RE: OT: Vipre effectiveness false positives
As I have stated in previous AV threads, I actually use/manage 3 different AV products: Vipre Enterprise (3 clients, ~25 systems, plus my home machines), Trend WorryFree (1 client, 55 systems) and McAfee (%dayjob%, ~500 systems) and Vipre easily has more false positives than the other two: 3 in the last 12 months, vs zero for Trend and McAfee. Twice it ate Outlook.exe, one other time it ate Iexplore.exe. Not enough to make we want to switch from Vipre, just offering a data point. A bit over a year ago Vipre replaced Trend at home (1 server, 3PC's), Symantec at a client of 17, and standalone McAfee at a client of 7, no major issues transitioning any of them. There were enough teething pains (FP's) early on to prevent me from replacing it at the bigger client as well as %dayjob%. I avoided the recent McAfee fiasco because I grab updates ~20 hours after they typcically release, didn't know Trend had one recently. Alternately, none of these sites have had infections requiring a HDD wipe. Dave From: Ralph Smith m...@gatewayindustries.org Sent: Thursday, July 29, 2010 8:49 PM To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Subject: RE: Vipre effectiveness false positives I don't disagree, but when you are presented with information you have to evaluate the validity of the data, and hopefully get clarification from those involved when it implies that there may be a problem. Virus Bulletin actually warned in the explanation of the chart that it was just one result and that conclusions shouldn't be jumped to until there was more data. And sometimes, a horse is just a horse, of course. From: Kim Longenbaugh [mailto:k...@colonialsavings.com] Sent: Thursday, July 29, 2010 4:39 PM To: NT System Admin Issues Subject: RE: Vipre effectiveness false positives My point was really that all AV vendors have experience FPs, not just Vipre. I agree that statistics can be a valuable tool, it’s just that which ones you choose and how you present them can be misleading. For example, in a horse race between the US and Russia, the US horse won. In the American papers, it was reported that the US was took first place. In the Russian papers, it was reported that the US was next to last and that Russia was second place. The statistics reported in both cases were true, but the picture they gave of the race was very different. From: Ralph Smith [mailto:m...@gatewayindustries.org] Sent: Thursday, July 29, 2010 3:08 PM To: NT System Admin Issues Subject: RE: Vipre effectiveness false positives True, but there were people on the VIPRE forum that were hit just as hard by a couple of the FPs that VIPRE had. I’m not knocking VIPRE at all – I like it a lot and would purchase it again with no hesitation. However, when a well known organization like Virus Bulletin publishes test results, it makes sense to look at the data and try to understand what it means and how it may impact your organization. I personally feel confident with Sunbelt, but I would be interested to understand how they interpret the chart and what they feel the implications are for their product. By the way, some lies may be statistics, but not all statistics are lies. Information, including statistical, is the basis for sound decision making. From: Kim Longenbaugh [mailto:k...@colonialsavings.com] Sent: Thursday, July 29, 2010 2:28 PM To: NT System Admin Issues Subject: RE: Vipre effectiveness false positives How about a little perspective on false positives? http://news.cnet.com/8301-1009_3-20003074-83.html and a reminder about statistics from Mark Twain: “there’s 3 kinds of lies: lies, damned lies, and statistics” From: Ralph Smith [mailto:m...@gatewayindustries.org] Sent: Thursday, July 29, 2010 1:20 PM To: NT System Admin Issues Subject: RE: Vipre effectiveness false positives I’ve had VIPRE for a couple of years now, and was fortunately not hit hard with the false positive problems others have had. With about 180 Win XP machines, I’ve had only a half dozen infections in that time – all but one of the rogue AV kind, so I have been feeling pretty good. However, the chart that was linked to is a bit worrying – the only popular business class AV solution that scored worse was CA (my former solution), and most of the others – McAfee, ESET, Kaspersky, Sophos to name a few – show significantly better results. It would be interesting to hear a comment from Sunbelt – a little reassurance needed here. :-) From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Thursday, July 29, 2010 1:48 PM To: NT System Admin Issues Subject: Re: Vipre effectiveness false positives I don't know what you have now, but I can tell you from experience at various client sites over the last year or so, none of the following was without issues : Trend, McAfee, Symantec SAV SEP On
RE: Password question
