subnets for security reasons. Also, managing DHCP reservations will be a non-trivial operational workload in a dynamic data center. -Malcolm *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com] *Sent:* Tuesday, May 18, 2010 11:52 *To:* NT System Admin Issues *Subject:* Re: Scripting IP Changes on remote devices +1 If you are going to do the work of manually configuring specific IP addresses, why not do it in a way that is centrally manageable? Although you did say servers... I would still go with DHCP possible. -- ME2 On Fri, May 14, 2010 at 3:13 PM, Jonathan Link jonathan.l...@gmail.com wrote: Any reason to have static? Consider DHCP with reservations so this kind of transition could be managed centrally in the future? As long as your rolling out the script you could have it switch from static to dynic and be done. Of course all this is predicated on not having a major reasons to be static. On Friday, May 14, 2010, Brian Desmond br...@briandesmond.com wrote: This is fairly easy to do with WMI. You just want to iterate through the IPEnabled adapters collection and there are methods to stamp WINS and DNS servers. I’d suggest inspecting the current settings and using that data to decide whether you stamp or not. WINS is a simple primary/secondary stamp, DNS is a collection you need to clear and populate. Thanks,Brian desmondbr...@briandesmond.com c – 312.731.3132 From: Sean Martin [mailto:seanmarti...@gmail.com] Sent: Friday, May 14, 2010 2:43 PM To: NT System Admin Issues Subject: Scripting IP Changes on remote devices Good Morning/Afternoon, I'm looking for a little assistance with automating IP changes on several hundred servers. The vast majority will be Windows 2003 but there may be some Windows 2000 boxes mixed in there. I'm going to need to change the DNS and WINS IP addresses on our servers with static assignments. I'm thinking VB would be the best language to use, unfortunately I'm not real strong with VB so I was hoping someone might have some already written code I could manipulate (certainly not asking anyone to write anything for me!). The main problem is that I can't rely on any continuity amongst the servers. Meaning, the interface names may not be the same (LAN Connection X), and some servers may have multiple NICs for which I only need to modify one. I was hoping it would be possible to query the current configuration of the NICs and identify ones with DNS IP 1 = X and then modify those to DNS IP 1 = Y. I'd like to do this for the primary and secondary DNS and WINs references. Any pointers at all would be much appreciated. - Sean ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Calling service
Something like this? http://www.caas.com/Pages/default.aspx -- Richard D. McClary Systems Administrator, Information Technology Group ASPCA® 1717 S. Philo Rd, Ste 36 Urbana, IL 61802 richardmccl...@aspca.org P: 217-337-9761 C: 217-417-1182 F: 217-337-9761 www.aspca.org The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals® (ASPCA ®) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. David McSpadden dav...@imcu.com wrote on 05/17/2010 08:45:52 AM: Any ideas for companies that will call a group of people for you. We are looking (just thinking about) for a service that will call and answer back calls in case of a disaster. So the Plan administrator make 1 call and the service notifies and records who has received the calls etc? Any info would be greatly appreciated. ?Please consider the environment before printing this email.? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Possible false-positive for Vipre
Hehheh heh he said: unit From: David W. McSpadden [mailto:dav...@imcu.com] Sent: Tuesday, May 18, 2010 1:31 PM To: NT System Admin Issues Subject: RE: Possible false-positive for Vipre Don't you mean ME2 unit? From: greg.swe...@actsconsulting.net [mailto:greg.swe...@actsconsulting.net] Sent: Tuesday, May 18, 2010 1:14 PM To: NT System Admin Issues Subject: RE: Possible false-positive for Vipre I'm afraid my mission to bring you to Alderaan(Vipre Forum) has failed. I've placed information vital to the survival of the rebellion(your PC) into the memory systems of this R2 unit. **Memory** http://supportforums.sunbeltsoftware.com/ From: David W. McSpadden [mailto:dav...@imcu.com] Sent: Tuesday, May 18, 2010 1:04 PM To: NT System Admin Issues Subject: RE: Possible false-positive for Vipre This is not the forum I am looking for. Whoa dude you need to watch that hand waving. I just about left Mos Eisley From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Tuesday, May 18, 2010 1:02 PM To: NT System Admin Issues Subject: Re: Possible false-positive for Vipre waves hand This is not the forum you are looking for. -- ME2 On Mon, May 17, 2010 at 7:21 AM, John Aldrich jaldr...@blueridgecarpet.commailto:jaldr...@blueridgecarpet.com wrote: An app that is supposed to keep your flash drives clean is called flash disinfector and Vipre Enterprise is alerting on it as containing a Trojan. Anyone got any clue whether this is a valid alert? [cid:image001.jpg@01CAF680.4DD12780][cid:image002@01caf680.4dd12780] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~inline: image001.jpginline: image002.jpg
Re: Possible false-positive for Vipre
HARDWARE WARS!!! Nice reference! I remember seeing that as a short on HBO, wy before cable TV... -- ME2 On Tue, May 18, 2010 at 10:30 AM, Charlie Kaiser charl...@golden-eagle.orgwrote: Help me Augie Ben-Doggie; you're my only hope... *** Charlie Kaiser charl...@golden-eagle.org Kingman, AZ *** -Original Message- From: greg.swe...@actsconsulting.net [mailto:greg.swe...@actsconsulting.net] Sent: Tuesday, May 18, 2010 10:14 AM To: NT System Admin Issues Subject: RE: Possible false-positive for Vipre I'm afraid my mission to bring you to Alderaan(Vipre Forum) has failed. I've placed information vital to the survival of the rebellion(your PC) into the memory systems of this R2 unit. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Possible false-positive for Vipre
I know I'm getting old, but you dont have to rub it in! I just need to get some RAM every once in a while, and I'm back up to performance levels - I swear! -- ME2 On Tue, May 18, 2010 at 10:42 AM, greg.swe...@actsconsulting.net wrote: I thought the R2 was the upgraded unit of the ME2, more memory and faster processor. J *From:* David W. McSpadden [mailto:dav...@imcu.com] *Sent:* Tuesday, May 18, 2010 1:31 PM *To:* NT System Admin Issues *Subject:* RE: Possible false-positive for Vipre Don’t you mean ME2 unit? -- *From:* greg.swe...@actsconsulting.net [mailto: greg.swe...@actsconsulting.net] *Sent:* Tuesday, May 18, 2010 1:14 PM *To:* NT System Admin Issues *Subject:* RE: Possible false-positive for Vipre I'm afraid my mission to bring you to Alderaan(Vipre Forum) has failed. I've placed information vital to the survival of the rebellion(your PC) into the memory systems of this R2 unit. **Memory** http://supportforums.sunbeltsoftware.com/ *From:* David W. McSpadden [mailto:dav...@imcu.com] *Sent:* Tuesday, May 18, 2010 1:04 PM *To:* NT System Admin Issues *Subject:* RE: Possible false-positive for Vipre This is not the forum I am looking for. Whoa dude you need to watch that hand waving. I just about left Mos Eisley…. -- *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com] *Sent:* Tuesday, May 18, 2010 1:02 PM *To:* NT System Admin Issues *Subject:* Re: Possible false-positive for Vipre waves hand This is not the forum you are looking for. -- ME2 On Mon, May 17, 2010 at 7:21 AM, John Aldrich jaldr...@blueridgecarpet.com wrote: An app that is supposed to keep your flash drives “clean” is called “flash disinfector” and Vipre Enterprise is alerting on it as containing a Trojan. Anyone got any clue whether this is a valid alert? [image: John-Aldrich][image: Tile-Tools] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~image001.jpgimage002.jpg
RE: Scripting IP Changes on remote devices
Other than a DoS from a rouge DHCP server, I'm not sure I see too many issues with DHCP either. That said, how often do you actually change IP addresses for a server? -Malcolm From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Tuesday, May 18, 2010 13:35 To: NT System Admin Issues Subject: Re: Scripting IP Changes on remote devices So I've heard and have worked in similar environments, but, I have never heard a convincing argument for it as a security concern. It can be quite easy in a properly planned and operated environment. I honestly dont take any aspects of IT as trivial, and I think that anything that allows for centralized control to be paramount in IT operations. As far as workload goes, I have found DHCP reservations to require less workload than independently configured hosts. Independently configured hosts are going to require more man-hours and leg work, or a good deal of scripting skill. Centralized control via DHCP is also going to be easier to hand-off to other administrators. -- ME2 On Tue, May 18, 2010 at 10:54 AM, Malcolm Reitz malcolm.re...@live.com wrote: There are places that prefer not to enable DHCP on server subnets for security reasons. Also, managing DHCP reservations will be a non-trivial operational workload in a dynamic data center. -Malcolm From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Tuesday, May 18, 2010 11:52 To: NT System Admin Issues Subject: Re: Scripting IP Changes on remote devices +1 If you are going to do the work of manually configuring specific IP addresses, why not do it in a way that is centrally manageable? Although you did say servers... I would still go with DHCP possible. -- ME2 On Fri, May 14, 2010 at 3:13 PM, Jonathan Link jonathan.l...@gmail.com wrote: Any reason to have static? Consider DHCP with reservations so this kind of transition could be managed centrally in the future? As long as your rolling out the script you could have it switch from static to dynic and be done. Of course all this is predicated on not having a major reasons to be static. On Friday, May 14, 2010, Brian Desmond br...