Re: Service accounts that want local admin

[James Rankin]

Doesn't 2008 R2 AD try to handle this with the "Managed Service Accounts"
feature? Having said that, I haven't tried using it yet. We try to apply the
principle of least privilege wherever possible. You can use LUA Buglight and
process monitor to work out *why *things think they need admin permissions.
It's a bit of a hassle but ultimately better. For instance, our users always
used to demand admin rights to run AutoCAD, until we worked out they just
needed the Create Global Objects user right. A quick GPO update later, and
they no longer need admin rights or privilege elevation software.

On 8 June 2010 17:46, David Lum  wrote:

>  How do you guys handle service accounts that seem to need local admin
> perms on server and workstations – I.e., SMS, anti-virus, etc. we currently
> have them as domain admins with a “no interactive logon” GPO, but surely
> there’s a better way…the only thing that comes to mind is use GPO to make
> them local admins on each machine but that’s not much improvement for say, a
> DC right?
>
> *David Lum** **// *SYSTEMS ENGINEER
> NORTHWEST EVALUATION ASSOCIATION
> (Desk) 971.222.1025 *// *(Cell) 503.267.9764
>
>
>
>
>
>
>
>


-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Applying Computer Settings takes forever...

[James Rankin]

I have about 120 GPOs applying at logon, and it doesn't take anywhere near
that long. Keeping them separate and distinct is better when it comes to
working out which one is screwing things up, believe me.

Are all your DCs local to the problem PCs? Are you getting any other network
issues?

On 9 June 2010 06:53, Matthew W. Ross  wrote:

> AD question here: For our computers on our network, especially our XP
> machines, the "Applying Computer Settings" portion of the boot process takes
> a very long time (4 minutes?) which makes the initial login for our users a
> little painful.
>
> I am curious if I have something setup in a way that is not optimal: I have
> various GPOs set for different settings... and I have the broken up into
> individual GPOs. One for Automatic Updates, one for Internet Explorer
> Behavior, one for Time Synchronization... I probably have 20-30 different
> GPOs. All of this could be done with a lot fewer GPOs, but I originally
> designed it this way so that it would be easy to adjust settings. (Also
> because back in Windows Server 2000, it was difficult to tell what a single
> GPO effected, and where those settings were set.)
>
> Is this fracturing of GPO settings the reason my computers take so long to
> boot? Would consolidating these GPOs be faster?
>
> Also, is there a way to combine GPOs together? Otherwise I'll be doing it
> by hand.
>
> Thanks for any help on this.
>
>
> --Matt Ross
> Ephrata School District
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>


-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Applying Computer Settings takes forever...

[Tom Miller]

Be sure to disable computer/use settings on GPOs that have no settings in those 
sections, so the won't be scanned and time will be saved.  
 
As for merging I wouldn't recommend it.  I'd just spend the time to recreate so 
you'll have a fresh GPO.  Then delete the older GPOs and allow the system to 
clean up the sysvol.  Or you could try the backup/restore method:  
http://www.windowsecurity.com/articles/Backing-up-Restoring-GPOs-using-GPMC.html.
  
 
Also, I thought I read someone or someone on this list mentioned that if you 
use WMI filters for your GPOs that could slow things down, since the filters 
need to be processed before the GPOs.  I use several WMI filters (very handy to 
prevent policies running on servers or particular workstations).  Our logins 
take a few moments but I always tell our users that same computer at home would 
be a little slower at work with the various software overhead.  
 
Also for 2008 there are some (optional ?) Microsoft updates to process GPO 
preferences.  You may want to see if those are needed.
 
I'm sure others will chime in with better wisdom...
 
Tom
 
Tom Miller
Engineer, Information Technology
Hampton-Newport News Community Services Board
757-788-0528 

>>> "Matthew W. Ross"  6/9/2010 1:53 AM >>>
AD question here: For our computers on our network, especially our XP machines, 
the "Applying Computer Settings" portion of the boot process takes a very long 
time (4 minutes?) which makes the initial login for our users a little painful.

I am curious if I have something setup in a way that is not optimal: I have 
various GPOs set for different settings... and I have the broken up into 
individual GPOs. One for Automatic Updates, one for Internet Explorer Behavior, 
one for Time Synchronization... I probably have 20-30 different GPOs. All of 
this could be done with a lot fewer GPOs, but I originally designed it this way 
so that it would be easy to adjust settings. (Also because back in Windows 
Server 2000, it was difficult to tell what a single GPO effected, and where 
those settings were set.)

Is this fracturing of GPO settings the reason my computers take so long to 
boot? Would consolidating these GPOs be faster?

Also, is there a way to combine GPOs together? Otherwise I'll be doing it by 
hand.

Thanks for any help on this.


--Matt Ross
Ephrata School District

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


Confidentiality Notice:  This e-mail message, including attachments, is for the 
sole use of the intended recipient(s) and may contain confidential and 
privileged information.  Any unauthorized review, use, disclosure, or 
distribution is prohibited.  If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: [HUMOR] Someone misconfigured something somewhere, I think

[James Kerr]

Smooth, real smooth.

On 6/8/2010 6:32 PM, Ben Scott wrote:

   Check out this cool website I found:

http://www.upart.biz/

   I found it when searching for an error code from one of our HP printers.

   BTW: Don't ever buy an HP M2727nf.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

   



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Applying Computer Settings takes forever...

[Richard Stovall]

The few times I've had to deal with this the problem turned out to be
connectivity-related instead of the number of GPOs.

Can you ping all of your DCs from the workstations?  Has it always been this
way, or did something change?  Is it all of the workstations all of the
time, some of them all of the time, or seemingly random?  Have you created a
test OU with no GPOs at all to see what happens to users and computers
placed there?  Have you turned on user environment logging to see if there's
anything useful in there?

RS

On Wed, Jun 9, 2010 at 1:53 AM, Matthew W. Ross wrote:

> AD question here: For our computers on our network, especially our XP
> machines, the "Applying Computer Settings" portion of the boot process takes
> a very long time (4 minutes?) which makes the initial login for our users a
> little painful.
>
> I am curious if I have something setup in a way that is not optimal: I have
> various GPOs set for different settings... and I have the broken up into
> individual GPOs. One for Automatic Updates, one for Internet Explorer
> Behavior, one for Time Synchronization... I probably have 20-30 different
> GPOs. All of this could be done with a lot fewer GPOs, but I originally
> designed it this way so that it would be easy to adjust settings. (Also
> because back in Windows Server 2000, it was difficult to tell what a single
> GPO effected, and where those settings were set.)
>
> Is this fracturing of GPO settings the reason my computers take so long to
> boot? Would consolidating these GPOs be faster?
>
> Also, is there a way to combine GPOs together? Otherwise I'll be doing it
> by hand.
>
> Thanks for any help on this.
>
>
> --Matt Ross
> Ephrata School District
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: [HUMOR] Someone misconfigured something somewhere, I think

[Steven M. Caesare]

Doesn't load now, but I can only assume an open HP printer config page?

Time to http://hacknmod.com/hack/hack-a-printer-display/

-sc

> -Original Message-
> From: James Hill [mailto:james.h...@superamart.com.au]
> Sent: Tuesday, June 08, 2010 6:37 PM
> To: NT System Admin Issues
> Subject: RE: [HUMOR] Someone misconfigured something somewhere, I
> think
> 
> Unfortunately they probably did it on purpose.
> 
> Just like the many open rdp connections there are around.
> 
> -Original Message-
> From: Ben Scott [mailto:mailvor...@gmail.com]
> Sent: Wednesday, 9 June 2010 8:33 AM
> To: NT System Admin Issues
> Subject: [HUMOR] Someone misconfigured something somewhere, I think
> 
>   Check out this cool website I found:
> 
>   http://www.upart.biz/
> 
>   I found it when searching for an error code from one of our HP
printers.
> 
>   BTW: Don't ever buy an HP M2727nf.
> 
> -- Ben
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>   ~
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: [HUMOR] Someone misconfigured something somewhere, I think

[Ben Scott]

On Wed, Jun 9, 2010 at 8:54 AM, Steven M. Caesare  wrote:
>>   http://www.upart.biz/
>
> Doesn't load now, but I can only assume an open HP printer config page?

  Yup.

  I think the printer may have crashed due to all the people on this
list trying to load the management UI.  :-)

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: [HUMOR] Someone misconfigured something somewhere, I think

[Andrew Levicki]

I'm still trying to get a printout of the PCL font list!

andrew

On 9 June 2010 21:59, Ben Scott  wrote:

> On Wed, Jun 9, 2010 at 8:54 AM, Steven M. Caesare 
> wrote:
> >>   http://www.upart.biz/
> >
> > Doesn't load now, but I can only assume an open HP printer config page?
>
>   Yup.
>
>  I think the printer may have crashed due to all the people on this
> list trying to load the management UI.  :-)
>
> -- Ben
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>



-- 
Kind regards,

Andrew Levicki
MCITP:EDST7/EMA/EA,MCSE,MCSA,MCP,CCNA,ITIL

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: [HUMOR] Someone misconfigured something somewhere, I think

[Mike Hoffman]

Just out of interest we've spent the last week playing with  codes on a 
printer. We have a client running a vet practice using a dos based invoicing 
system. He is now unable to get dot-matrix printers to work so we put in an HP 
LJ1200, but the page width is too wide.

I know that putting the codes in a .txt file and then piping that to the 
printer in the autoexec will set the printer for the session, but I'm going 
round in circles.

Does anyone here know if this sounds like a font, line size, cpi, or other 
issue with a single  command to sort it?

I really had thought I'd seen my last dos box ever!!

Mike

From: Andrew Levicki [mailto:and...@levicki.me.uk]
Sent: 09 June 2010 14:02
To: NT System Admin Issues
Subject: Re: [HUMOR] Someone misconfigured something somewhere, I think

I'm still trying to get a printout of the PCL font list!

andrew
On 9 June 2010 21:59, Ben Scott 
mailto:mailvor...@gmail.com>> wrote:
On Wed, Jun 9, 2010 at 8:54 AM, Steven M. Caesare 
mailto:scaes...@caesare.com>> wrote:
>>   http://www.upart.biz/
>
> Doesn't load now, but I can only assume an open HP printer config page?
 Yup.

 I think the printer may have crashed due to all the people on this
list trying to load the management UI.  :-)

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~



--
Kind regards,

Andrew Levicki
MCITP:EDST7/EMA/EA,MCSE,MCSA,MCP,CCNA,ITIL





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: OTish: Wireless network configuration

[Malcolm Reitz]

Do you do anything to prevent random people outside your office from connecting 
to your guest wireless network?

-Malcolm

-Original Message-
From: Joe Tinney [mailto:jtin...@lastar.com] 
Sent: Tuesday, June 08, 2010 21:21
To: NT System Admin Issues
Subject: RE: OTish: Wireless network configuration

While I'm not the one that configured them, our Cisco wireless access points 
are configured with two SSID's: one on a VLAN that goes to our transparent 
proxy and without access to our other networks and the other on a VLAN that 
functions just like our client wired network segment. The first one is an open 
Guest network and the latter is WPA2 secured.

I'm not sure what your network devices would enable you to do but this has been 
rock solid configuration for us.

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com]
Sent: Tuesday, June 08, 2010 7:29 PM
To: NT System Admin Issues
Subject: OTish: Wireless network configuration

All,

We've got a decent wireless network at $WORK, but I'm dissatisified with it, 
because it lacks good guest access.

We have 18 Cisco 1240ag WAPs talking with 3 HP POE switches, which currently 
are in our HP 3400cl layer 3 switch on our production network. There's a single 
SSID across all of them, and I've got them all configured on a single VLAN. 
Works great, but as mentioned there is no guest access.

I could just stick them all physically outside our firewall, and give the 
wireless users an IPSec VPN client, but I really would prefer not to do that.

I've been doing some reading, but don't have a good handle on how to move to a 
configuration that would work well - without the VPN, that is.

I'm casting about for ideas - anyone have a solution they like?
Preferably without spending tons of money, of course.

Kurt

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Applying Computer Settings takes forever...

[Ben Scott]

On Wed, Jun 9, 2010 at 1:53 AM, Matthew W. Ross
 wrote:
> AD question here: For our computers on our network, especially our XP 
> machines, the
> "Applying Computer Settings" portion of the boot process takes a very long 
> time
> (4 minutes?) which makes the initial login for our users a little painful.

  In my experience, that's usually a network issue.

  I recommend doing the following to help debug this sort of issue.
All done via GPO, ironically.

Computer -> Admin Templates -> System -> Verbose status messages = Enable

Computer -> Admin Templates -> System -> Scripts -> Run shutdown
scripts visible = Enable

Computer -> Admin Templates -> System -> Scripts -> Run startup
scripts visible = Enable

  The first one (verbose status messages) is especially useful.  By
default, the status messages Windows gives during startup and shutdown
are very misleading.

  One common problem that can cause slow startup is DNS resolution of
your Active Directory domain name.  If your Active Directory domain
name is not delegated in the public DNS, make sure all your AD members
are configured to use your private DNS servers *only*.  Do *NOT*
configure ISP nameservers *anywhere*.  (In the common case, this means
your clients should have your AD Domain Controller(s) configured as
their DNS servers.)

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: [HUMOR] Someone misconfigured something somewhere, I think

[Jonathan Link]

Is that app even Y2K compliant?
I'm suprised his accountant hasn't moved him to something else.  Our fees
slide upwards based on the age of the software involved...

On Wed, Jun 9, 2010 at 9:10 AM, Mike Hoffman  wrote:

>  Just out of interest we’ve spent the last week playing with  codes
> on a printer. We have a client running a vet practice using a dos based
> invoicing system. He is now unable to get dot-matrix printers to work so we
> put in an HP LJ1200, but the page width is too wide.
>
>
>
> I know that putting the codes in a .txt file and then piping that to the
> printer in the autoexec will set the printer for the session, but I’m going
> round in circles.
>
>
>
> Does anyone here know if this sounds like a font, line size, cpi, or other
> issue with a single  command to sort it?
>
>
>
> I really had thought I’d seen my last dos box ever!!
>
>
>
> Mike
>
>
>
> *From:* Andrew Levicki [mailto:and...@levicki.me.uk]
> *Sent:* 09 June 2010 14:02
>
> *To:* NT System Admin Issues
> *Subject:* Re: [HUMOR] Someone misconfigured something somewhere, I think
>
>
>
> I'm still trying to get a printout of the PCL font list!
>
>
>
> andrew
>
> On 9 June 2010 21:59, Ben Scott  wrote:
>
> On Wed, Jun 9, 2010 at 8:54 AM, Steven M. Caesare 
> wrote:
> >>   http://www.upart.biz/
>
> >
> > Doesn't load now, but I can only assume an open HP printer config page?
>
>  Yup.
>
>  I think the printer may have crashed due to all the people on this
> list trying to load the management UI.  :-)
>
>
> -- Ben
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>
>
>
> --
> Kind regards,
>
> Andrew Levicki
> MCITP:EDST7/EMA/EA,MCSE,MCSA,MCP,CCNA,ITIL
>
>
>
>
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Applying Computer Settings takes forever...

[Eric Brouwer]

Is the load time slow on all of them?  I had this happening on one  
machine in our office.  Ended up being a bad DNS setting.  Went from  
minutes to seconds to logon.


On Jun 9, 2010, at 1:53 AM, Matthew W. Ross wrote:

AD question here: For our computers on our network, especially our  
XP machines, the "Applying Computer Settings" portion of the boot  
process takes a very long time (4 minutes?) which makes the initial  
login for our users a little painful.


I am curious if I have something setup in a way that is not optimal:  
I have various GPOs set for different settings... and I have the  
broken up into individual GPOs. One for Automatic Updates, one for  
Internet Explorer Behavior, one for Time Synchronization... I  
probably have 20-30 different GPOs. All of this could be done with a  
lot fewer GPOs, but I originally designed it this way so that it  
would be easy to adjust settings. (Also because back in Windows  
Server 2000, it was difficult to tell what a single GPO effected,  
and where those settings were set.)


Is this fracturing of GPO settings the reason my computers take so  
long to boot? Would consolidating these GPOs be faster?


Also, is there a way to combine GPOs together? Otherwise I'll be  
doing it by hand.


Thanks for any help on this.


--Matt Ross
Ephrata School District

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~




Eric Brouwer
IT Manager
www.forestpost.com
er...@forestpost.com
248.855.4333





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: OTish: Wireless network configuration

[Joe Tinney]

Access control and routing is done by our core firewall and router for all of 
our networks. This is the configuration that Phil is referring to.

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Tuesday, June 08, 2010 10:34 PM
To: NT System Admin Issues
Subject: Re: OTish: Wireless network configuration

I wonder how you verify the security of such an arrangement?

On Tue, Jun 8, 2010 at 19:20, Joe Tinney  wrote:
> While I'm not the one that configured them, our Cisco wireless access points 
> are configured with two SSID's: one on a VLAN that goes to our transparent 
> proxy and without access to our other networks and the other on a VLAN that 
> functions just like our client wired network segment. The first one is an 
> open Guest network and the latter is WPA2 secured.
>
> I'm not sure what your network devices would enable you to do but this has 
> been rock solid configuration for us.
>
> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Tuesday, June 08, 2010 7:29 PM
> To: NT System Admin Issues
> Subject: OTish: Wireless network configuration
>
> All,
>
> We've got a decent wireless network at $WORK, but I'm dissatisified with it, 
> because it lacks good guest access.
>
> We have 18 Cisco 1240ag WAPs talking with 3 HP POE switches, which currently 
> are in our HP 3400cl layer 3 switch on our production network. There's a 
> single SSID across all of them, and I've got them all configured on a single 
> VLAN. Works great, but as mentioned there is no guest access.
>
> I could just stick them all physically outside our firewall, and give the 
> wireless users an IPSec VPN client, but I really would prefer not to do that.
>
> I've been doing some reading, but don't have a good handle on how to move to 
> a configuration that would work well - without the VPN, that is.
>
> I'm casting about for ideas - anyone have a solution they like?
> Preferably without spending tons of money, of course.
>
> Kurt
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: [HUMOR] Someone misconfigured something somewhere, I think

[Terry Dickson]

Well it depends on what you want, I would suggest you set it to Line printer 
font, at 16.67CPI but then I am running off memory, I could probably find an HP 
book around here somewhere to look it up for you if you need me to.  However 
what you really need to do is set the Default Font, because if they print 
anything else from Windows some programs automatically reset the printer after 
print.  Thus setting it back to the default font and cpi.  The higher end HP's 
are much easier to set as you can do that all from the printer in setting the 
default font and CPI.

From: Mike Hoffman [mailto:m...@drumbrae.net]
Sent: Wednesday, June 09, 2010 8:10 AM
To: NT System Admin Issues
Subject: RE: [HUMOR] Someone misconfigured something somewhere, I think

Just out of interest we've spent the last week playing with  codes on a 
printer. We have a client running a vet practice using a dos based invoicing 
system. He is now unable to get dot-matrix printers to work so we put in an HP 
LJ1200, but the page width is too wide.

I know that putting the codes in a .txt file and then piping that to the 
printer in the autoexec will set the printer for the session, but I'm going 
round in circles.

Does anyone here know if this sounds like a font, line size, cpi, or other 
issue with a single  command to sort it?

I really had thought I'd seen my last dos box ever!!

Mike

From: Andrew Levicki [mailto:and...@levicki.me.uk]
Sent: 09 June 2010 14:02
To: NT System Admin Issues
Subject: Re: [HUMOR] Someone misconfigured something somewhere, I think

I'm still trying to get a printout of the PCL font list!

andrew
On 9 June 2010 21:59, Ben Scott 
mailto:mailvor...@gmail.com>> wrote:
On Wed, Jun 9, 2010 at 8:54 AM, Steven M. Caesare 
mailto:scaes...@caesare.com>> wrote:
>>   http://www.upart.biz/
>
> Doesn't load now, but I can only assume an open HP printer config page?
 Yup.

 I think the printer may have crashed due to all the people on this
list trying to load the management UI.  :-)

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~



--
Kind regards,

Andrew Levicki
MCITP:EDST7/EMA/EA,MCSE,MCSA,MCP,CCNA,ITIL









~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: [HUMOR] Someone misconfigured something somewhere, I think

[Terry Dickson]

Here is a page that will explain some of it for you.

http://www.dragon-it.co.uk/links/hp_pcl_codes.htm

From: Mike Hoffman [mailto:m...@drumbrae.net]
Sent: Wednesday, June 09, 2010 8:10 AM
To: NT System Admin Issues
Subject: RE: [HUMOR] Someone misconfigured something somewhere, I think

Just out of interest we've spent the last week playing with  codes on a 
printer. We have a client running a vet practice using a dos based invoicing 
system. He is now unable to get dot-matrix printers to work so we put in an HP 
LJ1200, but the page width is too wide.

I know that putting the codes in a .txt file and then piping that to the 
printer in the autoexec will set the printer for the session, but I'm going 
round in circles.

Does anyone here know if this sounds like a font, line size, cpi, or other 
issue with a single  command to sort it?

I really had thought I'd seen my last dos box ever!!

Mike

From: Andrew Levicki [mailto:and...@levicki.me.uk]
Sent: 09 June 2010 14:02
To: NT System Admin Issues
Subject: Re: [HUMOR] Someone misconfigured something somewhere, I think

I'm still trying to get a printout of the PCL font list!

andrew
On 9 June 2010 21:59, Ben Scott 
mailto:mailvor...@gmail.com>> wrote:
On Wed, Jun 9, 2010 at 8:54 AM, Steven M. Caesare 
mailto:scaes...@caesare.com>> wrote:
>>   http://www.upart.biz/
>
> Doesn't load now, but I can only assume an open HP printer config page?
 Yup.

 I think the printer may have crashed due to all the people on this
list trying to load the management UI.  :-)

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~



--
Kind regards,

Andrew Levicki
MCITP:EDST7/EMA/EA,MCSE,MCSA,MCP,CCNA,ITIL









~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

[OT - sorta, kinda, maybe] Who needs a hot-aisle in their server room?

