RE: Is anyone using the Shavlik HFnetchk Pro 7. 2 or 7.5 agents
Thanks Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org From: Mark Boersma [mailto:ma...@triangle-inc.com] Sent: Wednesday, May 26, 2010 8:44 PM To: NT System Admin Issues Subject: RE: Is anyone using the Shavlik HFnetchk Pro 7. 2 or 7.5 agents Negative, I've been running the agents since 7.2, now on 7.5 without any issues. Imho the agents are by far the least intrusive and easiest way to go. Mark - Two rules for success in life: 1. Never tell people everything you know. Mark Boersma IT Manager Triangle Associates, Inc. ma...@triangle-inc.com From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, May 26, 2010 4:19 PM To: NT System Admin Issues Subject: Is anyone using the Shavlik HFnetchk Pro 7. 2 or 7.5 agents We are doing small deployment to figure out whether to switch over to Agent based patching with Shavlik 7.5. We tried out the Agent push on 2 XP SP3 workstations today, and getting reports from the users that IE is not working, cant click on anything in the screen ( Fields within a webpage, Google Search fields etc etc) Anyone else seen this? Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org Please consider the environment before printing this email. CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipients(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
WebSense V5000 appliance
Anyone using any of the WebSense V-Series appliances for web filtering? We already have an IronPort and are looking to put one of these appliances in to replace our existing WebSense WebFilter software, as we have problems integrating it with our workstations and Citrix servers together. Does anyone have any good/bad real-world experiences to share? I'd be particularly interested in hearing how well they play with Citrix XenApp systems, but all input is appreciated. TIA, JRR -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Big Changes Ahead for IT - Anyone seen this?
...said Steven. Shook From: Steven M. Caesare [mailto:scaes...@caesare.com] Sent: Wednesday, May 26, 2010 7:02 PM To: NT System Admin Issues Subject: RE: Big Changes Ahead for IT - Anyone seen this? This thread is surprisingly subdued. -sc From: Damien Solodow [mailto:damien.solo...@harrison.edu] Sent: Wednesday, May 26, 2010 3:58 PM To: NT System Admin Issues Subject: RE: Big Changes Ahead for IT - Anyone seen this? I don't think this will produce anything substantive.. From: David Lum [mailto:david@nwea.org] Sent: Wednesday, May 26, 2010 3:56 PM To: NT System Admin Issues Subject: RE: Big Changes Ahead for IT - Anyone seen this? No, he means subversion. From: Damien Solodow [mailto:damien.solo...@harrison.edu] Sent: Wednesday, May 26, 2010 12:53 PM To: NT System Admin Issues Subject: RE: Big Changes Ahead for IT - Anyone seen this? Don't you mean subtraction? ;) From: Steven M. Caesare [mailto:scaes...@caesare.com] Sent: Wednesday, May 26, 2010 3:47 PM To: NT System Admin Issues Subject: RE: Big Changes Ahead for IT - Anyone seen this? Subjection skills ain't what they used to be. -sc From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Wednesday, May 26, 2010 3:40 PM To: NT System Admin Issues Subject: RE: Big Changes Ahead for IT - Anyone seen this? What? That can subject 2 from 32? :) Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Steven M. Caesare [mailto:scaes...@caesare.com] Sent: Wednesday, May 26, 2010 3:35 PM To: NT System Admin Issues Subject: RE: Big Changes Ahead for IT - Anyone seen this? I'd love to have candidates with that ability. They are hard to find... -sc From: David Lum [mailto:david@nwea.org] Sent: Wednesday, May 26, 2010 1:20 PM To: NT System Admin Issues Subject: RE: Big Changes Ahead for IT - Anyone seen this? I would fail the OSI part (sure I could Google it just now) as it was back in the NetWare days that I learned about it in a class. Heard of it, does that count? 27-bit subnet? Not off the top of my head, I'd have to think okay a .128 mask is 25 bits I can explain DNS and forwarding, MX records, Aliases, HOSTS file, DHCP incl. reservations, and give you jack of all trades firewall info, conceptualize memory protection rings, and go to town on registry, AD and GPO design as well as give examples of being able to handle a near vertical learning curve. Am I hired? The way I view being an IT guy is day in and day out I'm not necessarily using $30/hr expertise, but there are spikes where I feel I surpass the I've got certs but no real IT skills Joe at figuring something out and at those times word 2-3x my nominal salary so on balance it works out. That's my story I'm stickin' to it. From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Wednesday, May 26, 2010 9:22 AM To: NT System Admin Issues Subject: RE: Big Changes Ahead for IT - Anyone seen this? It's kinda funny that you mention the OSI model, since there are any number of people here that will dismiss it as irrelevant (personally I think that it's very relevant to know if you want to advance in an IT career) Corporations, in an ever ending quest to cut costs (or at least, regulate costs) will not continue to pay ludicrous amounts of money for the dross that the IT industry produces. There are far too many people being paid inflated salaries in this industry, without being able to deliver tangible/measurable results. One only needs to look at project delivery in large corporations, and at the small end, the dedicated people who manage to do tasks in a manual manner (this list included has people who have the time to spend working out the best way to do some task for an individual user, yet they must get paid $30-60k, which no other industry would accept). As the industry matures there simply will not be the opportunity for mediocrity to survive, just like every other mature industry. If you are merely average, you'll earn an average salary, and you won't be part of IT - or you might be part of an IT provider conglomerate. If you want to be a 6-7 figure earner, then you'll need to provide ever increasing levels of business value, just like every other industry (with the possible exception of Sales, where a really good pitch can make up for lack of substance, but let's not confuse sales and delivery :) ) Cheers Ken From: Steven M. Caesare [mailto:scaes...@caesare.com] Sent: Wednesday, 26 May 2010 11:39 PM To: NT System Admin Issues Subject: RE: Big Changes Ahead for IT - Anyone seen this? I've dismissed more network candidates than I can remember because they couldn't calculate the number of hosts in a subnet. Or had even heard of an OSI model. Systems Engineers who are at a loss to even at a high level explain the ideas of process, threads, memory protection, etc... Windows Admins who are clueless about registry interaction, CMD line tools, authorization principles, environment variables, etc...
RE: Veering even more OT - was: Re: Big Changes Ahead for IT - Anyone seen this?
And it's so flippin amazing how many times I get distracted and called off to some problem where often my first line of defense when some brown matter is hitting the fan, is simply start with an easy reboot, and so often that’s all that’s required. You'd think users would figure this out before panicking and picking up the phone. Phillip Partipilo Parametric Solutions Inc. Jupiter, Florida (561) 747-6107 -Original Message- From: greg.swe...@actsconsulting.net [mailto:greg.swe...@actsconsulting.net] Sent: Thursday, May 27, 2010 1:18 AM To: NT System Admin Issues Subject: RE: Veering even more OT - was: Re: Big Changes Ahead for IT - Anyone seen this? I have told some of my guys that it’s the karate kid methodology. If you don’t have connectivity. Check the cable, check link, check errors on switch... Cant ping, check IP, check subnet, check gateway Etc etc etc... Wax on, wax off Paint the fence Sand the floor Next thing you know you are doing karate or checking out networks.. Not completely accurate, but it wasn’t the best example of karate either.. Greg -Original Message- From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Thursday, May 27, 2010 12:47 AM To: NT System Admin Issues Subject: RE: Veering even more OT - was: Re: Big Changes Ahead for IT - Anyone seen this? Agreed. You don't need to know OSI to be able to put some network infrastructure together. You don't need to know normalisation to design a database. You don't need to know OOP to write an application. But all of this theory is quite useful in doing things in a better way, because they provide frameworks that have been around for a long time, which many people are familiar with, and which haven't been replaced with something better yet. And as you acquire new knowledge, they provide the background info that lets you see how it all hangs together. Cheers Ken -Original Message- From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Thursday, 27 May 2010 10:01 AM To: NT System Admin Issues Subject: RE: Veering even more OT - was: Re: Big Changes Ahead for IT - Anyone seen this? It all comes down to this : The OSI model is part of the 'fundamental' knowledge. It's not 100% required to learn concepts above and more accurate, but it *does* provide a great background for learning and applying the knowledge you do gain. Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' -Original Message- From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Wednesday, May 26, 2010 9:54 PM To: NT System Admin Issues Subject: RE: Veering even more OT - was: Re: Big Changes Ahead for IT - Anyone seen this? OSI, per se, doesn't help anyone do anything. But it provides a framework, so that when you're discussing some problem with another engineer/architect/PM and they say why don't we do 'x'? you can draw up something quick and say: the problem is here: +- | - what you are talking about +- | +- | -problem is here +- This can help when architecting an encryption solution, or when you're troubleshooting some network issue. It provides a hierarchy of requirements (upper levels are not going to work if something lower in the stack isn't). Cheers Ken ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Modular malware
http://isc.sans.org/diary.html?storyid=8857 David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
laptop encryption
There was a post last week about HIPAA compliance and a small part of that discussion there were a couple of encryption programs mentioned. I have bitlocker running on the OS's that happen to come with it, and need something for those that don't. Might consider OS upgrade if the encryption piece is too costly. anyone using something they LOVE? any chance there is a program that will report encryption status back to a management station? tiafah. Jeff ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: laptop encryption
TrueCrypt...free. http://www.truecrypt.org/ Bill Lambert Concuity Phone 847-941-9206 The information contained in this e-mail message, including any attached files, is intended only for the personal and confidential use of the recipient(s) named above. If you are not the intended recipient (or authorized to receive information for the recipient) you are hereby notified that you have received this communication in error and that any review, dissemination, distribution, or copying of this message is strictly prohibited. If you have received this communication in error, please contact the sender by reply email and delete all copies of this message. Thank you. From: Jeff Brown [mailto:2jbr...@gmail.com] Sent: Thursday, May 27, 2010 9:58 AM To: NT System Admin Issues Subject: laptop encryption There was a post last week about HIPAA compliance and a small part of that discussion there were a couple of encryption programs mentioned. I have bitlocker running on the OS's that happen to come with it, and need something for those that don't. Might consider OS upgrade if the encryption piece is too costly. anyone using something they LOVE? any chance there is a program that will report encryption status back to a management station? tiafah. Jeff ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: laptop encryption
Truecrypt is pretty easy and free. Karl Bickmore MSCE NT4/2K/2K3, MCP, MCP+I, MCSA 2K/2K3 LPI-1, CCNA, CCDA, Net+,Security+,Linux+ DataCore SANmelody Certified 6613 N Scottsdale Road Suite 101 Scottsdale AZ, 85250 480-553-9967 X100 k...@ccnsconsulting.commailto:k...@ccnsconsulting.com [cid:image001.jpg@01CAFD72.C579BFB0] Please remember CCNS is a referral based business. If you have a friend or colleague in need, we are happy to help. Feel free to pass along our contact information to anyone you think we can help. Thanks! From: Jeff Brown [mailto:2jbr...@gmail.com] Sent: Thursday, May 27, 2010 7:58 AM To: NT System Admin Issues Subject: laptop encryption There was a post last week about HIPAA compliance and a small part of that discussion there were a couple of encryption programs mentioned. I have bitlocker running on the OS's that happen to come with it, and need something for those that don't. Might consider OS upgrade if the encryption piece is too costly. anyone using something they LOVE? any chance there is a program that will report encryption status back to a management station? tiafah. Jeff ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~inline: image001.jpg
RE: Is anyone using the Shavlik HFnetchk Pro 7. 2 or 7.5 agents
Well there is a way to turn that offer in the agents I believe, since we are using Mcrappy still. Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org From: Stu Sjouwerman [mailto:s...@sunbelt-software.com] Sent: Thursday, May 27, 2010 9:57 AM To: NT System Admin Issues Subject: RE: Is anyone using the Shavlik HFnetchk Pro 7. 2 or 7.5 agents And they include the VIPRE engine... (so it must be good) J Warm regards, Stu Sjouwerman Co-Founder, Publisher, Sunbelt Media P: +1-727-562-0101 ext 218 F: +1-727-562-5199 s...@sunbelt-software.com From: Mark Boersma [mailto:ma...@triangle-inc.com] Sent: Wednesday, May 26, 2010 8:44 PM To: NT System Admin Issues Subject: RE: Is anyone using the Shavlik HFnetchk Pro 7. 2 or 7.5 agents Negative, I've been running the agents since 7.2, now on 7.5 without any issues. Imho the agents are by far the least intrusive and easiest way to go. Mark - Two rules for success in life: 1. Never tell people everything you know. Mark Boersma IT Manager Triangle Associates, Inc. ma...@triangle-inc.com From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, May 26, 2010 4:19 PM To: NT System Admin Issues Subject: Is anyone using the Shavlik HFnetchk Pro 7. 2 or 7.5 agents We are doing small deployment to figure out whether to switch over to Agent based patching with Shavlik 7.5. We tried out the Agent push on 2 XP SP3 workstations today, and getting reports from the users that IE is not working, cant click on anything in the screen ( Fields within a webpage, Google Search fields etc etc) Anyone else seen this? Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org Please consider the environment before printing this email. CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipients(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Veering even more OT - was: Re: Big Changes Ahead for IT - Anyone seen this?