@briandesmond.com wrote: This is fairly easy to do with WMI. You just want to iterate through the IPEnabled adapters collection and there are methods to stamp WINS and DNS servers. I'd suggest inspecting the current settings and using that data to decide whether you stamp or not. WINS is a simple primary/secondary stamp, DNS is a collection you need to clear and populate. Thanks,Brian desmondbr...@briandesmond.com c - 312.731.3132 From: Sean Martin [mailto:seanmarti...@gmail.com] Sent: Friday, May 14, 2010 2:43 PM To: NT System Admin Issues Subject: Scripting IP Changes on remote devices Good Morning/Afternoon, I'm looking for a little assistance with automating IP changes on several hundred servers. The vast majority will be Windows 2003 but there may be some Windows 2000 boxes mixed in there. I'm going to need to change the DNS and WINS IP addresses on our servers with static assignments. I'm thinking VB would be the best language to use, unfortunately I'm not real strong with VB so I was hoping someone might have some already written code I could manipulate (certainly not asking anyone to write anything for me!). The main problem is that I can't rely on any continuity amongst the servers. Meaning, the interface names may not be the same (LAN Connection X), and some servers may have multiple NICs for which I only need to modify one. I was hoping it would be possible to query the current configuration of the NICs and identify ones with DNS IP 1 = X and then modify those to DNS IP 1 = Y. I'd like to do this for the primary and secondary DNS and WINs references. Any pointers at all would be much appreciated. - Sean ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Scripting IP Changes on remote devices
Not often at all. There is definitely a case for either way - especially when you take into account the environment and staff into consideration. Certainly it may be the case that managing DHCP for servers might over-complicate your environment. But, I always lean toward centralized manageability. -- ME2 On Tue, May 18, 2010 at 12:01 PM, Malcolm Reitz malcolm.re...@live.comwrote: Other than a DoS from a rouge DHCP server, I’m not sure I see too many issues with DHCP either. That said, how often do you actually change IP addresses for a server? -Malcolm *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com] *Sent:* Tuesday, May 18, 2010 13:35 *To:* NT System Admin Issues *Subject:* Re: Scripting IP Changes on remote devices So I've heard and have worked in similar environments, but, I have never heard a convincing argument for it as a security concern. It can be quite easy in a properly planned and operated environment. I honestly dont take any aspects of IT as trivial, and I think that anything that allows for centralized control to be paramount in IT operations. As far as workload goes, I have found DHCP reservations to require less workload than independently configured hosts. Independently configured hosts are going to require more man-hours and leg work, or a good deal of scripting skill. Centralized control via DHCP is also going to be easier to hand-off to other administrators. -- ME2 On Tue, May 18, 2010 at 10:54 AM, Malcolm Reitz malcolm.re...@live.com wrote: There are places that prefer not to enable DHCP on server subnets for security reasons. Also, managing DHCP reservations will be a non-trivial operational workload in a dynamic data center. -Malcolm *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com] *Sent:* Tuesday, May 18, 2010 11:52 *To:* NT System Admin Issues *Subject:* Re: Scripting IP Changes on remote devices +1 If you are going to do the work of manually configuring specific IP addresses, why not do it in a way that is centrally manageable? Although you did say servers... I would still go with DHCP possible. -- ME2 On Fri, May 14, 2010 at 3:13 PM, Jonathan Link jonathan.l...@gmail.com wrote: Any reason to have static? Consider DHCP with reservations so this kind of transition could be managed centrally in the future? As long as your rolling out the script you could have it switch from static to dynic and be done. Of course all this is predicated on not having a major reasons to be static. On Friday, May 14, 2010, Brian Desmond br...@briandesmond.com wrote: This is fairly easy to do with WMI. You just want to iterate through the IPEnabled adapters collection and there are methods to stamp WINS and DNS servers. I’d suggest inspecting the current settings and using that data to decide whether you stamp or not. WINS is a simple primary/secondary stamp, DNS is a collection you need to clear and populate. Thanks,Brian desmondbr...@briandesmond.com c – 312.731.3132 From: Sean Martin [mailto:seanmarti...@gmail.com] Sent: Friday, May 14, 2010 2:43 PM To: NT System Admin Issues Subject: Scripting IP Changes on remote devices Good Morning/Afternoon, I'm looking for a little assistance with automating IP changes on several hundred servers. The vast majority will be Windows 2003 but there may be some Windows 2000 boxes mixed in there. I'm going to need to change the DNS and WINS IP addresses on our servers with static assignments. I'm thinking VB would be the best language to use, unfortunately I'm not real strong with VB so I was hoping someone might have some already written code I could manipulate (certainly not asking anyone to write anything for me!). The main problem is that I can't rely on any continuity amongst the servers. Meaning, the interface names may not be the same (LAN Connection X), and some servers may have multiple NICs for which I only need to modify one. I was hoping it would be possible to query the current configuration of the NICs and identify ones with DNS IP 1 = X and then modify those to DNS IP 1 = Y. I'd like to do this for the primary and secondary DNS and WINs references. Any pointers at all would be much appreciated. - Sean ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Scripting IP Changes on remote devices
You could also statically assign an IP address to a server in DHCP. Best of both worlds? J John-AldrichTile-Tools From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Tuesday, May 18, 2010 3:53 PM To: NT System Admin Issues Subject: Re: Scripting IP Changes on remote devices Not often at all. There is definitely a case for either way - especially when you take into account the environment and staff into consideration. Certainly it may be the case that managing DHCP for servers might over-complicate your environment. But, I always lean toward centralized manageability. -- ME2 On Tue, May 18, 2010 at 12:01 PM, Malcolm Reitz malcolm.re...@live.com wrote: Other than a DoS from a rouge DHCP server, I'm not sure I see too many issues with DHCP either. That said, how often do you actually change IP addresses for a server? -Malcolm From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Tuesday, May 18, 2010 13:35 To: NT System Admin Issues Subject: Re: Scripting IP Changes on remote devices So I've heard and have worked in similar environments, but, I have never heard a convincing argument for it as a security concern. It can be quite easy in a properly planned and operated environment. I honestly dont take any aspects of IT as trivial, and I think that anything that allows for centralized control to be paramount in IT operations. As far as workload goes, I have found DHCP reservations to require less workload than independently configured hosts. Independently configured hosts are going to require more man-hours and leg work, or a good deal of scripting skill. Centralized control via DHCP is also going to be easier to hand-off to other administrators. -- ME2 On Tue, May 18, 2010 at 10:54 AM, Malcolm Reitz malcolm.re...@live.com wrote: There are places that prefer not to enable DHCP on server subnets for security reasons. Also, managing DHCP reservations will be a non-trivial operational workload in a dynamic data center. -Malcolm From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Tuesday, May 18, 2010 11:52 To: NT System Admin Issues Subject: Re: Scripting IP Changes on remote devices +1 If you are going to do the work of manually configuring specific IP addresses, why not do it in a way that is centrally manageable? Although you did say servers... I would still go with DHCP possible. -- ME2 On Fri, May 14, 2010 at 3:13 PM, Jonathan Link jonathan.l...@gmail.com wrote: Any reason to have static? Consider DHCP with reservations so this kind of transition could be managed centrally in the future? As long as your rolling out the script you could have it switch from static to dynic and be done. Of course all this is predicated on not having a major reasons to be static. On Friday, May 14, 2010, Brian Desmond br...@briandesmond.com wrote: This is fairly easy to do with WMI. You just want to iterate through the IPEnabled adapters collection and there are methods to stamp WINS and DNS servers. I'd suggest inspecting the current settings and using that data to decide whether you stamp or not. WINS is a simple primary/secondary stamp, DNS is a collection you need to clear and populate. Thanks,Brian desmondbr...@briandesmond.com c - 312.731.3132 From: Sean Martin [mailto:seanmarti...@gmail.com] Sent: Friday, May 14, 2010 2:43 PM To: NT System Admin Issues Subject: Scripting IP Changes on remote devices Good Morning/Afternoon, I'm looking for a little assistance with automating IP changes on several hundred servers. The vast majority will be Windows 2003 but there may be some Windows 2000 boxes mixed in there. I'm going to need to change the DNS and WINS IP addresses on our servers with static assignments. I'm thinking VB would be the best language to use, unfortunately I'm not real strong with VB so I was hoping someone might have some already written code I could manipulate (certainly not asking anyone to write anything for me!). The main problem is that I can't rely on any continuity amongst the servers. Meaning, the interface names may not be the same (LAN Connection X), and some servers may have multiple NICs for which I only need to modify one. I was hoping it would be possible to query the current configuration of the NICs and identify ones with DNS IP 1 = X and then modify those to DNS IP 1 = Y. I'd like to do this for the primary and secondary DNS and WINs references. Any pointers at all would be much appreciated. - Sean ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~image001.jpgimage002.jpg