[Maglinger, Paul]

 http://www.wimp.com/hugeidea/

 

-Paul 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: OTish: Wireless network configuration

[Joe Tinney]

No. There are some bandwidth restrictions and we monitor the bandwidth 
utilization on that VLAN but nothing more than that.

Our physical location is such that the wireless signal strength drops before it 
hits any permanent establishments or parking lots not on our premises. Other 
than intentional wardriving, there would be very few circumstances for casual 
pedestrian access.

-Original Message-
From: Malcolm Reitz [mailto:malcolm.re...@live.com] 
Sent: Wednesday, June 09, 2010 9:17 AM
To: NT System Admin Issues
Subject: RE: OTish: Wireless network configuration

Do you do anything to prevent random people outside your office from connecting 
to your guest wireless network?

-Malcolm

-Original Message-
From: Joe Tinney [mailto:jtin...@lastar.com]
Sent: Tuesday, June 08, 2010 21:21
To: NT System Admin Issues
Subject: RE: OTish: Wireless network configuration

While I'm not the one that configured them, our Cisco wireless access points 
are configured with two SSID's: one on a VLAN that goes to our transparent 
proxy and without access to our other networks and the other on a VLAN that 
functions just like our client wired network segment. The first one is an open 
Guest network and the latter is WPA2 secured.

I'm not sure what your network devices would enable you to do but this has been 
rock solid configuration for us.

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com]
Sent: Tuesday, June 08, 2010 7:29 PM
To: NT System Admin Issues
Subject: OTish: Wireless network configuration

All,

We've got a decent wireless network at $WORK, but I'm dissatisified with it, 
because it lacks good guest access.

We have 18 Cisco 1240ag WAPs talking with 3 HP POE switches, which currently 
are in our HP 3400cl layer 3 switch on our production network. There's a single 
SSID across all of them, and I've got them all configured on a single VLAN. 
Works great, but as mentioned there is no guest access.

I could just stick them all physically outside our firewall, and give the 
wireless users an IPSec VPN client, but I really would prefer not to do that.

I've been doing some reading, but don't have a good handle on how to move to a 
configuration that would work well - without the VPN, that is.

I'm casting about for ideas - anyone have a solution they like?
Preferably without spending tons of money, of course.

Kurt

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: OTish: Wireless network configuration

[Martin Blackstone]

Does this solution not have any kind of captive portal? No add-ons or anything 
available?
Cisco loves to sell add-ons don’t they?

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Tuesday, June 08, 2010 4:29 PM
To: NT System Admin Issues
Subject: OTish: Wireless network configuration

All,

We've got a decent wireless network at $WORK, but I'm dissatisified with it, 
because it lacks good guest access.

We have 18 Cisco 1240ag WAPs talking with 3 HP POE switches, which currently 
are in our HP 3400cl layer 3 switch on our production network. There's a single 
SSID across all of them, and I've got them all configured on a single VLAN. 
Works great, but as mentioned there is no guest access.

I could just stick them all physically outside our firewall, and give the 
wireless users an IPSec VPN client, but I really would prefer not to do that.

I've been doing some reading, but don't have a good handle on how to move to a 
configuration that would work well - without the VPN, that is.

I'm casting about for ideas - anyone have a solution they like?
Preferably without spending tons of money, of course.

Kurt

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: OTish: Wireless network configuration

[Don Guyer]

We have a separate Network team here, but I do know that they use Aruba APs, 
which have policies that tie into AD groups. We have a Guest network, that has 
limited access, mainly just gets out to the WWW and the applicable 
server-related apps.

Don Guyer
Systems Engineer - Information Services
Prudential, Fox & Roach/Trident Group
431 W. Lancaster Avenue
Devon, PA 19333
Direct: (610) 993-3299
Fax: (610) 650-5306
don.gu...@prufoxroach.com

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Tuesday, June 08, 2010 7:29 PM
To: NT System Admin Issues
Subject: OTish: Wireless network configuration

All,

We've got a decent wireless network at $WORK, but I'm dissatisified
with it, because it lacks good guest access.

We have 18 Cisco 1240ag WAPs talking with 3 HP POE switches, which
currently are in our HP 3400cl layer 3 switch on our production
network. There's a single SSID across all of them, and I've got them
all configured on a single VLAN. Works great, but as mentioned there
is no guest access.

I could just stick them all physically outside our firewall, and give
the wireless users an IPSec VPN client, but I really would prefer not
to do that.

I've been doing some reading, but don't have a good handle on how to
move to a configuration that would work well - without the VPN, that
is.

I'm casting about for ideas - anyone have a solution they like?
Preferably without spending tons of money, of course.

Kurt

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: [HUMOR] Someone misconfigured something somewhere, I think

[Erik Goldoff]

Have you tried using the NET USE command to capture the LPT output to the
installed matrix printer within the DOS session?

 

Erik Goldoff

IT  Consultant

Systems, Networks, & Security 

'  Security is an ongoing process, not a one time event ! '

From: Mike Hoffman [mailto:m...@drumbrae.net] 
Sent: Wednesday, June 09, 2010 9:10 AM
To: NT System Admin Issues
Subject: RE: [HUMOR] Someone misconfigured something somewhere, I think

 

Just out of interest we’ve spent the last week playing with  codes on a
printer. We have a client running a vet practice using a dos based invoicing
system. He is now unable to get dot-matrix printers to work so we put in an
HP LJ1200, but the page width is too wide.

 

I know that putting the codes in a .txt file and then piping that to the
printer in the autoexec will set the printer for the session, but I’m going
round in circles. 

 

Does anyone here know if this sounds like a font, line size, cpi, or other
issue with a single  command to sort it?

 

I really had thought I’d seen my last dos box ever!!

 

Mike

 

From: Andrew Levicki [mailto:and...@levicki.me.uk] 
Sent: 09 June 2010 14:02
To: NT System Admin Issues
Subject: Re: [HUMOR] Someone misconfigured something somewhere, I think

 

I'm still trying to get a printout of the PCL font list!

 

andrew

On 9 June 2010 21:59, Ben Scott  wrote:

On Wed, Jun 9, 2010 at 8:54 AM, Steven M. Caesare 
wrote:
>>   http://www.upart.biz/

>
> Doesn't load now, but I can only assume an open HP printer config page?

 Yup.

 I think the printer may have crashed due to all the people on this
list trying to load the management UI.  :-)


-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~




-- 
Kind regards,

Andrew Levicki
MCITP:EDST7/EMA/EA,MCSE,MCSA,MCP,CCNA,ITIL

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Service accounts that want local admin

[Free, Bob]

Yes there is that facility in R2. It is a big step forward. No more
non-expiring passwords, no password management hassles like in the
current solution and no one knows the passwords so they can't bypass
other controls and logon interactively with them.

 

There are some limitations, one system per account, they don't run on
clusters where the service spans more than one node, services must be
hosted on Windows 7 or Windows 2008 R2, they are a little trickier to
manage and difficult to delegate.

 

From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: Wednesday, June 09, 2010 2:16 AM
To: NT System Admin Issues
Subject: Re: Service accounts that want local admin

 

Doesn't 2008 R2 AD try to handle this with the "Managed Service
Accounts" feature? Having said that, I haven't tried using it yet. We
try to apply the principle of least privilege wherever possible. You can
use LUA Buglight and process monitor to work out why things think they
need admin permissions. It's a bit of a hassle but ultimately better.
For instance, our users always used to demand admin rights to run
AutoCAD, until we worked out they just needed the Create Global Objects
user right. A quick GPO update later, and they no longer need admin
rights or privilege elevation software.

On 8 June 2010 17:46, David Lum  wrote:

How do you guys handle service accounts that seem to need local admin
perms on server and workstations - I.e., SMS, anti-virus, etc. we
currently have them as domain admins with a "no interactive logon" GPO,
but surely there's a better way...the only thing that comes to mind is
use GPO to make them local admins on each machine but that's not much
improvement for say, a DC right?

David Lum // SYSTEMS ENGINEER 
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764

 

 

 




-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put
into the machine wrong figures, will the right answers come out?' I am
not able rightly to apprehend the kind of confusion of ideas that could
provoke such a question."

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: [HUMOR] Someone misconfigured something somewhere, I think

[Mike Hoffman]

I wish!! The machine is Dos6 not a session. I was planning on virtualising it 
at some point, but I've not got round to it.

Mike

From: Erik Goldoff [mailto:egold...@gmail.com]
Sent: 09 June 2010 15:33
To: NT System Admin Issues
Subject: RE: [HUMOR] Someone misconfigured something somewhere, I think

Have you tried using the NET USE command to capture the LPT output to the 
installed matrix printer within the DOS session?

Erik Goldoff
IT  Consultant
Systems, Networks, & Security
'  Security is an ongoing process, not a one time event ! '
From: Mike Hoffman [mailto:m...@drumbrae.net]
Sent: Wednesday, June 09, 2010 9:10 AM
To: NT System Admin Issues
Subject: RE: [HUMOR] Someone misconfigured something somewhere, I think

Just out of interest we've spent the last week playing with  codes on a 
printer. We have a client running a vet practice using a dos based invoicing 
system. He is now unable to get dot-matrix printers to work so we put in an HP 
LJ1200, but the page width is too wide.

I know that putting the codes in a .txt file and then piping that to the 
printer in the autoexec will set the printer for the session, but I'm going 
round in circles.

Does anyone here know if this sounds like a font, line size, cpi, or other 
issue with a single  command to sort it?

I really had thought I'd seen my last dos box ever!!

Mike

From: Andrew Levicki [mailto:and...@levicki.me.uk]
Sent: 09 June 2010 14:02
To: NT System Admin Issues
Subject: Re: [HUMOR] Someone misconfigured something somewhere, I think

I'm still trying to get a printout of the PCL font list!

andrew
On 9 June 2010 21:59, Ben Scott 
mailto:mailvor...@gmail.com>> wrote:
On Wed, Jun 9, 2010 at 8:54 AM, Steven M. Caesare 
mailto:scaes...@caesare.com>> wrote:
>>   http://www.upart.biz/
>
> Doesn't load now, but I can only assume an open HP printer config page?
 Yup.

 I think the printer may have crashed due to all the people on this
list trying to load the management UI.  :-)

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~



--
Kind regards,

Andrew Levicki
MCITP:EDST7/EMA/EA,MCSE,MCSA,MCP,CCNA,ITIL













~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: [HUMOR] Someone misconfigured something somewhere, I think

[Mike Hoffman]

Terry

Thanks for the link - I think I spent Saturday Morning on that page!! It did 
look like a font issue.

Thanks

Mike

From: Terry Dickson [mailto:te...@treasurer.state.ks.us]
Sent: 09 June 2010 14:44
To: NT System Admin Issues
Subject: RE: [HUMOR] Someone misconfigured something somewhere, I think

Here is a page that will explain some of it for you.

http://www.dragon-it.co.uk/links/hp_pcl_codes.htm

From: Mike Hoffman [mailto:m...@drumbrae.net]
Sent: Wednesday, June 09, 2010 8:10 AM
To: NT System Admin Issues
Subject: RE: [HUMOR] Someone misconfigured something somewhere, I think

Just out of interest we've spent the last week playing with  codes on a 
printer. We have a client running a vet practice using a dos based invoicing 
system. He is now unable to get dot-matrix printers to work so we put in an HP 
LJ1200, but the page width is too wide.

I know that putting the codes in a .txt file and then piping that to the 
printer in the autoexec will set the printer for the session, but I'm going 
round in circles.

Does anyone here know if this sounds like a font, line size, cpi, or other 
issue with a single  command to sort it?

I really had thought I'd seen my last dos box ever!!

Mike

From: Andrew Levicki [mailto:and...@levicki.me.uk]
Sent: 09 June 2010 14:02
To: NT System Admin Issues
Subject: Re: [HUMOR] Someone misconfigured something somewhere, I think

I'm still trying to get a printout of the PCL font list!

andrew
On 9 June 2010 21:59, Ben Scott 
mailto:mailvor...@gmail.com>> wrote:
On Wed, Jun 9, 2010 at 8:54 AM, Steven M. Caesare 
mailto:scaes...@caesare.com>> wrote:
>>   http://www.upart.biz/
>
> Doesn't load now, but I can only assume an open HP printer config page?
 Yup.

 I think the printer may have crashed due to all the people on this
list trying to load the management UI.  :-)

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~



--
Kind regards,

Andrew Levicki
MCITP:EDST7/EMA/EA,MCSE,MCSA,MCP,CCNA,ITIL













~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: [OT - sorta, kinda, maybe] Who needs a hot-aisle in their server room?

[Erik Goldoff]

Being the cynic, I can just imagine one or more cases leaking mineral oil
all over, first person into server room slips and busts their butt , second
person laughs before he/she falls too….

 

And just remember, eventually all the heat that the mineral oil soaks up has
to go somewhere too !

 

And what happens when you have to slide out a server in the rack to swap out
components ?  Bet them suckers are HEAVY, now you need 6 people to safely
mount a server without spilling ‘coolant’  

 

Oh, the humanity !

 

Erik Goldoff

IT  Consultant

Systems, Networks, & Security 

'  Security is an ongoing process, not a one time event ! '

From: Maglinger, Paul [mailto:pmaglin...@scvl.com] 
Sent: Wednesday, June 09, 2010 9:50 AM
To: NT System Admin Issues
Subject: [OT - sorta, kinda, maybe] Who needs a hot-aisle in their server
room?

 

 http://www.wimp.com/hugeidea/

 

-Paul 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: [HUMOR] Someone misconfigured something somewhere, I think

[Erik Goldoff]

Wow, then why did the dot-matrix quit working ?  That’s weird !  If the LPT
ports work for the laser, then driver problems within the software app ?

( sorry, I know, not what you were asking for in your original post )

 

Erik Goldoff

IT  Consultant

Systems, Networks, & Security 

'  Security is an ongoing process, not a one time event ! '

From: Mike Hoffman [mailto:m...@drumbrae.net] 
Sent: Wednesday, June 09, 2010 10:52 AM
To: NT System Admin Issues
Subject: RE: [HUMOR] Someone misconfigured something somewhere, I think

 

I wish!! The machine is Dos6 not a session. I was planning on virtualising
it at some point, but I’ve not got round to it.

 

Mike

 

From: Erik Goldoff [mailto:egold...@gmail.com] 
Sent: 09 June 2010 15:33
To: NT System Admin Issues
Subject: RE: [HUMOR] Someone misconfigured something somewhere, I think

 

Have you tried using the NET USE command to capture the LPT output to the
installed matrix printer within the DOS session?

 

Erik Goldoff

IT  Consultant

Systems, Networks, & Security 

'  Security is an ongoing process, not a one time event ! '

From: Mike Hoffman [mailto:m...@drumbrae.net] 
Sent: Wednesday, June 09, 2010 9:10 AM
To: NT System Admin Issues
Subject: RE: [HUMOR] Someone misconfigured something somewhere, I think

 

Just out of interest we’ve spent the last week playing with  codes on a
printer. We have a client running a vet practice using a dos based invoicing
system. He is now unable to get dot-matrix printers to work so we put in an
HP LJ1200, but the page width is too wide.

 

I know that putting the codes in a .txt file and then piping that to the
printer in the autoexec will set the printer for the session, but I’m going
round in circles. 

 

Does anyone here know if this sounds like a font, line size, cpi, or other
issue with a single  command to sort it?

 

I really had thought I’d seen my last dos box ever!!

 

Mike

 

From: Andrew Levicki [mailto:and...@levicki.me.uk] 
Sent: 09 June 2010 14:02
To: NT System Admin Issues
Subject: Re: [HUMOR] Someone misconfigured something somewhere, I think

 

I'm still trying to get a printout of the PCL font list!

 

andrew

On 9 June 2010 21:59, Ben Scott  wrote:

On Wed, Jun 9, 2010 at 8:54 AM, Steven M. Caesare 
wrote:
>>   http://www.upart.biz/

>
> Doesn't load now, but I can only assume an open HP printer config page?

 Yup.

 I think the printer may have crashed due to all the people on this
list trying to load the management UI.  :-)


-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~




-- 
Kind regards,

Andrew Levicki
MCITP:EDST7/EMA/EA,MCSE,MCSA,MCP,CCNA,ITIL

 

 

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Server won't replicate

[Bob Anderson]

Hello,
I have a W23 server that we built here and joined the network here and 
made him a DC. We then powered him off and packed him up and sent him to our 
Texas facility to be a local DC for logging on to the domain.  However once he 
powered up he will not replicate with the DCs here.  His IP address has changed 
but all else remains the same.  On our DCs he is in the Texas DC site but no 
replication.


Thanks for any help you may provide.


Bob Anderson

IT Manager
Kent Sporting Goods Inc.
433 Park Ave. S
New London OH 44851
419-929-7021 x315
 Please consider the environment before printing this e-mail.


 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: [OT - sorta, kinda, maybe] Who needs a hot-aisle in their server room?

[Charlie Kaiser]

It needs fish. Maybe some from the gulf would survive in there... ;-)

***
Charlie Kaiser
charl...@golden-eagle.org
Kingman, AZ
***  

> -Original Message-
> From: Maglinger, Paul [mailto:pmaglin...@scvl.com] 
> Sent: Wednesday, June 09, 2010 6:50 AM
> To: NT System Admin Issues
> Subject: [OT - sorta, kinda, maybe] Who needs a hot-aisle in 
> their server room?
> 
>  http://www.wimp.com/hugeidea/
> 
>  
> 
> -Paul 
> 
>  
> 
>  
> 
> 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Server won't replicate

[David Lum]

Are DNS records correct for this DC?
Can the new DC ping other DC's by FQDN and vice versa?
Is this DC a DNS server and pointing to itself?
What do event logs show?

David Lum // SYSTEMS ENGINEER 
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764


-Original Message-
From: Bob Anderson [mailto:bander...@kentwatersports.com] 
Sent: Wednesday, June 09, 2010 8:00 AM
To: NT System Admin Issues
Subject: Server won't replicate

Hello,
I have a W23 server that we built here and joined the network here and 
made him a DC. We then powered him off and packed him up and sent him to our 
Texas facility to be a local DC for logging on to the domain.  However once he 
powered up he will not replicate with the DCs here.  His IP address has changed 
but all else remains the same.  On our DCs he is in the Texas DC site but no 
replication.


Thanks for any help you may provide.


Bob Anderson

IT Manager
Kent Sporting Goods Inc.
433 Park Ave. S
New London OH 44851
419-929-7021 x315
 Please consider the environment before printing this e-mail.


 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Server won't replicate

[Ben Scott]

On Wed, Jun 9, 2010 at 11:00 AM, Bob Anderson
 wrote:
>  I have a W23 server that we built here and joined the network here and
> made him a DC. We then powered him off and packed him up and sent
> him to our Texas facility to be a local DC for logging on to the domain.
> However once he powered up he will not replicate with the DCs here.

  Explain "won't replicate".  Symptoms, behavior, error messages...?

  What do the Event Viewer logs say?

  Have you run DCDIAG and NETDIAG?

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Server won't replicate

[Michael B. Smith]

When did you change the IP address?

It seems likely that you didn't do it before you moved it down there, so both 
local and remote DNS is fubar'ed. On the remote end you'll need to stop 
netlogon, remove netlogon.dns, and reboot - that should cause the proper 
records to get registered. The primary DNS server for that server, at least 
until replication is working, should be the server at the home office.

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com


-Original Message-
From: Bob Anderson [mailto:bander...@kentwatersports.com] 
Sent: Wednesday, June 09, 2010 11:00 AM
To: NT System Admin Issues
Subject: Server won't replicate

Hello,
I have a W23 server that we built here and joined the network here and 
made him a DC. We then powered him off and packed him up and sent him to our 
Texas facility to be a local DC for logging on to the domain.  However once he 
powered up he will not replicate with the DCs here.  His IP address has changed 
but all else remains the same.  On our DCs he is in the Texas DC site but no 
replication.


Thanks for any help you may provide.


Bob Anderson

IT Manager
Kent Sporting Goods Inc.
433 Park Ave. S
New London OH 44851
419-929-7021 x315
P Please consider the environment before printing this e-mail.


 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: [OT - sorta, kinda, maybe] Who needs a hot-aisle in their server room?

[Ben Scott]

On Wed, Jun 9, 2010 at 11:01 AM, Charlie Kaiser
 wrote:
> It needs fish. Maybe some from the gulf would survive in there... ;-)

http://www.boston.com/bigpicture/2010/06/caught_in_the_oil.html

(Yes, I know that's not a fish.)

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: [OT - sorta, kinda, maybe] Who needs a hot-aisle in their server room?

[Jonathan Link]

That was awful.

On Wed, Jun 9, 2010 at 11:01 AM, Charlie Kaiser
wrote:

> It needs fish. Maybe some from the gulf would survive in there... ;-)
>
> ***
> Charlie Kaiser
> charl...@golden-eagle.org
> Kingman, AZ
> ***
>
> > -Original Message-
> > From: Maglinger, Paul [mailto:pmaglin...@scvl.com]
> > Sent: Wednesday, June 09, 2010 6:50 AM
> > To: NT System Admin Issues
> > Subject: [OT - sorta, kinda, maybe] Who needs a hot-aisle in
> > their server room?
> >
> >  http://www.wimp.com/hugeidea/
> >
> >
> >
> > -Paul
> >
> >
> >
> >
> >
> >
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

OT: Ethernet First Mile

[Richard Stovall]

Does anyone have experience with an internet bandwidth product known as
"Ethernet First Mile".  I have a very compelling offer for internet
bandwidth from a local provider (Cavalier Telephone) for 5 Mbps with an SLA.
 It would halve my current charges from Level (3).

Thanks,
RS

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Ethernet First Mile

[Andy Shook]

It sounds to me like a Native LAN or Metro Ethernet type product; Ethernet 
First Mile, is probably some form of marketing term.  Regardless of the 
terminology, I would make darn sure your segment is sonet (loop-fed\ring 
topology\whatever) protected and it's a dedicated 5Mbps, not some 
oversubscribed shared connection to the POP.