I thought so... but a couple of the other replies make me doubt myself now... - the grey matter has been thinning for quite a few years now, but I'm *sure* I remember this happening to me several times over the years as I've hit my company password expiry policy limit whilst offsite, and have seen and used the prompt from OWA to reset my password... - I am currently working mostly wth EX2010 *with* SP1 beta though Paul G. -Original Message- From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] Sent: 29 July 2010 17:49 To: NT System Admin Issues Subject: RE: Password question Cool, so with 2010, I don't have to uncheck the User must change password option? Paul Gordon paul_gor...@hotmail.com 7/29/2010 9:38 AM What version of Exchange / OWA? If 2010, then yes, via the ECP, users can perform various self-service activities at will... If 2007, then the option is also there under Options Change Password... Also, as I recall, - since each of the above options require that the user is already logged in to their mailbox in order to be able to get to those links... OWA will also prompt a user for a password change in the event that a password has expired, or it's a new user account with the must change password at next logon setting applied... So yes, users can change their AD passwords via OWA with *almost* as much flexibility as from a normal login session on a domain joined desktop client HTH Paul G. -Original Message- From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] Sent: 29 July 2010 16:53 To: NT System Admin Issues Subject: Password question Cross-posted here and in the Exchange list: Are you able to change your AD password from within OWA? We have the following situation: 1) Novell currently handles our authentication, users, e-mail, etc. We have a Windows domain, but it's only for applications. 2) We are planning a migration from Novell to a new Windows AD domain. 3) The first stage of this migration is moving from Groupwise to Exchange. The plan here is to bring up the AD domain just enough to put users in, and install Exchange. The users would use OWA to access their e-mail. This brought up a concern for me: how do users change their AD passwords? When the accounts are created initially, we put on a temporary password, and let the users change it, but can they do that if the only connection they have is OWA? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
OT: Sprint SmartView, U301, Win 7x64 and failure to connect
All Reached the end of my rope. Have a Dell Latitude D531 laptop I rebuilt on 7/10 with Win 7 Pro x64. Have a known-working U301 modem (works on another machine) issued by Sprint. Am using Sprint SmartView 2.40. Device is detected fine, but when you press Connect button, it thinks about it for less than a second and goes back to 'Connect'. This DID work fine from the time I originally built it, for about a week when it just stopped. Obviously, something happened, but am unsure of what. System Restores are out, as installs/uninstalls of different versions of SmartView have used up all the allotted disk space. (Used Ace Utilities registry cleaner, Sprint's Clean.exe , etc. between each) I have uninstalled all Windows Updates since initial install, rebooting/testing after each one. No joy. Google has not yielded anything. Can't find anything relevant on Sprint forums. Not saying stuff isn't there, but maybe I'm just not thinking of the right keywords. One of the guys at the office in charge of system images (it's a company issued air card, personal laptop, but need aircard working on both for biz continuity) has told me that he's had minimal luck save for a total reimage. I'd really rather avoid this without knowing the cause, so I can avoid that trigger going forward. If anyone has any suggestions or experiences to share on this, I'd really appreciate it. Have a great Friday, Gary Whitten ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: WDS, PXE Proxy Split DHCP
This is similar to our setup here, WDS is installed on the secondary DCs on each of our sites, this was to overcome the PXE across VLANs without the networks team changing the config of the switches with the IP helper of our MDT servers. In the properties for WDS, under the DHCP tab 'Do not listen on port 67' and 'Configure DHCP option 60 to PXEClient' are both checked. Under Advanced, 'Yes, I want to authorise the WDS server in DHCP' is enabled. This is running on Server 2003, with a manual split of the DHCP scopes so may not apply to 2008 R2 with the Split Scopes option. Have you tried option 66 on DC01 with the IP of DC02? I have some other notes about configuring the settings for WDS in the DHCP scopes, I'll try and dig them out. Regards Tony Patton Desktop Support Analyst - Cavan Ext 8078 Direct Dial 049 435 2878 email: tony.pat...@quinn-insurance.com From: Sean Rector sean.rec...