RE: Scripting IP Changes on remote devices
Centralized = good; I'm with you on that! -Malcolm From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Tuesday, May 18, 2010 14:53 To: NT System Admin Issues Subject: Re: Scripting IP Changes on remote devices Not often at all. There is definitely a case for either way - especially when you take into account the environment and staff into consideration. Certainly it may be the case that managing DHCP for servers might over-complicate your environment. But, I always lean toward centralized manageability. -- ME2 On Tue, May 18, 2010 at 12:01 PM, Malcolm Reitz malcolm.re...@live.com wrote: Other than a DoS from a rouge DHCP server, I'm not sure I see too many issues with DHCP either. That said, how often do you actually change IP addresses for a server? -Malcolm From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Tuesday, May 18, 2010 13:35 To: NT System Admin Issues Subject: Re: Scripting IP Changes on remote devices So I've heard and have worked in similar environments, but, I have never heard a convincing argument for it as a security concern. It can be quite easy in a properly planned and operated environment. I honestly dont take any aspects of IT as trivial, and I think that anything that allows for centralized control to be paramount in IT operations. As far as workload goes, I have found DHCP reservations to require less workload than independently configured hosts. Independently configured hosts are going to require more man-hours and leg work, or a good deal of scripting skill. Centralized control via DHCP is also going to be easier to hand-off to other administrators. -- ME2 On Tue, May 18, 2010 at 10:54 AM, Malcolm Reitz malcolm.re...@live.com wrote: There are places that prefer not to enable DHCP on server subnets for security reasons. Also, managing DHCP reservations will be a non-trivial operational workload in a dynamic data center. -Malcolm From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Tuesday, May 18, 2010 11:52 To: NT System Admin Issues Subject: Re: Scripting IP Changes on remote devices +1 If you are going to do the work of manually configuring specific IP addresses, why not do it in a way that is centrally manageable? Although you did say servers... I would still go with DHCP possible. -- ME2 On Fri, May 14, 2010 at 3:13 PM, Jonathan Link jonathan.l...@gmail.com wrote: Any reason to have static? Consider DHCP with reservations so this kind of transition could be managed centrally in the future? As long as your rolling out the script you could have it switch from static to dynic and be done. Of course all this is predicated on not having a major reasons to be static. On Friday, May 14, 2010, Brian Desmond br...@briandesmond.com wrote: This is fairly easy to do with WMI. You just want to iterate through the IPEnabled adapters collection and there are methods to stamp WINS and DNS servers. I'd suggest inspecting the current settings and using that data to decide whether you stamp or not. WINS is a simple primary/secondary stamp, DNS is a collection you need to clear and populate. Thanks,Brian desmondbr...@briandesmond.com c - 312.731.3132 From: Sean Martin [mailto:seanmarti...@gmail.com] Sent: Friday, May 14, 2010 2:43 PM To: NT System Admin Issues Subject: Scripting IP Changes on remote devices Good Morning/Afternoon, I'm looking for a little assistance with automating IP changes on several hundred servers. The vast majority will be Windows 2003 but there may be some Windows 2000 boxes mixed in there. I'm going to need to change the DNS and WINS IP addresses on our servers with static assignments. I'm thinking VB would be the best language to use, unfortunately I'm not real strong with VB so I was hoping someone might have some already written code I could manipulate (certainly not asking anyone to write anything for me!). The main problem is that I can't rely on any continuity amongst the servers. Meaning, the interface names may not be the same (LAN Connection X), and some servers may have multiple NICs for which I only need to modify one. I was hoping it would be possible to query the current configuration of the NICs and identify ones with DNS IP 1 = X and then modify those to DNS IP 1 = Y. I'd like to do this for the primary and secondary DNS and WINs references. Any pointers at all would be much appreciated. - Sean ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Quest ActiveRoles
As I said, my review was from a friend and I believe him on the support location. :) On Tue, May 18, 2010 at 10:18 AM, Free, Bob r...@pge.com wrote: Hmmm, I just got an email from an engineer in Brazil for a case a pre-sales engineer opened on ARS. We have ARD for a long time and a case is trying to be made for an upgrade. Since ARD came from FastLane, the support was still out of Halifax last I heard but I'm not sure about ARS. @ Steven- YMMV but the right sales rep can help with licensing...BTDT And that's about as specific as I am going to get. :-] -Original Message- From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Thursday, May 06, 2010 4:39 PM To: NT System Admin Issues Subject: RE: Quest ActiveRoles Quest's support for this is out of Canada most likely (Atlantic Time - very cold)...I could double check but I'd put money on Canada. ARS is a solid product - I've used it at several customers. Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 -Original Message- From: Steven Peck [mailto:sep...@gmail.com] Sent: Thursday, May 06, 2010 6:37 PM To: NT System Admin Issues Subject: Re: Quest ActiveRoles I use the free AD cmdlets which are nice. A friend who uses it and is not subscribed and his comments were: 'works for our environment. tech support is over seas so difficult to get.' 'worst complaint is licensing. Quest wants license for each and every account that it sees' As a result of the licensing issue, they are switching to Microsoft Identity Management. They have a rather large and complex environment where they are doing essentially a hosted Exchange implementation (60,000 mailboxes) for a number of of trusted domains connected in. And that's about as specific as I am going to get. Steven On Thu, May 6, 2010 at 3:40 PM, Rubens Almeida rubensalme...@gmail.com wrote: I don't know how we'd manage an AD with nearly 89k objects without it! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Scripting IP Changes on remote devices
This brings up an interesting discussion topic, for which I haven't found much information. What are some of the pros/cons of using DHCP for servers (other than what has already been stated)? We currently maintain reserved addresses in DHCP for all of our clients/printers etc (and would definiltey do so for servers). Extending that same management methodology wouldn't be much of a learning curve for most of our folks. As I said before, I think the idea behind using static addresses is simply because that's how we've always done it. I've heard mention of not using DHCP to prevent DHCP broadcasts but with a properly designed lease interval, I can't imagine the DHCP traffic being that much of burden on today's networks - Sean On Tue, May 18, 2010 at 9:54 AM, Malcolm Reitz malcolm.re...@live.comwrote: There are places that prefer not to enable DHCP on server subnets for security reasons. Also, managing DHCP reservations will be a non-trivial operational workload in a dynamic data center. -Malcolm *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com] *Sent:* Tuesday, May 18, 2010 11:52 *To:* NT System Admin Issues *Subject:* Re: Scripting IP Changes on remote devices +1 If you are going to do the work of manually configuring specific IP addresses, why not do it in a way that is centrally manageable? Although you did say servers... I would still go with DHCP possible. -- ME2 On Fri, May 14, 2010 at 3:13 PM, Jonathan Link jonathan.l...@gmail.com wrote: Any reason to have static? Consider DHCP with reservations so this kind of transition could be managed centrally in the future? As long as your rolling out the script you could have it switch from static to dynic and be done. Of course all this is predicated on not having a major reasons to be static. On Friday, May 14, 2010, Brian Desmond br...@briandesmond.com wrote: This is fairly easy to do with WMI. You just want to iterate through the IPEnabled adapters collection and there are methods to stamp WINS and DNS servers. I’d suggest inspecting the current settings and using that data to decide whether you stamp or not. WINS is a simple primary/secondary stamp, DNS is a collection you need to clear and populate. Thanks,Brian desmondbr...@briandesmond.com c – 312.731.3132 From: Sean Martin [mailto:seanmarti...@gmail.com] Sent: Friday, May 14, 2010 2:43 PM To: NT System Admin Issues Subject: Scripting IP Changes on remote devices Good Morning/Afternoon, I'm looking for a little assistance with automating IP changes on several hundred servers. The vast majority will be Windows 2003 but there may be some Windows 2000 boxes mixed in there. I'm going to need to change the DNS and WINS IP addresses on our servers with static assignments. I'm thinking VB would be the best language to use, unfortunately I'm not real strong with VB so I was hoping someone might have some already written code I could manipulate (certainly not asking anyone to write anything for me!). The main problem is that I can't rely on any continuity amongst the servers. Meaning, the interface names may not be the same (LAN Connection X), and some servers may have multiple NICs for which I only need to modify one. I was hoping it would be possible to query the current configuration of the NICs and identify ones with DNS IP 1 = X and then modify those to DNS IP 1 = Y. I'd like to do this for the primary and secondary DNS and WINs references. Any pointers at all would be much appreciated. - Sean ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Scripting IP Changes on remote devices