Understanding databases falls into the same category in my opinion. Some things I run into I can make sense of only because of days of using dBase IV to catalog and categorize my albums. Knowing the difference between a record and a row is sometimes the difference between comprehending it or not, for example. Dave -Original Message- From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Wednesday, May 26, 2010 7:01 PM To: NT System Admin Issues Subject: RE: Veering even more OT - was: Re: Big Changes Ahead for IT - Anyone seen this? It all comes down to this : The OSI model is part of the 'fundamental' knowledge. It's not 100% required to learn concepts above and more accurate, but it *does* provide a great background for learning and applying the knowledge you do gain. Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' -Original Message- From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Wednesday, May 26, 2010 9:54 PM To: NT System Admin Issues Subject: RE: Veering even more OT - was: Re: Big Changes Ahead for IT - Anyone seen this? OSI, per se, doesn't help anyone do anything. But it provides a framework, so that when you're discussing some problem with another engineer/architect/PM and they say why don't we do 'x'? you can draw up something quick and say: the problem is here: +- | - what you are talking about +- | +- | -problem is here +- This can help when architecting an encryption solution, or when you're troubleshooting some network issue. It provides a hierarchy of requirements (upper levels are not going to work if something lower in the stack isn't). Cheers Ken ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: laptop encryption
We're using Symantec Endpoint Encryption, biggest pile of crap ever. We were rolling it out to external self employed contractor types, killed nearly half of them. Switched to TrueCrypt on any that didn't work, management soon realised what a mistake they made. A hell of a lot easier, AND it makes you create a recovery disk before you start. Don't know about the reporting in of it tho, haven't looked at it personally, managed to avoid the encryption fiasco. Regards Tony Patton Desktop Operations Cavan Ext 8078 Direct Dial 049 435 2878 email: tony.pat...@quinn-insurance.com From: Karl Bickmore k...@ccnsconsulting.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Date: 27/05/2010 16:01 Subject:RE: laptop encryption Truecrypt is pretty easy and free. Karl Bickmore MSCE NT4/2K/2K3, MCP, MCP+I, MCSA 2K/2K3 LPI-1, CCNA, CCDA, Net+,Security+,Linux+ DataCore SANmelody Certified 6613 N Scottsdale Road Suite 101 Scottsdale AZ, 85250 480-553-9967 X100 k...@ccnsconsulting.com Please remember CCNS is a referral based business. If you have a friend or colleague in need, we are happy to help. Feel free to pass along our contact information to anyone you think we can help. Thanks! From: Jeff Brown [mailto:2jbr...@gmail.com] Sent: Thursday, May 27, 2010 7:58 AM To: NT System Admin Issues Subject: laptop encryption There was a post last week about HIPAA compliance and a small part of that discussion there were a couple of encryption programs mentioned. I have bitlocker running on the OS's that happen to come with it, and need something for those that don't. Might consider OS upgrade if the encryption piece is too costly. anyone using something they LOVE? any chance there is a program that will report encryption status back to a management station? tiafah. Jeff This e-mail is intended only for the addressee named above. The contents should not be copied nor disclosed to any other person. Any views or opinions expressed are solely those of the sender and do not necessarily represent those of QUINN-Insurance Limited (Under Administration), unless otherwise specifically stated . As internet communications are not secure, QUINN-Insurance Limited (Under Administration) is not responsible for the contents of this message nor responsible for any change made to this message after it was sent by the original sender. Although virus scanning is used on all inbound and outbound e-mail, we advise you to carry out your own virus check before opening any attachment. We cannot accept liability for any damage sustained as a result of any software viruses. QUINN-Insurance Limited (Under Administration) is regulated by the Financial Regulator and regulated by the Financial Services Authority for the conduct of UK business. QUINN-Insurance Limited (Under Administration) is registered in Ireland, registration number 240768 and is a private company limited by shares. Its head office is at Dublin Road, Cavan, Co. Cavan. This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~image/jpeg
RE: SBS Remote Access - was Firewall for small biz
E-mail access, as well as remoting in to their work machines, and they no longer use VPN. Dave -Original Message- From: Don Kuhlman [mailto:drkuhl...@yahoo.com] Sent: Wednesday, May 26, 2010 5:33 AM To: NT System Admin Issues Subject: SBS Remote Access - was Firewall for small biz We have been using CheckPoint Sofaware boxes for about 6 years. They're easy to use and do everything via wizards, but have a CLI. Annual renewal is about $100 each device. Purchase was about $500 a piece. Actually just switched the main one to a Sonicwall VZ 210 and working through issues with it now. Just curious Dave. When you said they found SBS remote much faster than VPN, is that for email access, or did you used to have site to site VPN, or remote access VPN that they have replaced with the SBS remote access? Don K - Original Message From: David Lum david@nwea.org To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Tue, May 25, 2010 3:06:48 PM Subject: RE: Firewall for small biz Sorry about the delay. This client is a law firm and I recently got them PCI compliant. I would like filtering and IDS if possible, but bigger emphasis is plug and forget - I bill these guys for perhaps 20 hours of work/year, so I don't want to spend 3-4hours configuring something if I don't really have to (however, they have never had any issue with time/expenses I can justify). The Internet connection is some ADSL-type (download is something like 2Mbps, upload is paltry 512K or something). Their web server is in-house and not hosted elsewhere. Dave -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Friday, May 21, 2010 3:21 PM To: NT System Admin Issues Subject: Re: Firewall for small biz On Thu, May 20, 2010 at 1:43 PM, David Lum david@nwea.org wrote: I have a 17-user client (one SBS server, same one discussed with the PE840) with a 5+yr old SonicWALL SOHO firewall and I believe it's time to upgrade them to something more current. They used to VPN but have found SBS remote access much faster. What kinds of things should I look for in a new workgroup firewall? It really depends on what you're looking to have it do, and the expected load. Say it's a typical consumer Internet connection (cable, DSL, etc.), and all they're doing is web surfing and email and remote access, and they're using SBS to remote in, and they're not looking for any kind of filtering, deep inspection, intrusion detection, etc. In that case, you could use an old PC running free firewall appliance software like IPcop, pfsense, etc. Or a SOHO gateway running third-party firmware like DD-WRT. If you're looking for more advanced features... tell us what you're looking for. :-) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: laptop encryption
I opted for encryption at the hardware level via FDE disks. No performance decrease, however, no central management. It's so easy and set and forget, that I don't mind that. Sam From: Jeff Brown [mailto:2jbr...@gmail.com] Sent: Thursday, May 27, 2010 9:58 AM To: NT System Admin Issues Subject: laptop encryption There was a post last week about HIPAA compliance and a small part of that discussion there were a couple of encryption programs mentioned. I have bitlocker running on the OS's that happen to come with it, and need something for those that don't. Might consider OS upgrade if the encryption piece is too costly. anyone using something they LOVE? any chance there is a program that will report encryption status back to a management station? tiafah. Jeff ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: laptop encryption
I have only used bitlocker so far and have not notice performance issue. Is truecrypt going to punk out my portables? On Thu, May 27, 2010 at 10:16 AM, Sam Cayze sam.ca...@rollouts.com wrote: I opted for encryption at the hardware level via FDE disks. No performance decrease, however, no central management. It’s so easy and set and forget, that I don’t mind that. Sam *From:* Jeff Brown [mailto:2jbr...@gmail.com] *Sent:* Thursday, May 27, 2010 9:58 AM *To:* NT System Admin Issues *Subject:* laptop encryption There was a post last week about HIPAA compliance and a small part of that discussion there were a couple of encryption programs mentioned. I have bitlocker running on the OS's that happen to come with it, and need something for those that don't. Might consider OS upgrade if the encryption piece is too costly. anyone using something they LOVE? any chance there is a program that will report encryption status back to a management station? tiafah. Jeff ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: laptop encryption
Thanks for all that. I already had a quote for the symantec product. appreciate the heads up. Not sure why anyone would not use TrueCrypt if it works, unless there were some excellent reporting features that verified that its up and running on all your portables... I'd pay for that I think, but not for the headaches. On Thu, May 27, 2010 at 10:11 AM, tony patton tony.pat...@quinn-insurance.com wrote: We're using Symantec Endpoint Encryption, biggest pile of crap ever. We were rolling it out to external self employed contractor types, killed nearly half of them. Switched to TrueCrypt on any that didn't work, management soon realised what a mistake they made. A hell of a lot easier, AND it makes you create a recovery disk before you start. Don't know about the reporting in of it tho, haven't looked at it personally, managed to avoid the encryption fiasco. Regards Tony Patton Desktop Operations Cavan Ext 8078 Direct Dial 049 435 2878 email: tony.pat...@quinn-insurance.com From:Karl Bickmore k...@ccnsconsulting.com To:NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Date:27/05/2010 16:01 Subject:RE: laptop encryption -- Truecrypt is pretty easy and free. * **Karl Bickmore* MSCE NT4/2K/2K3, MCP, MCP+I, MCSA 2K/2K3 LPI-1, CCNA, CCDA, Net+,Security+,Linux+ DataCore SANmelody Certified 6613 N Scottsdale Road Suite 101 Scottsdale AZ, 85250 480-553-9967 X100 k...@ccnsconsulting.com [image: CCNSLogo] *Please remember CCNS is a referral based business. If you have a friend or colleague in need, we are happy to help. Feel free to pass along our contact information to anyone you think we can help. Thanks!* *From:* Jeff Brown [mailto:2jbr...@gmail.com 2jbr...@gmail.com] * Sent:* Thursday, May 27, 2010 7:58 AM* To:* NT System Admin Issues* Subject:* laptop encryption There was a post last week about HIPAA compliance and a small part of that discussion there were a couple of encryption programs mentioned. I have bitlocker running on the OS's that happen to come with it, and need something for those that don't. Might consider OS upgrade if the encryption piece is too costly. anyone using something they LOVE? any chance there is a program that will report encryption status back to a management station? tiafah. Jeff This e-mail is intended only for the addressee named above. The contents should not be copied nor disclosed to any other person. Any views or opinions expressed are solely those of the sender and do not necessarily represent those of QUINN-Insurance Limited (Under Administration), unless otherwise specifically stated . As internet communications are not secure, QUINN-Insurance Limited (Under Administration) is not responsible for the contents of this message nor responsible for any change made to this message after it was sent by the original sender. Although virus scanning is used on all inbound and outbound e-mail, we advise you to carry out your own virus check before opening any attachment. We cannot accept liability for any damage sustained as a result of any software viruses. QUINN-Insurance Limited (Under Administration) is regulated by the Financial Regulator and regulated by the Financial Services Authority for the conduct of UK business. QUINN-Insurance Limited (Under Administration) is registered in Ireland, registration number 240768 and is a private company limited by shares. Its head office is at Dublin Road, Cavan, Co. Cavan. This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~image/jpeg
Re: laptop encryption
When you consider why that particular reporting function is needed in the first place, you might be less inclined to consider it a value-add... -ASB: http://XeeSM.com/AndrewBaker On Thu, May 27, 2010 at 11:18 AM, Jeff Brown 2jbr...@gmail.com wrote: Thanks for all that. I already had a quote for the symantec product. appreciate the heads up. Not sure why anyone would not use TrueCrypt if it works, unless there were some excellent reporting features that verified that its up and running on all your portables... I'd pay for that I think, but not for the headaches. On Thu, May 27, 2010 at 10:11 AM, tony patton tony.pat...@quinn-insurance.com wrote: We're using Symantec Endpoint Encryption, biggest pile of crap ever. We were rolling it out to external self employed contractor types, killed nearly half of them. Switched to TrueCrypt on any that didn't work, management soon realised what a mistake they made. A hell of a lot easier, AND it makes you create a recovery disk before you start. Don't know about the reporting in of it tho, haven't looked at it personally, managed to avoid the encryption fiasco. Regards Tony Patton Desktop Operations Cavan Ext 8078 Direct Dial 049 435 2878 email: tony.pat...@quinn-insurance.com From:Karl Bickmore k...@ccnsconsulting.com To:NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Date:27/05/2010 16:01 Subject:RE: laptop encryption -- Truecrypt is pretty easy and free. * **Karl Bickmore* MSCE NT4/2K/2K3, MCP, MCP+I, MCSA 2K/2K3 LPI-1, CCNA, CCDA, Net+,Security+,Linux+ DataCore SANmelody Certified 6613 N Scottsdale Road Suite 101 Scottsdale AZ, 85250 480-553-9967 X100 k...@ccnsconsulting.com [image: CCNSLogo] *Please remember CCNS is a referral based business. If you have a friend or colleague in need, we are happy to help. Feel free to pass along our contact information to anyone you think we can help. Thanks!* *From:* Jeff Brown [mailto:2jbr...@gmail.com 2jbr...@gmail.com] * Sent:* Thursday, May 27, 2010 7:58 AM* To:* NT System Admin Issues* Subject:* laptop encryption There was a post last week about HIPAA compliance and a small part of that discussion there were a couple of encryption programs mentioned. I have bitlocker running on the OS's that happen to come with it, and need something for those that don't. Might consider OS upgrade if the encryption piece is too costly. anyone using something they LOVE? any chance there is a program that will report encryption status back to a management station? tiafah. Jeff ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~image/jpeg
RE: Modular malware
Great... -sc From: David Lum [mailto:david@nwea.org] Sent: Thursday, May 27, 2010 10:42 AM To: NT System Admin Issues Subject: Modular malware http://isc.sans.org/diary.html?storyid=8857 David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Veering even more OT - was: Re: Big Changes Ahead for IT - Anyone seen this?
On Thu, May 27, 2010 at 11:10 AM, David Lum david@nwea.org wrote: Understanding databases falls into the same category in my opinion. We use an app here where I keep envisioning me calling up the salesweasel like this: Me: Hey, do you know what database normalization is? Salesdroid: No... Me: Neither do your programmers! -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: laptop encryption
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/alternative;
boundary=_000_038712CAF487CE46B2323FE43D6224B781E2E43FC2LKOEXCH01Amer_
MIME-Version: 1.0
X-Bypass-Agent: EF-1;
X-Reverse-DNS: unknown
Return-Path: david@nwea.org
--_000_038712CAF487CE46B2323FE43D6224B781E2E43FC2LKOEXCH01Amer_
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
PGP encryption reports to a management station, I can see who has encrypted=
disks and who doesn't. Not a free solution however.
Dave
From: Jeff Brown [mailto:2jbr...@gmail.com]
Sent: Thursday, May 27, 2010 7:58 AM
To: NT System Admin Issues
Subject: laptop encryption
There was a post last week about HIPAA compliance and a small part of that =
discussion there were a couple of encryption programs mentioned. I have bi=
tlocker running on the OS's that happen to come with it, and need something=
for those that don't. Might consider OS upgrade if the encryption piece i=
s too costly.
anyone using something they LOVE? any chance there is a program that will =
report encryption status back to a management station?
tiafah.