Shook

From: Richard Stovall [mailto:rich...@gmail.com]
Sent: Wednesday, June 09, 2010 11:33 AM
To: NT System Admin Issues
Subject: OT: Ethernet First Mile

Does anyone have experience with an internet bandwidth product known as 
"Ethernet First Mile".  I have a very compelling offer for internet bandwidth 
from a local provider (Cavalier Telephone) for 5 Mbps with an SLA.  It would 
halve my current charges from Level (3).

Thanks,
RS





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: RE: SAN Solution

[Bob Hartung]

Well, I can't attach SATA drives to my servers but here's the test I ran.

Server: Dell PowerEdge 2650 with


* E: Drive - internal PERC3 SCSI RAID 5 (Ultra320) E: Drive
* F: Drive - external SCSI Drive Array attached to PERC4 SCSI RAID 5 (Ultra 320)

* G: Drive - Drobo Elite connected via Gigabit Ethernet


I copied 2.1 GB from E: to F: in 4:36 or 476.9 MB/Min.
I copied 2.1 GB from E: to G: in 5:18 or 413.9 MB/Min.


--

Bob Hartung
Wisco Industries, Inc.
736 Janesville St.
Oregon, WI 53575
Tel: (608) 835-3106 x215
Fax: (608) 835-7399
e-mail: bhartung(at)wiscoind.com
  _  

From: Tim Evans [mailto:tev...@sparling.com]
To: NT System Admin Issues [mailto:ntsysad...@lyris.sunbelt-software.com]
Sent: Tue, 08 Jun 2010 18:13:23 -0500
Subject: RE: RE: SAN Solution




How's the iSCSI performance on that unit? Compared to direct  attached SATA for 
example?

 


...Tim

 



From: Bob Hartung  [mailto:bhart...@wiscoind.com] 
  Sent: Tuesday, June 08, 2010 8:09 AM
  To: NT System Admin Issues
  Subject: RE: RE: SAN Solution

 

The  Elite is bundled with WD drives, either a consumer grade or an enterprise. 
We  went with the enterprise (DREL1A21-WD2002FYPS-8).  You should be able to 
pick the unit up for around $6000.
  
  For connection, I'm using a stand-alone HP Procurve Gigabit switch. Each 
server  has 2 nics. Each server's 2nd nic card is connected to the HP Procurve 
and  setup on different subnet than the regular network uses.
  
  It took me awhile to work out the MS ISCSI initiator stuff since I'd had no  
experience with it before.
  
  And I don't know if I'd characterize it as "instead of a SAN". As far  as I 
can see, it's a SAN.
  
  --


  Bob Hartung
  Wisco Industries, Inc.
  736 Janesville St.
  Oregon, WI 53575
  Tel: (608) 835-3106 x215
  Fax: (608) 835-7399
  e-mail: bhartung(at)wiscoind.com
  _  



From: John Aldrich  [mailto:jaldr...@blueridgecarpet.com]
  To: NT System Admin Issues  [mailto:ntsysad...@lyris.sunbelt-software.com]
  Sent: Tue, 08 Jun 2010 09:01:18 -0500
  Subject: RE: RE: SAN Solution


Nifty.  I’m assuming these are “Enterprise” SATA drives? How does it connect to 
your  existing servers, and approximately how much does something like that 
cost?  That might be something I would want to look at using instead of a SAN.  
  

 




 



From: Bob Hartung  [mailto:bhart...@wiscoind.com] 
  Sent: Tuesday, June 08, 2010 9:42 AM
  To: NT System Admin Issues
  Subject: RE: RE: SAN Solution

 

I'm using the Drobo  Elite for backups as well. It's where I store workstation 
images I create in  Acronis. It is also the disk-to-disk storage I use for 
Arcserve server backups.
  
  I chose the somewhat more expensive Drobo Elite over a number of NAS  
alternatives for a number of reasons...
   
* Rather   than simulate MS network privaleges like most NASs do, I 
preferred being   able to simply share the Drobo's space via my existing 
servers. That way   I'm using MS sharing and security.   
* It's   a SAN network which segregates storage traffic from the rest of 
the   network.   
* It   supplies a pool of storage that I can parcel out to any of my 
servers as   conditions evolve.   
* I've   got 16 TB of space. And it's all dynamically available to each 
partition.   It took me a while to get this. You make every partition a 16 
TB   partition. That way, all partitions can use available storage without  
 having to change partition sizes by destroying them and recreating them.   
* You   can stick in any size SATA drive and it's added to the storage 
pool. Right   now I have 8 2TB drives but when 3 and 4TB drives come out, I 
can swap out   a 2TB drive and increase storage. Doesn't matter which slot 
you stick a   drive in either.   
* Currently   I'm using 2 drives for fault tolerance so if one fails, the 
RAID continues   to operate with redundancy.  



  --
  
  Bob Hartung
  Wisco Industries, Inc.
  736 Janesville St.
  Oregon, WI 53575
  Tel: (608) 835-3106 x215
  Fax: (608) 835-7399
  e-mail: bhartung(at)wiscoind.com
  _  



From: Jay Dale [mailto:jay.d...@3-gig.com]
  To: NT System Admin Issues [mailto:ntsysad...@lyris.sunbelt-software.com]
  Sent: Tue, 08 Jun 2010 08:17:07 -0500
  Subject: RE: RE: SAN Solution


Exactly  what we use it for..:)

 

Jay Dale

I.T.  Manager, 3GiG

Mobile:  713.299.2541

Email:  jay.d...@3-gig.com

 

Confidentiality  Notice: This e-mail, including any attached files, may contain 
confidential and/or  privileged information for the sole use of the intended 
recipient. If you are  not the intended recipient, you are hereby notified that 
any review,  dissemination or copying of this e-mail and attachment

RE: Ethernet First Mile

[Michael B. Smith]

I agree about the dedicated bandwidth.

However, the technology is an IEEE standard. See

http://en.wikipedia.org/wiki/Ethernet_in_the_First_Mile

and

http://www.ethernetinthefirstmile.com/

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Andy Shook [mailto:andy.sh...@peak10.com]
Sent: Wednesday, June 09, 2010 11:37 AM
To: NT System Admin Issues
Subject: RE: Ethernet First Mile

It sounds to me like a Native LAN or Metro Ethernet type product; Ethernet 
First Mile, is probably some form of marketing term.  Regardless of the 
terminology, I would make darn sure your segment is sonet (loop-fed\ring 
topology\whatever) protected and it's a dedicated 5Mbps, not some 
oversubscribed shared connection to the POP.


Shook

From: Richard Stovall [mailto:rich...@gmail.com]
Sent: Wednesday, June 09, 2010 11:33 AM
To: NT System Admin Issues
Subject: OT: Ethernet First Mile

Does anyone have experience with an internet bandwidth product known as 
"Ethernet First Mile".  I have a very compelling offer for internet bandwidth 
from a local provider (Cavalier Telephone) for 5 Mbps with an SLA.  It would 
halve my current charges from Level (3).

Thanks,
RS









~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Ethernet First Mile

[John Aldrich]

Yeah, I was just thinking that it sounds like Metro Ethernet. That's what we
have and it's great. The charges are less than they were when we had a T1
and we have more bandwidth (full 2 Mbit/sec at this point - can order more,
of course! J)

 

John-AldrichTile-Tools

 

From: Andy Shook [mailto:andy.sh...@peak10.com] 
Sent: Wednesday, June 09, 2010 11:37 AM
To: NT System Admin Issues
Subject: RE: Ethernet First Mile

 

It sounds to me like a Native LAN or Metro Ethernet type product; Ethernet
First Mile, is probably some form of marketing term.  Regardless of the
terminology, I would make darn sure your segment is sonet (loop-fed\ring
topology\whatever) protected and it's a dedicated 5Mbps, not some
oversubscribed shared connection to the POP.  

 

 

Shook

 

From: Richard Stovall [mailto:rich...@gmail.com] 
Sent: Wednesday, June 09, 2010 11:33 AM
To: NT System Admin Issues
Subject: OT: Ethernet First Mile

 

Does anyone have experience with an internet bandwidth product known as
"Ethernet First Mile".  I have a very compelling offer for internet
bandwidth from a local provider (Cavalier Telephone) for 5 Mbps with an SLA.
It would halve my current charges from Level (3).

 

Thanks,
RS

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~<><>

Re: OT: Ethernet First Mile

[Ben Scott]

On Wed, Jun 9, 2010 at 11:32 AM, Richard Stovall  wrote:
> Does anyone have experience with an internet bandwidth product known as
> "Ethernet First Mile".  I have a very compelling offer for internet
> bandwidth from a local provider (Cavalier Telephone) for 5 Mbps with an SLA.
>  It would halve my current charges from Level (3).

  As far as the tech goes: Google results suggest it's a suite of
protocols and standards for delivering service using a variety of
technologies (copper, two kinds of fiber), so I think "Ethernet in the
First Mile" is too general to produce useful results for you.  You'd
want to know what type they're using, and prolly what brand.

  Also: In my experience, the company matters a lot more than the type
of technology.  The traditional telcos have incredibly robustly
engineered technology, but their management is so inept/evil that it
often sucks to be their customer.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Ethernet First Mile

[Andy Shook]

And I thought reading about other 802.3 standards was auctioned packed! :)

Thanks MBS (That's why he makes the big bucks, ya'll)

Shook

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Wednesday, June 09, 2010 11:40 AM
To: NT System Admin Issues
Subject: RE: Ethernet First Mile

I agree about the dedicated bandwidth.

However, the technology is an IEEE standard. See

http://en.wikipedia.org/wiki/Ethernet_in_the_First_Mile

and

http://www.ethernetinthefirstmile.com/

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Andy Shook [mailto:andy.sh...@peak10.com]
Sent: Wednesday, June 09, 2010 11:37 AM
To: NT System Admin Issues
Subject: RE: Ethernet First Mile

It sounds to me like a Native LAN or Metro Ethernet type product; Ethernet 
First Mile, is probably some form of marketing term.  Regardless of the 
terminology, I would make darn sure your segment is sonet (loop-fed\ring 
topology\whatever) protected and it's a dedicated 5Mbps, not some 
oversubscribed shared connection to the POP.


Shook

From: Richard Stovall [mailto:rich...@gmail.com]
Sent: Wednesday, June 09, 2010 11:33 AM
To: NT System Admin Issues
Subject: OT: Ethernet First Mile

Does anyone have experience with an internet bandwidth product known as 
"Ethernet First Mile".  I have a very compelling offer for internet bandwidth 
from a local provider (Cavalier Telephone) for 5 Mbps with an SLA.  It would 
halve my current charges from Level (3).

Thanks,
RS













~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Server won't replicate

[Bob Anderson]

The server can both ping each other but my DSN logs are throwing 4000 4011 and 
  

How would I remove the netlogon.dns

Again thanks

Bob 
IT Manager


-Original Message-
From: Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: Wednesday, June 09, 2010 11:05 AM
To: NT System Admin Issues
Subject: RE: Server won't replicate

When did you change the IP address?

It seems likely that you didn't do it before you moved it down there, so both 
local and remote DNS is fubar'ed. On the remote end you'll need to stop 
netlogon, remove netlogon.dns, and reboot - that should cause the proper 
records to get registered. The primary DNS server for that server, at least 
until replication is working, should be the server at the home office.

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com


-Original Message-
From: Bob Anderson [mailto:bander...@kentwatersports.com] 
Sent: Wednesday, June 09, 2010 11:00 AM
To: NT System Admin Issues
Subject: Server won't replicate

Hello,
I have a W23 server that we built here and joined the network here and 
made him a DC. We then powered him off and packed him up and sent him to our 
Texas facility to be a local DC for logging on to the domain.  However once he 
powered up he will not replicate with the DCs here.  His IP address has changed 
but all else remains the same.  On our DCs he is in the Texas DC site but no 
replication.


Thanks for any help you may provide.


Bob Anderson

IT Manager
Kent Sporting Goods Inc.
433 Park Ave. S
New London OH 44851
419-929-7021 x315
P Please consider the environment before printing this e-mail.


 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Ethernet First Mile

[Michael B. Smith]

I'm very reasonably priced, thank you very much.

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Andy Shook [mailto:andy.sh...@peak10.com]
Sent: Wednesday, June 09, 2010 11:48 AM
To: NT System Admin Issues
Subject: RE: Ethernet First Mile

And I thought reading about other 802.3 standards was auctioned packed! :)

Thanks MBS (That's why he makes the big bucks, ya'll)

Shook

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Wednesday, June 09, 2010 11:40 AM
To: NT System Admin Issues
Subject: RE: Ethernet First Mile

I agree about the dedicated bandwidth.

However, the technology is an IEEE standard. See

http://en.wikipedia.org/wiki/Ethernet_in_the_First_Mile

and

http://www.ethernetinthefirstmile.com/

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Andy Shook [mailto:andy.sh...@peak10.com]
Sent: Wednesday, June 09, 2010 11:37 AM
To: NT System Admin Issues
Subject: RE: Ethernet First Mile

It sounds to me like a Native LAN or Metro Ethernet type product; Ethernet 
First Mile, is probably some form of marketing term.  Regardless of the 
terminology, I would make darn sure your segment is sonet (loop-fed\ring 
topology\whatever) protected and it's a dedicated 5Mbps, not some 
oversubscribed shared connection to the POP.


Shook

From: Richard Stovall [mailto:rich...@gmail.com]
Sent: Wednesday, June 09, 2010 11:33 AM
To: NT System Admin Issues
Subject: OT: Ethernet First Mile

Does anyone have experience with an internet bandwidth product known as 
"Ethernet First Mile".  I have a very compelling offer for internet bandwidth 
from a local provider (Cavalier Telephone) for 5 Mbps with an SLA.  It would 
halve my current charges from Level (3).

Thanks,
RS

















~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Windows SBS 2003 User right

[Cesare' A. Ramos]

To all:

Have a quick question for you all.

We have a new client that is running Windows SBS 2003 with BES on the same 
server, not our choice and we will be changing this.  In the interim though 
there is one user, the owner nonetheless, that the BlackBerry Administrator 
user keeps losing the 'Send As' and 'Read' rights thus the user then cannot 
reply to messages.  We log in enable the rights, restart BB Router service and 
all begins to work.

Within 30 minutes, the rights are lost again.  We have edited templates and 
such for user and group rights but have not had success in keeping change 
static.

Any thoughts.
Sincerely,
Cesare' A. Ramos



This e-Mail and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they are addressed. If 
you have received this e-Mail in error please notify the sender via returned 
e-Mail. Please note that any views or opinions presented in this e-Mail are 
solely those of the author and do not necessarily represent those of the 
company. Although IDF operates anti-virus programs, it does not accept 
responsibility for any damage whatsoever that is caused by viruses being passed.

** Think before you print this message. **

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Ethernet First Mile

[Carol Fee]

That's great info - thanks.

CFee
From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Wednesday, June 09, 2010 11:40 AM
To: NT System Admin Issues
Subject: RE: Ethernet First Mile

I agree about the dedicated bandwidth.

However, the technology is an IEEE standard. See

http://en.wikipedia.org/wiki/Ethernet_in_the_First_Mile

and

http://www.ethernetinthefirstmile.com/

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Andy Shook [mailto:andy.sh...@peak10.com]
Sent: Wednesday, June 09, 2010 11:37 AM
To: NT System Admin Issues
Subject: RE: Ethernet First Mile

It sounds to me like a Native LAN or Metro Ethernet type product; Ethernet 
First Mile, is probably some form of marketing term.  Regardless of the 
terminology, I would make darn sure your segment is sonet (loop-fed\ring 
topology\whatever) protected and it's a dedicated 5Mbps, not some 
oversubscribed shared connection to the POP.


Shook

From: Richard Stovall [mailto:rich...@gmail.com]
Sent: Wednesday, June 09, 2010 11:33 AM
To: NT System Admin Issues
Subject: OT: Ethernet First Mile

Does anyone have experience with an internet bandwidth product known as 
"Ethernet First Mile".  I have a very compelling offer for internet bandwidth 
from a local provider (Cavalier Telephone) for 5 Mbps with an SLA.  It would 
halve my current charges from Level (3).

Thanks,
RS













~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: [OT - sorta, kinda, maybe] Who needs a hot-aisle in their server room?

[Sean Martin]

Nah, we use these to lift Blade Chassis' and large servers into our 51u
racks. Makes life so much easier!

http://serverlift.com/products/sl500/

- Sean

On Wed, Jun 9, 2010 at 6:52 AM, Erik Goldoff  wrote:

>  Being the cynic, I can just imagine one or more cases leaking mineral oil
> all over, first person into server room slips and busts their butt , second
> person laughs before he/she falls too….
>
>
>
> And just remember, eventually all the heat that the mineral oil soaks up
> has to go somewhere too !
>
>
>
> And what happens when you have to slide out a server in the rack to swap
> out components ?  Bet them suckers are HEAVY, now you need 6 people to
> safely mount a server without spilling ‘coolant’ 
>
>
>
> Oh, the humanity !
>
>
>
> *Erik Goldoff***
>
> *IT  Consultant*
>
> *Systems, Networks, & Security *
>
> '  Security is an ongoing process, not a one time event ! '
>
> *From:* Maglinger, Paul [mailto:pmaglin...@scvl.com]
> *Sent:* Wednesday, June 09, 2010 9:50 AM
> *To:* NT System Admin Issues
> *Subject:* [OT - sorta, kinda, maybe] Who needs a hot-aisle in their
> server room?
>
>
>
>  http://www.wimp.com/hugeidea/
>
>
>
> -Paul
>
>
>
>
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Windows SBS 2003 User right

[Michael B. Smith]

Google "adminCount".

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Cesare' A. Ramos [mailto:cra...@idfllc.com]
Sent: Wednesday, June 09, 2010 11:59 AM
To: NT System Admin Issues
Subject: Windows SBS 2003 User right

To all:

Have a quick question for you all.

We have a new client that is running Windows SBS 2003 with BES on the same 
server, not our choice and we will be changing this.  In the interim though 
there is one user, the owner nonetheless, that the BlackBerry Administrator 
user keeps losing the 'Send As' and 'Read' rights thus the user then cannot 
reply to messages.  We log in enable the rights, restart BB Router service and 
all begins to work.

Within 30 minutes, the rights are lost again.  We have edited templates and 
such for user and group rights but have not had success in keeping change 
static.

Any thoughts.
Sincerely,
Cesare' A. Ramos



This e-Mail and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they are addressed. If 
you have received this e-Mail in error please notify the sender via returned 
e-Mail. Please note that any views or opinions presented in this e-Mail are 
solely those of the author and do not necessarily represent those of the 
company. Although IDF operates anti-virus programs, it does not accept 
responsibility for any damage whatsoever that is caused by viruses being passed.

** Think before you print this message. **





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Server won't replicate

[Michael B. Smith]

http://support.microsoft.com/kb/311354

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com


-Original Message-
From: Bob Anderson [mailto:bander...@kentwatersports.com] 
Sent: Wednesday, June 09, 2010 11:49 AM
To: NT System Admin Issues
Subject: RE: Server won't replicate

The server can both ping each other but my DSN logs are throwing 4000 4011 and 
  

How would I remove the netlogon.dns

Again thanks

Bob 
IT Manager


-Original Message-
From: Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: Wednesday, June 09, 2010 11:05 AM
To: NT System Admin Issues
Subject: RE: Server won't replicate

When did you change the IP address?

It seems likely that you didn't do it before you moved it down there, so both 
local and remote DNS is fubar'ed. On the remote end you'll need to stop 
netlogon, remove netlogon.dns, and reboot - that should cause the proper 
records to get registered. The primary DNS server for that server, at least 
until replication is working, should be the server at the home office.

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com


-Original Message-
From: Bob Anderson [mailto:bander...@kentwatersports.com] 
Sent: Wednesday, June 09, 2010 11:00 AM
To: NT System Admin Issues
Subject: Server won't replicate

Hello,
I have a W23 server that we built here and joined the network here and 
made him a DC. We then powered him off and packed him up and sent him to our 
Texas facility to be a local DC for logging on to the domain.  However once he 
powered up he will not replicate with the DCs here.  His IP address has changed 
but all else remains the same.  On our DCs he is in the Texas DC site but no 
replication.


Thanks for any help you may provide.


Bob Anderson

IT Manager
Kent Sporting Goods Inc.
433 Park Ave. S
New London OH 44851
419-929-7021 x315
P Please consider the environment before printing this e-mail.


 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

DNS settings tool

[David McSpadden]

What is a good tool to check that all my DNS settings have been setup
correctly?

Iptools.com??


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: [OT - sorta, kinda, maybe] Who needs a hot-aisle in their server room?

[Erik Goldoff]

You’re so lucky/spoiled ! 

 

Erik Goldoff

IT  Consultant

Systems, Networks, & Security 

'  Security is an ongoing process, not a one time event ! '

From: Sean Martin [mailto:seanmarti...@gmail.com] 
Sent: Wednesday, June 09, 2010 12:00 PM
To: NT System Admin Issues
Subject: Re: [OT - sorta, kinda, maybe] Who needs a hot-aisle in their
server room?

 

Nah, we use these to lift Blade Chassis' and large servers into our 51u
racks. Makes life so much easier!

 

http://serverlift.com/products/sl500/

 

- Sean

On Wed, Jun 9, 2010 at 6:52 AM, Erik Goldoff  wrote:

Being the cynic, I can just imagine one or more cases leaking mineral oil
all over, first person into server room slips and busts their butt , second
person laughs before he/she falls too….

 

And just remember, eventually all the heat that the mineral oil soaks up has
to go somewhere too !

 

And what happens when you have to slide out a server in the rack to swap out
components ?  Bet them suckers are HEAVY, now you need 6 people to safely
mount a server without spilling ‘coolant’  

 

Oh, the humanity !

 

Erik Goldoff

IT  Consultant

Systems, Networks, & Security 

'  Security is an ongoing process, not a one time event ! '


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: DNS settings tool

[Ben Scott]

On Wed, Jun 9, 2010 at 12:11 PM, David McSpadden  wrote:
> What is a good tool to check that all my DNS settings have been setup
> correctly?

http://www.zonecheck.fr/

  Both free and Free.  Run it on their site, or download and run your own.

  I note that you do not specify what you mean by "correctly".