I don't like DHCP for servers, because in an emergency, there is the potential for the wrong thing to happen and servers not come up in a timely fashion. Given the infrequency of IP changes on servers, I'm fine with a manual configuration. Having a rogue DHCP device wreak havoc with workstations is never as problematic as with servers. -ASB: http://XeeSM.com/AndrewBaker On Tue, May 18, 2010 at 4:24 PM, Sean Martin seanmarti...@gmail.com wrote: This brings up an interesting discussion topic, for which I haven't found much information. What are some of the pros/cons of using DHCP for servers (other than what has already been stated)? We currently maintain reserved addresses in DHCP for all of our clients/printers etc (and would definiltey do so for servers). Extending that same management methodology wouldn't be much of a learning curve for most of our folks. As I said before, I think the idea behind using static addresses is simply because that's how we've always done it. I've heard mention of not using DHCP to prevent DHCP broadcasts but with a properly designed lease interval, I can't imagine the DHCP traffic being that much of burden on today's networks - Sean On Tue, May 18, 2010 at 9:54 AM, Malcolm Reitz malcolm.re...@live.comwrote: There are places that prefer not to enable DHCP on server subnets for security reasons. Also, managing DHCP reservations will be a non-trivial operational workload in a dynamic data center. -Malcolm *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com] *Sent:* Tuesday, May 18, 2010 11:52 *To:* NT System Admin Issues *Subject:* Re: Scripting IP Changes on remote devices +1 If you are going to do the work of manually configuring specific IP addresses, why not do it in a way that is centrally manageable? Although you did say servers... I would still go with DHCP possible. -- ME2 On Fri, May 14, 2010 at 3:13 PM, Jonathan Link jonathan.l...@gmail.com wrote: Any reason to have static? Consider DHCP with reservations so this kind of transition could be managed centrally in the future? As long as your rolling out the script you could have it switch from static to dynic and be done. Of course all this is predicated on not having a major reasons to be static. On Friday, May 14, 2010, Brian Desmond br...@briandesmond.com wrote: This is fairly easy to do with WMI. You just want to iterate through the IPEnabled adapters collection and there are methods to stamp WINS and DNS servers. I’d suggest inspecting the current settings and using that data to decide whether you stamp or not. WINS is a simple primary/secondary stamp, DNS is a collection you need to clear and populate. Thanks,Brian desmondbr...@briandesmond.com c – 312.731.3132 From: Sean Martin [mailto:seanmarti...@gmail.com] Sent: Friday, May 14, 2010 2:43 PM To: NT System Admin Issues Subject: Scripting IP Changes on remote devices Good Morning/Afternoon, I'm looking for a little assistance with automating IP changes on several hundred servers. The vast majority will be Windows 2003 but there may be some Windows 2000 boxes mixed in there. I'm going to need to change the DNS and WINS IP addresses on our servers with static assignments. I'm thinking VB would be the best language to use, unfortunately I'm not real strong with VB so I was hoping someone might have some already written code I could manipulate (certainly not asking anyone to write anything for me!). The main problem is that I can't rely on any continuity amongst the servers. Meaning, the interface names may not be the same (LAN Connection X), and some servers may have multiple NICs for which I only need to modify one. I was hoping it would be possible to query the current configuration of the NICs and identify ones with DNS IP 1 = X and then modify those to DNS IP 1 = Y. I'd like to do this for the primary and secondary DNS and WINs references. Any pointers at all would be much appreciated. - Sean ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Scripting IP Changes on remote devices
Which leads back to what your environment is like, how it is segmented, how it is controlled, etc, etc. I wouldnt suggest to DHCP-enable all servers. But seeing as most server services are accessed by name, and given that most modern servers can self-register in DNS, yadda yadda yadda. But, yes, with greater complexity comes greater chance of issues. No question. -- ME2 On Tue, May 18, 2010 at 1:47 PM, Andrew S. Baker asbz...@gmail.com wrote: I don't like DHCP for servers, because in an emergency, there is the potential for the wrong thing to happen and servers not come up in a timely fashion. Given the infrequency of IP changes on servers, I'm fine with a manual configuration. Having a rogue DHCP device wreak havoc with workstations is never as problematic as with servers. -ASB: http://XeeSM.com/AndrewBaker On Tue, May 18, 2010 at 4:24 PM, Sean Martin seanmarti...@gmail.comwrote: This brings up an interesting discussion topic, for which I haven't found much information. What are some of the pros/cons of using DHCP for servers (other than what has already been stated)? We currently maintain reserved addresses in DHCP for all of our clients/printers etc (and would definiltey do so for servers). Extending that same management methodology wouldn't be much of a learning curve for most of our folks. As I said before, I think the idea behind using static addresses is simply because that's how we've always done it. I've heard mention of not using DHCP to prevent DHCP broadcasts but with a properly designed lease interval, I can't imagine the DHCP traffic being that much of burden on today's networks - Sean On Tue, May 18, 2010 at 9:54 AM, Malcolm Reitz malcolm.re...@live.comwrote: There are places that prefer not to enable DHCP on server subnets for security reasons. Also, managing DHCP reservations will be a non-trivial operational workload in a dynamic data center. -Malcolm *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com] *Sent:* Tuesday, May 18, 2010 11:52 *To:* NT System Admin Issues *Subject:* Re: Scripting IP Changes on remote devices +1 If you are going to do the work of manually configuring specific IP addresses, why not do it in a way that is centrally manageable? Although you did say servers... I would still go with DHCP possible. -- ME2 On Fri, May 14, 2010 at 3:13 PM, Jonathan Link jonathan.l...@gmail.com wrote: Any reason to have static? Consider DHCP with reservations so this kind of transition could be managed centrally in the future? As long as your rolling out the script you could have it switch from static to dynic and be done. Of course all this is predicated on not having a major reasons to be static. On Friday, May 14, 2010, Brian Desmond br...@briandesmond.com wrote: This is fairly easy to do with WMI. You just want to iterate through the IPEnabled adapters collection and there are methods to stamp WINS and DNS servers. I’d suggest inspecting the current settings and using that data to decide whether you stamp or not. WINS is a simple primary/secondary stamp, DNS is a collection you need to clear and populate. Thanks,Brian desmondbr...@briandesmond.com c – 312.731.3132 From: Sean Martin [mailto:seanmarti...@gmail.com] Sent: Friday, May 14, 2010 2:43 PM To: NT System Admin Issues Subject: Scripting IP Changes on remote devices Good Morning/Afternoon, I'm looking for a little assistance with automating IP changes on several hundred servers. The vast majority will be Windows 2003 but there may be some Windows 2000 boxes mixed in there. I'm going to need to change the DNS and WINS IP addresses on our servers with static assignments. I'm thinking VB would be the best language to use, unfortunately I'm not real strong with VB so I was hoping someone might have some already written code I could manipulate (certainly not asking anyone to write anything for me!). The main problem is that I can't rely on any continuity amongst the servers. Meaning, the interface names may not be the same (LAN Connection X), and some servers may have multiple NICs for which I only need to modify one. I was hoping it would be possible to query the current configuration of the NICs and identify ones with DNS IP 1 = X and then modify those to DNS IP 1 = Y. I'd like to do this for the primary and secondary DNS and WINs references. Any pointers at all would be much appreciated. - Sean ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Scripting IP Changes on remote devices