Jeff
--_000_038712CAF487CE46B2323FE43D6224B781E2E43FC2LKOEXCH01Amer_
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
html xmlns:v=3Durn:schemas-microsoft-com:vml xmlns:o=3Durn:schemas-micr=
osoft-com:office:office xmlns:w=3Durn:schemas-microsoft-com:office:word =
xmlns:m=3Dhttp://schemas.microsoft.com/office/2004/12/omml; xmlns=3Dhttp:=
//www.w3.org/TR/REC-html40
head
meta http-equiv=3DContent-Type content=3Dtext/html; charset=3Dus-ascii
meta name=3DGenerator content=3DMicrosoft Word 12 (filtered medium)
style
!--
/* Font Definitions */
@font-face
{font-family:Cambria Math;
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:Times New Roman,serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:Times New Roman,serif;}
pre
{mso-style-priority:99;
mso-style-link:HTML Preformatted Char;
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:Courier New;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:Balloon Text Char;
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:Tahoma,sans-serif;}
span.HTMLPreformattedChar
{mso-style-name:HTML Preformatted Char;
mso-style-priority:99;
mso-style-link:HTML Preformatted;
font-family:Consolas;}
span.BalloonTextChar
{mso-style-name:Balloon Text Char;
mso-style-priority:99;
mso-style-link:Balloon Text;
font-family:Tahoma,sans-serif;}
span.EmailStyle22
{mso-style-type:personal;
font-family:Calibri,sans-serif;
color:#1F497D;}
span.EmailStyle23
{mso-style-type:personal-reply;
font-family:Calibri,sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
--
/style
!--[if gte mso 9]xml
o:shapedefaults v:ext=3Dedit spidmax=3D1026 /
/xml![endif]--!--[if gte mso 9]xml
o:shapelayout v:ext=3Dedit
o:idmap v:ext=3Dedit data=3D1 /
/o:shapelayout/xml![endif]--
/head
body lang=3DEN-US link=3Dblue vlink=3Dpurple
div class=3DSection1
p class=3DMsoNormalspan style=3D'font-size:11.0pt;font-family:Calibri,=
sans-serif;
color:#1F497D'PGP encryption reports to a management station, I can see wh=
o
has encrypted disks and who doesn#8217;t. Not a free solution however.o:p=
/o:p/span/p
p class=3DMsoNormalspan style=3D'font-size:11.0pt;font-family:Calibri,=
sans-serif;
color:#1F497D'o:pnbsp;/o:p/span/p
p class=3DMsoNormalspan style=3D'font-size:11.0pt;font-family:Calibri,=
sans-serif;
color:#1F497D'Daveo:p/o:p/span/p
p class=3DMsoNormalspan style=3D'font-size:11.0pt;font-family:Calibri,=
sans-serif;
color:#1F497D'o:pnbsp;/o:p/span/p
div style=3D'border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in =
0in 0in'
p class=3DMsoNormalbspan
RE: laptop encryption
We[1] decided to abandon PointSec encryption and go with PGP here a bit
back then of course Sym-crap-tec bought PGP...
-sc
[1] And by we I mean the gov decided and gave us marching orders...
-Original Message-
From: David Lum [mailto:david@nwea.org]
Sent: Thursday, May 27, 2010 11:33 AM
To: NT System Admin Issues
Subject: RE: laptop encryption
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/alternative;
boundary=_000_038712CAF487CE46B2323FE43D6224B781E2E43FC2L
KOEXCH01Amer_
MIME-Version: 1.0
X-Bypass-Agent: EF-1;
X-Reverse-DNS: unknown
Return-Path: david@nwea.org
--_000_038712CAF487CE46B2323FE43D6224B781E2E43FC2LKOEXCH01Amer_
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
PGP encryption reports to a management station, I can see who has
encrypted= disks and who doesn't. Not a free solution however.
Dave
From: Jeff Brown [mailto:2jbr...@gmail.com]
Sent: Thursday, May 27, 2010 7:58 AM
To: NT System Admin Issues
Subject: laptop encryption
There was a post last week about HIPAA compliance and a small part of
that =
discussion there were a couple of encryption programs mentioned. I
have
bi= tlocker running on the OS's that happen to come with it, and need
something= for those that don't. Might consider OS upgrade if the
encryption piece i= s too costly.
anyone using something they LOVE? any chance there is a program that
will
= report encryption status back to a management station?
tiafah.
Jeff
--_000_038712CAF487CE46B2323FE43D6224B781E2E43FC2LKOEXCH01Amer_
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
html xmlns:v=3Durn:schemas-microsoft-com:vml
xmlns:o=3Durn:schemas-micr= osoft-com:office:office
xmlns:w=3Durn:schemas-microsoft-com:office:word =
xmlns:m=3Dhttp://schemas.microsoft.com/office/2004/12/omml;
xmlns=3Dhttp:= //www.w3.org/TR/REC-html40
head
meta http-equiv=3DContent-Type content=3Dtext/html; charset=3Dus-
ascii meta name=3DGenerator content=3DMicrosoft Word 12 (filtered
medium) style
!--
/* Font Definitions */
@font-face
{font-family:Cambria Math;
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:Times New Roman,serif;} a:link,
span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:Times New Roman,serif;} pre
{mso-style-priority:99;
mso-style-link:HTML Preformatted Char;
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:Courier New;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:Balloon Text Char;
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:Tahoma,sans-serif;}
span.HTMLPreformattedChar
{mso-style-name:HTML Preformatted Char;
mso-style-priority:99;
mso-style-link:HTML Preformatted;
font-family:Consolas;}
span.BalloonTextChar
{mso-style-name:Balloon Text Char;
mso-style-priority:99;
mso-style-link:Balloon Text;
font-family:Tahoma,sans-serif;}
span.EmailStyle22
{mso-style-type:personal;
font-family:Calibri,sans-serif;
color:#1F497D;}
span.EmailStyle23
{mso-style-type:personal-reply;
font-family:Calibri,sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
--
/style
!--[if gte mso 9]xml
o:shapedefaults v:ext=3Dedit spidmax=3D1026 / /xml![endif]--
!--[if gte mso 9]xml o:shapelayout v:ext=3Dedit
o:idmap v:ext=3Dedit data=3D1 /
/o:shapelayout/xml![endif]--
/head
body lang=3DEN-US link=3Dblue vlink=3Dpurple
div class=3DSection1
p class=3DMsoNormalspan style=3D'font-size:11.0pt;font-
family:Calibri,=
sans-serif;
color:#1F497D'PGP encryption reports to a management station, I can
see
wh= o has encrypted disks and who doesn#8217;t. Not a free solution
however.o:p=
/o:p/span/p
p class=3DMsoNormalspan
Re: laptop encryption
just to add my 2 cents,
TrueCrypt, We've used it on our Dell laptops for the last two years,
and have not had any issues. every upgrade has gone well without
issue.
Google.com Learn it. Live it. Love it.
On Thu, May 27, 2010 at 08:43, Steven M. Caesare scaes...@caesare.com wrote:
We[1] decided to abandon PointSec encryption and go with PGP here a bit
back then of course Sym-crap-tec bought PGP...
-sc
[1] And by we I mean the gov decided and gave us marching orders...
-Original Message-
From: David Lum [mailto:david@nwea.org]
Sent: Thursday, May 27, 2010 11:33 AM
To: NT System Admin Issues
Subject: RE: laptop encryption
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/alternative;
boundary=_000_038712CAF487CE46B2323FE43D6224B781E2E43FC2L
KOEXCH01Amer_
MIME-Version: 1.0
X-Bypass-Agent: EF-1;
X-Reverse-DNS: unknown
Return-Path: david@nwea.org
--_000_038712CAF487CE46B2323FE43D6224B781E2E43FC2LKOEXCH01Amer_
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
PGP encryption reports to a management station, I can see who has
encrypted= disks and who doesn't. Not a free solution however.
Dave
From: Jeff Brown [mailto:2jbr...@gmail.com]
Sent: Thursday, May 27, 2010 7:58 AM
To: NT System Admin Issues
Subject: laptop encryption
There was a post last week about HIPAA compliance and a small part of
that =
discussion there were a couple of encryption programs mentioned. I
have
bi= tlocker running on the OS's that happen to come with it, and need
something= for those that don't. Might consider OS upgrade if the
encryption piece i= s too costly.
anyone using something they LOVE? any chance there is a program that
will
= report encryption status back to a management station?
tiafah.
Jeff
--_000_038712CAF487CE46B2323FE43D6224B781E2E43FC2LKOEXCH01Amer_
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
html xmlns:v=3Durn:schemas-microsoft-com:vml
xmlns:o=3Durn:schemas-micr= osoft-com:office:office
xmlns:w=3Durn:schemas-microsoft-com:office:word =
xmlns:m=3Dhttp://schemas.microsoft.com/office/2004/12/omml;
xmlns=3Dhttp:= //www.w3.org/TR/REC-html40
head
meta http-equiv=3DContent-Type content=3Dtext/html; charset=3Dus-
ascii meta name=3DGenerator content=3DMicrosoft Word 12 (filtered
medium) style
!--
/* Font Definitions */
�...@font-face
{font-family:Cambria Math;
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:Times New Roman,serif;} a:link,
span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:Times New Roman,serif;} pre
{mso-style-priority:99;
mso-style-link:HTML Preformatted Char;
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:Courier New;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:Balloon Text Char;
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:Tahoma,sans-serif;}
span.HTMLPreformattedChar
{mso-style-name:HTML Preformatted Char;
mso-style-priority:99;
mso-style-link:HTML Preformatted;
font-family:Consolas;}
span.BalloonTextChar
{mso-style-name:Balloon Text Char;
mso-style-priority:99;
mso-style-link:Balloon Text;
font-family:Tahoma,sans-serif;}
span.EmailStyle22
{mso-style-type:personal;
font-family:Calibri,sans-serif;
color:#1F497D;}
span.EmailStyle23
{mso-style-type:personal-reply;
font-family:Calibri,sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
--
/style
!--[if gte mso 9]xml
o:shapedefaults v:ext=3Dedit spidmax=3D1026 / /xml![endif]--
!--[if gte mso 9]xml o:shapelayout v:ext=3Dedit
o:idmap v:ext=3Dedit data=3D1 /
/o:shapelayout/xml![endif]--
/head
body lang=3DEN-US link=3Dblue vlink=3Dpurple
div class=3DSection1
p class=3DMsoNormalspan
Re: laptop encryption
I am a TrueCrypt fan with one caveat; we never use full-disk encryption for our clients but rather create an encrypted file container which, when mounted as a separate drive, becomes the repository for all data, including but not limited to Outlook PSTs or Thunderbird profile and mail files, Firefox profile cache, mobile phone sync data and all documents. Still working on moving Skype and other IM data on to the encrypted drive and using an on-screen keyboard program to enter the encrypted drive's password to try to defeat key loggers. Besides the vulnerability of full-disk encryption to monitors such as Evil Maid, I have seen fully-encrypted disks presented to Windows, to which the response is Format Drive XX?. Too risky if laptop is abroad and needs to be attended to by an ignorant technician. -- Peter van Houten On the 27 May, 2010 16:57, Jeff Brown wrote the following: There was a post last week about HIPAA compliance and a small part of that discussion there were a couple of encryption programs mentioned. I have bitlocker running on the OS's that happen to come with it, and need something for those that don't. Might consider OS upgrade if the encryption piece is too costly. anyone using something they LOVE? any chance there is a program that will report encryption status back to a management station? tiafah. Jeff ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Applicability of the OSI model (was: Big Changes)
In our recent netmon class, we reviewed the OSI model and and how to use it to help understand traces. Of course I do so few netmon traces that such things often fall to the I should remember this category when looking at all those pretty numbers when I actually need to analyze one. Steven Peck On Wed, May 26, 2010 at 6:57 PM, Ben Scott mailvor...@gmail.com wrote: On Wed, May 26, 2010 at 9:34 PM, Michael B. Smith mich...@smithcons.com wrote: They also read memory and write memory and automatically increase the execution index (PCW for some processors). Touche. You're just getting back at me for my message about how ARP works. ;-) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: laptop encryption
How many laptops and how many locations? Many remote users? How does it work
when a user forgets their password?
Dave
-Original Message-
From: S Powell [mailto:powe...@gmail.com]
Sent: Thursday, May 27, 2010 8:49 AM
To: NT System Admin Issues
Subject: Re: laptop encryption
just to add my 2 cents,
TrueCrypt, We've used it on our Dell laptops for the last two years,
and have not had any issues. every upgrade has gone well without
issue.
Google.com Learn it. Live it. Love it.
On Thu, May 27, 2010 at 08:43, Steven M. Caesare scaes...@caesare.com wrote:
We[1] decided to abandon PointSec encryption and go with PGP here a bit
back then of course Sym-crap-tec bought PGP...
-sc
[1] And by we I mean the gov decided and gave us marching orders...
-Original Message-
From: David Lum [mailto:david@nwea.org]
Sent: Thursday, May 27, 2010 11:33 AM
To: NT System Admin Issues
Subject: RE: laptop encryption
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/alternative;
boundary=_000_038712CAF487CE46B2323FE43D6224B781E2E43FC2L
KOEXCH01Amer_
MIME-Version: 1.0
X-Bypass-Agent: EF-1;
X-Reverse-DNS: unknown
Return-Path: david@nwea.org
--_000_038712CAF487CE46B2323FE43D6224B781E2E43FC2LKOEXCH01Amer_
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
PGP encryption reports to a management station, I can see who has
encrypted= disks and who doesn't. Not a free solution however.
Dave
From: Jeff Brown [mailto:2jbr...@gmail.com]
Sent: Thursday, May 27, 2010 7:58 AM
To: NT System Admin Issues
Subject: laptop encryption
There was a post last week about HIPAA compliance and a small part of
that =
discussion there were a couple of encryption programs mentioned. I
have
bi= tlocker running on the OS's that happen to come with it, and need
something= for those that don't. Might consider OS upgrade if the
encryption piece i= s too costly.
anyone using something they LOVE? any chance there is a program that
will
= report encryption status back to a management station?
tiafah.
Jeff
--_000_038712CAF487CE46B2323FE43D6224B781E2E43FC2LKOEXCH01Amer_
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
html xmlns:v=3Durn:schemas-microsoft-com:vml
xmlns:o=3Durn:schemas-micr= osoft-com:office:office
xmlns:w=3Durn:schemas-microsoft-com:office:word =
xmlns:m=3Dhttp://schemas.microsoft.com/office/2004/12/omml;
xmlns=3Dhttp:= //www.w3.org/TR/REC-html40
head
meta http-equiv=3DContent-Type content=3Dtext/html; charset=3Dus-
ascii meta name=3DGenerator content=3DMicrosoft Word 12 (filtered
medium) style
!--
/* Font Definitions */
�...@font-face
{font-family:Cambria Math;
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:Times New Roman,serif;} a:link,
span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:Times New Roman,serif;} pre
{mso-style-priority:99;
mso-style-link:HTML Preformatted Char;
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:Courier New;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:Balloon Text Char;
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:Tahoma,sans-serif;}
span.HTMLPreformattedChar
{mso-style-name:HTML Preformatted Char;
mso-style-priority:99;
mso-style-link:HTML Preformatted;
font-family:Consolas;}
span.BalloonTextChar
{mso-style-name:Balloon Text Char;
mso-style-priority:99;
mso-style-link:Balloon Text;
font-family:Tahoma,sans-serif;}
span.EmailStyle22
{mso-style-type:personal;
font-family:Calibri,sans-serif;
color:#1F497D;}
span.EmailStyle23
{mso-style-type:personal-reply;
font-family:Calibri,sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
--
/style
!--[if gte mso 9]xml
Ping...