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: DNS settings tool

[Carl Houseman]

Did not specify internal or public DNS either... internal checking with the
free download would require a Linux machine, would it not?

Carl

-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com] 
Sent: Wednesday, June 09, 2010 1:04 PM
To: NT System Admin Issues
Subject: Re: DNS settings tool

On Wed, Jun 9, 2010 at 12:11 PM, David McSpadden  wrote:
> What is a good tool to check that all my DNS settings have been setup
> correctly?

http://www.zonecheck.fr/

  Both free and Free.  Run it on their site, or download and run your own.

  I note that you do not specify what you mean by "correctly".

-- Ben



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: DNS settings tool

[David W. McSpadden]

Mired down in meetings.
External settings for imcu.org, indianamembersinsurance.com.
I would like something that will me all the prefixes that are being used as
well.


-Original Message-
From: Carl Houseman [mailto:c.house...@gmail.com] 
Sent: Wednesday, June 09, 2010 1:09 PM
To: NT System Admin Issues
Subject: RE: DNS settings tool

Did not specify internal or public DNS either... internal checking with the
free download would require a Linux machine, would it not?

Carl

-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com] 
Sent: Wednesday, June 09, 2010 1:04 PM
To: NT System Admin Issues
Subject: Re: DNS settings tool

On Wed, Jun 9, 2010 at 12:11 PM, David McSpadden  wrote:
> What is a good tool to check that all my DNS settings have been setup
> correctly?

http://www.zonecheck.fr/

  Both free and Free.  Run it on their site, or download and run your own.

  I note that you do not specify what you mean by "correctly".

-- Ben



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: [OT - sorta, kinda, maybe] Who needs a hot-aisle in their server room?

[Sean Martin]

I agree. We have some old analysts though (my self excluded of
course!)...I'm sure the company saw it as cheap insurance against work comp
claims. 51u racks are pretty tall!

- Sean

On Wed, Jun 9, 2010 at 8:36 AM, Erik Goldoff  wrote:

>  You’re so lucky/spoiled ! 
>
>
>
> *Erik Goldoff***
>
> *IT  Consultant*
>
> *Systems, Networks, & Security *
>
> '  Security is an ongoing process, not a one time event ! '
>
> *From:* Sean Martin [mailto:seanmarti...@gmail.com]
> *Sent:* Wednesday, June 09, 2010 12:00 PM
>
> *To:* NT System Admin Issues
> *Subject:* Re: [OT - sorta, kinda, maybe] Who needs a hot-aisle in their
> server room?
>
>
>
> Nah, we use these to lift Blade Chassis' and large servers into our 51u
> racks. Makes life so much easier!
>
>
>
> http://serverlift.com/products/sl500/
>
>
>
> - Sean
>
> On Wed, Jun 9, 2010 at 6:52 AM, Erik Goldoff  wrote:
>
> Being the cynic, I can just imagine one or more cases leaking mineral oil
> all over, first person into server room slips and busts their butt , second
> person laughs before he/she falls too….
>
>
>
> And just remember, eventually all the heat that the mineral oil soaks up
> has to go somewhere too !
>
>
>
> And what happens when you have to slide out a server in the rack to swap
> out components ?  Bet them suckers are HEAVY, now you need 6 people to
> safely mount a server without spilling ‘coolant’ 
>
>
>
> Oh, the humanity !
>
>
>
> *Erik Goldoff*
>
> *IT  Consultant*
>
> *Systems, Networks, & Security *
>
> '  Security is an ongoing process, not a one time event ! '
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: RE: SAN Solution

[Matthew W. Ross]

Thank you! That information is extremely useful.


--Matt Ross
Ephrata School District


- Original Message -
From: Bob Hartung
[mailto:bhart...@wiscoind.com]
To: NT System Admin Issues
[mailto:ntsysad...@lyris.sunbelt-software.com]
Sent: Wed, 09 Jun 2010
08:40:55 -0700
Subject: RE: RE: SAN Solution


> Well, I can't attach SATA drives to my servers but here's the test I ran.
> 
> Server: Dell PowerEdge 2650 with
> 
> 
> * E: Drive - internal PERC3 SCSI RAID 5 (Ultra320) E: Drive
> * F: Drive - external SCSI Drive Array attached to PERC4 SCSI RAID 5 (Ultra
> 320)
> 
> * G: Drive - Drobo Elite connected via Gigabit Ethernet
> 
> 
> I copied 2.1 GB from E: to F: in 4:36 or 476.9 MB/Min.
> I copied 2.1 GB from E: to G: in 5:18 or 413.9 MB/Min.
> 
> 
> --
> 
> Bob Hartung
> Wisco Industries, Inc.
> 736 Janesville St.
> Oregon, WI 53575
> Tel: (608) 835-3106 x215
> Fax: (608) 835-7399
> e-mail: bhartung(at)wiscoind.com
>   _  
> 
> From: Tim Evans [mailto:tev...@sparling.com]
> To: NT System Admin Issues [mailto:ntsysad...@lyris.sunbelt-software.com]
> Sent: Tue, 08 Jun 2010 18:13:23 -0500
> Subject: RE: RE: SAN Solution
> 
> 
> 
> 
> How's the iSCSI performance on that unit? Compared to direct  attached SATA
> for example?
> 
>  
> 
> 
> ...Tim
> 
>  
> 
> 
> 
> From: Bob Hartung  [mailto:bhart...@wiscoind.com] 
>   Sent: Tuesday, June 08, 2010 8:09 AM
>   To: NT System Admin Issues
>   Subject: RE: RE: SAN Solution
> 
>  
> 
> The  Elite is bundled with WD drives, either a consumer grade or an
> enterprise. We  went with the enterprise (DREL1A21-WD2002FYPS-8).  You
> should be able to pick the unit up for around $6000.
>   
>   For connection, I'm using a stand-alone HP Procurve Gigabit switch. Each
> server  has 2 nics. Each server's 2nd nic card is connected to the HP
> Procurve and  setup on different subnet than the regular network uses.
>   
>   It took me awhile to work out the MS ISCSI initiator stuff since I'd had
> no  experience with it before.
>   
>   And I don't know if I'd characterize it as "instead of a SAN". As far  as
> I can see, it's a SAN.
>   
>   --
> 
> 
>   Bob Hartung
>   Wisco Industries, Inc.
>   736 Janesville St.
>   Oregon, WI 53575
>   Tel: (608) 835-3106 x215
>   Fax: (608) 835-7399
>   e-mail: bhartung(at)wiscoind.com
>   _  
> 
> 
> 
> From: John Aldrich  [mailto:jaldr...@blueridgecarpet.com]
>   To: NT System Admin Issues  [mailto:ntsysad...@lyris.sunbelt-software.com]
>   Sent: Tue, 08 Jun 2010 09:01:18 -0500
>   Subject: RE: RE: SAN Solution
> 
> 
> Nifty.  I’m assuming these are “Enterprise” SATA drives? How does it
> connect to your  existing servers, and approximately how much does something
> like that cost?  That might be something I would want to look at using
> instead of a SAN.
> 
>  
> 
> 
> 
> 
>  
> 
> 
> 
> From: Bob Hartung  [mailto:bhart...@wiscoind.com] 
>   Sent: Tuesday, June 08, 2010 9:42 AM
>   To: NT System Admin Issues
>   Subject: RE: RE: SAN Solution
> 
>  
> 
> I'm using the Drobo  Elite for backups as well. It's where I store
> workstation images I create in  Acronis. It is also the disk-to-disk storage
> I use for Arcserve server backups.
>   
>   I chose the somewhat more expensive Drobo Elite over a number of NAS 
> alternatives for a number of reasons...
>
> * Rather   than simulate MS network privaleges like most NASs do, I
> preferred being   able to simply share the Drobo's space via my existing
> servers. That way   I'm using MS sharing and security.   
> * It's   a SAN network which segregates storage traffic from the rest of
> the   network.   
> * It   supplies a pool of storage that I can parcel out to any of my
> servers as   conditions evolve.   
> * I've   got 16 TB of space. And it's all dynamically available to each
> partition.   It took me a while to get this. You make every partition a
> 16 TB   partition. That way, all partitions can use available storage
> without   having to change partition sizes by destroying them and
> recreating them.   
> * You   can stick in any size SATA drive and it's added to the storage
> pool. Right   now I have 8 2TB drives but when 3 and 4TB drives come
> out, I can swap out   a 2TB drive and increase storage. Doesn't matter
> which slot you stick a   drive in either.   
> * Currently   I'm using 2 drives for fault tolerance so if one fails,
> the RAID continues   to operate with redundancy.  
> 
> 
> 
>   --
>   
>   Bob Hartung
>   Wisco Industries, Inc.
>   736 Janesville St.
>   Oregon, WI 53575
>   Tel: (608) 835-3106 x215
>   Fax: (608) 835-7399
>   e-mail: bhartung(at)wiscoind.com
>   _  
> 
> 
> 
> From: Jay Dale [mailto:jay.d...@3-gig.com]
>   To: NT System Admin I

Re: DNS settings tool

[Ben Scott]

On Wed, Jun 9, 2010 at 1:10 PM, David W. McSpadden  wrote:
> Mired down in meetings.

  I'm busy, too.  I suspect we all are.  Yet I and others are taking
the time to participate here.  Please do us all the same courtesy
yourself, and take the time to include relevant information in your
requests.

> External settings for imcu.org, indianamembersinsurance.com.

  "External settings"?

  Those domain names exist, I can query resource records for them.
ZoneCheck complains about some things, but nothing strictly related to
DNS.

  If you mean, "I want everything to work right for everything all the
time", well, we all want that, but that's way too open-ended a
request.

  Give us some clue as to what is driving your request and we may be
able to help you.

> I would like something that will me all the prefixes that are being used as
> well.

  Not sure what you mean by "prefixes".

  If you mean, you want to know all the child domain names under
, you can't easily get that from an external tool unless
you're allowing zone transfers (and you're not).  But you should just
be able to look at your own DNS server, though, so I'm not sure I
understand the question.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: DNS settings tool

[David W. McSpadden]

Thanks Ben.
Understand about the more information is better.
My problem is I don't understand it enough to give information.
I asked my ISP to make changes to the mail areas of imcu.org and
indianamembersinsurance.com 
Now I want to go to the Internet and query those two domains and make sure
the MX, A, PTR, and TXT(SPF) records have all been updated correctly.

The prefixes (I probably used the wrong name) are like pop.imcu.org,
smtp.imcu.org, mail.imcu.org, www.imcu.org like that
Am I getting close to saying it correctly?


-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com] 
Sent: Wednesday, June 09, 2010 1:41 PM
To: NT System Admin Issues
Subject: Re: DNS settings tool

On Wed, Jun 9, 2010 at 1:10 PM, David W. McSpadden  wrote:
> Mired down in meetings.

  I'm busy, too.  I suspect we all are.  Yet I and others are taking
the time to participate here.  Please do us all the same courtesy
yourself, and take the time to include relevant information in your
requests.

> External settings for imcu.org, indianamembersinsurance.com.

  "External settings"?

  Those domain names exist, I can query resource records for them.
ZoneCheck complains about some things, but nothing strictly related to
DNS.

  If you mean, "I want everything to work right for everything all the
time", well, we all want that, but that's way too open-ended a
request.

  Give us some clue as to what is driving your request and we may be
able to help you.

> I would like something that will me all the prefixes that are being used
as
> well.

  Not sure what you mean by "prefixes".

  If you mean, you want to know all the child domain names under
, you can't easily get that from an external tool unless
you're allowing zone transfers (and you're not).  But you should just
be able to look at your own DNS server, though, so I'm not sure I
understand the question.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: DNS settings tool

[Carol Fee]

Try these
http://www.zoneedit.com/lookup.html
http://www.dnscolos.com/free-dns-report.html
http://www.mxtoolbox.com/SuperTool.aspx?action=blacklist%3a

CFee
-Original Message-
From: David W. McSpadden [mailto:dav...@imcu.com] 
Sent: Wednesday, June 09, 2010 1:56 PM
To: NT System Admin Issues
Subject: RE: DNS settings tool

Thanks Ben.
Understand about the more information is better.
My problem is I don't understand it enough to give information.
I asked my ISP to make changes to the mail areas of imcu.org and
indianamembersinsurance.com 
Now I want to go to the Internet and query those two domains and make sure
the MX, A, PTR, and TXT(SPF) records have all been updated correctly.

The prefixes (I probably used the wrong name) are like pop.imcu.org,
smtp.imcu.org, mail.imcu.org, www.imcu.org like that
Am I getting close to saying it correctly?


-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com] 
Sent: Wednesday, June 09, 2010 1:41 PM
To: NT System Admin Issues
Subject: Re: DNS settings tool

On Wed, Jun 9, 2010 at 1:10 PM, David W. McSpadden  wrote:
> Mired down in meetings.

  I'm busy, too.  I suspect we all are.  Yet I and others are taking
the time to participate here.  Please do us all the same courtesy
yourself, and take the time to include relevant information in your
requests.

> External settings for imcu.org, indianamembersinsurance.com.

  "External settings"?

  Those domain names exist, I can query resource records for them.
ZoneCheck complains about some things, but nothing strictly related to
DNS.

  If you mean, "I want everything to work right for everything all the
time", well, we all want that, but that's way too open-ended a
request.

  Give us some clue as to what is driving your request and we may be
able to help you.

> I would like something that will me all the prefixes that are being used
as
> well.

  Not sure what you mean by "prefixes".

  If you mean, you want to know all the child domain names under
, you can't easily get that from an external tool unless
you're allowing zone transfers (and you're not).  But you should just
be able to look at your own DNS server, though, so I'm not sure I
understand the question.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: DNS settings tool

[Kennedy, Jim]

Ok, here you go.   http://network-tools.com/

The DNS Records tool will give you most of what you want. Same place to look at 
PTR records and whatnot.




-Original Message-
From: David W. McSpadden [mailto:dav...@imcu.com] 
Sent: Wednesday, June 09, 2010 1:56 PM
To: NT System Admin Issues
Subject: RE: DNS settings tool

Thanks Ben.
Understand about the more information is better.
My problem is I don't understand it enough to give information.
I asked my ISP to make changes to the mail areas of imcu.org and
indianamembersinsurance.com 
Now I want to go to the Internet and query those two domains and make sure
the MX, A, PTR, and TXT(SPF) records have all been updated correctly.

The prefixes (I probably used the wrong name) are like pop.imcu.org,
smtp.imcu.org, mail.imcu.org, www.imcu.org like that
Am I getting close to saying it correctly?


-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com] 
Sent: Wednesday, June 09, 2010 1:41 PM
To: NT System Admin Issues
Subject: Re: DNS settings tool

On Wed, Jun 9, 2010 at 1:10 PM, David W. McSpadden  wrote:
> Mired down in meetings.

  I'm busy, too.  I suspect we all are.  Yet I and others are taking
the time to participate here.  Please do us all the same courtesy
yourself, and take the time to include relevant information in your
requests.

> External settings for imcu.org, indianamembersinsurance.com.

  "External settings"?

  Those domain names exist, I can query resource records for them.
ZoneCheck complains about some things, but nothing strictly related to
DNS.

  If you mean, "I want everything to work right for everything all the
time", well, we all want that, but that's way too open-ended a
request.

  Give us some clue as to what is driving your request and we may be
able to help you.

> I would like something that will me all the prefixes that are being used
as
> well.

  Not sure what you mean by "prefixes".

  If you mean, you want to know all the child domain names under
, you can't easily get that from an external tool unless
you're allowing zone transfers (and you're not).  But you should just
be able to look at your own DNS server, though, so I'm not sure I
understand the question.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: [HUMOR] Someone misconfigured something somewhere, I think

[Daniel Rodriguez]

Hey, if you need a wide-carriage printer, I have an older Epson I would be
glad to sell you. :)


On Wed, Jun 9, 2010 at 10:54 AM, Erik Goldoff  wrote:

>  Wow, then why did the dot-matrix quit working ?  That’s weird !  If the
> LPT ports work for the laser, then driver problems within the software app ?
>
> ( sorry, I know, not what you were asking for in your original post )
>
>
>
> *Erik Goldoff***
>
> *IT  Consultant*
>
> *Systems, Networks, & Security *
>
> '  Security is an ongoing process, not a one time event ! '
>
> *From:* Mike Hoffman [mailto:m...@drumbrae.net]
> *Sent:* Wednesday, June 09, 2010 10:52 AM
>
> *To:* NT System Admin Issues
> *Subject:* RE: [HUMOR] Someone misconfigured something somewhere, I think
>
>
>
> I wish!! The machine is Dos6 not a session. I was planning on virtualising
> it at some point, but I’ve not got round to it.
>
>
>
> Mike
>
>
>
> *From:* Erik Goldoff [mailto:egold...@gmail.com]
> *Sent:* 09 June 2010 15:33
> *To:* NT System Admin Issues
> *Subject:* RE: [HUMOR] Someone misconfigured something somewhere, I think
>
>
>
> Have you tried using the NET USE command to capture the LPT output to the
> installed matrix printer within the DOS session?
>
>
>
> *Erik Goldoff***
>
> *IT  Consultant*
>
> *Systems, Networks, & Security *
>
> '  Security is an ongoing process, not a one time event ! '
>
> *From:* Mike Hoffman [mailto:m...@drumbrae.net]
> *Sent:* Wednesday, June 09, 2010 9:10 AM
> *To:* NT System Admin Issues
> *Subject:* RE: [HUMOR] Someone misconfigured something somewhere, I think
>
>
>
> Just out of interest we’ve spent the last week playing with  codes on
> a printer. We have a client running a vet practice using a dos based
> invoicing system. He is now unable to get dot-matrix printers to work so we
> put in an HP LJ1200, but the page width is too wide.
>
>
>
> I know that putting the codes in a .txt file and then piping that to the
> printer in the autoexec will set the printer for the session, but I’m going
> round in circles.
>
>
>
> Does anyone here know if this sounds like a font, line size, cpi, or other
> issue with a single  command to sort it?
>
>
>
> I really had thought I’d seen my last dos box ever!!
>
>
>
> Mike
>
>
>
> *From:* Andrew Levicki [mailto:and...@levicki.me.uk]
> *Sent:* 09 June 2010 14:02
> *To:* NT System Admin Issues
> *Subject:* Re: [HUMOR] Someone misconfigured something somewhere, I think
>
>
>
> I'm still trying to get a printout of the PCL font list!
>
>
>
> andrew
>
> On 9 June 2010 21:59, Ben Scott  wrote:
>
> On Wed, Jun 9, 2010 at 8:54 AM, Steven M. Caesare 
> wrote:
> >>   http://www.upart.biz/
>
> >
> > Doesn't load now, but I can only assume an open HP printer config page?
>
>  Yup.
>
>  I think the printer may have crashed due to all the people on this
> list trying to load the management UI.  :-)
>
>
> -- Ben
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>
>
>
> --
> Kind regards,
>
> Andrew Levicki
> MCITP:EDST7/EMA/EA,MCSE,MCSA,MCP,CCNA,ITIL
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: [HUMOR] Someone misconfigured something somewhere, I think

[Terry Dickson]

Also Okidata still sells Dot Matrix printers that work either USB or Parallel.  
I have some older Okidata Printers still in use in our office.  The stock we 
have to print on can’t be run through a Laser so we have to keep them around.

From: Daniel Rodriguez [mailto:drod...@gmail.com]
Sent: Wednesday, June 09, 2010 1:05 PM
To: NT System Admin Issues
Subject: Re: [HUMOR] Someone misconfigured something somewhere, I think

Hey, if you need a wide-carriage printer, I have an older Epson I would be glad 
to sell you. :)

On Wed, Jun 9, 2010 at 10:54 AM, Erik Goldoff 
mailto:egold...@gmail.com>> wrote:
Wow, then why did the dot-matrix quit working ?  That’s weird !  If the LPT 
ports work for the laser, then driver problems within the software app ?
( sorry, I know, not what you were asking for in your original post )

Erik Goldoff
IT  Consultant
Systems, Networks, & Security
'  Security is an ongoing process, not a one time event ! '
From: Mike Hoffman [mailto:m...@drumbrae.net]
Sent: Wednesday, June 09, 2010 10:52 AM

To: NT System Admin Issues
Subject: RE: [HUMOR] Someone misconfigured something somewhere, I think

I wish!! The machine is Dos6 not a session. I was planning on virtualising it 
at some point, but I’ve not got round to it.

Mike

From: Erik Goldoff [mailto:egold...@gmail.com]
Sent: 09 June 2010 15:33
To: NT System Admin Issues
Subject: RE: [HUMOR] Someone misconfigured something somewhere, I think

Have you tried using the NET USE command to capture the LPT output to the 
installed matrix printer within the DOS session?

Erik Goldoff
IT  Consultant
Systems, Networks, & Security
'  Security is an ongoing process, not a one time event ! '
From: Mike Hoffman [mailto:m...@drumbrae.net]
Sent: Wednesday, June 09, 2010 9:10 AM
To: NT System Admin Issues
Subject: RE: [HUMOR] Someone misconfigured something somewhere, I think

Just out of interest we’ve spent the last week playing with  codes on a 
printer. We have a client running a vet practice using a dos based invoicing 
system. He is now unable to get dot-matrix printers to work so we put in an HP 
LJ1200, but the page width is too wide.

I know that putting the codes in a .txt file and then piping that to the 
printer in the autoexec will set the printer for the session, but I’m going 
round in circles.

Does anyone here know if this sounds like a font, line size, cpi, or other 
issue with a single  command to sort it?

I really had thought I’d seen my last dos box ever!!

Mike

From: Andrew Levicki [mailto:and...@levicki.me.uk]
Sent: 09 June 2010 14:02
To: NT System Admin Issues
Subject: Re: [HUMOR] Someone misconfigured something somewhere, I think

I'm still trying to get a printout of the PCL font list!

andrew
On 9 June 2010 21:59, Ben Scott 
mailto:mailvor...@gmail.com>> wrote:
On Wed, Jun 9, 2010 at 8:54 AM, Steven M. Caesare 
mailto:scaes...@caesare.com>> wrote:
>>   http://www.upart.biz/
>
> Doesn't load now, but I can only assume an open HP printer config page?
 Yup.