For me it depends on the server if it's static at the server or DHCP assigned. In general the more things I have on DHCP the better, but it depends on the server role and how it's being accessed and by what. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Tuesday, May 18, 2010 2:03 PM To: NT System Admin Issues Subject: Re: Scripting IP Changes on remote devices Which leads back to what your environment is like, how it is segmented, how it is controlled, etc, etc. I wouldnt suggest to DHCP-enable all servers. But seeing as most server services are accessed by name, and given that most modern servers can self-register in DNS, yadda yadda yadda. But, yes, with greater complexity comes greater chance of issues. No question. -- ME2 On Tue, May 18, 2010 at 1:47 PM, Andrew S. Baker asbz...@gmail.commailto:asbz...@gmail.com wrote: I don't like DHCP for servers, because in an emergency, there is the potential for the wrong thing to happen and servers not come up in a timely fashion. Given the infrequency of IP changes on servers, I'm fine with a manual configuration. Having a rogue DHCP device wreak havoc with workstations is never as problematic as with servers. -ASB: http://XeeSM.com/AndrewBaker On Tue, May 18, 2010 at 4:24 PM, Sean Martin seanmarti...@gmail.commailto:seanmarti...@gmail.com wrote: This brings up an interesting discussion topic, for which I haven't found much information. What are some of the pros/cons of using DHCP for servers (other than what has already been stated)? We currently maintain reserved addresses in DHCP for all of our clients/printers etc (and would definiltey do so for servers). Extending that same management methodology wouldn't be much of a learning curve for most of our folks. As I said before, I think the idea behind using static addresses is simply because that's how we've always done it. I've heard mention of not using DHCP to prevent DHCP broadcasts but with a properly designed lease interval, I can't imagine the DHCP traffic being that much of burden on today's networks - Sean On Tue, May 18, 2010 at 9:54 AM, Malcolm Reitz malcolm.re...@live.commailto:malcolm.re...@live.com wrote: There are places that prefer not to enable DHCP on server subnets for security reasons. Also, managing DHCP reservations will be a non-trivial operational workload in a dynamic data center. -Malcolm From: Micheal Espinola Jr [mailto:michealespin...@gmail.commailto:michealespin...@gmail.com] Sent: Tuesday, May 18, 2010 11:52 To: NT System Admin Issues Subject: Re: Scripting IP Changes on remote devices +1 If you are going to do the work of manually configuring specific IP addresses, why not do it in a way that is centrally manageable? Although you did say servers... I would still go with DHCP possible. -- ME2 On Fri, May 14, 2010 at 3:13 PM, Jonathan Link jonathan.l...@gmail.commailto:jonathan.l...@gmail.com wrote: Any reason to have static? Consider DHCP with reservations so this kind of transition could be managed centrally in the future? As long as your rolling out the script you could have it switch from static to dynic and be done. Of course all this is predicated on not having a major reasons to be static. On Friday, May 14, 2010, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com wrote: This is fairly easy to do with WMI. You just want to iterate through the IPEnabled adapters collection and there are methods to stamp WINS and DNS servers. I'd suggest inspecting the current settings and using that data to decide whether you stamp or not. WINS is a simple primary/secondary stamp, DNS is a collection you need to clear and populate. Thanks,Brian desmondbr...@briandesmond.commailto:desmondbr...@briandesmond.com c - 312.731.3132 From: Sean Martin [mailto:seanmarti...@gmail.commailto:seanmarti...@gmail.com] Sent: Friday, May 14, 2010 2:43 PM To: NT System Admin Issues Subject: Scripting IP Changes on remote devices Good Morning/Afternoon, I'm looking for a little assistance with automating IP changes on several hundred servers. The vast majority will be Windows 2003 but there may be some Windows 2000 boxes mixed in there. I'm going to need to change the DNS and WINS IP addresses on our servers with static assignments. I'm thinking VB would be the best language to use, unfortunately I'm not real strong with VB so I was hoping someone might have some already written code I could manipulate (certainly not asking anyone to write anything for me!). The main problem is that I can't rely on any continuity amongst the servers. Meaning, the interface names may not be the same (LAN Connection X), and some servers may have multiple NICs for which I only need to modify one. I was hoping it would be possible to query the current configuration of the NICs and identify
Re: Possible false-positive for Vipre
On Tue, May 18, 2010 at 2:51 PM, Micheal Espinola Jr michealespin...@gmail.com wrote: HARDWARE WARS!!! Nice reference! How about CPU WARS? http://www.e-pix.com/CPUWARS/cpuwars.html Eat flaming death, minicomputer mongrels! -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Possible false-positive for Vipre
Don't remember or never heard of it... The requested URL /CPUWARS/chapter.html was not found on this server. :-( -- ME2 On Tue, May 18, 2010 at 2:19 PM, Ben Scott mailvor...@gmail.com wrote: On Tue, May 18, 2010 at 2:51 PM, Micheal Espinola Jr michealespin...@gmail.com wrote: HARDWARE WARS!!! Nice reference! How about CPU WARS? http://www.e-pix.com/CPUWARS/cpuwars.html Eat flaming death, minicomputer mongrels! -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Friday Meet the developers at Sunbelt
Hat tip for Greg Sweers for organizing this, we are inviting a small group of admins to come to the Sunbelt offices in Clearwater, Florida to meet all Friday afternoon with the VIPRE Enterprise development team. The purpose will be to provide feedback and direction to our development team in making the next versions of VIPRE. We have a small group, but I'm opening it up to any others that might want to come. This will be a very direct, personal meeting with the dev team. If anyone on the list would like to come to the meeting, please contact me directly. Alex ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Friday Meet the developers at Sunbelt
What time will we be starting exactly? John W. Cook Systems Administrator Partnership for Strong Families From: Alex Eckelberry al...@sunbelt-software.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Tue May 18 17:36:36 2010 Subject: Friday Meet the developers at Sunbelt Hat tip for Greg Sweers for organizing this, we are inviting a small group of admins to come to the Sunbelt offices in Clearwater, Florida to meet all Friday afternoon with the VIPRE Enterprise development team. The purpose will be to provide feedback and direction to our development team in making the next versions of VIPRE. We have a small group, but I'm opening it up to any others that might want to come. This will be a very direct, personal meeting with the dev team. If anyone on the list would like to come to the meeting, please contact me directly. Alex CONFIDENTIALITY STATEMENT: The information transmitted, or contained or attached to or with this Notice is intended only for the person or entity to which it is addressed and may contain Protected Health Information (PHI), confidential and/or privileged material. Any review, transmission, dissemination, or other use of, and taking any action in reliance upon this information by persons or entities other than the intended recipient without the express written consent of the sender are prohibited. This information may be protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other Federal and Florida laws. Improper or unauthorized use or disclosure of this information could result in civil and/or criminal penalties. Consider the environment. Please don't print this e-mail unless you really need to. This email and any attached files are confidential and intended solely for the intended recipient(s). If you are not the named recipient you should not read, distribute, copy or alter this email. Any views or opinions expressed in this email are those of the author and do not represent those of the company. Warning: Although precautions have been taken to make sure no viruses are present in this email, the company cannot accept responsibility for any loss or damage that arise from the use of this email or attachments. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Friday Meet the developers at Sunbelt
Who is bringing the donuts? On Tue, May 18, 2010 at 4:39 PM, John Cook john.c...@pfsf.org wrote: What time will we be starting exactly? John W. Cook Systems Administrator Partnership for Strong Families -- *From*: Alex Eckelberry al...@sunbelt-software.com *To*: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com *Sent*: Tue May 18 17:36:36 2010 *Subject*: Friday Meet the developers at Sunbelt Hat tip for Greg Sweers for organizing this, we are inviting a small group of admins to come to the Sunbelt offices in Clearwater, Florida to meet all Friday afternoon with the VIPRE Enterprise development team. The purpose will be to provide feedback and direction to our development team in making the next versions of VIPRE. We have a small group, but I'm opening it up to any others that might want to come. This will be a very direct, personal meeting with the dev team. If anyone on the list would like to come to the meeting, please contact me directly. Alex -- CONFIDENTIALITY STATEMENT: The information transmitted, or contained or attached to or with this Notice is intended only for the person or entity to which it is addressed and may contain Protected Health Information (PHI), confidential and/or privileged material. Any review, transmission, dissemination, or other use of, and taking any action in reliance upon this information by persons or entities other than the intended recipient without the express written consent of the sender are prohibited. This information may be protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other Federal and Florida laws. Improper or unauthorized use or disclosure of this information could result in civil and/or criminal penalties. Consider the environment. Please don't print this e-mail unless you really need to. This email and any attached files are confidential and intended solely for the intended recipient(s). If you are not the named recipient you should not read, distribute, copy or alter this email. Any views or opinions expressed in this email are those of the author and do not represent those of the company. Warning: Although precautions have been taken to make sure no viruses are present in this email, the company cannot accept responsibility for any loss or damage that arise from the use of this email or attachments. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Scripting IP Changes on remote devices