Sorry for the ping, but I don't think I'm getting messages back that I'm sending to the list. Either that or the message isn't making it to the list to begin with, in which case I won't get any replies because y'all won't see it. -Paul ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Ping...
Pong... -Original Message- From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Thursday, May 27, 2010 12:13 PM To: NT System Admin Issues Subject: Ping... Sorry for the ping, but I don't think I'm getting messages back that I'm sending to the list. Either that or the message isn't making it to the list to begin with, in which case I won't get any replies because y'all won't see it. -Paul ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Ping...
Ping... -Original Message- From: David W. McSpadden [mailto:dav...@imcu.com] Sent: Thursday, May 27, 2010 9:15 AM To: NT System Admin Issues Subject: RE: Ping... Pong... -Original Message- From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Thursday, May 27, 2010 12:13 PM To: NT System Admin Issues Subject: Ping... Sorry for the ping, but I don't think I'm getting messages back that I'm sending to the list. Either that or the message isn't making it to the list to begin with, in which case I won't get any replies because y'all won't see it. -Paul ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Ping...
(CC'd you directly) I saw it on-list.. -sc -Original Message- From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Thursday, May 27, 2010 12:13 PM To: NT System Admin Issues Subject: Ping... Sorry for the ping, but I don't think I'm getting messages back that I'm sending to the list. Either that or the message isn't making it to the list to begin with, in which case I won't get any replies because y'all won't see it. -Paul ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Ping...
I like how you don't just assume we're all ignoring you... On Thu, May 27, 2010 at 12:13 PM, Maglinger, Paul pmaglin...@scvl.comwrote: Sorry for the ping, but I don't think I'm getting messages back that I'm sending to the list. Either that or the message isn't making it to the list to begin with, in which case I won't get any replies because y'all won't see it. -Paul ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ -- Sean Houston 216-798-4476 IT Specialist CompTIA A+, Security+, Network+, Server+ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Ping...
tabletennis ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Ping...
I guess one could make that assumption, but I don't see how anyone could ignore me. grin What was weird is that I wasn't even getting the OOOs. I'll do some snooping into our spam filters and see if it's dropping some of these off into the ether. Thanks folks! From: Sean Houston [mailto:seanthous...@gmail.com] Sent: Thursday, May 27, 2010 11:20 AM To: NT System Admin Issues Subject: Re: Ping... I like how you don't just assume we're all ignoring you... On Thu, May 27, 2010 at 12:13 PM, Maglinger, Paul pmaglin...@scvl.com wrote: Sorry for the ping, but I don't think I'm getting messages back that I'm sending to the list. Either that or the message isn't making it to the list to begin with, in which case I won't get any replies because y'all won't see it. -Paul ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ -- Sean Houston 216-798-4476 IT Specialist CompTIA A+, Security+, Network+, Server+ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Ping...
Tough crowd. Gotta have thick skin to play here... On Thu, May 27, 2010 at 12:19 PM, Sean Houston seanthous...@gmail.comwrote: I like how you don't just assume we're all ignoring you... On Thu, May 27, 2010 at 12:13 PM, Maglinger, Paul pmaglin...@scvl.comwrote: Sorry for the ping, but I don't think I'm getting messages back that I'm sending to the list. Either that or the message isn't making it to the list to begin with, in which case I won't get any replies because y'all won't see it. -Paul ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ -- Sean Houston 216-798-4476 IT Specialist CompTIA A+, Security+, Network+, Server+ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Ping...
Pong --Original Message-- From: Mathew Shember To: NT System Admin Issues ReplyTo: NT System Admin Issues Subject: RE: Ping... Sent: May 27, 2010 9:16 AM Ping... -Original Message- From: David W. McSpadden [mailto:dav...@imcu.com] Sent: Thursday, May 27, 2010 9:15 AM To: NT System Admin Issues Subject: RE: Ping... Pong... -Original Message- From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Thursday, May 27, 2010 12:13 PM To: NT System Admin Issues Subject: Ping... Sorry for the ping, but I don't think I'm getting messages back that I'm sending to the list. Either that or the message isn't making it to the list to begin with, in which case I won't get any replies because y'all won't see it. -Paul ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ Sent slowly via my BBerry... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Speaking of Ping...
Speaking of Ping. I'm trying to determine if something is goofy with our new fiber-wan installation. Ping times across it are 1ms, which is good. But when moving data over the fiber-wan and saturating it for test purposes (the link is capped at 15mb right now), I see pings jumping up to 25ms and averaging around 20ms, with an occasional time out too (1 of every 10 ping fails on averge when the line is saturdated during testing). I'm inquiring with then fiber company about this as it doesn't seem normal to me?? So far they are saying nothing is wrong. J Original Message: - From: Maglinger, Paul pmaglin...@scvl.com Date: Thu, 27 May 2010 11:13:02 -0500 To: ntsysadmin@lyris.sunbelt-software.com Subject: Ping... Sorry for the ping, but I don't think I'm getting messages back that I'm sending to the list. Either that or the message isn't making it to the list to begin with, in which case I won't get any replies because y'all won't see it. -Paul ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ mail2web.com What can On Demand Business Solutions do for you? http://link.mail2web.com/Business/SharePoint ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Ping...
The machine that goes Ping... 2010/5/27 Dave Florea blazer...@gmail.com Pong --Original Message-- From: Mathew Shember To: NT System Admin Issues ReplyTo: NT System Admin Issues Subject: RE: Ping... Sent: May 27, 2010 9:16 AM Ping... -Original Message- From: David W. McSpadden [mailto:dav...@imcu.com] Sent: Thursday, May 27, 2010 9:15 AM To: NT System Admin Issues Subject: RE: Ping... Pong... -Original Message- From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Thursday, May 27, 2010 12:13 PM To: NT System Admin Issues Subject: Ping... Sorry for the ping, but I don't think I'm getting messages back that I'm sending to the list. Either that or the message isn't making it to the list to begin with, in which case I won't get any replies because y'all won't see it. -Paul ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ Sent slowly via my BBerry... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Speaking of Ping...
Many routers prioritize ICMP traffic below standard traffic. Thus ping (and tracert) times do not always indicate what normal packets see. -sc -Original Message- From: jesse-r...@wi.rr.com [mailto:jesse-r...@wi.rr.com] Sent: Thursday, May 27, 2010 12:32 PM To: NT System Admin Issues Subject: RE: Speaking of Ping... Speaking of Ping. I'm trying to determine if something is goofy with our new fiber-wan installation. Ping times across it are 1ms, which is good. But when moving data over the fiber-wan and saturating it for test purposes (the link is capped at 15mb right now), I see pings jumping up to 25ms and averaging around 20ms, with an occasional time out too (1 of every 10 ping fails on averge when the line is saturdated during testing). I'm inquiring with then fiber company about this as it doesn't seem normal to me?? So far they are saying nothing is wrong. J Original Message: - From: Maglinger, Paul pmaglin...@scvl.com Date: Thu, 27 May 2010 11:13:02 -0500 To: ntsysadmin@lyris.sunbelt-software.com Subject: Ping... Sorry for the ping, but I don't think I'm getting messages back that I'm sending to the list. Either that or the message isn't making it to the list to begin with, in which case I won't get any replies because y'all won't see it. -Paul ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ mail2web.com - What can On Demand Business Solutions do for you? http://link.mail2web.com/Business/SharePoint ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: laptop encryption
We're a PGP shop...hoping Symantec doesn't make it as craptacular as its
other products.
The central management is very important to us.
On Thu, May 27, 2010 at 11:53 AM, David Lum david@nwea.org wrote:
How many laptops and how many locations? Many remote users? How does it
work when a user forgets their password?
Dave
-Original Message-
From: S Powell [mailto:powe...@gmail.com]
Sent: Thursday, May 27, 2010 8:49 AM
To: NT System Admin Issues
Subject: Re: laptop encryption
just to add my 2 cents,
TrueCrypt, We've used it on our Dell laptops for the last two years,
and have not had any issues. every upgrade has gone well without
issue.
Google.com Learn it. Live it. Love it.
On Thu, May 27, 2010 at 08:43, Steven M. Caesare scaes...@caesare.com
wrote:
We[1] decided to abandon PointSec encryption and go with PGP here a bit
back then of course Sym-crap-tec bought PGP...
-sc
[1] And by we I mean the gov decided and gave us marching orders...
-Original Message-
From: David Lum [mailto:david@nwea.org]
Sent: Thursday, May 27, 2010 11:33 AM
To: NT System Admin Issues
Subject: RE: laptop encryption
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/alternative;
boundary=_000_038712CAF487CE46B2323FE43D6224B781E2E43FC2L
KOEXCH01Amer_
MIME-Version: 1.0
X-Bypass-Agent: EF-1;
X-Reverse-DNS: unknown
Return-Path: david@nwea.org
--_000_038712CAF487CE46B2323FE43D6224B781E2E43FC2LKOEXCH01Amer_
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
PGP encryption reports to a management station, I can see who has
encrypted= disks and who doesn't. Not a free solution however.
Dave
From: Jeff Brown [mailto:2jbr...@gmail.com]
Sent: Thursday, May 27, 2010 7:58 AM
To: NT System Admin Issues
Subject: laptop encryption
There was a post last week about HIPAA compliance and a small part of
that =
discussion there were a couple of encryption programs mentioned. I
have
bi= tlocker running on the OS's that happen to come with it, and need
something= for those that don't. Might consider OS upgrade if the
encryption piece i= s too costly.
anyone using something they LOVE? any chance there is a program that
will
= report encryption status back to a management station?
tiafah.
Jeff
--_000_038712CAF487CE46B2323FE43D6224B781E2E43FC2LKOEXCH01Amer_
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
html xmlns:v=3Durn:schemas-microsoft-com:vml
xmlns:o=3Durn:schemas-micr= osoft-com:office:office
xmlns:w=3Durn:schemas-microsoft-com:office:word =
xmlns:m=3Dhttp://schemas.microsoft.com/office/2004/12/omml;
xmlns=3Dhttp:= //www.w3.org/TR/REC-html40
head
meta http-equiv=3DContent-Type content=3Dtext/html; charset=3Dus-
ascii meta name=3DGenerator content=3DMicrosoft Word 12 (filtered
medium) style
!--
/* Font Definitions */
@font-face
{font-family:Cambria Math;
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:Times New Roman,serif;} a:link,
span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:Times New Roman,serif;} pre
{mso-style-priority:99;
mso-style-link:HTML Preformatted Char;
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:Courier New;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:Balloon Text Char;
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:Tahoma,sans-serif;}
span.HTMLPreformattedChar
{mso-style-name:HTML Preformatted Char;
mso-style-priority:99;
mso-style-link:HTML Preformatted;
font-family:Consolas;}
span.BalloonTextChar
{mso-style-name:Balloon Text Char;
mso-style-priority:99;
mso-style-link:Balloon Text;
font-family:Tahoma,sans-serif;}
span.EmailStyle22
{mso-style-type:personal;
font-family:Calibri,sans-serif;
Re: Ping...
As I recall, OOO's seem to be more common on the Exchange list... On Thu, May 27, 2010 at 12:33 PM, Manuel Santos nel...@gmail.com wrote: The machine that goes Ping... 2010/5/27 Dave Florea blazer...@gmail.com Pong --Original Message-- From: Mathew Shember To: NT System Admin Issues ReplyTo: NT System Admin Issues Subject: RE: Ping... Sent: May 27, 2010 9:16 AM Ping... -Original Message- From: David W. McSpadden [mailto:dav...@imcu.com] Sent: Thursday, May 27, 2010 9:15 AM To: NT System Admin Issues Subject: RE: Ping... Pong... -Original Message- From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Thursday, May 27, 2010 12:13 PM To: NT System Admin Issues Subject: Ping... Sorry for the ping, but I don't think I'm getting messages back that I'm sending to the list. Either that or the message isn't making it to the list to begin with, in which case I won't get any replies because y'all won't see it. -Paul ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ Sent slowly via my BBerry... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Ping...
And the irony of that just kills me Shook From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Thursday, May 27, 2010 1:17 PM To: NT System Admin Issues Subject: Re: Ping... As I recall, OOO's seem to be more common on the Exchange list... On Thu, May 27, 2010 at 12:33 PM, Manuel Santos nel...@gmail.commailto:nel...@gmail.com wrote: The machine that goes Ping... 2010/5/27 Dave Florea blazer...@gmail.commailto:blazer...@gmail.com Pong --Original Message-- From: Mathew Shember To: NT System Admin Issues ReplyTo: NT System Admin Issues Subject: RE: Ping... Sent: May 27, 2010 9:16 AM Ping... -Original Message- From: David W. McSpadden [mailto:dav...@imcu.commailto:dav...@imcu.com] Sent: Thursday, May 27, 2010 9:15 AM To: NT System Admin Issues Subject: RE: Ping... Pong... -Original Message- From: Maglinger, Paul [mailto:pmaglin...@scvl.commailto:pmaglin...@scvl.com] Sent: Thursday, May 27, 2010 12:13 PM To: NT System Admin Issues Subject: Ping... Sorry for the ping, but I don't think I'm getting messages back that I'm sending to the list. Either that or the message isn't making it to the list to begin with, in which case I won't get any replies because y'all won't see it. -Paul ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ Sent slowly via my BBerry... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: laptop encryption
Same here, we are currently deploying PGP and hope the same.
Dave
From: Jonathan Link [mailto:jonathan.l...@gmail.com]
Sent: Thursday, May 27, 2010 10:08 AM
To: NT System Admin Issues
Subject: Re: laptop encryption
We're a PGP shop...hoping Symantec doesn't make it as craptacular as its other
products.
The central management is very important to us.