 I think the printer may have crashed due to all the people on this
list trying to load the management UI.  :-)

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~



--
Kind regards,

Andrew Levicki
MCITP:EDST7/EMA/EA,MCSE,MCSA,MCP,CCNA,ITIL


























~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: RE: SAN Solution

[Tim Evans]

Yes, thanks for taking the time to post this

...Tim


-Original Message-
From: Matthew W. Ross [mailto:mr...@ephrataschools.org] 
Sent: Wednesday, June 09, 2010 10:37 AM
To: NT System Admin Issues
Subject: RE: RE: SAN Solution

Thank you! That information is extremely useful.


--Matt Ross
Ephrata School District


- Original Message -
From: Bob Hartung
[mailto:bhart...@wiscoind.com]
To: NT System Admin Issues
[mailto:ntsysad...@lyris.sunbelt-software.com]
Sent: Wed, 09 Jun 2010
08:40:55 -0700
Subject: RE: RE: SAN Solution


> Well, I can't attach SATA drives to my servers but here's the test I ran.
> 
> Server: Dell PowerEdge 2650 with
> 
> 
> * E: Drive - internal PERC3 SCSI RAID 5 (Ultra320) E: Drive
> * F: Drive - external SCSI Drive Array attached to PERC4 SCSI RAID 5 (Ultra
> 320)
> 
> * G: Drive - Drobo Elite connected via Gigabit Ethernet
> 
> 
> I copied 2.1 GB from E: to F: in 4:36 or 476.9 MB/Min.
> I copied 2.1 GB from E: to G: in 5:18 or 413.9 MB/Min.
> 
> 
> --
> 
> Bob Hartung
> Wisco Industries, Inc.
> 736 Janesville St.
> Oregon, WI 53575
> Tel: (608) 835-3106 x215
> Fax: (608) 835-7399
> e-mail: bhartung(at)wiscoind.com
>   _  
> 
> From: Tim Evans [mailto:tev...@sparling.com]
> To: NT System Admin Issues [mailto:ntsysad...@lyris.sunbelt-software.com]
> Sent: Tue, 08 Jun 2010 18:13:23 -0500
> Subject: RE: RE: SAN Solution
> 
> 
> 
> 
> How's the iSCSI performance on that unit? Compared to direct  attached SATA
> for example?
> 
>  
> 
> 
> ...Tim
> 
>  
> 
> 
> 
> From: Bob Hartung  [mailto:bhart...@wiscoind.com] 
>   Sent: Tuesday, June 08, 2010 8:09 AM
>   To: NT System Admin Issues
>   Subject: RE: RE: SAN Solution
> 
>  
> 
> The  Elite is bundled with WD drives, either a consumer grade or an
> enterprise. We  went with the enterprise (DREL1A21-WD2002FYPS-8).  You
> should be able to pick the unit up for around $6000.
>   
>   For connection, I'm using a stand-alone HP Procurve Gigabit switch. Each
> server  has 2 nics. Each server's 2nd nic card is connected to the HP
> Procurve and  setup on different subnet than the regular network uses.
>   
>   It took me awhile to work out the MS ISCSI initiator stuff since I'd had
> no  experience with it before.
>   
>   And I don't know if I'd characterize it as "instead of a SAN". As far  as
> I can see, it's a SAN.
>   
>   --
> 
> 
>   Bob Hartung
>   Wisco Industries, Inc.
>   736 Janesville St.
>   Oregon, WI 53575
>   Tel: (608) 835-3106 x215
>   Fax: (608) 835-7399
>   e-mail: bhartung(at)wiscoind.com
>   _  
> 
> 
> 
> From: John Aldrich  [mailto:jaldr...@blueridgecarpet.com]
>   To: NT System Admin Issues  [mailto:ntsysad...@lyris.sunbelt-software.com]
>   Sent: Tue, 08 Jun 2010 09:01:18 -0500
>   Subject: RE: RE: SAN Solution
> 
> 
> Nifty.  I’m assuming these are “Enterprise” SATA drives? How does it
> connect to your  existing servers, and approximately how much does something
> like that cost?  That might be something I would want to look at using
> instead of a SAN.
> 
>  
> 
> 
> 
> 
>  
> 
> 
> 
> From: Bob Hartung  [mailto:bhart...@wiscoind.com] 
>   Sent: Tuesday, June 08, 2010 9:42 AM
>   To: NT System Admin Issues
>   Subject: RE: RE: SAN Solution
> 
>  
> 
> I'm using the Drobo  Elite for backups as well. It's where I store
> workstation images I create in  Acronis. It is also the disk-to-disk storage
> I use for Arcserve server backups.
>   
>   I chose the somewhat more expensive Drobo Elite over a number of NAS 
> alternatives for a number of reasons...
>
> * Rather   than simulate MS network privaleges like most NASs do, I
> preferred being   able to simply share the Drobo's space via my existing
> servers. That way   I'm using MS sharing and security.   
> * It's   a SAN network which segregates storage traffic from the rest of
> the   network.   
> * It   supplies a pool of storage that I can parcel out to any of my
> servers as   conditions evolve.   
> * I've   got 16 TB of space. And it's all dynamically available to each
> partition.   It took me a while to get this. You make every partition a
> 16 TB   partition. That way, all partitions can use available storage
> without   having to change partition sizes by destroying them and
> recreating them.   
> * You   can stick in any size SATA drive and it's added to the storage
> pool. Right   now I have 8 2TB drives but when 3 and 4TB drives come
> out, I can swap out   a 2TB drive and increase storage. Doesn't matter
> which slot you stick a   drive in either.   
> * Currently   I'm using 2 drives for fault tolerance so if one fails,
> the RAID continues   to operate with redundancy.  
> 
> 
> 
>   --
>   
>   Bob Hartung
>   Wisco Industries, Inc.
>   

Re: OTish: Wireless network configuration

[Kurt Buff]

Understand that - how do you verify it that it works as designed?

On Wed, Jun 9, 2010 at 06:33, Joe Tinney  wrote:
> Access control and routing is done by our core firewall and router for all of 
> our networks. This is the configuration that Phil is referring to.
>
> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Tuesday, June 08, 2010 10:34 PM
> To: NT System Admin Issues
> Subject: Re: OTish: Wireless network configuration
>
> I wonder how you verify the security of such an arrangement?
>
> On Tue, Jun 8, 2010 at 19:20, Joe Tinney  wrote:
>> While I'm not the one that configured them, our Cisco wireless access points 
>> are configured with two SSID's: one on a VLAN that goes to our transparent 
>> proxy and without access to our other networks and the other on a VLAN that 
>> functions just like our client wired network segment. The first one is an 
>> open Guest network and the latter is WPA2 secured.
>>
>> I'm not sure what your network devices would enable you to do but this has 
>> been rock solid configuration for us.
>>
>> -Original Message-
>> From: Kurt Buff [mailto:kurt.b...@gmail.com]
>> Sent: Tuesday, June 08, 2010 7:29 PM
>> To: NT System Admin Issues
>> Subject: OTish: Wireless network configuration
>>
>> All,
>>
>> We've got a decent wireless network at $WORK, but I'm dissatisified with it, 
>> because it lacks good guest access.
>>
>> We have 18 Cisco 1240ag WAPs talking with 3 HP POE switches, which currently 
>> are in our HP 3400cl layer 3 switch on our production network. There's a 
>> single SSID across all of them, and I've got them all configured on a single 
>> VLAN. Works great, but as mentioned there is no guest access.
>>
>> I could just stick them all physically outside our firewall, and give the 
>> wireless users an IPSec VPN client, but I really would prefer not to do that.
>>
>> I've been doing some reading, but don't have a good handle on how to move to 
>> a configuration that would work well - without the VPN, that is.
>>
>> I'm casting about for ideas - anyone have a solution they like?
>> Preferably without spending tons of money, of course.
>>
>> Kurt
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>>   ~
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>>   ~
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: OTish: Wireless network configuration

[Kurt Buff]

We have Cisco WAPs and HP switches. We have a Sidewinder (now McAfee)
firewall. No captive portal, it's just a dumb network, though I've
configured it pretty well for the original design, which, per
discussions internally, had no guest network, except for a WAP that's
connected to a DSL line in our training room for some of our customers
who come on site. That is totally separate from our production
network.

Don't know what's available, particularly - it's why I'm asking
questions here, to get some ideas.

Kurt

On Wed, Jun 9, 2010 at 07:07, Martin Blackstone  wrote:
> Does this solution not have any kind of captive portal? No add-ons or 
> anything available?
> Cisco loves to sell add-ons don’t they?
>
> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Tuesday, June 08, 2010 4:29 PM
> To: NT System Admin Issues
> Subject: OTish: Wireless network configuration
>
> All,
>
> We've got a decent wireless network at $WORK, but I'm dissatisified with it, 
> because it lacks good guest access.
>
> We have 18 Cisco 1240ag WAPs talking with 3 HP POE switches, which currently 
> are in our HP 3400cl layer 3 switch on our production network. There's a 
> single SSID across all of them, and I've got them all configured on a single 
> VLAN. Works great, but as mentioned there is no guest access.
>
> I could just stick them all physically outside our firewall, and give the 
> wireless users an IPSec VPN client, but I really would prefer not to do that.
>
> I've been doing some reading, but don't have a good handle on how to move to 
> a configuration that would work well - without the VPN, that is.
>
> I'm casting about for ideas - anyone have a solution they like?
> Preferably without spending tons of money, of course.
>
> Kurt
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: [OT - sorta, kinda, maybe] Who needs a hot-aisle in their server room?

[Kurt Buff]

That's really nice!

I can't justify one with only 3 racks, but it looks sweet.

Kurt

On Wed, Jun 9, 2010 at 09:00, Sean Martin  wrote:
> Nah, we use these to lift Blade Chassis' and large servers into our 51u
> racks. Makes life so much easier!
>
> http://serverlift.com/products/sl500/
>
> - Sean
>
> On Wed, Jun 9, 2010 at 6:52 AM, Erik Goldoff  wrote:
>>
>> Being the cynic, I can just imagine one or more cases leaking mineral oil
>> all over, first person into server room slips and busts their butt , second
>> person laughs before he/she falls too….
>>
>>
>>
>> And just remember, eventually all the heat that the mineral oil soaks up
>> has to go somewhere too !
>>
>>
>>
>> And what happens when you have to slide out a server in the rack to swap
>> out components ?  Bet them suckers are HEAVY, now you need 6 people to
>> safely mount a server without spilling ‘coolant’ 
>>
>>
>>
>> Oh, the humanity !
>>
>>
>>
>> Erik Goldoff
>>
>> IT  Consultant
>>
>> Systems, Networks, & Security
>>
>> '  Security is an ongoing process, not a one time event ! '
>>
>> From: Maglinger, Paul [mailto:pmaglin...@scvl.com]
>> Sent: Wednesday, June 09, 2010 9:50 AM
>> To: NT System Admin Issues
>> Subject: [OT - sorta, kinda, maybe] Who needs a hot-aisle in their server
>> room?
>>
>>
>>
>>  http://www.wimp.com/hugeidea/
>>
>>
>>
>> -Paul
>>
>>
>>
>>
>>
>>
>>
>>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: DNS settings tool

[Ben Scott]

David W. McSpadden [mailto:dav...@imcu.com] wrote:
> My problem is I don't understand it enough to give information.

  You should probabbly call in a paid consultant/IT services firm,
then.  Unfortunately I'm not in the Indiana area so I can't recommend
one.

  I'm not getting all your mail on this list.  The only reason I even
saw your mail is someone else replied to it.  I suspect your recent
changes did something wrong, and your mail is sometimes getting
filtered as spam.

  It's going to be very hard to fix your email over email.  See above
about paid experts.

  I'm not trying to be a jerk; I'm trying to give you the best advice
I can.  To me, it looks like you're in way over your head and may be
on the verge of serious Internet infrastructure trouble.  If you
really want to try and fix that by email on a volunteer mailing list,
I'll certainly try to help, but your boss may fire you first.

> Now I want to go to the Internet and query those two domains and make sure
> the MX, A, PTR, and TXT(SPF) records have all been updated correctly.

  If you just want to view what the records at the nameservers
currently are, open up a command prompt and do:

nslookup -type=ANY %DOMAIN_NAME% %AUTHORITATIVE_DNS_SERVER_NAME%

  For example:

nslookup -type=ANY imcu.com. pdns1.ultradns.net.

  If you don't know your registered nameservers, ask the root servers:

nslookup -type=ANY imcu.com. a.root-servers.net.

  They will prolly give you a delegation to another set of servers --
that is, you will just see a list of nameservers and IP address.  Pick
one of the offered nameservers and repeat until you get the answers
you're looking for.

  For example, I can tell you that currently,  is delegated
to UltraDNS.   says imcu.org.> an MX of
, which has IP address <206.18.123.221>.  The SPF
record specifies that same IP address, and excludes all others.

  But I have no idea if that is "correct" or not.  I have no knowledge
of your infrastructure or what you're trying to do, the way things
were before or what they're supposed to be now.

> The prefixes (I probably used the wrong name) are like pop.imcu.org,
> smtp.imcu.org, mail.imcu.org, www.imcu.org like that

  Technically, those are called "child domains" or "subdomains", but
what do you want to do with them?

  I can tell you that  tells me that
 has IP address <12.145.177.146>, but has no MX record.
 (But you probabbly don't want your web server to have an MX record.)
There does seem to be a website that responds to the name
 at that IP address.  You're "Indiana Members Credit
Union", right?

  There's no tool you can run from a third-party website that will
talk your DNS sub-tree automatically -- your nameservers are
configured *NOT* to tell the public all the records under your domain
(zone transfer).  You will need access to your DNS zone file (or the
UltraDNS equivalent).

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: [HUMOR] Someone misconfigured something somewhere, I think

[Daniel Rodriguez]

Yeah, but I am WANTING to get rid of this Epson. It's that gray case model.
Not an MX-80. :)

On Wed, Jun 9, 2010 at 2:12 PM, Terry Dickson
wrote:

> Also Okidata still sells Dot Matrix printers that work either USB or
> Parallel.  I have some older Okidata Printers still in use in our office.
> The stock we have to print on can’t be run through a Laser so we have to
> keep them around.
>
>
>
> *From:* Daniel Rodriguez [mailto:drod...@gmail.com]
> *Sent:* Wednesday, June 09, 2010 1:05 PM
>
> *To:* NT System Admin Issues
> *Subject:* Re: [HUMOR] Someone misconfigured something somewhere, I think
>
>
>
> Hey, if you need a wide-carriage printer, I have an older Epson I would be
> glad to sell you. :)
>
> On Wed, Jun 9, 2010 at 10:54 AM, Erik Goldoff  wrote:
>
> Wow, then why did the dot-matrix quit working ?  That’s weird !  If the LPT
> ports work for the laser, then driver problems within the software app ?
>
> ( sorry, I know, not what you were asking for in your original post )
>
>
>
> *Erik Goldoff*
>
> *IT  Consultant*
>
> *Systems, Networks, & Security *
>
> '  Security is an ongoing process, not a one time event ! '
>
> *From:* Mike Hoffman [mailto:m...@drumbrae.net]
> *Sent:* Wednesday, June 09, 2010 10:52 AM
>
>
> *To:* NT System Admin Issues
> *Subject:* RE: [HUMOR] Someone misconfigured something somewhere, I think
>
>
>
> I wish!! The machine is Dos6 not a session. I was planning on virtualising
> it at some point, but I’ve not got round to it.
>
>
>
> Mike
>
>
>
> *From:* Erik Goldoff [mailto:egold...@gmail.com]
>
> *Sent:* 09 June 2010 15:33
>
> *To:* NT System Admin Issues
> *Subject:* RE: [HUMOR] Someone misconfigured something somewhere, I think
>
>
>
> Have you tried using the NET USE command to capture the LPT output to the
> installed matrix printer within the DOS session?
>
>
>
> *Erik Goldoff*
>
> *IT  Consultant*
>
> *Systems, Networks, & Security *
>
> '  Security is an ongoing process, not a one time event ! '
>
> *From:* Mike Hoffman [mailto:m...@drumbrae.net]
>
> *Sent:* Wednesday, June 09, 2010 9:10 AM
> *To:* NT System Admin Issues
> *Subject:* RE: [HUMOR] Someone misconfigured something somewhere, I think
>
>
>
> Just out of interest we’ve spent the last week playing with  codes on
> a printer. We have a client running a vet practice using a dos based
> invoicing system. He is now unable to get dot-matrix printers to work so we
> put in an HP LJ1200, but the page width is too wide.
>
>
>
> I know that putting the codes in a .txt file and then piping that to the
> printer in the autoexec will set the printer for the session, but I’m going
> round in circles.
>
>
>
> Does anyone here know if this sounds like a font, line size, cpi, or other
> issue with a single  command to sort it?
>
>
>
> I really had thought I’d seen my last dos box ever!!
>
>
>
> Mike
>
>
>
> *From:* Andrew Levicki [mailto:and...@levicki.me.uk]
> *Sent:* 09 June 2010 14:02
> *To:* NT System Admin Issues
> *Subject:* Re: [HUMOR] Someone misconfigured something somewhere, I think
>
>
>
> I'm still trying to get a printout of the PCL font list!
>
>
>
> andrew
>
> On 9 June 2010 21:59, Ben Scott  wrote:
>
> On Wed, Jun 9, 2010 at 8:54 AM, Steven M. Caesare 
> wrote:
> >>   http://www.upart.biz/
>
> >
> > Doesn't load now, but I can only assume an open HP printer config page?
>
>  Yup.
>
>  I think the printer may have crashed due to all the people on this
> list trying to load the management UI.  :-)
>
>
> -- Ben
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>
>
>
> --
> Kind regards,
>
> Andrew Levicki
> MCITP:EDST7/EMA/EA,MCSE,MCSA,MCP,CCNA,ITIL
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Windows SBS 2003 User right

[Malcolm Reitz]

The owner's account is an administrator on the SBS server, isn't it? That's
the problem.

 

http://support.microsoft.com/?kbid=907434

 

-Malcolm

 

From: Cesare' A. Ramos [mailto:cra...@idfllc.com] 
Sent: Wednesday, June 09, 2010 10:59
To: NT System Admin Issues
Subject: Windows SBS 2003 User right

 

To all:

 

Have a quick question for you all.

 

We have a new client that is running Windows SBS 2003 with BES on the same
server, not our choice and we will be changing this.  In the interim though
there is one user, the owner nonetheless, that the BlackBerry Administrator
user keeps losing the 'Send As' and 'Read' rights thus the user then cannot
reply to messages.  We log in enable the rights, restart BB Router service
and all begins to work.  

 

Within 30 minutes, the rights are lost again.  We have edited templates and
such for user and group rights but have not had success in keeping change
static.

 

Any thoughts.

Sincerely,
Cesare' A. Ramos

 

 

  _  

This e-Mail and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this e-Mail in error please notify the sender via
returned e-Mail. Please note that any views or opinions presented in this
e-Mail are solely those of the author and do not necessarily represent those
of the company. Although IDF operates anti-virus programs, it does not
accept responsibility for any damage whatsoever that is caused by viruses
being passed.

** Think before you print this message. **

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: RE: SAN Solution

[Matthew W. Ross]

Interestingly enough, the numbers Bob posted are about 6.9 MB/s for the Drobo, 
7.9 MB/s for the PERC4. Do those numbers seem slow? I mean, if the Drobo is 
that slow, that's too bad for it. But the PERC4 UltraSCSI 320? 