@vaopera.org To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Date: 29/07/2010 00:18 Subject:WDS, PXE Proxy Split DHCP Hello, I have two Windows Server 2008 R2 DHCP servers in a SplitScope configuration. One of these is my WDS server. If the PXE client pulls its IP from that server (DC01), WDS runs fine on the client. If the client pulls its IP from the 2nd server (DC02), I get the ?Windows failed to start.? error screen of Windows Boot Manager. On DC02, I have DHCP Options 66 (IP of DC01) and 67 (boot\X64\wdsnbp.com) configured. What am I missing? The documentation really doesn?t cover having a SplitScope configuration. I have DHCP split for resiliency. Sean Rector, MCSE Information Technology Manager Virginia Opera Association E-Mail: sean.rec...@vaopera.org Phone:(757) 213-4548 (direct line) {+} 2010-2011 subscriptions are on sale now! Featuring: Rigoletto | Così Fan Tutte | The Valkyrie | Madama Butterfly Visit us online at www.VaOpera.org or call 1-866-OPERA-VA The vision of Virginia Opera is to enrich lives through the powerful integration of music, voice and human drama. This e-mail and any attached files are confidential and intended solely for the intended recipient(s). Unless otherwise specified, persons unnamed as recipients may not read, distribute, copy or alter this e-mail. Any views or opinions expressed in this e-mail belong to the author and may not necessarily represent those of Virginia Opera. Although precautions have been taken to ensure no viruses are present, Virginia Opera cannot accept responsibility for any loss or damage that may arise from the use of this e-mail or attachments. {*} This e-mail is intended only for the addressee named above. The contents should not be copied nor disclosed to any other person. Any views or opinions expressed are solely those of the sender and do not necessarily represent those of QUINN-Insurance Limited (Under Administration), unless otherwise specifically stated . As internet communications are not secure, QUINN-Insurance Limited (Under Administration) is not responsible for the contents of this message nor responsible for any change made to this message after it was sent by the original sender. Although virus scanning is used on all inbound and outbound e-mail, we advise you to carry out your own virus check before opening any attachment. We cannot accept liability for any damage sustained as a result of any software viruses. QUINN-Insurance Limited (Under Administration) is regulated by the Financial Regulator and regulated by the Financial Services Authority for the conduct of UK business. QUINN-Insurance Limited (Under Administration) is registered in Ireland, registration number 240768 and is a private company limited by shares. Its head office is at Dublin Road, Cavan, Co. Cavan. This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
It's that day!
http://www.sysadminday.com/ And my Help Desk guy got the day off! -- Richard ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: It's that day!
Top 4 things you should NEVER tell a sysadmin on SYSTEM ADMINISTRATOR APPRECIATION DAY (or any other day) http://www.pcweenies.com/ On Fri, Jul 30, 2010 at 8:10 AM, richardmccl...@aspca.org wrote: http://www.sysadminday.com/ And my Help Desk guy got the day off! -- Richard -- Organization and good planning are just crutches for people that can't handle stress and caffeine. - unknown ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: It's that day!
Bummer. wish *I* could get some appreciation here. L Oh, well.. John-AldrichTile-Tools From: Vicky Spelshaus [mailto:vicky.spelsh...@gmail.com] Sent: Friday, July 30, 2010 9:37 AM To: NT System Admin Issues Subject: Re: It's that day! Top 4 things you should NEVER tell a sysadmin on SYSTEM ADMINISTRATOR APPRECIATION DAY (or any other day) http://www.pcweenies.com/ On Fri, Jul 30, 2010 at 8:10 AM, richardmccl...@aspca.org wrote: http://www.sysadminday.com/ And my Help Desk guy got the day off! -- Richard -- Organization and good planning are just crutches for people that can't handle stress and caffeine. - unknown ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~image001.jpgimage002.jpg
RE: It's that day!
This, and $1.75 gets you a cup of coffee at Starbucks. And there was much rejoicing. yea... From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] Sent: Friday, July 30, 2010 8:10 AM To: NT System Admin Issues Subject: It's that day! http://www.sysadminday.com/ And my Help Desk guy got the day off! -- Richard ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: It's that day!
So it's worth 25cents? Starbucks is $2 here. I like that miserable stuff from Mickey D's ($1) From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Friday, July 30, 2010 9:47 AM To: NT System Admin Issues Subject: RE: It's that day! This, and $1.75 gets you a cup of coffee at Starbucks. And there was much rejoicing. yea... From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] Sent: Friday, July 30, 2010 8:10 AM To: NT System Admin Issues Subject: It's that day! http://www.sysadminday.com/ And my Help Desk guy got the day off! -- Richard ** CONFIDENTIALITY NOTICE - The information transmitted in this message is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy all copies of this document. Thank you. Butler Schein Animal Health ** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: It's that day!