On Thu, May 27, 2010 at 11:53 AM, David Lum
david@nwea.orgmailto:david@nwea.org wrote:
How many laptops and how many locations? Many remote users? How does it work
when a user forgets their password?
Dave
-Original Message-
From: S Powell [mailto:powe...@gmail.commailto:powe...@gmail.com]
Sent: Thursday, May 27, 2010 8:49 AM
To: NT System Admin Issues
Subject: Re: laptop encryption
just to add my 2 cents,
TrueCrypt, We've used it on our Dell laptops for the last two years,
and have not had any issues. every upgrade has gone well without
issue.
Google.com Learn it. Live it. Love it.
On Thu, May 27, 2010 at 08:43, Steven M. Caesare
scaes...@caesare.commailto:scaes...@caesare.com wrote:
We[1] decided to abandon PointSec encryption and go with PGP here a bit
back then of course Sym-crap-tec bought PGP...
-sc
[1] And by we I mean the gov decided and gave us marching orders...
-Original Message-
From: David Lum [mailto:david@nwea.orgmailto:david@nwea.org]
Sent: Thursday, May 27, 2010 11:33 AM
To: NT System Admin Issues
Subject: RE: laptop encryption
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/alternative;
boundary=_000_038712CAF487CE46B2323FE43D6224B781E2E43FC2L
KOEXCH01Amer_
MIME-Version: 1.0
X-Bypass-Agent: EF-1;
X-Reverse-DNS: unknown
Return-Path: david@nwea.org
--_000_038712CAF487CE46B2323FE43D6224B781E2E43FC2LKOEXCH01Amer_
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
PGP encryption reports to a management station, I can see who has
encrypted= disks and who doesn't. Not a free solution however.
Dave
From: Jeff Brown [mailto:2jbr...@gmail.commailto:2jbr...@gmail.com]
Sent: Thursday, May 27, 2010 7:58 AM
To: NT System Admin Issues
Subject: laptop encryption
There was a post last week about HIPAA compliance and a small part of
that =
discussion there were a couple of encryption programs mentioned. I
have
bi= tlocker running on the OS's that happen to come with it, and need
something= for those that don't. Might consider OS upgrade if the
encryption piece i= s too costly.
anyone using something they LOVE? any chance there is a program that
will
= report encryption status back to a management station?
tiafah.
Jeff
--_000_038712CAF487CE46B2323FE43D6224B781E2E43FC2LKOEXCH01Amer_
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
html xmlns:v=3Durn:schemas-microsoft-com:vml
xmlns:o=3Durn:schemas-micr= osoft-com:office:office
xmlns:w=3Durn:schemas-microsoft-com:office:word =
xmlns:m=3Dhttp://schemas.microsoft.com/office/2004/12/omml;
xmlns=3Dhttp:= //www.w3.org/TR/REC-html40http://www.w3.org/TR/REC-html40
head
meta http-equiv=3DContent-Type content=3Dtext/html; charset=3Dus-
ascii meta name=3DGenerator content=3DMicrosoft Word 12 (filtered
medium) style
!--
/* Font Definitions */
@font-face
{font-family:Cambria Math;
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:Times New Roman,serif;} a:link,
span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:Times New Roman,serif;} pre
{mso-style-priority:99;
mso-style-link:HTML Preformatted Char;
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:Courier New;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:Balloon Text Char;
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:Tahoma,sans-serif;}
span.HTMLPreformattedChar
{mso-style-name:HTML Preformatted Char;
mso-style-priority:99;
mso-style-link:HTML Preformatted;
font-family:Consolas;}
span.BalloonTextChar
{mso-style-name:Balloon
RE: laptop encryption
We use TrueCrypt. Even posted a little article on how to do it for our clients. http://www.officeforlawyers.com/lawtech/truecrypt.htm http://www.officeforlawyers.com/lawtech/truecrypt.htm I haven't noticed any performance issues (or any reporting features for that matter) on my netbooks. Ben M. Schorr Chief Executive Officer __ Roland Schorr Tower www.rolandschorr.com http://www.rolandschorr.com/ b...@rolandschorr.com mailto:b...@rolandschorr.com Twitter: http://www.twitter.com/bschorr http://www.twitter.com/bschorr Facebook: http://www.facebook.com/rolandschorr http://www.facebook.com/rolandschorr From: Jeff Brown [mailto:2jbr...@gmail.com] Sent: Thursday, May 27, 2010 04:58 To: NT System Admin Issues Subject: laptop encryption There was a post last week about HIPAA compliance and a small part of that discussion there were a couple of encryption programs mentioned. I have bitlocker running on the OS's that happen to come with it, and need something for those that don't. Might consider OS upgrade if the encryption piece is too costly. anyone using something they LOVE? any chance there is a program that will report encryption status back to a management station? tiafah. Jeff ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: laptop encryption
IT seems like you're trading one caveat for another, which is trusting that the user will always put sensitive data in the container. Also, this does nothing to protect the OS being compromised with key loggers, which may take less time than Evil Maid and still provide the encryption key. I'm sure it could be emailed in the background as well so the attacker who already copied the container will not need to come back for the either. You could add the ATA password as a second layer. On my Latitude, the password is prompted even when resuming. I have seen this configurable on other notebooks. They can't install a boot loader if they can't access the drive. This is assuming they are trying to be covert about it all. Resetting the ATA password would be fairly noticeable. I'm not aware of any method to bypass it. -- Mike Gill -Original Message- From: Peter van Houten [mailto:peter...@gmail.com] Sent: Thursday, May 27, 2010 8:48 AM To: NT System Admin Issues Subject: Re: laptop encryption I am a TrueCrypt fan with one caveat; we never use full-disk encryption for our clients but rather create an encrypted file container which, when mounted as a separate drive, becomes the repository for all data, including but not limited to Outlook PSTs or Thunderbird profile and mail files, Firefox profile cache, mobile phone sync data and all documents. Still working on moving Skype and other IM data on to the encrypted drive and using an on-screen keyboard program to enter the encrypted drive's password to try to defeat key loggers. Besides the vulnerability of full-disk encryption to monitors such as Evil Maid, I have seen fully-encrypted disks presented to Windows, to which the response is Format Drive XX?. Too risky if laptop is abroad and needs to be attended to by an ignorant technician. -- Peter van Houten ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Ping...
Yet you are still around kicking. Zombie Shook? :) On Thu, May 27, 2010 at 10:18 AM, Andy Shook andy.sh...@peak10.com wrote: And the irony of that just kills me…. Shook From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Thursday, May 27, 2010 1:17 PM To: NT System Admin Issues Subject: Re: Ping... As I recall, OOO's seem to be more common on the Exchange list... On Thu, May 27, 2010 at 12:33 PM, Manuel Santos nel...@gmail.com wrote: The machine that goes Ping... 2010/5/27 Dave Florea blazer...@gmail.com Pong --Original Message-- From: Mathew Shember To: NT System Admin Issues ReplyTo: NT System Admin Issues Subject: RE: Ping... Sent: May 27, 2010 9:16 AM Ping... -Original Message- From: David W. McSpadden [mailto:dav...@imcu.com] Sent: Thursday, May 27, 2010 9:15 AM To: NT System Admin Issues Subject: RE: Ping... Pong... -Original Message- From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Thursday, May 27, 2010 12:13 PM To: NT System Admin Issues Subject: Ping... Sorry for the ping, but I don't think I'm getting messages back that I'm sending to the list. Either that or the message isn't making it to the list to begin with, in which case I won't get any replies because y'all won't see it. -Paul ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ Sent slowly via my BBerry... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Ping...
http://www.ugoplayer.com/games/pong.html Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA jra...@eaglemds.comBLOCKED::mailto:%20jra...@eaglemds.com www.eaglemds.comBLOCKED::http://www.eaglemds.com/ From: Manuel Santos [mailto:nel...@gmail.com] Sent: Thursday, May 27, 2010 12:33 PM To: NT System Admin Issues Subject: Re: Ping... The machine that goes Ping... 2010/5/27 Dave Florea blazer...@gmail.commailto:blazer...@gmail.com Pong --Original Message-- From: Mathew Shember To: NT System Admin Issues ReplyTo: NT System Admin Issues Subject: RE: Ping... Sent: May 27, 2010 9:16 AM Ping... -Original Message- From: David W. McSpadden [mailto:dav...@imcu.commailto:dav...@imcu.com] Sent: Thursday, May 27, 2010 9:15 AM To: NT System Admin Issues Subject: RE: Ping... Pong... -Original Message- From: Maglinger, Paul [mailto:pmaglin...@scvl.commailto:pmaglin...@scvl.com] Sent: Thursday, May 27, 2010 12:13 PM To: NT System Admin Issues Subject: Ping... Sorry for the ping, but I don't think I'm getting messages back that I'm sending to the list. Either that or the message isn't making it to the list to begin with, in which case I won't get any replies because y'all won't see it. -Paul ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ Sent slowly via my BBerry... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ Any medical information contained in this electronic message is CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to view, copy, disclose, or disseminate CONFIDENTIAL information. This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and/or entity named as recipients in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete this material from your computer. Do not deliver, distribute or copy this message, and do not disclose its contents or take any action in reliance on the information that it contains. Any medical information contained in this electronic message is CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to view, copy, disclose, or disseminate CONFIDENTIAL information. This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and/or entity named as recipients in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete this material from your computer. Do not deliver, distribute or copy this message, and do not disclose its contents or take any action in reliance on the information that it contains. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Ping...
We can all hope and pray Shooky Baby! J Webster From: Andy Shook [mailto:andy.sh...@peak10.com] Subject: RE: Ping... And the irony of that just kills me.. Shook From: Jonathan Link [mailto:jonathan.l...@gmail.com] Subject: Re: Ping... As I recall, OOO's seem to be more common on the Exchange list... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Ping...
That's just mean Shook From: Webster [mailto:carlwebs...@gmail.com] Sent: Thursday, May 27, 2010 1:31 PM To: NT System Admin Issues Subject: RE: Ping... We can all hope and pray Shooky Baby! :) Webster From: Andy Shook [mailto:andy.sh...@peak10.com] Subject: RE: Ping... And the irony of that just kills me Shook From: Jonathan Link [mailto:jonathan.l...@gmail.com] Subject: Re: Ping... As I recall, OOO's seem to be more common on the Exchange list... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Ping...
LOL, thanks Webster, you just made me laugh out loud!! On Thu, May 27, 2010 at 12:30 PM, Webster carlwebs...@gmail.com wrote: We can all hope and pray Shooky Baby! J Webster *From:* Andy Shook [mailto:andy.sh...@peak10.com] *Subject:* RE: Ping... And the irony of that just kills me…. Shook *From:* Jonathan Link [mailto:jonathan.l...@gmail.com] *Subject:* Re: Ping... As I recall, OOO's seem to be more common on the Exchange list... -- Sherry Abercrombie Any sufficiently advanced technology is indistinguishable from magic. Arthur C. Clarke ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Ping...