On Tue, May 18, 2010 at 4:24 PM, Sean Martin seanmarti...@gmail.com wrote: What are some of the pros/cons of using DHCP for servers...? For an environment like you describe, with hundreds of servers, I would recommend DHCP for all but critical network infrastructure servers. I'd use manual configuration for anything serving DHCP, DNS, WINS, or Active Directory. Everything else, DHCP, with reservations. Just to be clear: DHCP does not have to mean a dynamic IP address. You can statically assign an IP address via a DHCP reservation. And there are tools to help you do things like automatically provision the reservations, based on name or MAC address or whatever. I've heard mention of not using DHCP to prevent DHCP broadcasts but with a properly designed lease interval, I can't imagine the DHCP traffic being that much of burden on today's networks As ME2 says, it really depends on the environment, but I would generally agree. You'll already be needing infrastructure to support DNS, prolly Active Directory, possibly WINS, Window Updates, etc., etc. If DHCP is going to push you over the edge you're already way too close to the edge. :) The one thing you *may* notice is a surge in broadcast traffic after rebooting or starting a large group of servers -- say, after a software update, or a long power outage. In general, though, you're already going to be seeing that due to ARP and maybe NetBIOS registration. So again, if this is a problem you're likely already experiencing it. The usual solution is to stagger reboot/startup. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Friday Meet the developers at Sunbelt
Mm - doughnuts! John W. Cook Systems Administrator Partnership for Strong Families From: Steve Ens stevey...@gmail.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Tue May 18 17:40:49 2010 Subject: Re: Friday Meet the developers at Sunbelt Who is bringing the donuts? On Tue, May 18, 2010 at 4:39 PM, John Cook john.c...@pfsf.orgmailto:john.c...@pfsf.org wrote: What time will we be starting exactly? John W. Cook Systems Administrator Partnership for Strong Families From: Alex Eckelberry al...@sunbelt-software.commailto:al...@sunbelt-software.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sent: Tue May 18 17:36:36 2010 Subject: Friday Meet the developers at Sunbelt Hat tip for Greg Sweers for organizing this, we are inviting a small group of admins to come to the Sunbelt offices in Clearwater, Florida to meet all Friday afternoon with the VIPRE Enterprise development team. The purpose will be to provide feedback and direction to our development team in making the next versions of VIPRE. We have a small group, but I'm opening it up to any others that might want to come. This will be a very direct, personal meeting with the dev team. If anyone on the list would like to come to the meeting, please contact me directly. Alex CONFIDENTIALITY STATEMENT: The information transmitted, or contained or attached to or with this Notice is intended only for the person or entity to which it is addressed and may contain Protected Health Information (PHI), confidential and/or privileged material. Any review, transmission, dissemination, or other use of, and taking any action in reliance upon this information by persons or entities other than the intended recipient without the express written consent of the sender are prohibited. This information may be protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other Federal and Florida laws. Improper or unauthorized use or disclosure of this information could result in civil and/or criminal penalties. Consider the environment. Please don't print this e-mail unless you really need to. This email and any attached files are confidential and intended solely for the intended recipient(s). If you are not the named recipient you should not read, distribute, copy or alter this email. Any views or opinions expressed in this email are those of the author and do not represent those of the company. Warning: Although precautions have been taken to make sure no viruses are present in this email, the company cannot accept responsibility for any loss or damage that arise from the use of this email or attachments. CONFIDENTIALITY STATEMENT: The information transmitted, or contained or attached to or with this Notice is intended only for the person or entity to which it is addressed and may contain Protected Health Information (PHI), confidential and/or privileged material. Any review, transmission, dissemination, or other use of, and taking any action in reliance upon this information by persons or entities other than the intended recipient without the express written consent of the sender are prohibited. This information may be protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other Federal and Florida laws. Improper or unauthorized use or disclosure of this information could result in civil and/or criminal penalties. Consider the environment. Please don't print this e-mail unless you really need to. This email and any attached files are confidential and intended solely for the intended recipient(s). If you are not the named recipient you should not read, distribute, copy or alter this email. Any views or opinions expressed in this email are those of the author and do not represent those of the company. Warning: Although precautions have been taken to make sure no viruses are present in this email, the company cannot accept responsibility for any loss or damage that arise from the use of this email or attachments. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Possible false-positive for Vipre
On Tue, May 18, 2010 at 5:22 PM, Micheal Espinola Jr michealespin...@gmail.com wrote: How about CPU WARS? Don't remember or never heard of it... Ancient DEC humor, passed on to me by several ex-DEC friends. (I like in southern NH, not all that far from Maynard, so any computer-related event is usually like going to a DEC reunion.) The requested URL /CPUWARS/chapter.html was not found on this server. The site suffers from link rot. The Index button and link still work: http://www.e-pix.com/CPUWARS/Comic/index.html -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Friday Meet the developers at Sunbelt
Donuts?? I would expect some ribeye's out on the grill ;) Steve Ens stevey...@gmail.com 5/18/2010 2:40 PM Who is bringing the donuts? On Tue, May 18, 2010 at 4:39 PM, John Cook john.c...@pfsf.org wrote: What time will we be starting exactly? John W. Cook Systems Administrator Partnership for Strong Families -- *From*: Alex Eckelberry al...@sunbelt-software.com *To*: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com *Sent*: Tue May 18 17:36:36 2010 *Subject*: Friday Meet the developers at Sunbelt Hat tip for Greg Sweers for organizing this, we are inviting a small group of admins to come to the Sunbelt offices in Clearwater, Florida to meet all Friday afternoon with the VIPRE Enterprise development team. The purpose will be to provide feedback and direction to our development team in making the next versions of VIPRE. We have a small group, but I'm opening it up to any others that might want to come. This will be a very direct, personal meeting with the dev team. If anyone on the list would like to come to the meeting, please contact me directly. Alex -- CONFIDENTIALITY STATEMENT: The information transmitted, or contained or attached to or with this Notice is intended only for the person or entity to which it is addressed and may contain Protected Health Information (PHI), confidential and/or privileged material. Any review, transmission, dissemination, or other use of, and taking any action in reliance upon this information by persons or entities other than the intended recipient without the express written consent of the sender are prohibited. This information may be protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other Federal and Florida laws. Improper or unauthorized use or disclosure of this information could result in civil and/or criminal penalties. Consider the environment. Please don't print this e-mail unless you really need to. This email and any attached files are confidential and intended solely for the intended recipient(s). If you are not the named recipient you should not read, distribute, copy or alter this email. Any views or opinions expressed in this email are those of the author and do not represent those of the company. Warning: Although precautions have been taken to make sure no viruses are present in this email, the company cannot accept responsibility for any loss or damage that arise from the use of this email or attachments. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Possible false-positive for Vipre
There was HBO before cable TV? Phillip Partipilo Parametric Solutions Inc. Jupiter, Florida (561) 747-6107 From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Tuesday, May 18, 2010 2:52 PM To: NT System Admin Issues Subject: Re: Possible false-positive for Vipre HARDWARE WARS!!! Nice reference! I remember seeing that as a short on HBO, wy before cable TV... -- ME2 On Tue, May 18, 2010 at 10:30 AM, Charlie Kaiser charl...@golden-eagle.orgmailto:charl...@golden-eagle.org wrote: Help me Augie Ben-Doggie; you're my only hope... *** Charlie Kaiser charl...@golden-eagle.orgmailto:charl...@golden-eagle.org Kingman, AZ *** -Original Message- From: greg.swe...@actsconsulting.netmailto:greg.swe...@actsconsulting.net [mailto:greg.swe...@actsconsulting.netmailto:greg.swe...@actsconsulting.net] Sent: Tuesday, May 18, 2010 10:14 AM To: NT System Admin Issues Subject: RE: Possible false-positive for Vipre I'm afraid my mission to bring you to Alderaan(Vipre Forum) has failed. I've placed information vital to the survival of the rebellion(your PC) into the memory systems of this R2 unit. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Scripting IP Changes on remote devices