Just got an email from a co-worker. Happy S.A.D. Ironic? From: Brumbaugh, Luke [mailto:luke.brumba...@butlerschein.com] Sent: Friday, July 30, 2010 9:03 AM To: NT System Admin Issues Subject: RE: It's that day! So it's worth 25cents? Starbucks is $2 here. I like that miserable stuff from Mickey D's ($1) From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Friday, July 30, 2010 9:47 AM To: NT System Admin Issues Subject: RE: It's that day! This, and $1.75 gets you a cup of coffee at Starbucks. And there was much rejoicing. yea... From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] Sent: Friday, July 30, 2010 8:10 AM To: NT System Admin Issues Subject: It's that day! http://www.sysadminday.com/ And my Help Desk guy got the day off! -- Richard ** CONFIDENTIALITY NOTICE - The information transmitted in this message is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy all copies of this document. Thank you. Butler Schein Animal Health ** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Vipre effectiveness false positives
We've been on Vipre (and was one CounterSpy) for several years now and have had less than a handful of issues with being infected. Not to say that we haven't been infected, but we've had a pretty good success rate compared to when we had Symantec's Endpoint Protection. In regards to the false positives... we haven't had too many issues with this as some people have (knock on wood), but have had issues and were able to resolve those fairly quick. _ Cameron Cooper Network Administrator | CompTIA A+ Certified Aurico Reports, Inc Phone: 847-890-4021 | Fax: 847-255-1896 ccoo...@aurico.com | www.aurico.com From: Ralph Smith [mailto:m...@gatewayindustries.org] Sent: Thursday, July 29, 2010 3:08 PM To: NT System Admin Issues Subject: RE: Vipre effectiveness false positives True, but there were people on the VIPRE forum that were hit just as hard by a couple of the FPs that VIPRE had. I'm not knocking VIPRE at all - I like it a lot and would purchase it again with no hesitation. However, when a well known organization like Virus Bulletin publishes test results, it makes sense to look at the data and try to understand what it means and how it may impact your organization. I personally feel confident with Sunbelt, but I would be interested to understand how they interpret the chart and what they feel the implications are for their product. By the way, some lies may be statistics, but not all statistics are lies. Information, including statistical, is the basis for sound decision making. From: Kim Longenbaugh [mailto:k...@colonialsavings.com] Sent: Thursday, July 29, 2010 2:28 PM To: NT System Admin Issues Subject: RE: Vipre effectiveness false positives How about a little perspective on false positives? http://news.cnet.com/8301-1009_3-20003074-83.html and a reminder about statistics from Mark Twain: there's 3 kinds of lies: lies, damned lies, and statistics From: Ralph Smith [mailto:m...@gatewayindustries.org] Sent: Thursday, July 29, 2010 1:20 PM To: NT System Admin Issues Subject: RE: Vipre effectiveness false positives I've had VIPRE for a couple of years now, and was fortunately not hit hard with the false positive problems others have had. With about 180 Win XP machines, I've had only a half dozen infections in that time - all but one of the rogue AV kind, so I have been feeling pretty good. However, the chart that was linked to is a bit worrying - the only popular business class AV solution that scored worse was CA (my former solution), and most of the others - McAfee, ESET, Kaspersky, Sophos to name a few - show significantly better results. It would be interesting to hear a comment from Sunbelt - a little reassurance needed here. :-) From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Thursday, July 29, 2010 1:48 PM To: NT System Admin Issues Subject: Re: Vipre effectiveness false positives I don't know what you have now, but I can tell you from experience at various client sites over the last year or so, none of the following was without issues : Trend, McAfee, Symantec SAV SEP On Thu, Jul 29, 2010 at 11:37 AM, Carl Houseman c.house...@gmail.com wrote: For all of you staunch Vipre supporters, I'm just wondering, are you still so staunch given the various false positives over the past year? It seems like I remember reading here about one every quarter or so, and I can confirm at least 3 since (from online records and messages I didn't delete) since June 2009. And how many of you have had to deal with infections despite having an up-to-date Vipre? Issue I'm debating is a switch from another product to Vipre, and even though the price is very good, I'm looking at the Virusbtn RAP quadrant (http://www.virusbtn.com/vb100/rap-index.xml) with a very poor showing for Sunbelt. Including the false positives and cost of switching, it doesn't add up to a good choice. At least if the protection was much better, then the occasional false positive might be justified. Is there any 3rd party comparison or statistic that gives Vipre a better than average result? I'm not looking for endorsements or praise for their tech support - heard that all before. But if you've had Vipre on 10 seats or more and have kept track of live infections after a year or longer, and effort to avoid or recover from false positives, that would be great to know. Please include total number of seats in any report. Carl Confidentiality Notice: ** This communication, including any attachments, may contain confidential information and is intended only for the individual or entity to whom it is addressed. Any review, dissemination, or copying of this communication by an yone other than the intended recipient is strictly prohibited. If you are no t the intended recipient, please contact the sender by reply
RE: It's that day!