mean as in that is average for me? J Webster From: Andy Shook [mailto:andy.sh...@peak10.com] Subject: RE: Ping... That's just mean.. Shook From: Webster [mailto:carlwebs...@gmail.com] Subject: RE: Ping... We can all hope and pray Shooky Baby! J Webster From: Andy Shook [mailto:andy.sh...@peak10.com] Subject: RE: Ping... And the irony of that just kills me.. Shook From: Jonathan Link [mailto:jonathan.l...@gmail.com] Subject: Re: Ping... As I recall, OOO's seem to be more common on the Exchange list... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
SharePoint work
Anyone in the Mount Vernon, WA area interested in doing some SharePoint 2010 work? If so, please contact me offline. -- -- Michael S. White mswhite...@gmail.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
OT: DVD burning software
I just rebuilt a XP workstation only to discover that I don't have the Nero disk that came with the DVD burner. Does anybody have a recommendation for software to use in lieu of Nero? I know I can download a full version of Nero, but it is so full of bloat that if I have to pay, I want something a little less full of baloney. Any feedback would be appreciated, Bill ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: laptop encryption
The OP was asking about an add-on product for laptops that didn't have Bitlocker and the Evil Maid type attack was specifically targeting TrueCrypt whole-disk encryption as I remember. YMMV with other encrypting disk systems. It is also difficult to cover user's foibles completely but I've found that locking the desktop to write access, setting the My Documents path to the encrypted container and a good dose of education go a long way. I've just had too many whole-encrypted disks (mainly flash drives, mind) come back with the user saying When I plugged it in, Windows formatted it...). With whole-disk encryption, TrueCrypt writes the encryption loader into the same place as everyone else, sectors 2 - 63 on cylinder 0, which obviously makes it non-standard and with laptops having to be repaired by foreign hands, I prefer the encrypted container approach I don't even bother with complex XP login passwords; simply the same as the username. Far too simple to bypass. I do insist that the encryption password be severely complex and as it is the only password they need remember, it hasn't hasn't proved to be a problem. -- Peter van Houten On the 27 May, 2010 19:26, Mike Gill wrote the following: IT seems like you're trading one caveat for another, which is trusting that the user will always put sensitive data in the container. Also, this does nothing to protect the OS being compromised with key loggers, which may take less time than Evil Maid and still provide the encryption key. I'm sure it could be emailed in the background as well so the attacker who already copied the container will not need to come back for the either. You could add the ATA password as a second layer. On my Latitude, the password is prompted even when resuming. I have seen this configurable on other notebooks. They can't install a boot loader if they can't access the drive. This is assuming they are trying to be covert about it all. Resetting the ATA password would be fairly noticeable. I'm not aware of any method to bypass it. -- Mike Gill -Original Message- From: Peter van Houten [mailto:peter...@gmail.com] Sent: Thursday, May 27, 2010 8:48 AM To: NT System Admin Issues Subject: Re: laptop encryption I am a TrueCrypt fan with one caveat; we never use full-disk encryption for our clients but rather create an encrypted file container which, when mounted as a separate drive, becomes the repository for all data, including but not limited to Outlook PSTs or Thunderbird profile and mail files, Firefox profile cache, mobile phone sync data and all documents. Still working on moving Skype and other IM data on to the encrypted drive and using an on-screen keyboard program to enter the encrypted drive's password to try to defeat key loggers. Besides the vulnerability of full-disk encryption to monitors such as Evil Maid, I have seen fully-encrypted disks presented to Windows, to which the response is Format Drive XX?. Too risky if laptop is abroad and needs to be attended to by an ignorant technician. -- Peter van Houten ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: laptop encryption
Google.com Learn it. Live it. Love it. On Thu, May 27, 2010 at 08:53, David Lum david@nwea.org wrote: How many laptops and how many locations? Many remote users? How does it work when a user forgets their password? Dave about 30 laptops, one location, although people bound around the region quite a bit, we use truecrypt Full disk encryption, and the password ah yes... that's why we have the rescue disk, all the ISO's are saved, and I burn them as needed (not often). never had a user forget. we use a passphrase. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: OT: DVD burning software
Go out to majorgeeks.com. they have a slew of freeware that you can try. On Thu, May 27, 2010 at 2:04 PM, Bill Songstad bsongs...@gmail.com wrote: I just rebuilt a XP workstation only to discover that I don't have the Nero disk that came with the DVD burner. Does anybody have a recommendation for software to use in lieu of Nero? I know I can download a full version of Nero, but it is so full of bloat that if I have to pay, I want something a little less full of baloney. Any feedback would be appreciated, Bill ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: OT: DVD burning software
I would suggest you AShampoo, that has even a free version 2010/5/27 Bill Songstad bsongs...@gmail.com I just rebuilt a XP workstation only to discover that I don't have the Nero disk that came with the DVD burner. Does anybody have a recommendation for software to use in lieu of Nero? I know I can download a full version of Nero, but it is so full of bloat that if I have to pay, I want something a little less full of baloney. Any feedback would be appreciated, Bill ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: OT: DVD burning software
cdburnerxp From: Manuel Santos [mailto:nel...@gmail.com] Sent: Thursday, May 27, 2010 2:07 PM To: NT System Admin Issues Subject: Re: OT: DVD burning software I would suggest you AShampoo, that has even a free version 2010/5/27 Bill Songstad bsongs...@gmail.com I just rebuilt a XP workstation only to discover that I don't have the Nero disk that came with the DVD burner. Does anybody have a recommendation for software to use in lieu of Nero? I know I can download a full version of Nero, but it is so full of bloat that if I have to pay, I want something a little less full of baloney. Any feedback would be appreciated, Bill . ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: OT: DVD burning software
http://www.imgburn.com -- Peter van Houten On the 27 May, 2010 20:04, Bill Songstad wrote the following: I just rebuilt a XP workstation only to discover that I don't have the Nero disk that came with the DVD burner. Does anybody have a recommendation for software to use in lieu of Nero? I know I can download a full version of Nero, but it is so full of bloat that if I have to pay, I want something a little less full of baloney. Any feedback would be appreciated, Bill ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: laptop encryption
Yeah you can get away with it in that kind of environment, we (briefly) looked at it and it wouldn't be manageable for us. 450 users, 25+ travel almost constantly, 3 offices in 3 states... For small shops Truecrypt is likely perfect. Dave -Original Message- From: S Powell [mailto:powe...@gmail.com] Sent: Thursday, May 27, 2010 11:06 AM To: NT System Admin Issues Subject: Re: laptop encryption Google.com Learn it. Live it. Love it. On Thu, May 27, 2010 at 08:53, David Lum david@nwea.org wrote: How many laptops and how many locations? Many remote users? How does it work when a user forgets their password? Dave about 30 laptops, one location, although people bound around the region quite a bit, we use truecrypt Full disk encryption, and the password ah yes... that's why we have the rescue disk, all the ISO's are saved, and I burn them as needed (not often). never had a user forget. we use a passphrase. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: laptop encryption
Encryption has no bearing on whether a keylogger is installed on a sytem protected by whole disk encryption. WDE encrypts the disk while it is at rest. A keylogger can be installed on WDE protected drive as easily as one that is not. I agree with your assertion, that leaving part of the disk unencrypted requires a bit of trust on the part of the user, and is not easily verifiable whether the user is doing the right thing with data On Thu, May 27, 2010 at 1:26 PM, Mike Gill lis...@canbyfoursquare.comwrote: IT seems like you're trading one caveat for another, which is trusting that the user will always put sensitive data in the container. Also, this does nothing to protect the OS being compromised with key loggers, which may take less time than Evil Maid and still provide the encryption key. I'm sure it could be emailed in the background as well so the attacker who already copied the container will not need to come back for the either. You could add the ATA password as a second layer. On my Latitude, the password is prompted even when resuming. I have seen this configurable on other notebooks. They can't install a boot loader if they can't access the drive. This is assuming they are trying to be covert about it all. Resetting the ATA password would be fairly noticeable. I'm not aware of any method to bypass it. -- Mike Gill -Original Message- From: Peter van Houten [mailto:peter...@gmail.com] Sent: Thursday, May 27, 2010 8:48 AM To: NT System Admin Issues Subject: Re: laptop encryption I am a TrueCrypt fan with one caveat; we never use full-disk encryption for our clients but rather create an encrypted file container which, when mounted as a separate drive, becomes the repository for all data, including but not limited to Outlook PSTs or Thunderbird profile and mail files, Firefox profile cache, mobile phone sync data and all documents. Still working on moving Skype and other IM data on to the encrypted drive and using an on-screen keyboard program to enter the encrypted drive's password to try to defeat key loggers. Besides the vulnerability of full-disk encryption to monitors such as Evil Maid, I have seen fully-encrypted disks presented to Windows, to which the response is Format Drive XX?. Too risky if laptop is abroad and needs to be attended to by an ignorant technician. -- Peter van Houten ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: OT: DVD burning software
+1 On Thu, May 27, 2010 at 2:08 PM, Peter van Houten peter...@gmail.comwrote: http://www.imgburn.com -- Peter van Houten On the 27 May, 2010 20:04, Bill Songstad wrote the following: I just rebuilt a XP workstation only to discover that I don't have the Nero disk that came with the DVD burner. Does anybody have a recommendation for software to use in lieu of Nero? I know I can download a full version of Nero, but it is so full of bloat that if I have to pay, I want something a little less full of baloney. Any feedback would be appreciated, Bill ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: DVD burning software
+2 CFee From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Thursday, May 27, 2010 2:15 PM To: NT System Admin Issues Subject: Re: DVD burning software +1 On Thu, May 27, 2010 at 2:08 PM, Peter van Houten peter...@gmail.commailto:peter...@gmail.com wrote: http://www.imgburn.comhttp://www.imgburn.com/ -- Peter van Houten On the 27 May, 2010 20:04, Bill Songstad wrote the following: I just rebuilt a XP workstation only to discover that I don't have the Nero disk that came with the DVD burner. Does anybody have a recommendation for software to use in lieu of Nero? I know I can download a full version of Nero, but it is so full of bloat that if I have to pay, I want something a little less full of baloney. Any feedback would be appreciated, Bill ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: DVD burning software
Are you just trying to burn data to DVD's? Or is video part of the equation? http://infrarecorder.org/ http://www.imgburn.com/ http://cdburnerxp.se/ All free. -- Mike Gill From: Bill Songstad [mailto:bsongs...@gmail.com] Sent: Thursday, May 27, 2010 11:04 AM To: NT System Admin Issues Subject: OT: DVD burning software I just rebuilt a XP workstation only to discover that I don't have the Nero disk that came with the DVD burner. Does anybody have a recommendation for software to use in lieu of Nero? I know I can download a full version of Nero, but it is so full of bloat that if I have to pay, I want something a little less full of baloney. Any feedback would be appreciated, Bill ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: DVD burning software
It looks like I'm going to need to make playable DVDs. I'm going to try out imgburn and maybe cdburnerxp. Thanks for all the tips everyone. -Bill On Thu, May 27, 2010 at 11:24 AM, Mike Gill lis...@canbyfoursquare.comwrote: Are you just trying to burn data to DVD’s? Or is video part of the equation? http://infrarecorder.org/ http://www.imgburn.com/ http://cdburnerxp.se/ All free. -- Mike Gill *From:* Bill Songstad [mailto:bsongs...@gmail.com] *Sent:* Thursday, May 27, 2010 11:04 AM *To:* NT System Admin Issues *Subject:* OT: DVD burning software I just rebuilt a XP workstation only to discover that I don't have the Nero disk that came with the DVD burner. Does anybody have a recommendation for software to use in lieu of Nero? I know I can download a full version of Nero, but it is so full of bloat that if I have to pay, I want something a little less full of baloney. Any feedback would be appreciated, Bill ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: OT: DVD burning software
+1 I have used CDBurnerXP and ImgBurn, and I actually prefer ImgBurn. Thanks, James Winzenz Date: Thu, 27 May 2010 20:08:36 +0200 From: peter...@gmail.com To: ntsysadmin@lyris.sunbelt-software.com Subject: Re: OT: DVD burning software http://www.imgburn.com -- Peter van Houten On the 27 May, 2010 20:04, Bill Songstad wrote the following: I just rebuilt a XP workstation only to discover that I don't have the Nero disk that came with the DVD burner. Does anybody have a recommendation for software to use in lieu of Nero? I know I can download a full version of Nero, but it is so full of bloat that if I have to pay, I want something a little less full of baloney. Any feedback would be appreciated, Bill ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ _ The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with Hotmail. http://www.windowslive.com/campaign/thenewbusy?tile=multicalendarocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
What's your requirement to allow a user DA?
What are your guy's prerequisites on someone having a Domain Admin account - assume a medium or large company and 4-5+ Systems Engineers. Previously here they've just had every new SE hire be domain admin, I'm thinking it's time to change that practice but I'll need some ammo and a plan before I have any hope of changing this. My thinking is along the line of need to know what's going in this AD structure as well as being proficient in all things AD, etc. Thoughts comments? I'm thinking there should only be 2-3 DA accounts max per domain max. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: What's your requirement to allow a user DA?
My thoughts: No domain admins unless there is no other way to do what you need to. If they need to do AD administration, use LDAP OU ACLs aka delegation. They should only get permissions delegated to them if AD management is part of their duties. On 5/27/2010 1:39 PM, David Lum wrote: What are your guy’s prerequisites on someone having a Domain Admin account – assume a medium or large company and 4-5+ Systems Engineers. Previously here they’ve just had every new SE hire be domain admin, I’m thinking it’s time to change that practice but I’ll need some ammo and a plan before I have any hope of changing this. My thinking is along the line of “need to know what’s going in this AD structure” as well as being proficient in all things AD, etc. Thoughts comments? I’m thinking there should only be 2-3 DA accounts max per domain max. -- Phil Brutsche p...@optimumdata.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: What's your requirement to allow a user DA?
In addition, use Restricted Group GPOs as much as possible if distributed local administration of machines is required. Personally, I would go a step further and separate admin level accounts of any kind from the normal, day-to-day logins. So, for example, at a minimum Joe Employee Jemployee (normal login, same user rights as everyone else on the network) Jemployee_admin (elevated account, either Domain Admin or what have you) This will reduce your exposure when doing things daily, but does require that people not circumvent it in the name of ease of use (or, what I would call laziness.) -Original Message- From: Phil Brutsche [mailto:p...@optimumdata.com] Sent: Thursday, May 27, 2010 11:55 AM To: NT System Admin Issues Subject: Re: What's your requirement to allow a user DA? My thoughts: No domain admins unless there is no other way to do what you need to. If they need to do AD administration, use LDAP OU ACLs aka delegation. They should only get permissions delegated to them if AD management is part of their duties. On 5/27/2010 1:39 PM, David Lum wrote: What are your guy's prerequisites on someone having a Domain Admin account - assume a medium or large company and 4-5+ Systems Engineers. Previously here they've just had every new SE hire be domain admin, I'm thinking it's time to change that practice but I'll need some ammo and a plan before I have any hope of changing this. My thinking is along the line of need to know what's going in this AD structure as well as being proficient in all things AD, etc. Thoughts comments? I'm thinking there should only be 2-3 DA accounts max per domain max. -- Phil Brutsche p...@optimumdata.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: laptop encryption
On 27 May 2010 at 10:00, Bill Lambert wrote: TrueCrypt...free. http://www.truecrypt.org/ +5 Latest version even supports OS X 10.6. -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-290-5038 Security Blog: http://geoapps.com/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Ping...
On 27 May 2010 at 11:13, Maglinger, Paul wrote: Sorry for the ping, but I don't think I'm getting messages back that I'm sending to the list. Either that or the message isn't making it to the list to begin with, in which case I won't get any replies because y'all won't see it. When I wonder about stuff like this, I just go to the list archives at http://lyris.sunbelt-software.com/read/?forum=ntsysadmin ... I can see if there has been no list traffic for hours or days and also find my own postings. -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-290-5038 Security Blog: http://geoapps.com/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: DVD burning software
I've frequently recommended Deepburner. Not sure if the free version will meet all your needs, but it works well for me. Die dulci fruere! Roger Wright ___ On Thu, May 27, 2010 at 2:33 PM, Bill Songstad bsongs...@gmail.com wrote: It looks like I'm going to need to make playable DVDs. I'm going to try out imgburn and maybe cdburnerxp. Thanks for all the tips everyone. -Bill On Thu, May 27, 2010 at 11:24 AM, Mike Gill lis...@canbyfoursquare.com wrote: Are you just trying to burn data to DVD’s? Or is video part of the equation? http://infrarecorder.org/ http://www.imgburn.com/ http://cdburnerxp.se/ All free. -- Mike Gill From: Bill Songstad [mailto:bsongs...@gmail.com] Sent: Thursday, May 27, 2010 11:04 AM To: NT System Admin Issues Subject: OT: DVD burning software I just rebuilt a XP workstation only to discover that I don't have the Nero disk that came with the DVD burner. Does anybody have a recommendation for software to use in lieu of Nero? I know I can download a full version of Nero, but it is so full of bloat that if I have to pay, I want something a little less full of baloney. Any feedback would be appreciated, Bill ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: OT: DVD burning software
On 27 May 2010 at 11:39, James Winzenz wrote: +1 I have used CDBurnerXP and ImgBurn, and I actually prefer ImgBurn. I'm the other way, have tried both and fall back on CDBXP. -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-290-5038 Security Blog: http://geoapps.com/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Ping...