First, thanks for all of the feedback. Some interesting opinions out there. I've always been open to change so it's good to hear all of the positives/negatives regarding which route to take. It sounds like DHCP would be the way to go with the majority of our servers, excluding the infrastructure servers. With that said, it's probably a change that will occur through attrition rather than changing our current method all at once. The main reason for that is our network services department wants us to change the subnets our servers currently reside on to further segment stuff. We've got way too much work on our plates to investigate changing the addresses on all of our servers so that will already be a slow transition. In the meantime, a co-worker and I put together what we hope is a functional VB script that will make the necessary changes to the existing WINs and DNS settings. If anyone's interested in seeing it (and maybe reviewing it for validity), I'd be happy to pass it along. - Sean On Tue, May 18, 2010 at 1:41 PM, Ben Scott mailvor...@gmail.com wrote: On Tue, May 18, 2010 at 4:24 PM, Sean Martin seanmarti...@gmail.com wrote: What are some of the pros/cons of using DHCP for servers...? For an environment like you describe, with hundreds of servers, I would recommend DHCP for all but critical network infrastructure servers. I'd use manual configuration for anything serving DHCP, DNS, WINS, or Active Directory. Everything else, DHCP, with reservations. Just to be clear: DHCP does not have to mean a dynamic IP address. You can statically assign an IP address via a DHCP reservation. And there are tools to help you do things like automatically provision the reservations, based on name or MAC address or whatever. I've heard mention of not using DHCP to prevent DHCP broadcasts but with a properly designed lease interval, I can't imagine the DHCP traffic being that much of burden on today's networks As ME2 says, it really depends on the environment, but I would generally agree. You'll already be needing infrastructure to support DNS, prolly Active Directory, possibly WINS, Window Updates, etc., etc. If DHCP is going to push you over the edge you're already way too close to the edge. :) The one thing you *may* notice is a surge in broadcast traffic after rebooting or starting a large group of servers -- say, after a software update, or a long power outage. In general, though, you're already going to be seeing that due to ARP and maybe NetBIOS registration. So again, if this is a problem you're likely already experiencing it. The usual solution is to stagger reboot/startup. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Possible false-positive for Vipre
Yep, it was a point-to-point service (or something like that). You got a special directional antenna attached to your roof. First was HBO from what I can recall. Second was, umm, the Star Channel? (not to be confused with the modern Stars network channel)... Can anyone correct me if I am wrong? -- ME2 On Tue, May 18, 2010 at 3:27 PM, Phillip Partipilo p...@psnet.com wrote: There was HBO before cable TV? Phillip Partipilo Parametric Solutions Inc. Jupiter, Florida (561) 747-6107 *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com] *Sent:* Tuesday, May 18, 2010 2:52 PM *To:* NT System Admin Issues *Subject:* Re: Possible false-positive for Vipre HARDWARE WARS!!! Nice reference! I remember seeing that as a short on HBO, wy before cable TV... -- ME2 On Tue, May 18, 2010 at 10:30 AM, Charlie Kaiser charl...@golden-eagle.org wrote: Help me Augie Ben-Doggie; you're my only hope... *** Charlie Kaiser charl...@golden-eagle.org Kingman, AZ *** -Original Message- From: greg.swe...@actsconsulting.net [mailto:greg.swe...@actsconsulting.net] Sent: Tuesday, May 18, 2010 10:14 AM To: NT System Admin Issues Subject: RE: Possible false-positive for Vipre I'm afraid my mission to bring you to Alderaan(Vipre Forum) has failed. I've placed information vital to the survival of the rebellion(your PC) into the memory systems of this R2 unit. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Scripting IP Changes on remote devices
Its always welcomed to share useful scripts! -- ME2 On Tue, May 18, 2010 at 3:29 PM, Sean Martin seanmarti...@gmail.com wrote: First, thanks for all of the feedback. Some interesting opinions out there. I've always been open to change so it's good to hear all of the positives/negatives regarding which route to take. It sounds like DHCP would be the way to go with the majority of our servers, excluding the infrastructure servers. With that said, it's probably a change that will occur through attrition rather than changing our current method all at once. The main reason for that is our network services department wants us to change the subnets our servers currently reside on to further segment stuff. We've got way too much work on our plates to investigate changing the addresses on all of our servers so that will already be a slow transition. In the meantime, a co-worker and I put together what we hope is a functional VB script that will make the necessary changes to the existing WINs and DNS settings. If anyone's interested in seeing it (and maybe reviewing it for validity), I'd be happy to pass it along. - Sean On Tue, May 18, 2010 at 1:41 PM, Ben Scott mailvor...@gmail.com wrote: On Tue, May 18, 2010 at 4:24 PM, Sean Martin seanmarti...@gmail.com wrote: What are some of the pros/cons of using DHCP for servers...? For an environment like you describe, with hundreds of servers, I would recommend DHCP for all but critical network infrastructure servers. I'd use manual configuration for anything serving DHCP, DNS, WINS, or Active Directory. Everything else, DHCP, with reservations. Just to be clear: DHCP does not have to mean a dynamic IP address. You can statically assign an IP address via a DHCP reservation. And there are tools to help you do things like automatically provision the reservations, based on name or MAC address or whatever. I've heard mention of not using DHCP to prevent DHCP broadcasts but with a properly designed lease interval, I can't imagine the DHCP traffic being that much of burden on today's networks As ME2 says, it really depends on the environment, but I would generally agree. You'll already be needing infrastructure to support DNS, prolly Active Directory, possibly WINS, Window Updates, etc., etc. If DHCP is going to push you over the edge you're already way too close to the edge. :) The one thing you *may* notice is a surge in broadcast traffic after rebooting or starting a large group of servers -- say, after a software update, or a long power outage. In general, though, you're already going to be seeing that due to ARP and maybe NetBIOS registration. So again, if this is a problem you're likely already experiencing it. The usual solution is to stagger reboot/startup. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Friday Meet the developers at Sunbelt
1 pm on Friday From: John Cook [mailto:john.c...@pfsf.org] Sent: Tuesday, May 18, 2010 5:39 PM To: NT System Admin Issues Subject: Re: Friday Meet the developers at Sunbelt What time will we be starting exactly? John W. Cook Systems Administrator Partnership for Strong Families From: Alex Eckelberry al...@sunbelt-software.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Tue May 18 17:36:36 2010 Subject: Friday Meet the developers at Sunbelt Hat tip for Greg Sweers for organizing this, we are inviting a small group of admins to come to the Sunbelt offices in Clearwater, Florida to meet all Friday afternoon with the VIPRE Enterprise development team. The purpose will be to provide feedback and direction to our development team in making the next versions of VIPRE. We have a small group, but I'm opening it up to any others that might want to come. This will be a very direct, personal meeting with the dev team. If anyone on the list would like to come to the meeting, please contact me directly. Alex CONFIDENTIALITY STATEMENT: The information transmitted, or contained or attached to or with this Notice is intended only for the person or entity to which it is addressed and may contain Protected Health Information (PHI), confidential and/or privileged material. Any review, transmission, dissemination, or other use of, and taking any action in reliance upon this information by persons or entities other than the intended recipient without the express written consent of the sender are prohibited. This information may be protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other Federal and Florida laws. Improper or unauthorized use or disclosure of this information could result in civil and/or criminal penalties. Consider the environment. Please don't print this e-mail unless you really need to. This email and any attached files are confidential and intended solely for the intended recipient(s). If you are not the named recipient you should not read, distribute, copy or alter this email. Any views or opinions expressed in this email are those of the author and do not represent those of the company. Warning: Although precautions have been taken to make sure no viruses are present in this email, the company cannot accept responsibility for any loss or damage that arise from the use of this email or attachments. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Friday Meet the developers at Sunbelt