--Matt Ross
Ephrata School District


- Original Message -
From: Tim Evans
[mailto:tev...@sparling.com]
To: NT System Admin Issues
[mailto:ntsysad...@lyris.sunbelt-software.com]
Sent: Wed, 09 Jun 2010
11:17:13 -0700
Subject: RE: RE: SAN Solution


> Yes, thanks for taking the time to post this
> 
> ...Tim
> 
> 
> -Original Message-
> From: Matthew W. Ross [mailto:mr...@ephrataschools.org] 
> Sent: Wednesday, June 09, 2010 10:37 AM
> To: NT System Admin Issues
> Subject: RE: RE: SAN Solution
> 
> Thank you! That information is extremely useful.
> 
> 
> --Matt Ross
> Ephrata School District
> 
> 
> - Original Message -
> From: Bob Hartung
> [mailto:bhart...@wiscoind.com]
> To: NT System Admin Issues
> [mailto:ntsysad...@lyris.sunbelt-software.com]
> Sent: Wed, 09 Jun 2010
> 08:40:55 -0700
> Subject: RE: RE: SAN Solution
> 
> 
> > Well, I can't attach SATA drives to my servers but here's the test I ran.
> > 
> > Server: Dell PowerEdge 2650 with
> > 
> > 
> > * E: Drive - internal PERC3 SCSI RAID 5 (Ultra320) E: Drive
> > * F: Drive - external SCSI Drive Array attached to PERC4 SCSI RAID 5
> (Ultra
> > 320)
> > 
> > * G: Drive - Drobo Elite connected via Gigabit Ethernet
> > 
> > 
> > I copied 2.1 GB from E: to F: in 4:36 or 476.9 MB/Min.
> > I copied 2.1 GB from E: to G: in 5:18 or 413.9 MB/Min.
> > 
> > 
> > --
> > 
> > Bob Hartung
> > Wisco Industries, Inc.
> > 736 Janesville St.
> > Oregon, WI 53575
> > Tel: (608) 835-3106 x215
> > Fax: (608) 835-7399
> > e-mail: bhartung(at)wiscoind.com
> >   _  
> > 
> > From: Tim Evans [mailto:tev...@sparling.com]
> > To: NT System Admin Issues [mailto:ntsysad...@lyris.sunbelt-software.com]
> > Sent: Tue, 08 Jun 2010 18:13:23 -0500
> > Subject: RE: RE: SAN Solution
> > 
> > 
> > 
> > 
> > How's the iSCSI performance on that unit? Compared to direct  attached
> SATA
> > for example?
> > 
> >  
> > 
> > 
> > ...Tim
> > 
> >  
> > 
> > 
> > 
> > From: Bob Hartung  [mailto:bhart...@wiscoind.com] 
> >   Sent: Tuesday, June 08, 2010 8:09 AM
> >   To: NT System Admin Issues
> >   Subject: RE: RE: SAN Solution
> > 
> >  
> > 
> > The  Elite is bundled with WD drives, either a consumer grade or an
> > enterprise. We  went with the enterprise (DREL1A21-WD2002FYPS-8).  You
> > should be able to pick the unit up for around $6000.
> >   
> >   For connection, I'm using a stand-alone HP Procurve Gigabit switch. Each
> > server  has 2 nics. Each server's 2nd nic card is connected to the HP
> > Procurve and  setup on different subnet than the regular network uses.
> >   
> >   It took me awhile to work out the MS ISCSI initiator stuff since I'd had
> > no  experience with it before.
> >   
> >   And I don't know if I'd characterize it as "instead of a SAN". As far 
> as
> > I can see, it's a SAN.
> >   
> >   --
> > 
> > 
> >   Bob Hartung
> >   Wisco Industries, Inc.
> >   736 Janesville St.
> >   Oregon, WI 53575
> >   Tel: (608) 835-3106 x215
> >   Fax: (608) 835-7399
> >   e-mail: bhartung(at)wiscoind.com
> >   _  
> > 
> > 
> > 
> > From: John Aldrich  [mailto:jaldr...@blueridgecarpet.com]
> >   To: NT System Admin Issues 
> [mailto:ntsysad...@lyris.sunbelt-software.com]
> >   Sent: Tue, 08 Jun 2010 09:01:18 -0500
> >   Subject: RE: RE: SAN Solution
> > 
> > 
> > Nifty.  I’m assuming these are “Enterprise” SATA drives? How does it
> > connect to your  existing servers, and approximately how much does
> something
> > like that cost?  That might be something I would want to look at using
> > instead of a SAN.
> > 
> >  
> > 
> > 
> > 
> > 
> >  
> > 
> > 
> > 
> > From: Bob Hartung  [mailto:bhart...@wiscoind.com] 
> >   Sent: Tuesday, June 08, 2010 9:42 AM
> >   To: NT System Admin Issues
> >   Subject: RE: RE: SAN Solution
> > 
> >  
> > 
> > I'm using the Drobo  Elite for backups as well. It's where I store
> > workstation images I create in  Acronis. It is also the disk-to-disk
> storage
> > I use for Arcserve server backups.
> >   
> >   I chose the somewhat more expensive Drobo Elite over a number of NAS 
> > alternatives for a number of reasons...
> >
> > * Rather   than simulate MS network privaleges like most NASs do, I
> > preferred being   able to simply share the Drobo's space via my
> existing
> > servers. That way   I'm using MS sharing and security.   
> > * It's   a SAN network which segregates storage traffic from the rest
> of
> > the   network.   
> > * It   supplies a pool of storage that I can parcel out to any of my
> > servers as   conditions evolve.   
> > * I've   got 16 TB of spac

Re: [HUMOR] Someone misconfigured something somewhere, I think

[Ben Scott]

On Wed, Jun 9, 2010 at 8:54 AM, Steven M. Caesare  wrote:
> Doesn't load now, but I can only assume an open HP printer config page?

  Don't worry, you can find plenty more HP printers on the web, it turns out:

http://www.google.com/search?q=%22Show+IPv4+address+on+control+panel%22

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: DNS settings tool

[Ben Scott]

On Wed, Jun 9, 2010 at 2:41 PM, Ben Scott  wrote:
>  I'm not getting all your mail on this list.

  I just got it now, several minutes after others replied to it.

>  There's no tool you can run from a third-party website that will
> talk your DNS sub-tree automatically

  That should have been "walk your DNS sub-tree".

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: [HUMOR] Someone misconfigured something somewhere, I think

[Erik Goldoff]

Thanks, but no thanks, it’s probably the one I got rid of last year : D

 

Erik Goldoff

IT  Consultant

Systems, Networks, & Security 

'  Security is an ongoing process, not a one time event ! '

From: Daniel Rodriguez [mailto:drod...@gmail.com] 
Sent: Wednesday, June 09, 2010 2:05 PM
To: NT System Admin Issues
Subject: Re: [HUMOR] Someone misconfigured something somewhere, I think

 

Hey, if you need a wide-carriage printer, I have an older Epson I would be glad 
to sell you. :)



On Wed, Jun 9, 2010 at 10:54 AM, Erik Goldoff  wrote:

Wow, then why did the dot-matrix quit working ?  That’s weird !  If the LPT 
ports work for the laser, then driver problems within the software app ?

( sorry, I know, not what you were asking for in your original post )

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: RE: SAN Solution

[Kurt Buff]

Very good data.

Single file copied, or multiple files? If multiple files, how many and
average size?

Robocopy, xcopy or just copy - and what switches?

Picky, picky, picky...

Kurt

On Wed, Jun 9, 2010 at 08:40, Bob Hartung  wrote:
>
> Well, I can't attach SATA drives to my servers but here's the test I ran.
>
> Server: Dell PowerEdge 2650 with
>
> E: Drive - internal PERC3 SCSI RAID 5 (Ultra320) E: Drive
> F: Drive - external SCSI Drive Array attached to PERC4 SCSI RAID 5 (Ultra 320)
> G: Drive - Drobo Elite connected via Gigabit Ethernet
>
> I copied 2.1 GB from E: to F: in 4:36 or 476.9 MB/Min.
> I copied 2.1 GB from E: to G: in 5:18 or 413.9 MB/Min.
>
>
> --
>
> Bob Hartung
> Wisco Industries, Inc.
> 736 Janesville St.
> Oregon, WI 53575
> Tel: (608) 835-3106 x215
> Fax: (608) 835-7399
> e-mail: bhartung(at)wiscoind.com
>
> 
> From: Tim Evans [mailto:tev...@sparling.com]
> To: NT System Admin Issues [mailto:ntsysad...@lyris.sunbelt-software.com]
> Sent: Tue, 08 Jun 2010 18:13:23 -0500
> Subject: RE: RE: SAN Solution
>
> How's the iSCSI performance on that unit? Compared to direct attached SATA 
> for example?
>
>
>
> ...Tim
>
>
>
> From: Bob Hartung [mailto:bhart...@wiscoind.com]
> Sent: Tuesday, June 08, 2010 8:09 AM
> To: NT System Admin Issues
> Subject: RE: RE: SAN Solution
>
>
>
> The Elite is bundled with WD drives, either a consumer grade or an 
> enterprise. We went with the enterprise (DREL1A21-WD2002FYPS-8). You should 
> be able to pick the unit up for around $6000.
>
> For connection, I'm using a stand-alone HP Procurve Gigabit switch. Each 
> server has 2 nics. Each server's 2nd nic card is connected to the HP Procurve 
> and setup on different subnet than the regular network uses.
>
> It took me awhile to work out the MS ISCSI initiator stuff since I'd had no 
> experience with it before.
>
> And I don't know if I'd characterize it as "instead of a SAN". As far as I 
> can see, it's a SAN.
>
> --
>
> Bob Hartung
> Wisco Industries, Inc.
> 736 Janesville St.
> Oregon, WI 53575
> Tel: (608) 835-3106 x215
> Fax: (608) 835-7399
> e-mail: bhartung(at)wiscoind.com
>
> 
>
> From: John Aldrich [mailto:jaldr...@blueridgecarpet.com]
> To: NT System Admin Issues [mailto:ntsysad...@lyris.sunbelt-software.com]
> Sent: Tue, 08 Jun 2010 09:01:18 -0500
> Subject: RE: RE: SAN Solution
>
> Nifty. I’m assuming these are “Enterprise” SATA drives? How does it connect 
> to your existing servers, and approximately how much does something like that 
> cost? That might be something I would want to look at using instead of a SAN.
>
>
>
>
>
> From: Bob Hartung [mailto:bhart...@wiscoind.com]
> Sent: Tuesday, June 08, 2010 9:42 AM
> To: NT System Admin Issues
> Subject: RE: RE: SAN Solution
>
>
>
> I'm using the Drobo Elite for backups as well. It's where I store workstation 
> images I create in Acronis. It is also the disk-to-disk storage I use for 
> Arcserve server backups.
>
> I chose the somewhat more expensive Drobo Elite over a number of NAS 
> alternatives for a number of reasons...
>
> Rather than simulate MS network privaleges like most NASs do, I preferred 
> being able to simply share the Drobo's space via my existing servers. That 
> way I'm using MS sharing and security.
> It's a SAN network which segregates storage traffic from the rest of the 
> network.
> It supplies a pool of storage that I can parcel out to any of my servers as 
> conditions evolve.
> I've got 16 TB of space. And it's all dynamically available to each 
> partition. It took me a while to get this. You make every partition a 16 TB 
> partition. That way, all partitions can use available storage without having 
> to change partition sizes by destroying them and recreating them.
> You can stick in any size SATA drive and it's added to the storage pool. 
> Right now I have 8 2TB drives but when 3 and 4TB drives come out, I can swap 
> out a 2TB drive and increase storage. Doesn't matter which slot you stick a 
> drive in either.
> Currently I'm using 2 drives for fault tolerance so if one fails, the RAID 
> continues to operate with redundancy.
>
> --
>
> Bob Hartung
> Wisco Industries, Inc.
> 736 Janesville St.
> Oregon, WI 53575
> Tel: (608) 835-3106 x215
> Fax: (608) 835-7399
> e-mail: bhartung(at)wiscoind.com
>
> 
>
> From: Jay Dale [mailto:jay.d...@3-gig.com]
> To: NT System Admin Issues [mailto:ntsysad...@lyris.sunbelt-software.com]
> Sent: Tue, 08 Jun 2010 08:17:07 -0500
> Subject: RE: RE: SAN Solution
>
> Exactly what we use it for..:)
>
>
>
> Jay Dale
>
> I.T. Manager, 3GiG
>
> Mobile: 713.299.2541
>
> Email: jay.d...@3-gig.com
>
>
>
> Confidentiality Notice: This e-mail, including any attached files, may 
> contain confidential and/or privileged information for the sole use of the 
> intended recipient. If you are not the intended recipient, you are hereby 
> notified t

RE: DNS settings tool

[David W. McSpadden]

You are not a jerk and I didn't take it that way.
Matter o factness is the best way to communicate.
You have just told me what I needed to know about the sub domains.
And I get what you are saying about the rest.
Not so much over my head and a little foggy about the details.
These domains are test domains anyways with only about 8 email accounts in
either of them so I am ok for my job.  When I get the balls to do imcu.com
then I better know what the hell I doing.
Thanks again.


-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com] 
Sent: Wednesday, June 09, 2010 2:41 PM
To: NT System Admin Issues
Subject: Re: DNS settings tool

David W. McSpadden [mailto:dav...@imcu.com] wrote:
> My problem is I don't understand it enough to give information.

  You should probabbly call in a paid consultant/IT services firm,
then.  Unfortunately I'm not in the Indiana area so I can't recommend
one.

  I'm not getting all your mail on this list.  The only reason I even
saw your mail is someone else replied to it.  I suspect your recent
changes did something wrong, and your mail is sometimes getting
filtered as spam.

  It's going to be very hard to fix your email over email.  See above
about paid experts.

  I'm not trying to be a jerk; I'm trying to give you the best advice
I can.  To me, it looks like you're in way over your head and may be
on the verge of serious Internet infrastructure trouble.  If you
really want to try and fix that by email on a volunteer mailing list,
I'll certainly try to help, but your boss may fire you first.

> Now I want to go to the Internet and query those two domains and make sure
> the MX, A, PTR, and TXT(SPF) records have all been updated correctly.

  If you just want to view what the records at the nameservers
currently are, open up a command prompt and do:

nslookup -type=ANY %DOMAIN_NAME% %AUTHORITATIVE_DNS_SERVER_NAME%

  For example:

nslookup -type=ANY imcu.com. pdns1.ultradns.net.

  If you don't know your registered nameservers, ask the root servers:

nslookup -type=ANY imcu.com. a.root-servers.net.

  They will prolly give you a delegation to another set of servers --
that is, you will just see a list of nameservers and IP address.  Pick
one of the offered nameservers and repeat until you get the answers
you're looking for.

  For example, I can tell you that currently,  is delegated
to UltraDNS.   says imcu.org.> an MX of
, which has IP address <206.18.123.221>.  The SPF
record specifies that same IP address, and excludes all others.

  But I have no idea if that is "correct" or not.  I have no knowledge
of your infrastructure or what you're trying to do, the way things
were before or what they're supposed to be now.

> The prefixes (I probably used the wrong name) are like pop.imcu.org,
> smtp.imcu.org, mail.imcu.org, www.imcu.org like that

  Technically, those are called "child domains" or "subdomains", but
what do you want to do with them?

  I can tell you that  tells me that
 has IP address <12.145.177.146>, but has no MX record.
 (But you probabbly don't want your web server to have an MX record.)
There does seem to be a website that responds to the name
 at that IP address.  You're "Indiana Members Credit
Union", right?

  There's no tool you can run from a third-party website that will
talk your DNS sub-tree automatically -- your nameservers are
configured *NOT* to tell the public all the records under your domain
(zone transfer).  You will need access to your DNS zone file (or the
UltraDNS equivalent).

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: OTish: Wireless network configuration

[Joe Tinney]

I wasn't involved in the implementation, so I really couldn't say how it was 
done here. I know that I can't get to any of our 'protected' network segments 
but I haven't done any scientific pen testing.

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Wednesday, June 09, 2010 2:18 PM
To: NT System Admin Issues
Subject: Re: OTish: Wireless network configuration

Understand that - how do you verify it that it works as designed?

On Wed, Jun 9, 2010 at 06:33, Joe Tinney  wrote:
> Access control and routing is done by our core firewall and router for all of 
> our networks. This is the configuration that Phil is referring to.
>
> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Tuesday, June 08, 2010 10:34 PM
> To: NT System Admin Issues
> Subject: Re: OTish: Wireless network configuration
>
> I wonder how you verify the security of such an arrangement?
>
> On Tue, Jun 8, 2010 at 19:20, Joe Tinney  wrote:
>> While I'm not the one that configured them, our Cisco wireless access points 
>> are configured with two SSID's: one on a VLAN that goes to our transparent 
>> proxy and without access to our other networks and the other on a VLAN that 
>> functions just like our client wired network segment. The first one is an 
>> open Guest network and the latter is WPA2 secured.
>>
>> I'm not sure what your network devices would enable you to do but this has 
>> been rock solid configuration for us.
>>
>> -Original Message-
>> From: Kurt Buff [mailto:kurt.b...@gmail.com]
>> Sent: Tuesday, June 08, 2010 7:29 PM
>> To: NT System Admin Issues
>> Subject: OTish: Wireless network configuration
>>
>> All,
>>
>> We've got a decent wireless network at $WORK, but I'm dissatisified with it, 
>> because it lacks good guest access.
>>
>> We have 18 Cisco 1240ag WAPs talking with 3 HP POE switches, which currently 
>> are in our HP 3400cl layer 3 switch on our production network. There's a 
>> single SSID across all of them, and I've got them all configured on a single 
>> VLAN. Works great, but as mentioned there is no guest access.
>>
>> I could just stick them all physically outside our firewall, and give the 
>> wireless users an IPSec VPN client, but I really would prefer not to do that.
>>
>> I've been doing some reading, but don't have a good handle on how to move to 
>> a configuration that would work well - without the VPN, that is.
>>
>> I'm casting about for ideas - anyone have a solution they like?
>> Preferably without spending tons of money, of course.
>>
>> Kurt
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>>   ~
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>>   ~
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Ethernet First Mile

[Richard Stovall]

Thanks folks.

On Wed, Jun 9, 2010 at 11:57 AM, Carol Fee  wrote:

>  That’s great info – thanks.
>
>
>
> *CFee*
>
> *From:* Michael B. Smith [mailto:mich...@smithcons.com]
> *Sent:* Wednesday, June 09, 2010 11:40 AM
> *To:* NT System Admin Issues
> *Subject:* RE: Ethernet First Mile
>
>
>
> I agree about the dedicated bandwidth.
>
>
>
> However, the technology is an IEEE standard. See
>
>
>
> http://en.wikipedia.org/wiki/Ethernet_in_the_First_Mile
>
>
>
> and
>
>
>
> http://www.ethernetinthefirstmile.com/
>
>
>
> Regards,
>
>
>
> Michael B. Smith
>
> Consultant and Exchange MVP
>
> http://TheEssentialExchange.com
>
>
>
> *From:* Andy Shook [mailto:andy.sh...@peak10.com]
> *Sent:* Wednesday, June 09, 2010 11:37 AM
> *To:* NT System Admin Issues
> *Subject:* RE: Ethernet First Mile
>
>
>
> It sounds to me like a Native LAN or Metro Ethernet type product; Ethernet
> First Mile, is probably some form of marketing term.  Regardless of the
> terminology, I would make darn sure your segment is sonet (loop-fed\ring
> topology\whatever) protected and it’s a dedicated 5Mbps, not some
> oversubscribed shared connection to the POP.
>
>
>
>
>
> Shook
>
>
>
> *From:* Richard Stovall [mailto:rich...@gmail.com]
> *Sent:* Wednesday, June 09, 2010 11:33 AM
> *To:* NT System Admin Issues
> *Subject:* OT: Ethernet First Mile
>
>
>
> Does anyone have experience with an internet bandwidth product known as
> "Ethernet First Mile".  I have a very compelling offer for internet
> bandwidth from a local provider (Cavalier Telephone) for 5 Mbps with an SLA.
>  It would halve my current charges from Level (3).
>
>
>
> Thanks,
> RS
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: OT: Ethernet First Mile

[Richard Stovall]

In this case the equipment is known from a marketing brochure the vendor
provided:

Hatteras HN4000 at the telco
Hatteras HN400-CP at our facility

I'll dig further into what the service back to the CO is like, and the
vendor has also provided some local customer references.  If we move in this
direction I'll also provide an update.

Cheers,
RS

On Wed, Jun 9, 2010 at 11:45 AM, Ben Scott  wrote:

> On Wed, Jun 9, 2010 at 11:32 AM, Richard Stovall 
> wrote:
> > Does anyone have experience with an internet bandwidth product known as
> > "Ethernet First Mile".  I have a very compelling offer for internet
> > bandwidth from a local provider (Cavalier Telephone) for 5 Mbps with an
> SLA.
> >  It would halve my current charges from Level (3).
>
>   As far as the tech goes: Google results suggest it's a suite of
> protocols and standards for delivering service using a variety of
> technologies (copper, two kinds of fiber), so I think "Ethernet in the
> First Mile" is too general to produce useful results for you.  You'd
> want to know what type they're using, and prolly what brand.
>
>  Also: In my experience, the company matters a lot more than the type
> of technology.  The traditional telcos have incredibly robustly
> engineered technology, but their management is so inept/evil that it
> often sucks to be their customer.
>
> -- Ben
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: RE: SAN Solution

[Kurt Buff]

The use of DnD in explorer definitely explains some of the slowness. Good stuff!

Kurt

On Wed, Jun 9, 2010 at 11:59, Bob Hartung  wrote:
> I copied a directory that had 6,980 files and 644 folders; largest file 200
> MB, avg file size .3 MB.
>
> I just did a plain jane drag and drop copy in Windows Explorer.
>
> --
>
> Bob Hartung
> Wisco Industries, Inc.
> 736 Janesville St.
> Oregon, WI 53575
> Tel: (608) 835-3106 x215
> Fax: (608) 835-7399
> e-mail: bhartung(at)wiscoind.com
>
> 
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> To: NT System Admin Issues [mailto:ntsysad...@lyris.sunbelt-software.com]
> Sent: Wed, 09 Jun 2010 13:45:34 -0500
> Subject: Re: RE: SAN Solution
>
> Very good data.
>
> Single file copied, or multiple files? If multiple files, how many and
> average size?
>
> Robocopy, xcopy or just copy - and what switches?
>
> Picky, picky, picky...
>
> Kurt
>
> On Wed, Jun 9, 2010 at 08:40, Bob Hartung  wrote:
>>
>> Well, I can't attach SATA drives to my servers but here's the test I ran.
>>
>> Server: Dell PowerEdge 2650 with
>>
>> E: Drive - internal PERC3 SCSI RAID 5 (Ultra320) E: Drive
>> F: Drive - external SCSI Drive Array attached to PERC4 SCSI RAID 5 (Ultra
>> 320)
>> G: Drive - Drobo Elite connected via Gigabit Ethernet
>>
>> I copied 2.1 GB from E: to F: in 4:36 or 476.9 MB/Min.
>> I copied 2.1 GB from E: to G: in 5:18 or 413.9 MB/Min.
>>
>>
>> --
>>
>> Bob Hartung
>> Wisco Industries, Inc.
>> 736 Janesville St.
>> Oregon, WI 53575
>> Tel: (608) 835-3106 x215
>> Fax: (608) 835-7399
>> e-mail: bhartung(at)wiscoind.com
>>
>> 
>> From: Tim Evans [mailto:tev...@sparling.com]
>> To: NT System Admin Issues [mailto:ntsysad...@lyris.sunbelt-software.com]
>> Sent: Tue, 08 Jun 2010 18:13:23 -0500
>> Subject: RE: RE: SAN Solution
>>
>> How's the iSCSI performance on that unit? Compared to direct attached SATA
>> for example?
>>
>>
>>
>> ...Tim
>>
>>
>>
>> From: Bob Hartung [mailto:bhart...@wiscoind.com]
>> Sent: Tuesday, June 08, 2010 8:09 AM
>> To: NT System Admin Issues
>> Subject: RE: RE: SAN Solution
>>
>>
>>
>> The Elite is bundled with WD drives, either a consumer grade or an
>> enterprise. We went with the enterprise (DREL1A21-WD2002FYPS-8). You should
>> be able to pick the unit up for around $6000.
>>
>> For connection, I'm using a stand-alone HP Procurve Gigabit switch. Each
>> server has 2 nics. Each server's 2nd nic card is connected to the HP
>> Procurve and setup on different subnet than the regular network uses.
>>
>> It took me awhile to work out the MS ISCSI initiator stuff since I'd had
>> no experience with it before.
>>
>> And I don't know if I'd characterize it as "instead of a SAN". As far as I
>> can see, it's a SAN.
>>
>> --
>>
>> Bob Hartung
>> Wisco Industries, Inc.
>> 736 Janesville St.
>> Oregon, WI 53575
>> Tel: (608) 835-3106 x215
>> Fax: (608) 835-7399
>> e-mail: bhartung(at)wiscoind.com
>>
>> 
>>
>> From: John Aldrich [mailto:jaldr...@blueridgecarpet.com]
>> To: NT System Admin Issues [mailto:ntsysad...@lyris.sunbelt-software.com]
>> Sent: Tue, 08 Jun 2010 09:01:18 -0500
>> Subject: RE: RE: SAN Solution
>>
>> Nifty. I’m assuming these are “Enterprise” SATA drives? How does it
>> connect to your existing servers, and approximately how much does something
>> like that cost? That might be something I would want to look at using
>> instead of a SAN.
>>
>>
>>
>>
>>
>> From: Bob Hartung [mailto:bhart...@wiscoind.com]
>> Sent: Tuesday, June 08, 2010 9:42 AM
>> To: NT System Admin Issues
>> Subject: RE: RE: SAN Solution
>>
>>
>>
>> I'm using the Drobo Elite for backups as well. It's where I store
>> workstation images I create in Acronis. It is also the disk-to-disk storage
>> I use for Arcserve server backups.
>>
>> I chose the somewhat more expensive Drobo Elite over a number of NAS
>> alternatives for a number of reasons...
>>
>> Rather than simulate MS network privaleges like most NASs do, I preferred
>> being able to simply share the Drobo's space via my existing servers. That
>> way I'm using MS sharing and security.
>> It's a SAN network which segregates storage traffic from the rest of the
>> network.
>> It supplies a pool of storage that I can parcel out to any of my servers
>> as conditions evolve.
>> I've got 16 TB of space. And it's all dynamically available to each
>> partition. It took me a while to get this. You make every partition a 16 TB
>> partition. That way, all partitions can use available storage without having
>> to change partition sizes by destroying them and recreating them.
>> You can stick in any size SATA drive and it's added to the storage pool.
>> Right now I have 8 2TB drives but when 3 and 4TB drives come out, I can swap
>> out a 2TB drive and increase storage. Doesn't matter which slot you stick a
>> drive in either.
>> Currently I'm using 2 drives for fault tolerance so if one fail

Re: OTish: Wireless network configuration

[Kurt Buff]

Cool. Thanks.