Why do you guys do this to me... I have too much to do than be distracted by this! J From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com] Sent: Thursday, May 27, 2010 12:31 PM To: NT System Admin Issues Subject: RE: Ping... http://www.ugoplayer.com/games/pong.html Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA jra...@eaglemds.com BLOCKED::mailto:%20jra...@eaglemds.com www.eaglemds.com BLOCKED::http://www.eaglemds.com/ From: Manuel Santos [mailto:nel...@gmail.com] Sent: Thursday, May 27, 2010 12:33 PM To: NT System Admin Issues Subject: Re: Ping... The machine that goes Ping... 2010/5/27 Dave Florea blazer...@gmail.com Pong --Original Message-- From: Mathew Shember To: NT System Admin Issues ReplyTo: NT System Admin Issues Subject: RE: Ping... Sent: May 27, 2010 9:16 AM Ping... -Original Message- From: David W. McSpadden [mailto:dav...@imcu.com] Sent: Thursday, May 27, 2010 9:15 AM To: NT System Admin Issues Subject: RE: Ping... Pong... -Original Message- From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Thursday, May 27, 2010 12:13 PM To: NT System Admin Issues Subject: Ping... Sorry for the ping, but I don't think I'm getting messages back that I'm sending to the list. Either that or the message isn't making it to the list to begin with, in which case I won't get any replies because y'all won't see it. -Paul ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ Sent slowly via my BBerry... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ Any medical information contained in this electronic message is CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to view, copy, disclose, or disseminate CONFIDENTIAL information. This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and/or entity named as recipients in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete this material from your computer. Do not deliver, distribute or copy this message, and do not disclose its contents or take any action in reliance on the information that it contains. Any medical information contained in this electronic message is CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to view, copy, disclose, or disseminate CONFIDENTIAL information. This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and/or entity named as recipients in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete this material from your computer. Do not deliver, distribute or copy this message, and do not disclose its contents or take any action in reliance on the information that it contains. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Internal routing
OK here is what is happening. When you go to one of the internal sites through a browser, it stalls, and then says it can not be reached, but what I noticed is that it is trying to route to the public IP address, not the DMZ address, which is what the internal DNS should be doing. So for some reason it has determined that it can not route that way and is sending the request to the DNS forwarding address. If you do an nslookup for the site, it brings up the DMZ address. Very odd. We are going to blow out the DNS zones. Possibly the records are corrupt? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Ping...
Good idea. Glad I thought of it! -Original Message- From: Angus Scott-Fleming [mailto:angu...@geoapps.com] Sent: Thursday, May 27, 2010 2:11 PM To: NT System Admin Issues Subject: Re: Ping... On 27 May 2010 at 11:13, Maglinger, Paul wrote: Sorry for the ping, but I don't think I'm getting messages back that I'm sending to the list. Either that or the message isn't making it to the list to begin with, in which case I won't get any replies because y'all won't see it. When I wonder about stuff like this, I just go to the list archives at http://lyris.sunbelt-software.com/read/?forum=ntsysadmin ... I can see if there has been no list traffic for hours or days and also find my own postings. -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-290-5038 Security Blog: http://geoapps.com/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: OT: DVD burning software
I remember that, when I first tried CDBXP, I liked it but the requirement for .NET became a problem for certain clients. Do they still have the .NET requirement? One of ImgBurn's strong points is that the author (who wrote DVD Decrypter) really seems to understand removable media and has built in a number of very useful features which will prompt you with suggestions. -- Peter van Houten On the 27 May, 2010 21:19, Angus Scott-Fleming wrote the following: On 27 May 2010 at 11:39, James Winzenz wrote: +1 I have used CDBurnerXP and ImgBurn, and I actually prefer ImgBurn. I'm the other way, have tried both and fall back on CDBXP. -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-290-5038 Security Blog: http://geoapps.com/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Internal routing
How did you determine that it is trying to route to the public IP address. By running netstat one one of the clients? If you do an nslookup pointed to an internal DNS server on one of the clients having the problem, it resolves the correct DMZ ip, right? On Thu, May 27, 2010 at 3:44 PM, mqcarp mqcarpen...@gmail.com wrote: OK here is what is happening. When you go to one of the internal sites through a browser, it stalls, and then says it can not be reached, but what I noticed is that it is trying to route to the public IP address, not the DMZ address, which is what the internal DNS should be doing. So for some reason it has determined that it can not route that way and is sending the request to the DNS forwarding address. If you do an nslookup for the site, it brings up the DMZ address. Very odd. We are going to blow out the DNS zones. Possibly the records are corrupt? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: OT: DVD burning software
Those certain clients need to get over it. .Net isn't going anywhere The ribbon is here to stay. Change is the only constant. On Thu, May 27, 2010 at 3:51 PM, Peter van Houten peter...@gmail.comwrote: I remember that, when I first tried CDBXP, I liked it but the requirement for .NET became a problem for certain clients. Do they still have the .NET requirement? One of ImgBurn's strong points is that the author (who wrote DVD Decrypter) really seems to understand removable media and has built in a number of very useful features which will prompt you with suggestions. -- Peter van Houten On the 27 May, 2010 21:19, Angus Scott-Fleming wrote the following: On 27 May 2010 at 11:39, James Winzenz wrote: +1 I have used CDBurnerXP and ImgBurn, and I actually prefer ImgBurn. I'm the other way, have tried both and fall back on CDBXP. -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-290-5038 Security Blog: http://geoapps.com/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: laptop encryption
Not the answer you're looking for, but what about a different thought? Don't keep anything of value on a laptop. Only run laptops client/server (VPN or TS or whatever). Alex From: Jeff Brown [mailto:2jbr...@gmail.com] Sent: Thursday, May 27, 2010 10:58 AM To: NT System Admin Issues Subject: laptop encryption There was a post last week about HIPAA compliance and a small part of that discussion there were a couple of encryption programs mentioned. I have bitlocker running on the OS's that happen to come with it, and need something for those that don't. Might consider OS upgrade if the encryption piece is too costly. anyone using something they LOVE? any chance there is a program that will report encryption status back to a management station? tiafah. Jeff ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: What's your requirement to allow a user DA?
2-3 is max for any environment IMO. Everything else should be dome with delegations. They must be your most proficient admins, not any old new hire. Check out some of joe Richard's rants about it, he ran a multi-nationl Global 5 firm with 3 EA /DA level admins who were, as he put it, all close enough to smack each other. (+ 1 manager who had the keys in a break glass/locked safe scenario) Personally, I am a fan of 3 accounts per admin for those enterprise level admins, 1 uberadminID (DA/EA), 1 regular adminID with appropriate delegations like all administrators should have and the usual day-to-day userID From: David Lum [mailto:david@nwea.org] Sent: Thursday, May 27, 2010 11:39 AM To: NT System Admin Issues Subject: What's your requirement to allow a user DA? What are your guy's prerequisites on someone having a Domain Admin account - assume a medium or large company and 4-5+ Systems Engineers. Previously here they've just had every new SE hire be domain admin, I'm thinking it's time to change that practice but I'll need some ammo and a plan before I have any hope of changing this. My thinking is along the line of need to know what's going in this AD structure as well as being proficient in all things AD, etc. Thoughts comments? I'm thinking there should only be 2-3 DA accounts max per domain max. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: laptop encryption
I don't swing that large a stick here... On Thu, May 27, 2010 at 3:39 PM, Alex Eckelberry al...@sunbelt-software.com wrote: Not the answer you’re looking for, but what about a different thought? Don’t keep anything of value on a laptop. Only run laptops client/server (VPN or TS or whatever). Alex *From:* Jeff Brown [mailto:2jbr...@gmail.com] *Sent:* Thursday, May 27, 2010 10:58 AM *To:* NT System Admin Issues *Subject:* laptop encryption There was a post last week about HIPAA compliance and a small part of that discussion there were a couple of encryption programs mentioned. I have bitlocker running on the OS's that happen to come with it, and need something for those that don't. Might consider OS upgrade if the encryption piece is too costly. anyone using something they LOVE? any chance there is a program that will report encryption status back to a management station? tiafah. Jeff ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: laptop encryption
Plus, regardless of what I tell people to do/don't do, some are still going to do whatever they want, either on purpose or in ignorance and I don't think I can take that position and feel good about being in compliance... was the missing data encrypted? NO. was there phi on it? I don't know would have to be the honest answer. I don't think there wasn't supposed to be works. On Thu, May 27, 2010 at 3:43 PM, Jeff Brown 2jbr...@gmail.com wrote: I don't swing that large a stick here... On Thu, May 27, 2010 at 3:39 PM, Alex Eckelberry al...@sunbelt-software.com wrote: Not the answer you’re looking for, but what about a different thought? Don’t keep anything of value on a laptop. Only run laptops client/server (VPN or TS or whatever). Alex *From:* Jeff Brown [mailto:2jbr...@gmail.com] *Sent:* Thursday, May 27, 2010 10:58 AM *To:* NT System Admin Issues *Subject:* laptop encryption There was a post last week about HIPAA compliance and a small part of that discussion there were a couple of encryption programs mentioned. I have bitlocker running on the OS's that happen to come with it, and need something for those that don't. Might consider OS upgrade if the encryption piece is too costly. anyone using something they LOVE? any chance there is a program that will report encryption status back to a management station? tiafah. Jeff ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: What's your requirement to allow a user DA?
+1 on the separate accounts. We try to keep Domain Admins to as small a number as possible and we don't allow anyone to use their Domain Admin account to do regular work (such as email, web browsing, etc.). Keeping the number of DAs to a minimum also minimizes the number of people able to screw things up for everyone (not that any of us or our coworkers would do that) and the number of people who have full access to everyone's data, both on workstations and servers, including sensitive stuff that IT doesn't need to see. -Malcolm -Original Message- From: Salvador Manzo [mailto:ma...@usc.edu] Sent: Thursday, May 27, 2010 14:02 To: NT System Admin Issues Subject: RE: What's your requirement to allow a user DA? In addition, use Restricted Group GPOs as much as possible if distributed local administration of machines is required. Personally, I would go a step further and separate admin level accounts of any kind from the normal, day-to-day logins. So, for example, at a minimum Joe Employee Jemployee (normal login, same user rights as everyone else on the network) Jemployee_admin (elevated account, either Domain Admin or what have you) This will reduce your exposure when doing things daily, but does require that people not circumvent it in the name of ease of use (or, what I would call laziness.) -Original Message- From: Phil Brutsche [mailto:p...@optimumdata.com] Sent: Thursday, May 27, 2010 11:55 AM To: NT System Admin Issues Subject: Re: What's your requirement to allow a user DA? My thoughts: No domain admins unless there is no other way to do what you need to. If they need to do AD administration, use LDAP OU ACLs aka delegation. They should only get permissions delegated to them if AD management is part of their duties. On 5/27/2010 1:39 PM, David Lum wrote: What are your guy's prerequisites on someone having a Domain Admin account - assume a medium or large company and 4-5+ Systems Engineers. Previously here they've just had every new SE hire be domain admin, I'm thinking it's time to change that practice but I'll need some ammo and a plan before I have any hope of changing this. My thinking is along the line of need to know what's going in this AD structure as well as being proficient in all things AD, etc. Thoughts comments? I'm thinking there should only be 2-3 DA accounts max per domain max. -- Phil Brutsche p...@optimumdata.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Ping...
My name is Jonathan, and I am applying for a job at Google... :-) Happy to be of servierr distraction! Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA www.eaglemds.comhttp://www.eaglemds.com/ jra...@eaglemds.commailto:jra...@eaglemds.com From: Maglinger, Paul [pmaglin...@scvl.com] Sent: Thursday, May 27, 2010 3:38 PM To: NT System Admin Issues Subject: RE: Ping... Why do you guys do this to me… I have too much to do than be distracted by this! :) From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com] Sent: Thursday, May 27, 2010 12:31 PM To: NT System Admin Issues Subject: RE: Ping... http://www.ugoplayer.com/games/pong.html Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA jra...@eaglemds.comUrlBlockedError.aspx www.eaglemds.comUrlBlockedError.aspx From: Manuel Santos [mailto:nel...@gmail.com] Sent: Thursday, May 27, 2010 12:33 PM To: NT System Admin Issues Subject: Re: Ping... The machine that goes Ping... 2010/5/27 Dave Florea blazer...@gmail.commailto:blazer...@gmail.com Pong --Original Message-- From: Mathew Shember To: NT System Admin Issues ReplyTo: NT System Admin Issues Subject: RE: Ping... Sent: May 27, 2010 9:16 AM Ping... -Original Message- From: David W. McSpadden [mailto:dav...@imcu.commailto:dav...@imcu.com] Sent: Thursday, May 27, 2010 9:15 AM To: NT System Admin Issues Subject: RE: Ping... Pong... -Original Message- From: Maglinger, Paul [mailto:pmaglin...@scvl.commailto:pmaglin...@scvl.com] Sent: Thursday, May 27, 2010 12:13 PM To: NT System Admin Issues Subject: Ping... Sorry for the ping, but I don't think I'm getting messages back that I'm sending to the list. Either that or the message isn't making it to the list to begin with, in which case I won't get any replies because y'all won't see it. -Paul ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ Sent slowly via my BBerry... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ Any medical information contained in this electronic message is CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to view, copy, disclose, or disseminate CONFIDENTIAL information. This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and/or entity named as recipients in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete this material from your computer. Do not deliver, distribute or copy this message, and do not disclose its contents or take any action in reliance on the information that it contains. Any medical information contained in this electronic message is CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to view, copy, disclose, or disseminate CONFIDENTIAL information. This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and/or entity named as recipients in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete this material from your computer. Do not deliver, distribute or copy this message, and do not disclose its contents or take any action in reliance on the information that it contains. Any medical information contained in this electronic message is CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to view, copy, disclose, or disseminate CONFIDENTIAL information. This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and/or entity named as recipients in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete this material from your computer. Do not deliver, distribute or copy this message, and do not disclose its contents or take any action in reliance on the information that it contains. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: laptop encryption
+100 That's what I've been doing for several years. I let the servers do the heavy lifting and keep most of my files on tha SAN. In fact, I use a Thin Client running Windows CE on my desk for the majority of my computing needs. It proves a point that I can use the same computing resources as what I provide to my end users from just about anywhere in the world and still get my job done. Yes, there are exceptions, but not many, and most of those are specific to my job. I reserve my laptop for more resource intensive apps (like pac-man and pong). Sorry couldn't resist given the threads this week and last. Cheers! Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA www.eaglemds.comhttp://www.eaglemds.com/ jra...@eaglemds.commailto:jra...@eaglemds.com From: Alex Eckelberry [al...@sunbelt-software.com] Sent: Thursday, May 27, 2010 4:39 PM To: NT System Admin Issues Subject: RE: laptop encryption Not the answer you’re looking for, but what about a different thought? Don’t keep anything of value on a laptop. Only run laptops client/server (VPN or TS or whatever). Alex From: Jeff Brown [mailto:2jbr...@gmail.com] Sent: Thursday, May 27, 2010 10:58 AM To: NT System Admin Issues Subject: laptop encryption There was a post last week about HIPAA compliance and a small part of that discussion there were a couple of encryption programs mentioned. I have bitlocker running on the OS's that happen to come with it, and need something for those that don't. Might consider OS upgrade if the encryption piece is too costly. anyone using something they LOVE? any chance there is a program that will report encryption status back to a management station? tiafah. Jeff Any medical information contained in this electronic message is CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to view, copy, disclose, or disseminate CONFIDENTIAL information. This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and/or entity named as recipients in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete this material from your computer. Do not deliver, distribute or copy this message, and do not disclose its contents or take any action in reliance on the information that it contains. Any medical information contained in this electronic message is CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to view, copy, disclose, or disseminate CONFIDENTIAL information. This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and/or entity named as recipients in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete this material from your computer. Do not deliver, distribute or copy this message, and do not disclose its contents or take any action in reliance on the information that it contains. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: What's your requirement to allow a user DA?