Who's paying the airfare? On Tue, May 18, 2010 at 14:36, Alex Eckelberry al...@sunbelt-software.com wrote: Hat tip for Greg Sweers for organizing this, we are inviting a small group of admins to come to the Sunbelt offices in Clearwater, Florida to meet all Friday afternoon with the VIPRE Enterprise development team. The purpose will be to provide feedback and direction to our development team in making the next versions of VIPRE. We have a small group, but I'm opening it up to any others that might want to come. This will be a very direct, personal meeting with the dev team. If anyone on the list would like to come to the meeting, please contact me directly. Alex ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Friday Meet the developers at Sunbelt
Who's disposing of the bodies? -- ME2 On Tue, May 18, 2010 at 4:40 PM, Kurt Buff kurt.b...@gmail.com wrote: Who's paying the airfare? On Tue, May 18, 2010 at 14:36, Alex Eckelberry al...@sunbelt-software.com wrote: Hat tip for Greg Sweers for organizing this, we are inviting a small group of admins to come to the Sunbelt offices in Clearwater, Florida to meet all Friday afternoon with the VIPRE Enterprise development team. The purpose will be to provide feedback and direction to our development team in making the next versions of VIPRE. We have a small group, but I'm opening it up to any others that might want to come. This will be a very direct, personal meeting with the dev team. If anyone on the list would like to come to the meeting, please contact me directly. Alex ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Friday Meet the developers at Sunbelt
Is the food that bad? On Tue, May 18, 2010 at 16:52, Micheal Espinola Jr michealespin...@gmail.com wrote: Who's disposing of the bodies? -- ME2 On Tue, May 18, 2010 at 4:40 PM, Kurt Buff kurt.b...@gmail.com wrote: Who's paying the airfare? On Tue, May 18, 2010 at 14:36, Alex Eckelberry al...@sunbelt-software.com wrote: Hat tip for Greg Sweers for organizing this, we are inviting a small group of admins to come to the Sunbelt offices in Clearwater, Florida to meet all Friday afternoon with the VIPRE Enterprise development team. The purpose will be to provide feedback and direction to our development team in making the next versions of VIPRE. We have a small group, but I'm opening it up to any others that might want to come. This will be a very direct, personal meeting with the dev team. If anyone on the list would like to come to the meeting, please contact me directly. Alex ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Scripting IP Changes on remote devices
Script lush! On Tue, May 18, 2010 at 7:21 PM, Micheal Espinola Jr michealespin...@gmail.com wrote: Its always welcomed to share useful scripts! -- ME2 On Tue, May 18, 2010 at 3:29 PM, Sean Martin seanmarti...@gmail.comwrote: First, thanks for all of the feedback. Some interesting opinions out there. I've always been open to change so it's good to hear all of the positives/negatives regarding which route to take. It sounds like DHCP would be the way to go with the majority of our servers, excluding the infrastructure servers. With that said, it's probably a change that will occur through attrition rather than changing our current method all at once. The main reason for that is our network services department wants us to change the subnets our servers currently reside on to further segment stuff. We've got way too much work on our plates to investigate changing the addresses on all of our servers so that will already be a slow transition. In the meantime, a co-worker and I put together what we hope is a functional VB script that will make the necessary changes to the existing WINs and DNS settings. If anyone's interested in seeing it (and maybe reviewing it for validity), I'd be happy to pass it along. - Sean On Tue, May 18, 2010 at 1:41 PM, Ben Scott mailvor...@gmail.comwrote: On Tue, May 18, 2010 at 4:24 PM, Sean Martin seanmarti...@gmail.com wrote: What are some of the pros/cons of using DHCP for servers...? For an environment like you describe, with hundreds of servers, I would recommend DHCP for all but critical network infrastructure servers. I'd use manual configuration for anything serving DHCP, DNS, WINS, or Active Directory. Everything else, DHCP, with reservations. Just to be clear: DHCP does not have to mean a dynamic IP address. You can statically assign an IP address via a DHCP reservation. And there are tools to help you do things like automatically provision the reservations, based on name or MAC address or whatever. I've heard mention of not using DHCP to prevent DHCP broadcasts but with a properly designed lease interval, I can't imagine the DHCP traffic being that much of burden on today's networks As ME2 says, it really depends on the environment, but I would generally agree. You'll already be needing infrastructure to support DNS, prolly Active Directory, possibly WINS, Window Updates, etc., etc. If DHCP is going to push you over the edge you're already way too close to the edge. :) The one thing you *may* notice is a surge in broadcast traffic after rebooting or starting a large group of servers -- say, after a software update, or a long power outage. In general, though, you're already going to be seeing that due to ARP and maybe NetBIOS registration. So again, if this is a problem you're likely already experiencing it. The usual solution is to stagger reboot/startup. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Possible false-positive for Vipre
On Tue, May 18, 2010 at 7:19 PM, Micheal Espinola Jr michealespin...@gmail.com wrote: Yep, it was a point-to-point service (or something like that). You got a special directional antenna attached to your roof. Are you sure you're not thinking of old-fashioned satellite TV? Not the modern mini-dish stuff; I'm talking about the giant C-band dishes. They're used by TV networks to distribute their programming from central studios to local broadcast points and cable head-ends. The occasional home AV snob would have a receiver. The programming was all transmitted in the clear so there was nothing stopping people other than the (usually significant) expense of the equipment. Can anyone correct me if I am wrong? The always-reliable Wikipedia /irony says that HBO began as one of the first pay TV services using underground cable in Manhattan, and Manhattan only. It later added satellite distribution. http://en.wikipedia.org/wiki/HBO -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Possible false-positive for Vipre
Nope, not dish or Satellite - at least not where I grew up in Cambridge, Massachusetts, or in nearby Chelmsford, Massachusetts. The antenna looked like some cheesy B-movie alien ray-gun (seriously), and it had to be pointed in the direction of... diety knows what, in order to work. I remember my grandparents had the Star Channel, and sometime soon after my parents subscribed to HBO. This was definitely late-70's/early-80's, and the domestic/local transmission method was defiantly over-air, but not by any appearances dish/satellite based. When cable TV became available, they simply left the antennas on everyones roofs AFAIK. I had a friend in NH that definitely did watch HBO by a honkingly huge satellite dish in his yard around the same time as well -- ME2 On Tue, May 18, 2010 at 5:05 PM, Ben Scott mailvor...@gmail.com wrote: On Tue, May 18, 2010 at 7:19 PM, Micheal Espinola Jr michealespin...@gmail.com wrote: Yep, it was a point-to-point service (or something like that). You got a special directional antenna attached to your roof. Are you sure you're not thinking of old-fashioned satellite TV? Not the modern mini-dish stuff; I'm talking about the giant C-band dishes. They're used by TV networks to distribute their programming from central studios to local broadcast points and cable head-ends. The occasional home AV snob would have a receiver. The programming was all transmitted in the clear so there was nothing stopping people other than the (usually significant) expense of the equipment. Can anyone correct me if I am wrong? The always-reliable Wikipedia /irony says that HBO began as one of the first pay TV services using underground cable in Manhattan, and Manhattan only. It later added satellite distribution. http://en.wikipedia.org/wiki/HBO -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Possible false-positive for Vipre
I bought a house in about 1994 that had one of those huge military grade parabolic dishes. Could pick up quite a few things, including a lot of the network feeds before they made it to the news, and some foreign broadcasts. No encryption at all, but it was difficult to 'plan' to watch anything in particular. On Tue, May 18, 2010 at 5:05 PM, Ben Scott mailvor...@gmail.com wrote: On Tue, May 18, 2010 at 7:19 PM, Micheal Espinola Jr michealespin...@gmail.com wrote: Yep, it was a point-to-point service (or something like that). You got a special directional antenna attached to your roof. Are you sure you're not thinking of old-fashioned satellite TV? Not the modern mini-dish stuff; I'm talking about the giant C-band dishes. They're used by TV networks to distribute their programming from central studios to local broadcast points and cable head-ends. The occasional home AV snob would have a receiver. The programming was all transmitted in the clear so there was nothing stopping people other than the (usually significant) expense of the equipment. Can anyone correct me if I am wrong? The always-reliable Wikipedia /irony says that HBO began as one of the first pay TV services using underground cable in Manhattan, and Manhattan only. It later added satellite distribution. http://en.wikipedia.org/wiki/HBO -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ -- David _ A general dissolution of principles and manners will more surely overthrow the liberties of America than the whole force of the common enemy. --Samuel Adams ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