I think I'll see if I can engage a local firm to help out.

Kurt

On Wed, Jun 9, 2010 at 12:04, Joe Tinney  wrote:
> I wasn't involved in the implementation, so I really couldn't say how it was 
> done here. I know that I can't get to any of our 'protected' network segments 
> but I haven't done any scientific pen testing.
>
> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Wednesday, June 09, 2010 2:18 PM
> To: NT System Admin Issues
> Subject: Re: OTish: Wireless network configuration
>
> Understand that - how do you verify it that it works as designed?
>
> On Wed, Jun 9, 2010 at 06:33, Joe Tinney  wrote:
>> Access control and routing is done by our core firewall and router for all 
>> of our networks. This is the configuration that Phil is referring to.
>>
>> -Original Message-
>> From: Kurt Buff [mailto:kurt.b...@gmail.com]
>> Sent: Tuesday, June 08, 2010 10:34 PM
>> To: NT System Admin Issues
>> Subject: Re: OTish: Wireless network configuration
>>
>> I wonder how you verify the security of such an arrangement?
>>
>> On Tue, Jun 8, 2010 at 19:20, Joe Tinney  wrote:
>>> While I'm not the one that configured them, our Cisco wireless access 
>>> points are configured with two SSID's: one on a VLAN that goes to our 
>>> transparent proxy and without access to our other networks and the other on 
>>> a VLAN that functions just like our client wired network segment. The first 
>>> one is an open Guest network and the latter is WPA2 secured.
>>>
>>> I'm not sure what your network devices would enable you to do but this has 
>>> been rock solid configuration for us.
>>>
>>> -Original Message-
>>> From: Kurt Buff [mailto:kurt.b...@gmail.com]
>>> Sent: Tuesday, June 08, 2010 7:29 PM
>>> To: NT System Admin Issues
>>> Subject: OTish: Wireless network configuration
>>>
>>> All,
>>>
>>> We've got a decent wireless network at $WORK, but I'm dissatisified with 
>>> it, because it lacks good guest access.
>>>
>>> We have 18 Cisco 1240ag WAPs talking with 3 HP POE switches, which 
>>> currently are in our HP 3400cl layer 3 switch on our production network. 
>>> There's a single SSID across all of them, and I've got them all configured 
>>> on a single VLAN. Works great, but as mentioned there is no guest access.
>>>
>>> I could just stick them all physically outside our firewall, and give the 
>>> wireless users an IPSec VPN client, but I really would prefer not to do 
>>> that.
>>>
>>> I've been doing some reading, but don't have a good handle on how to move 
>>> to a configuration that would work well - without the VPN, that is.
>>>
>>> I'm casting about for ideas - anyone have a solution they like?
>>> Preferably without spending tons of money, of course.
>>>
>>> Kurt
>>>
>>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>>>   ~
>>>
>>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>>>   ~
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>>   ~
>>
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>>   ~
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Internal routing

[Richard Stovall]

Can you post the output from "route print"?

On Tue, Jun 8, 2010 at 9:19 AM, mqcarp  wrote:

> Thanks for your help. Here are the current results:
>
> http://fqdn TIMES OUT
> https://fqdn SUCCESS
> https://dmz-ip SUCCESS
> http://dmz-ip SUCCESS
>
> tracert -d www.domain.com RESOLVES CORRECTLY; ALL HOPS TIME OUT
>
> route print:
>
> This is interesting. If you look at the destination dmz-ip, it lists a
> different gateway than the default. It lists a core switch as the
> gateway.
>
>
> telnet fails to that by dmz-ip. that port is closed
>
>
>
>
>
> On Fri, May 28, 2010 at 2:02 PM, Richard Stovall 
> wrote:
> > Can you post the results of a 'route print' command, and a "tracert -d
> fqdn'
> > from one of the affected machines?
> > Going back over the thread, you initially said that https is working.  Is
> > that still true in each of the following cases?
> > https://dmz-ip
> > https://fqdn
> > What about the suggestion to telnet to the site on port 80?  Have you had
> a
> > chance to try that?
> > On Fri, May 28, 2010 at 1:32 PM, mqcarp  wrote:
> >>
> >> I see the public IP address route in the browser. Firefox is doing
> >> this. I put the exact error below. On the same machine, the nslookup
> >> is correct to the internal IP
> >>
> >> The following error was encountered: Connection to 66.xxx.xxx.51 Failed
> >>
> >> The system returned: (110) Connection timed out
> >>
> >> The remote host or network may be down. Please try the request again.
> >>
> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> >> ~   ~
> >
> >
> >
> >
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: RE: SAN Solution

[Bob Hartung]

I copied a directory that had 6,980 files and 644 folders; largest file 200 MB, 
avg file size .3 MB.

I just did a plain jane drag and drop copy in Windows Explorer.

--

Bob Hartung
Wisco Industries, Inc.
736 Janesville St.
Oregon, WI 53575
Tel: (608) 835-3106 x215
Fax: (608) 835-7399
e-mail: bhartung(at)wiscoind.com
  _  

From: Kurt Buff [mailto:kurt.b...@gmail.com]
To: NT System Admin Issues [mailto:ntsysad...@lyris.sunbelt-software.com]
Sent: Wed, 09 Jun 2010 13:45:34 -0500
Subject: Re: RE: SAN Solution

Very good data.
  
  Single file copied, or multiple files? If multiple files, how many and
  average size?
  
  Robocopy, xcopy or just copy - and what switches?
  
  Picky, picky, picky...
  
  Kurt
  
  On Wed, Jun 9, 2010 at 08:40, Bob Hartung  wrote:
  >
  > Well, I can't attach SATA drives to my servers but here's the test I ran.
  >
  > Server: Dell PowerEdge 2650 with
  >
  > E: Drive - internal PERC3 SCSI RAID 5 (Ultra320) E: Drive
  > F: Drive - external SCSI Drive Array attached to PERC4 SCSI RAID 5 (Ultra 
320)
  > G: Drive - Drobo Elite connected via Gigabit Ethernet
  >
  > I copied 2.1 GB from E: to F: in 4:36 or 476.9 MB/Min.
  > I copied 2.1 GB from E: to G: in 5:18 or 413.9 MB/Min.
  >
  >
  > --
  >
  > Bob Hartung
  > Wisco Industries, Inc.
  > 736 Janesville St.
  > Oregon, WI 53575
  > Tel: (608) 835-3106 x215
  > Fax: (608) 835-7399
  > e-mail: bhartung(at)wiscoind.com
  >
  > 
  > From: Tim Evans [mailto:tev...@sparling.com]
  > To: NT System Admin Issues [mailto:ntsysad...@lyris.sunbelt-software.com]
  > Sent: Tue, 08 Jun 2010 18:13:23 -0500
  > Subject: RE: RE: SAN Solution
  >
  > How's the iSCSI performance on that unit? Compared to direct attached SATA 
for example?
  >
  >
  >
  > ...Tim
  >
  >
  >
  > From: Bob Hartung [mailto:bhart...@wiscoind.com]
  > Sent: Tuesday, June 08, 2010 8:09 AM
  > To: NT System Admin Issues
  > Subject: RE: RE: SAN Solution
  >
  >
  >
  > The Elite is bundled with WD drives, either a consumer grade or an 
enterprise. We went with the enterprise (DREL1A21-WD2002FYPS-8). You should be 
able to pick the unit up for around $6000.
  >
  > For connection, I'm using a stand-alone HP Procurve Gigabit switch. Each 
server has 2 nics. Each server's 2nd nic card is connected to the HP Procurve 
and setup on different subnet than the regular network uses.
  >
  > It took me awhile to work out the MS ISCSI initiator stuff since I'd had no 
experience with it before.
  >
  > And I don't know if I'd characterize it as "instead of a SAN". As far as I 
can see, it's a SAN.
  >
  > --
  >
  > Bob Hartung
  > Wisco Industries, Inc.
  > 736 Janesville St.
  > Oregon, WI 53575
  > Tel: (608) 835-3106 x215
  > Fax: (608) 835-7399
  > e-mail: bhartung(at)wiscoind.com
  >
  > 
  >
  > From: John Aldrich [mailto:jaldr...@blueridgecarpet.com]
  > To: NT System Admin Issues [mailto:ntsysad...@lyris.sunbelt-software.com]
  > Sent: Tue, 08 Jun 2010 09:01:18 -0500
  > Subject: RE: RE: SAN Solution
  >
  > Nifty. I’m assuming these are “Enterprise” SATA drives? How does it connect 
to your existing servers, and approximately how much does something like that 
cost? That might be something I would want to look at using instead of a SAN.
  >
  >
  >
  >
  >
  > From: Bob Hartung [mailto:bhart...@wiscoind.com]
  > Sent: Tuesday, June 08, 2010 9:42 AM
  > To: NT System Admin Issues
  > Subject: RE: RE: SAN Solution
  >
  >
  >
  > I'm using the Drobo Elite for backups as well. It's where I store 
workstation images I create in Acronis. It is also the disk-to-disk storage I 
use for Arcserve server backups.
  >
  > I chose the somewhat more expensive Drobo Elite over a number of NAS 
alternatives for a number of reasons...
  >
  > Rather than simulate MS network privaleges like most NASs do, I preferred 
being able to simply share the Drobo's space via my existing servers. That way 
I'm using MS sharing and security.
  > It's a SAN network which segregates storage traffic from the rest of the 
network.
  > It supplies a pool of storage that I can parcel out to any of my servers as 
conditions evolve.
  > I've got 16 TB of space. And it's all dynamically available to each 
partition. It took me a while to get this. You make every partition a 16 TB 
partition. That way, all partitions can use available storage without having to 
change partition sizes by destroying them and recreating them.
  > You can stick in any size SATA drive and it's added to the storage pool. 
Right now I have 8 2TB drives but when 3 and 4TB drives come out, I can swap 
out a 2TB drive and increase storage. Doesn't matter which slot you stick a 
drive in either.
  > Currently I'm using 2 drives for fault tolerance so if one fails, the RAID 
continues to operate with redundancy.
  >
  > --
  >
  > Bob Hartung
  > Wisco Industries, Inc.
  > 736 Janesville St.

Re: RE: SAN Solution

[Charles Regan]

RS8-IP4 with 8x 500gb ES.2 SATA disks
3410 IOPS 50%read 50%write with IO Meter

On Wed, Jun 9, 2010 at 3:15 PM, Kurt Buff  wrote:
> The use of DnD in explorer definitely explains some of the slowness. Good 
> stuff!
>
> Kurt
>
> On Wed, Jun 9, 2010 at 11:59, Bob Hartung  wrote:
>> I copied a directory that had 6,980 files and 644 folders; largest file 200
>> MB, avg file size .3 MB.
>>
>> I just did a plain jane drag and drop copy in Windows Explorer.
>>
>> --
>>
>> Bob Hartung
>> Wisco Industries, Inc.
>> 736 Janesville St.
>> Oregon, WI 53575
>> Tel: (608) 835-3106 x215
>> Fax: (608) 835-7399
>> e-mail: bhartung(at)wiscoind.com
>>
>> 
>> From: Kurt Buff [mailto:kurt.b...@gmail.com]
>> To: NT System Admin Issues [mailto:ntsysad...@lyris.sunbelt-software.com]
>> Sent: Wed, 09 Jun 2010 13:45:34 -0500
>> Subject: Re: RE: SAN Solution
>>
>> Very good data.
>>
>> Single file copied, or multiple files? If multiple files, how many and
>> average size?
>>
>> Robocopy, xcopy or just copy - and what switches?
>>
>> Picky, picky, picky...
>>
>> Kurt
>>
>> On Wed, Jun 9, 2010 at 08:40, Bob Hartung  wrote:
>>>
>>> Well, I can't attach SATA drives to my servers but here's the test I ran.
>>>
>>> Server: Dell PowerEdge 2650 with
>>>
>>> E: Drive - internal PERC3 SCSI RAID 5 (Ultra320) E: Drive
>>> F: Drive - external SCSI Drive Array attached to PERC4 SCSI RAID 5 (Ultra
>>> 320)
>>> G: Drive - Drobo Elite connected via Gigabit Ethernet
>>>
>>> I copied 2.1 GB from E: to F: in 4:36 or 476.9 MB/Min.
>>> I copied 2.1 GB from E: to G: in 5:18 or 413.9 MB/Min.
>>>
>>>
>>> --
>>>
>>> Bob Hartung
>>> Wisco Industries, Inc.
>>> 736 Janesville St.
>>> Oregon, WI 53575
>>> Tel: (608) 835-3106 x215
>>> Fax: (608) 835-7399
>>> e-mail: bhartung(at)wiscoind.com
>>>
>>> 
>>> From: Tim Evans [mailto:tev...@sparling.com]
>>> To: NT System Admin Issues [mailto:ntsysad...@lyris.sunbelt-software.com]
>>> Sent: Tue, 08 Jun 2010 18:13:23 -0500
>>> Subject: RE: RE: SAN Solution
>>>
>>> How's the iSCSI performance on that unit? Compared to direct attached SATA
>>> for example?
>>>
>>>
>>>
>>> ...Tim
>>>
>>>
>>>
>>> From: Bob Hartung [mailto:bhart...@wiscoind.com]
>>> Sent: Tuesday, June 08, 2010 8:09 AM
>>> To: NT System Admin Issues
>>> Subject: RE: RE: SAN Solution
>>>
>>>
>>>
>>> The Elite is bundled with WD drives, either a consumer grade or an
>>> enterprise. We went with the enterprise (DREL1A21-WD2002FYPS-8). You should
>>> be able to pick the unit up for around $6000.
>>>
>>> For connection, I'm using a stand-alone HP Procurve Gigabit switch. Each
>>> server has 2 nics. Each server's 2nd nic card is connected to the HP
>>> Procurve and setup on different subnet than the regular network uses.
>>>
>>> It took me awhile to work out the MS ISCSI initiator stuff since I'd had
>>> no experience with it before.
>>>
>>> And I don't know if I'd characterize it as "instead of a SAN". As far as I
>>> can see, it's a SAN.
>>>
>>> --
>>>
>>> Bob Hartung
>>> Wisco Industries, Inc.
>>> 736 Janesville St.
>>> Oregon, WI 53575
>>> Tel: (608) 835-3106 x215
>>> Fax: (608) 835-7399
>>> e-mail: bhartung(at)wiscoind.com
>>>
>>> 
>>>
>>> From: John Aldrich [mailto:jaldr...@blueridgecarpet.com]
>>> To: NT System Admin Issues [mailto:ntsysad...@lyris.sunbelt-software.com]
>>> Sent: Tue, 08 Jun 2010 09:01:18 -0500
>>> Subject: RE: RE: SAN Solution
>>>
>>> Nifty. I’m assuming these are “Enterprise” SATA drives? How does it
>>> connect to your existing servers, and approximately how much does something
>>> like that cost? That might be something I would want to look at using
>>> instead of a SAN.
>>>
>>>
>>>
>>>
>>>
>>> From: Bob Hartung [mailto:bhart...@wiscoind.com]
>>> Sent: Tuesday, June 08, 2010 9:42 AM
>>> To: NT System Admin Issues
>>> Subject: RE: RE: SAN Solution
>>>
>>>
>>>
>>> I'm using the Drobo Elite for backups as well. It's where I store
>>> workstation images I create in Acronis. It is also the disk-to-disk storage
>>> I use for Arcserve server backups.
>>>
>>> I chose the somewhat more expensive Drobo Elite over a number of NAS
>>> alternatives for a number of reasons...
>>>
>>> Rather than simulate MS network privaleges like most NASs do, I preferred
>>> being able to simply share the Drobo's space via my existing servers. That
>>> way I'm using MS sharing and security.
>>> It's a SAN network which segregates storage traffic from the rest of the
>>> network.
>>> It supplies a pool of storage that I can parcel out to any of my servers
>>> as conditions evolve.
>>> I've got 16 TB of space. And it's all dynamically available to each
>>> partition. It took me a while to get this. You make every partition a 16 TB
>>> partition. That way, all partitions can use available storage without having
>>> to change partition sizes by destroying them and recreating them.
>>> You can stick in any size SATA d

Time to verify your IIS setup

[Kurt Buff]

about 111,000 sites infected

http://isc.sans.edu/diary.html?storyid=8935

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: DNS settings tool

[Ben Scott]

On Wed, Jun 9, 2010 at 2:49 PM, David W. McSpadden  wrote:
> Not so much over my head and a little foggy about the details.

  If you're going to be doing anything serious with DNS (and it sounds
like you are), I highly recommend the book /DNS and BIND/ from
O'Reilly.  While the content on BIND will be mostly irrelevant to you,
the stuff on theory, diagnostics, and tools will be invaluable.

http://oreilly.com/catalog/9780596100575

  Or... there's also /DNS on Windows Server/, which is supposed to be
a more Microsoft-OS-oriented book.  It shares several of the same
authors, so I expect it could well be a better match.  I've just never
read it myself.

http://oreilly.com/catalog/9780596005627

  Also, get yourself a copy of the ISC BIND utilities for Windows --
in particular, DIG.  DIG is a *much* better tool for diagnosing DNS
issues than NSLOOKUP.  For example, it can chase the delegation chain
for you:

dig +trace ANY imcu.com. @a.root-servers.net.

  Sure beats querying servers one at a time by hand!

> These domains are test domains anyways ...

  Ah.  I am much relieved to hear that!  I was really worried you
might have impaired your organization's email there.  :)

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: OTish: Wireless network configuration

[Jason Gauthier]

You use NMAP to do network scans to determine what is accessible and what isn't.


-Original Message-
From: Joe Tinney [mailto:jtin...@lastar.com] 
Sent: Wednesday, June 09, 2010 3:04 PM
To: NT System Admin Issues
Subject: RE: OTish: Wireless network configuration

I wasn't involved in the implementation, so I really couldn't say how it was 
done here. I know that I can't get to any of our 'protected' network segments 
but I haven't done any scientific pen testing.

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com]
Sent: Wednesday, June 09, 2010 2:18 PM
To: NT System Admin Issues
Subject: Re: OTish: Wireless network configuration

Understand that - how do you verify it that it works as designed?

On Wed, Jun 9, 2010 at 06:33, Joe Tinney  wrote:
> Access control and routing is done by our core firewall and router for all of 
> our networks. This is the configuration that Phil is referring to.
>
> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Tuesday, June 08, 2010 10:34 PM
> To: NT System Admin Issues
> Subject: Re: OTish: Wireless network configuration
>
> I wonder how you verify the security of such an arrangement?
>
> On Tue, Jun 8, 2010 at 19:20, Joe Tinney  wrote:
>> While I'm not the one that configured them, our Cisco wireless access points 
>> are configured with two SSID's: one on a VLAN that goes to our transparent 
>> proxy and without access to our other networks and the other on a VLAN that 
>> functions just like our client wired network segment. The first one is an 
>> open Guest network and the latter is WPA2 secured.
>>
>> I'm not sure what your network devices would enable you to do but this has 
>> been rock solid configuration for us.
>>
>> -Original Message-
>> From: Kurt Buff [mailto:kurt.b...@gmail.com]
>> Sent: Tuesday, June 08, 2010 7:29 PM
>> To: NT System Admin Issues
>> Subject: OTish: Wireless network configuration
>>
>> All,
>>
>> We've got a decent wireless network at $WORK, but I'm dissatisified with it, 
>> because it lacks good guest access.
>>
>> We have 18 Cisco 1240ag WAPs talking with 3 HP POE switches, which currently 
>> are in our HP 3400cl layer 3 switch on our production network. There's a 
>> single SSID across all of them, and I've got them all configured on a single 
>> VLAN. Works great, but as mentioned there is no guest access.
>>
>> I could just stick them all physically outside our firewall, and give the 
>> wireless users an IPSec VPN client, but I really would prefer not to do that.
>>
>> I've been doing some reading, but don't have a good handle on how to move to 
>> a configuration that would work well - without the VPN, that is.
>>
>> I'm casting about for ideas - anyone have a solution they like?
>> Preferably without spending tons of money, of course.
>>
>> Kurt
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>>   ~
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>>   ~
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: OTish: Wireless network configuration

[Phil Brutsche]

Or use Wireshark to make sure you don't see traffic you shouldn't.