+1 on separate accounts for admins Log on with a user account (maybe a local admin) and use run as to run your admin programs as your domain admin or equivalent account. If you log on as a domain admin and get a virus (happens to the best of us) then that virus is running as a domain admin and sending itself to your exchange server and remotely executing. But no one uses the internet on the exchange server so we don't have AV on it Regards, Phil Garven Sunbelt Software From: Free, Bob [mailto:r...@pge.com] Sent: Thursday, May 27, 2010 4:43 PM To: NT System Admin Issues Subject: RE: What's your requirement to allow a user DA? 2-3 is max for any environment IMO. Everything else should be dome with delegations. They must be your most proficient admins, not any old new hire. Check out some of joe Richard's rants about it, he ran a multi-nationl Global 5 firm with 3 EA /DA level admins who were, as he put it, all close enough to smack each other. (+ 1 manager who had the keys in a break glass/locked safe scenario) Personally, I am a fan of 3 accounts per admin for those enterprise level admins, 1 uberadminID (DA/EA), 1 regular adminID with appropriate delegations like all administrators should have and the usual day-to-day userID From: David Lum [mailto:david@nwea.org] Sent: Thursday, May 27, 2010 11:39 AM To: NT System Admin Issues Subject: What's your requirement to allow a user DA? What are your guy's prerequisites on someone having a Domain Admin account - assume a medium or large company and 4-5+ Systems Engineers. Previously here they've just had every new SE hire be domain admin, I'm thinking it's time to change that practice but I'll need some ammo and a plan before I have any hope of changing this. My thinking is along the line of need to know what's going in this AD structure as well as being proficient in all things AD, etc. Thoughts comments? I'm thinking there should only be 2-3 DA accounts max per domain max. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Firewall recommendations
Good afternoon everyone, just a quick question. I have noticed a few emails regarding firewalls for smb clients. A number have recommended the Fortigate products. Just wondering about how easy or difficult are these units to configure? I would like to try them out with a client of mine. Jonathan ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: What's your requirement to allow a user DA?
Not to nitpick, but I want to nit pick J RE: But no one uses the internet on the exchange server so we don't have AV on it How is this relevant? If the AV on the workstation the DA is logged into didn't catch the virus, why would the save AV software on the Exchange server catch it? Or, are you suggesting that different AV be installed on various servers? From: Phil Garven [mailto:ph...@sunbeltsoftware.com] Sent: Thursday, May 27, 2010 4:06 PM To: NT System Admin Issues Subject: RE: What's your requirement to allow a user DA? +1 on separate accounts for admins Log on with a user account (maybe a local admin) and use run as to run your admin programs as your domain admin or equivalent account. If you log on as a domain admin and get a virus (happens to the best of us) then that virus is running as a domain admin and sending itself to your exchange server and remotely executing. But no one uses the internet on the exchange server so we don't have AV on it Regards, Phil Garven Sunbelt Software From: Free, Bob [mailto:r...@pge.com] Sent: Thursday, May 27, 2010 4:43 PM To: NT System Admin Issues Subject: RE: What's your requirement to allow a user DA? 2-3 is max for any environment IMO. Everything else should be dome with delegations. They must be your most proficient admins, not any old new hire. Check out some of joe Richard's rants about it, he ran a multi-nationl Global 5 firm with 3 EA /DA level admins who were, as he put it, all close enough to smack each other. (+ 1 manager who had the keys in a break glass/locked safe scenario) Personally, I am a fan of 3 accounts per admin for those enterprise level admins, 1 uberadminID (DA/EA), 1 regular adminID with appropriate delegations like all administrators should have and the usual day-to-day userID From: David Lum [mailto:david@nwea.org] Sent: Thursday, May 27, 2010 11:39 AM To: NT System Admin Issues Subject: What's your requirement to allow a user DA? What are your guy's prerequisites on someone having a Domain Admin account - assume a medium or large company and 4-5+ Systems Engineers. Previously here they've just had every new SE hire be domain admin, I'm thinking it's time to change that practice but I'll need some ammo and a plan before I have any hope of changing this. My thinking is along the line of need to know what's going in this AD structure as well as being proficient in all things AD, etc. Thoughts comments? I'm thinking there should only be 2-3 DA accounts max per domain max. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: laptop encryption
What about looking at Intels' VPro technology on newer laptops. I believe two benefits are out of band management, hardware based encryption, and ability to remove encryption keys from drives if lost or stolen based on policies and checking in with a management server. I heard about it last week and it seems very intriguing. Regards, Paul Paul Muhlbach, A+, CNA, MCSE, MCT APM Computer Services Camrose, AB Phone 403-894-5802 email: pmuhl...@apmcomp.com On 5/27/2010 at 2:39 PM, Alex Eckelberry al...@sunbelt-software.com wrote: Not the answer you’re looking for, but what about a different thought? Don’t keep anything of value on a laptop. Only run laptops client/server (VPN or TS or whatever). Alex From:Jeff Brown [mailto:2jbr...@gmail.com] Sent: Thursday, May 27, 2010 10:58 AM To: NT System Admin Issues Subject: laptop encryption There was a post last week about HIPAA compliance and a small part of that discussion there were a couple of encryption programs mentioned. I have bitlocker running on the OS's that happen to come with it, and need something for those that don't. Might consider OS upgrade if the encryption piece is too costly. anyone using something they LOVE? any chance there is a program that will report encryption status back to a management station? tiafah. Jeff ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: What's your requirement to allow a user DA?
I don't ever provide DA/EA creds to anything but the most trusted systems, I especially wouldn't use them on a box that has internet access. That is what the other accounts are for. That is also why I am a big believer in reducing attack surface with RBAC delegations and span of control. e.g workstation admins aren't server admins. From: Phil Garven [mailto:ph...@sunbeltsoftware.com] Sent: Thursday, May 27, 2010 2:06 PM To: NT System Admin Issues Subject: RE: What's your requirement to allow a user DA? +1 on separate accounts for admins Log on with a user account (maybe a local admin) and use run as to run your admin programs as your domain admin or equivalent account. If you log on as a domain admin and get a virus (happens to the best of us) then that virus is running as a domain admin and sending itself to your exchange server and remotely executing. But no one uses the internet on the exchange server so we don't have AV on it Regards, Phil Garven Sunbelt Software From: Free, Bob [mailto:r...@pge.com] Sent: Thursday, May 27, 2010 4:43 PM To: NT System Admin Issues Subject: RE: What's your requirement to allow a user DA? 2-3 is max for any environment IMO. Everything else should be dome with delegations. They must be your most proficient admins, not any old new hire. Check out some of joe Richard's rants about it, he ran a multi-nationl Global 5 firm with 3 EA /DA level admins who were, as he put it, all close enough to smack each other. (+ 1 manager who had the keys in a break glass/locked safe scenario) Personally, I am a fan of 3 accounts per admin for those enterprise level admins, 1 uberadminID (DA/EA), 1 regular adminID with appropriate delegations like all administrators should have and the usual day-to-day userID From: David Lum [mailto:david@nwea.org] Sent: Thursday, May 27, 2010 11:39 AM To: NT System Admin Issues Subject: What's your requirement to allow a user DA? What are your guy's prerequisites on someone having a Domain Admin account - assume a medium or large company and 4-5+ Systems Engineers. Previously here they've just had every new SE hire be domain admin, I'm thinking it's time to change that practice but I'll need some ammo and a plan before I have any hope of changing this. My thinking is along the line of need to know what's going in this AD structure as well as being proficient in all things AD, etc. Thoughts comments? I'm thinking there should only be 2-3 DA accounts max per domain max. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: laptop encryption
I agree that is the way to do things, but disk encryption for our environment has very little to do with me, lots to do with clinical staff in the field. On Thu, May 27, 2010 at 4:02 PM, Raper, Jonathan - Eagle jra...@eaglemds.com wrote: +100 That's what I've been doing for several years. I let the servers do the heavy lifting and keep most of my files on tha SAN. In fact, I use a Thin Client running Windows CE on my desk for the majority of my computing needs. It proves a point that I can use the same computing resources as what I provide to my end users from just about anywhere in the world and still get my job done. Yes, there are exceptions, but not many, and most of those are specific to my job. I reserve my laptop for more resource intensive apps (like pac-man and pong). Sorry couldn't resist given the threads this week and last. Cheers! Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA www.eaglemds.comhttp://www.eaglemds.com/ jra...@eaglemds.commailto:jra...@eaglemds.com From: Alex Eckelberry [al...@sunbelt-software.com] Sent: Thursday, May 27, 2010 4:39 PM To: NT System Admin Issues Subject: RE: laptop encryption Not the answer you’re looking for, but what about a different thought? Don’t keep anything of value on a laptop. Only run laptops client/server (VPN or TS or whatever). Alex From: Jeff Brown [mailto:2jbr...@gmail.com] Sent: Thursday, May 27, 2010 10:58 AM To: NT System Admin Issues Subject: laptop encryption There was a post last week about HIPAA compliance and a small part of that discussion there were a couple of encryption programs mentioned. I have bitlocker running on the OS's that happen to come with it, and need something for those that don't. Might consider OS upgrade if the encryption piece is too costly. anyone using something they LOVE? any chance there is a program that will report encryption status back to a management station? tiafah. Jeff Any medical information contained in this electronic message is CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to view, copy, disclose, or disseminate CONFIDENTIAL information. This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and/or entity named as recipients in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete this material from your computer. Do not deliver, distribute or copy this message, and do not disclose its contents or take any action in reliance on the information that it contains. Any medical information contained in this electronic message is CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to view, copy, disclose, or disseminate CONFIDENTIAL information. This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and/or entity named as recipients in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete this material from your computer. Do not deliver, distribute or copy this message, and do not disclose its contents or take any action in reliance on the information that it contains. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: What's your requirement to allow a user DA?
The only people I give it to are the guys who actually own the AD service. That would be the people that support your domain controllers. Everything else gets delegated. Sometimes a team manage gets it depending on the organizational structure but it varies by organization. There's a really good post on Joe Richards' blog actually about his pre-requisites to giving it to someone when he owned AD for a big corp. I'm on the plane right now so I can't find it. In general though I'd expect the person to have a solid understanding of the environment before they got the keys to the kingdom plus a solid understanding of the service they're going to support (AD) and the risks that come along with their new access. Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 From: David Lum [mailto:david@nwea.org] Sent: Thursday, May 27, 2010 1:39 PM To: NT System Admin Issues Subject: What's your requirement to allow a user DA? What are your guy's prerequisites on someone having a Domain Admin account - assume a medium or large company and 4-5+ Systems Engineers. Previously here they've just had every new SE hire be domain admin, I'm thinking it's time to change that practice but I'll need some ammo and a plan before I have any hope of changing this. My thinking is along the line of need to know what's going in this AD structure as well as being proficient in all things AD, etc. Thoughts comments? I'm thinking there should only be 2-3 DA accounts max per domain max. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: What's your requirement to allow a user DA?
Phil Garven ph...@sunbeltsoftware.com previously uttered: Log on with a user account (maybe a local admin) and use run as to run your admin programs as your domain admin or equivalent account. -- Phil Brutsche p...@optimumdata.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Shavlik offers 'cloud patching' with free service
I played with this at home several months ago after reading something Susan Bradley wrote about it. It just flat didn't work. Your post prompted me to go back and try again, and I did have some success this time. I can remotely scan and patch XP and Server 2008 (not R2) machines on my home LAN, but I cannot, under any set of circumstances that I can create, remotely scan a Windows 7 machine. Firewall off, UAC off, HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\LocalAccountTokenFilterPolicy created and set to either 0 or 1 - no combination of things I tried would allow a successful scan of a remote Win7 computer. (All of my Windows 7 machines are x64. I wasn't able to try against 32 bit Win7.) I can scan and patch locally on Windows 7 with no problem. It's a neat idea (if you don't mind a LOT of potentially private information stored in the cloud), but I wouldn't think it's anywhere near a 1.0 product. More like early beta. As always, YMMV. RS On Thu, May 27, 2010 at 4:16 PM, Angus Scott-Fleming angu...@geoapps.comwrote: Might be useful to small-LAN admins: = Included Stuff Follows = Shavlik offers 'cloud patching' with free service Patch management company Shavlik is offering small networks of 10 or fewer PCs access to a new online patch management service at no cost. The new service, IT.Shavlik.com, is designed to scan for missing patches on a machine-by-machine basis, or using an IP address range or domain, reporting the results through the web portal. Missing patches across Windows versions are rated for severity and can be downloaded using links to the appropriate vendor website or using the 'FixIT' button. The service also supports VMWare ESX and ESXi hypervisors. ... Larger SMB networks can use the service in its 'Pro' form for a fee. The company quotes a price of 'from $250' (approx £175) for networks of between 10 and 1,000 PCs, which includes unlimited scan history storage. This is the sharper edge what the company admits is now a 'freemium' business model designed to lure users in with a free service before charging them as they grasp the value of the service or their needs grow. = Included Stuff Ends = More here with links: http://www.networkworld.com/news/2010/052610-shavlik-offers-cloud-patching-with.html -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-290-5038 Security Blog: http://geoapps.com/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