On 6/9/2010 3:41 PM, Jason Gauthier wrote:
> You use NMAP to do network scans to determine what is accessible and what 
> isn't.

-- 

Phil Brutsche
p...@optimumdata.com

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: OTish: Wireless network configuration

[Kurt Buff]

You'll need more than that...

On Wed, Jun 9, 2010 at 13:41, Jason Gauthier  wrote:
> You use NMAP to do network scans to determine what is accessible and what 
> isn't.
>
>
> -Original Message-
> From: Joe Tinney [mailto:jtin...@lastar.com]
> Sent: Wednesday, June 09, 2010 3:04 PM
> To: NT System Admin Issues
> Subject: RE: OTish: Wireless network configuration
>
> I wasn't involved in the implementation, so I really couldn't say how it was 
> done here. I know that I can't get to any of our 'protected' network segments 
> but I haven't done any scientific pen testing.
>
> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Wednesday, June 09, 2010 2:18 PM
> To: NT System Admin Issues
> Subject: Re: OTish: Wireless network configuration
>
> Understand that - how do you verify it that it works as designed?
>
> On Wed, Jun 9, 2010 at 06:33, Joe Tinney  wrote:
>> Access control and routing is done by our core firewall and router for all 
>> of our networks. This is the configuration that Phil is referring to.
>>
>> -Original Message-
>> From: Kurt Buff [mailto:kurt.b...@gmail.com]
>> Sent: Tuesday, June 08, 2010 10:34 PM
>> To: NT System Admin Issues
>> Subject: Re: OTish: Wireless network configuration
>>
>> I wonder how you verify the security of such an arrangement?
>>
>> On Tue, Jun 8, 2010 at 19:20, Joe Tinney  wrote:
>>> While I'm not the one that configured them, our Cisco wireless access 
>>> points are configured with two SSID's: one on a VLAN that goes to our 
>>> transparent proxy and without access to our other networks and the other on 
>>> a VLAN that functions just like our client wired network segment. The first 
>>> one is an open Guest network and the latter is WPA2 secured.
>>>
>>> I'm not sure what your network devices would enable you to do but this has 
>>> been rock solid configuration for us.
>>>
>>> -Original Message-
>>> From: Kurt Buff [mailto:kurt.b...@gmail.com]
>>> Sent: Tuesday, June 08, 2010 7:29 PM
>>> To: NT System Admin Issues
>>> Subject: OTish: Wireless network configuration
>>>
>>> All,
>>>
>>> We've got a decent wireless network at $WORK, but I'm dissatisified with 
>>> it, because it lacks good guest access.
>>>
>>> We have 18 Cisco 1240ag WAPs talking with 3 HP POE switches, which 
>>> currently are in our HP 3400cl layer 3 switch on our production network. 
>>> There's a single SSID across all of them, and I've got them all configured 
>>> on a single VLAN. Works great, but as mentioned there is no guest access.
>>>
>>> I could just stick them all physically outside our firewall, and give the 
>>> wireless users an IPSec VPN client, but I really would prefer not to do 
>>> that.
>>>
>>> I've been doing some reading, but don't have a good handle on how to move 
>>> to a configuration that would work well - without the VPN, that is.
>>>
>>> I'm casting about for ideas - anyone have a solution they like?
>>> Preferably without spending tons of money, of course.
>>>
>>> Kurt
>>>
>>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>>>   ~
>>>
>>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>>>   ~
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>>   ~
>>
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>>   ~
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: OTish: Wireless network configuration

[Kurt Buff]

And more than that will be needed, as well.

On Wed, Jun 9, 2010 at 13:44, Phil Brutsche  wrote:
> Or use Wireshark to make sure you don't see traffic you shouldn't.
>
> On 6/9/2010 3:41 PM, Jason Gauthier wrote:
>> You use NMAP to do network scans to determine what is accessible and what 
>> isn't.
>
> --
>
> Phil Brutsche
> p...@optimumdata.com
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Time to verify your IIS setup

[Ziots, Edward]

On the phone with their abuse center right now, talking with a rep about the 
situation, so see if they have calls on it. 

Z

Edward Ziots
CISSP,MCSA,MCP+I,Security +,Network +,CCA
Network Engineer
Lifespan Organization
401-639-3505
ezi...@lifespan.org


-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Wednesday, June 09, 2010 3:43 PM
To: NT System Admin Issues
Subject: Time to verify your IIS setup

about 111,000 sites infected

http://isc.sans.edu/diary.html?storyid=8935

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Time to verify your IIS setup

[Ziots, Edward]

They got an abuse ticket on those IPs and are working to take it down 
accordingly. 

Funny how SQL injection is still at the top of the latest OWASP Top 10, because 
it works soo well, when you don’t use input validation Poor development is 
the culprit...

Z

Edward Ziots
CISSP,MCSA,MCP+I,Security +,Network +,CCA
Network Engineer
Lifespan Organization
401-639-3505
ezi...@lifespan.org


-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Wednesday, June 09, 2010 3:43 PM
To: NT System Admin Issues
Subject: Time to verify your IIS setup

about 111,000 sites infected

http://isc.sans.edu/diary.html?storyid=8935

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Time to verify your IIS setup

[Micheal Espinola Jr]

Wee!!!

--
ME2


On Wed, Jun 9, 2010 at 12:43 PM, Kurt Buff  wrote:

> about 111,000 sites infected
>
> http://isc.sans.edu/diary.html?storyid=8935
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: OTish: Wireless network configuration

[Micheal Espinola Jr]

Thats not necessarily true with dealing with directional antennas; while it
may appear to be true with omnidirectional ones.

--
ME2


On Wed, Jun 9, 2010 at 6:55 AM, Joe Tinney  wrote:

> No. There are some bandwidth restrictions and we monitor the bandwidth
> utilization on that VLAN but nothing more than that.
>
> Our physical location is such that the wireless signal strength drops
> before it hits any permanent establishments or parking lots not on our
> premises. Other than intentional wardriving, there would be very few
> circumstances for casual pedestrian access.
>
> -Original Message-
> From: Malcolm Reitz [mailto:malcolm.re...@live.com]
> Sent: Wednesday, June 09, 2010 9:17 AM
> To: NT System Admin Issues
>  Subject: RE: OTish: Wireless network configuration
>
> Do you do anything to prevent random people outside your office from
> connecting to your guest wireless network?
>
> -Malcolm
>
> -Original Message-
> From: Joe Tinney [mailto:jtin...@lastar.com]
> Sent: Tuesday, June 08, 2010 21:21
> To: NT System Admin Issues
> Subject: RE: OTish: Wireless network configuration
>
>  While I'm not the one that configured them, our Cisco wireless access
> points are configured with two SSID's: one on a VLAN that goes to our
> transparent proxy and without access to our other networks and the other on
> a VLAN that functions just like our client wired network segment. The first
> one is an open Guest network and the latter is WPA2 secured.
>
> I'm not sure what your network devices would enable you to do but this has
> been rock solid configuration for us.
>
> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Tuesday, June 08, 2010 7:29 PM
> To: NT System Admin Issues
> Subject: OTish: Wireless network configuration
>
> All,
>
> We've got a decent wireless network at $WORK, but I'm dissatisified with
> it, because it lacks good guest access.
>
> We have 18 Cisco 1240ag WAPs talking with 3 HP POE switches, which
> currently are in our HP 3400cl layer 3 switch on our production network.
> There's a single SSID across all of them, and I've got them all configured
> on a single VLAN. Works great, but as mentioned there is no guest access.
>
> I could just stick them all physically outside our firewall, and give the
> wireless users an IPSec VPN client, but I really would prefer not to do
> that.
>
> I've been doing some reading, but don't have a good handle on how to move
> to a configuration that would work well - without the VPN, that is.
>
> I'm casting about for ideas - anyone have a solution they like?
> Preferably without spending tons of money, of course.
>
> Kurt
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <
> http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <
> http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <
> http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: OTish: Wireless network configuration

[Jason Gauthier]

You should provide specifics, instead of ambiguity.
Ambiguity helps no one, last I checked.


-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Wednesday, June 09, 2010 4:50 PM
To: NT System Admin Issues
Subject: Re: OTish: Wireless network configuration

And more than that will be needed, as well.

On Wed, Jun 9, 2010 at 13:44, Phil Brutsche  wrote:
> Or use Wireshark to make sure you don't see traffic you shouldn't.
>
> On 6/9/2010 3:41 PM, Jason Gauthier wrote:
>> You use NMAP to do network scans to determine what is accessible and what 
>> isn't.
>
> --
>
> Phil Brutsche
> p...@optimumdata.com
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: OTish: Wireless network configuration

[Kurt Buff]

AFAIK, nmap and wireshark won't tell you as much as you need to know
about arp flooding, vlan hopping and suchlike. Well, wireshark might,
but you'll need to monitor it pretty much continuously, and that's
probably a full time job.

For assurance, initially you'll need a pen-test and/or an full audit
by someone who knows what they're doing, then put in place good
IDS/IPS systems that are tuned for your environment.

I don't pretend to have experience with anything in the previous
sentence, and the better the physical separation I can achieve, the
safer I feel - at least until I get a bunch more education/experience
under my belt.

Kurt


On Wed, Jun 9, 2010 at 14:29, Jason Gauthier  wrote:
> You should provide specifics, instead of ambiguity.
> Ambiguity helps no one, last I checked.
>
>
> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Wednesday, June 09, 2010 4:50 PM
> To: NT System Admin Issues
> Subject: Re: OTish: Wireless network configuration
>
> And more than that will be needed, as well.
>
> On Wed, Jun 9, 2010 at 13:44, Phil Brutsche  wrote:
>> Or use Wireshark to make sure you don't see traffic you shouldn't.
>>
>> On 6/9/2010 3:41 PM, Jason Gauthier wrote:
>>> You use NMAP to do network scans to determine what is accessible and what 
>>> isn't.
>>
>> --
>>
>> Phil Brutsche
>> p...@optimumdata.com
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>>   ~
>>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: OTish: Wireless network configuration

[Phil Brutsche]

In other words, this:

http://www.cisco.com/en/US/products/hw/switches/ps708/products_white_paper09186a008013159f.shtml

On 6/9/2010 5:12 PM, Kurt Buff wrote:
> AFAIK, nmap and wireshark won't tell you as much as you need to know
> about arp flooding, vlan hopping and suchlike. Well, wireshark might,
> but you'll need to monitor it pretty much continuously, and that's
> probably a full time job.

-- 

Phil Brutsche
p...@optimumdata.com

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Ethernet First Mile

[Micheal Espinola Jr]

+1

--
ME2


On Wed, Jun 9, 2010 at 8:36 AM, Andy Shook  wrote:

>  It sounds to me like a Native LAN or Metro Ethernet type product;
> Ethernet First Mile, is probably some form of marketing term.  Regardless of
> the terminology, I would make darn sure your segment is sonet (loop-fed\ring
> topology\whatever) protected and it’s a dedicated 5Mbps, not some
> oversubscribed shared connection to the POP.
>
>
>
>
>
> Shook
>
>
>
> *From:* Richard Stovall [mailto:rich...@gmail.com]
> *Sent:* Wednesday, June 09, 2010 11:33 AM
> *To:* NT System Admin Issues
> *Subject:* OT: Ethernet First Mile
>
>
>
> Does anyone have experience with an internet bandwidth product known as
> "Ethernet First Mile".  I have a very compelling offer for internet
> bandwidth from a local provider (Cavalier Telephone) for 5 Mbps with an SLA.
>  It would halve my current charges from Level (3).
>
>
>
> Thanks,
> RS
>
>
>
>
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: OTish: Wireless network configuration

[Jon Harris]

"I don't pretend to have experience with anything in the previous
sentence, and the better the physical separation I can achieve, the
safer I feel - at least until I get a bunch more education/experience
under my belt"

If that is the case purchase some cheap home routers and create a seperate
VLAN on the backbone wired network to get them access to a
DSL/FIOS/Broadband connection.  Lock them to only be on for just so many
hours per day and work days.  If possible and the wire exists already
instead of a seperate VLAN put them on a seperate wired network.  I was able
to do the VLAN method at the last gig I had and all was good.  Our external
consultant came in and pen tested the networks to verify no leakage from one
to the other prior to going live and was there the day we went live the
check everything again.  Seperate networks are so much nicer and if the user
just had to use the Guest WiFi then they had to use VPN to access internal
stuff.  Some times it is just better to be the one that says no and keeps it
that way.  The powers that were, were not happy paying for the second
connection but a couple of months later it became very handy when some
"visitors" just had to have access to the Internet and they flooded the
Guest network with traffic from an infected machine.  Having a seperate
Guest network also comes in handy when testing remote access to the network.

Jon

On Wed, Jun 9, 2010 at 6:12 PM, Kurt Buff  wrote:

> AFAIK, nmap and wireshark won't tell you as much as you need to know
> about arp flooding, vlan hopping and suchlike. Well, wireshark might,
> but you'll need to monitor it pretty much continuously, and that's
> probably a full time job.
>
> For assurance, initially you'll need a pen-test and/or an full audit
> by someone who knows what they're doing, then put in place good
> IDS/IPS systems that are tuned for your environment.
>
> I don't pretend to have experience with anything in the previous
> sentence, and the better the physical separation I can achieve, the
> safer I feel - at least until I get a bunch more education/experience
> under my belt.
>
> Kurt
>
>
> On Wed, Jun 9, 2010 at 14:29, Jason Gauthier  wrote:
> > You should provide specifics, instead of ambiguity.
> > Ambiguity helps no one, last I checked.
> >
> >
> > -Original Message-
> > From: Kurt Buff [mailto:kurt.b...@gmail.com]
> > Sent: Wednesday, June 09, 2010 4:50 PM
> > To: NT System Admin Issues
> > Subject: Re: OTish: Wireless network configuration
> >
> > And more than that will be needed, as well.
> >
> > On Wed, Jun 9, 2010 at 13:44, Phil Brutsche 
> wrote:
> >> Or use Wireshark to make sure you don't see traffic you shouldn't.
> >>
> >> On 6/9/2010 3:41 PM, Jason Gauthier wrote:
> >>> You use NMAP to do network scans to determine what is accessible and
> what isn't.
> >>
> >> --
> >>
> >> Phil Brutsche
> >> p...@optimumdata.com
> >>
> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
> >>   ~
> >>
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <
> http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
> >
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> > ~   ~
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: OTish: Wireless network configuration

[Charles Regan]

We use Cisco AP here. Two SSID, one for guest one for staff.
SSID Guest is on a VLAN and it's using the integrated Cisco captive
portal on our WLC controller, users are authenticated by IAS radius
server using their AD-account. Only member of the Guest-Internet group
have access. That VLAN only have access to printers and internet.
Users bringing their personal laptop/ipod connect to the Guest SSID.

The other SSID is on our network and we use Computer authentication,
also done by IAS with PEAP.
That way only domain joined machine can have access to our resources.
Using PEAP we can send GPO to laptop with the correct wireless configuration.

Now i need to do the same thing on the wire side.


On Wed, Jun 9, 2010 at 8:30 PM, Jon Harris  wrote:
> "I don't pretend to have experience with anything in the previous
> sentence, and the better the physical separation I can achieve, the
> safer I feel - at least until I get a bunch more education/experience
> under my belt"
>
> If that is the case purchase some cheap home routers and create a seperate
> VLAN on the backbone wired network to get them access to a
> DSL/FIOS/Broadband connection.  Lock them to only be on for just so many
> hours per day and work days.  If possible and the wire exists already
> instead of a seperate VLAN put them on a seperate wired network.  I was able
> to do the VLAN method at the last gig I had and all was good.  Our external
> consultant caWme in and pen tested the networks to verify no leakage from one
> to the other prior to going live and was there the day we went live the
> check everything again.  Seperate networks are so much nicer and if the user
> just had to use the Guest WiFi then they had to use VPN to access internal
> stuff.  Some times it is just better to be the one that says no and keeps it
> that way.  The powers that were, were not happy paying for the second
> connection but a couple of months later it became very handy when some
> "visitors" just had to have access to the Internet and they flooded the
> Guest network with traffic from an infected machine.  Having a seperate
> Guest network also comes in handy when testing remote access to the network.
>
> Jon
>
> On Wed, Jun 9, 2010 at 6:12 PM, Kurt Buff  wrote:
>>
>> AFAIK, nmap and wireshark won't tell you as much as you need to know
>> about arp flooding, vlan hopping and suchlike. Well, wireshark might,
>> but you'll need to monitor it pretty much continuously, and that's
>> probably a full time job.
>>
>> For assurance, initially you'll need a pen-test and/or an full audit
>> by someone who knows what they're doing, then put in place good
>> IDS/IPS systems that are tuned for your environment.
>>
>> I don't pretend to have experience with anything in the previous
>> sentence, and the better the physical separation I can achieve, the
>> safer I feel - at least until I get a bunch more education/experience
>> under my belt.
>>
>> Kurt
>>
>>
>> On Wed, Jun 9, 2010 at 14:29, Jason Gauthier  wrote:
>> > You should provide specifics, instead of ambiguity.
>> > Ambiguity helps no one, last I checked.
>> >
>> >
>> > -Original Message-
>> > From: Kurt Buff [mailto:kurt.b...@gmail.com]
>> > Sent: Wednesday, June 09, 2010 4:50 PM
>> > To: NT System Admin Issues
>> > Subject: Re: OTish: Wireless network configuration
>> >
>> > And more than that will be needed, as well.
>> >
>> > On Wed, Jun 9, 2010 at 13:44, Phil Brutsche 
>> > wrote:
>> >> Or use Wireshark to make sure you don't see traffic you shouldn't.
>> >>
>> >> On 6/9/2010 3:41 PM, Jason Gauthier wrote:
>> >>> You use NMAP to do network scans to determine what is accessible and
>> >>> what isn't.
>> >>
>> >> --
>> >>
>> >> Phil Brutsche
>> >> p...@optimumdata.com
>> >>
>> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>> >>   ~
>> >>
>> >
>> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>> >   ~
>> >
>> >
>> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> > ~   ~
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: OTish: Wireless network configuration

[Jon Harris]

Before you ask the only way I knew there was an infection on one of the
guest machines was the DSL circuit was a solid constant light.  Reset the
router and the boss could connect his Mac which could not connect.  Once he
was connected he kept timing out trying to access the web, but only after
the two guest machines would reconnect to the Guest network.  I was not any
genius about it.  Resetting the DSL did not fix the issue only resetting the
WAP would, and then only until people (3) connected and since it was lit up
before the Mac was connected I knew it was one of the guest machines.

Jon

On Wed, Jun 9, 2010 at 7:30 PM, Jon Harris  wrote:

>  "I don't pretend to have experience with anything in the previous
> sentence, and the better the physical separation I can achieve, the
> safer I feel - at least until I get a bunch more education/experience
> under my belt"
>
>  If that is the case purchase some cheap home routers and create a
> seperate VLAN on the backbone wired network to get them access to a
> DSL/FIOS/Broadband connection.  Lock them to only be on for just so many
> hours per day and work days.  If possible and the wire exists already
> instead of a seperate VLAN put them on a seperate wired network.  I was able
> to do the VLAN method at the last gig I had and all was good.  Our external
> consultant came in and pen tested the networks to verify no leakage from one
> to the other prior to going live and was there the day we went live the
> check everything again.  Seperate networks are so much nicer and if the user
> just had to use the Guest WiFi then they had to use VPN to access internal
> stuff.  Some times it is just better to be the one that says no and keeps it
> that way.  The powers that were, were not happy paying for the second
> connection but a couple of months later it became very handy when some
> "visitors" just had to have access to the Internet and they flooded the
> Guest network with traffic from an infected machine.  Having a seperate
> Guest network also comes in handy when testing remote access to the network.
>
> Jon
>
>  On Wed, Jun 9, 2010 at 6:12 PM, Kurt Buff  wrote:
>
>> AFAIK, nmap and wireshark won't tell you as much as you need to know
>> about arp flooding, vlan hopping and suchlike. Well, wireshark might,
>> but you'll need to monitor it pretty much continuously, and that's
>> probably a full time job.
>>
>> For assurance, initially you'll need a pen-test and/or an full audit
>> by someone who knows what they're doing, then put in place good
>> IDS/IPS systems that are tuned for your environment.
>>
>> I don't pretend to have experience with anything in the previous
>> sentence, and the better the physical separation I can achieve, the
>> safer I feel - at least until I get a bunch more education/experience
>> under my belt.
>>
>> Kurt
>>
>>
>> On Wed, Jun 9, 2010 at 14:29, Jason Gauthier 
>> wrote:
>> > You should provide specifics, instead of ambiguity.
>> > Ambiguity helps no one, last I checked.
>> >
>> >
>> > -Original Message-
>> > From: Kurt Buff [mailto:kurt.b...@gmail.com]
>> > Sent: Wednesday, June 09, 2010 4:50 PM
>> > To: NT System Admin Issues
>> > Subject: Re: OTish: Wireless network configuration
>> >
>> > And more than that will be needed, as well.
>> >
>> > On Wed, Jun 9, 2010 at 13:44, Phil Brutsche 
>> wrote:
>> >> Or use Wireshark to make sure you don't see traffic you shouldn't.
>> >>
>> >> On 6/9/2010 3:41 PM, Jason Gauthier wrote:
>> >>> You use NMAP to do network scans to determine what is accessible and
>> what isn't.
>> >>
>> >> --
>> >>
>> >> Phil Brutsche
>> >> p...@optimumdata.com
>> >>
>> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>> >>   ~
>> >>
>> >
>> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <
>> http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>> >
>> >
>> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> > ~   ~
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~