Anyway, for those of us who feel our career is in the crapper- I had to replace one of those on Sysadmin Appreciation Day a few years back. -- richard Maglinger, Paul pmaglin...@scvl.com wrote on 07/30/2010 09:11:52 AM: Just got an email from a co-worker. ?Happy S.A.D.? Ironic? From: Brumbaugh, Luke [mailto:luke.brumba...@butlerschein.com] Sent: Friday, July 30, 2010 9:03 AM To: NT System Admin Issues Subject: RE: It's that day! So it?s worth 25cents? Starbucks is $2 here. I like that miserable stuff from Mickey D?s ($1) From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Friday, July 30, 2010 9:47 AM To: NT System Admin Issues Subject: RE: It's that day! This, and $1.75 gets you a cup of coffee at Starbucks. And there was much rejoicing. yea??. From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] Sent: Friday, July 30, 2010 8:10 AM To: NT System Admin Issues Subject: It's that day! http://www.sysadminday.com/ And my Help Desk guy got the day off! -- Richard ** CONFIDENTIALITY NOTICE - The information transmitted in this message is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy all copies of this document. Thank you. Butler Schein Animal Health ** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Vipre effectiveness false positives
I think it all comes down to what you feel comfortable using and feel will protect you environment the best. That could be with Vipre or SEP, McAfee, etc... as others have said... no one solution will be 100% perfect. Vipre isn't perfect, but the product itself has proven itself valuable in our environment and continues to do so (even with issues). _ Cameron Cooper Network Administrator | CompTIA A+ Certified Aurico Reports, Inc Phone: 847-890-4021 | Fax: 847-255-1896 ccoo...@aurico.com | www.aurico.com From: Kim Longenbaugh [mailto:k...@colonialsavings.com] Sent: Thursday, July 29, 2010 3:39 PM To: NT System Admin Issues Subject: RE: Vipre effectiveness false positives My point was really that all AV vendors have experience FPs, not just Vipre. I agree that statistics can be a valuable tool, it's just that which ones you choose and how you present them can be misleading. For example, in a horse race between the US and Russia, the US horse won. In the American papers, it was reported that the US was took first place. In the Russian papers, it was reported that the US was next to last and that Russia was second place. The statistics reported in both cases were true, but the picture they gave of the race was very different. From: Ralph Smith [mailto:m...@gatewayindustries.org] Sent: Thursday, July 29, 2010 3:08 PM To: NT System Admin Issues Subject: RE: Vipre effectiveness false positives True, but there were people on the VIPRE forum that were hit just as hard by a couple of the FPs that VIPRE had. I'm not knocking VIPRE at all - I like it a lot and would purchase it again with no hesitation. However, when a well known organization like Virus Bulletin publishes test results, it makes sense to look at the data and try to understand what it means and how it may impact your organization. I personally feel confident with Sunbelt, but I would be interested to understand how they interpret the chart and what they feel the implications are for their product. By the way, some lies may be statistics, but not all statistics are lies. Information, including statistical, is the basis for sound decision making. From: Kim Longenbaugh [mailto:k...@colonialsavings.com] Sent: Thursday, July 29, 2010 2:28 PM To: NT System Admin Issues Subject: RE: Vipre effectiveness false positives How about a little perspective on false positives? http://news.cnet.com/8301-1009_3-20003074-83.html and a reminder about statistics from Mark Twain: there's 3 kinds of lies: lies, damned lies, and statistics From: Ralph Smith [mailto:m...@gatewayindustries.org] Sent: Thursday, July 29, 2010 1:20 PM To: NT System Admin Issues Subject: RE: Vipre effectiveness false positives I've had VIPRE for a couple of years now, and was fortunately not hit hard with the false positive problems others have had. With about 180 Win XP machines, I've had only a half dozen infections in that time - all but one of the rogue AV kind, so I have been feeling pretty good. However, the chart that was linked to is a bit worrying - the only popular business class AV solution that scored worse was CA (my former solution), and most of the others - McAfee, ESET, Kaspersky, Sophos to name a few - show significantly better results. It would be interesting to hear a comment from Sunbelt - a little reassurance needed here. :-) From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Thursday, July 29, 2010 1:48 PM To: NT System Admin Issues Subject: Re: Vipre effectiveness false positives I don't know what you have now, but I can tell you from experience at various client sites over the last year or so, none of the following was without issues : Trend, McAfee, Symantec SAV SEP On Thu, Jul 29, 2010 at 11:37 AM, Carl Houseman c.house...@gmail.com wrote: For all of you staunch Vipre supporters, I'm just wondering, are you still so staunch given the various false positives over the past year? It seems like I remember reading here about one every quarter or so, and I can confirm at least 3 since (from online records and messages I didn't delete) since June 2009. And how many of you have had to deal with infections despite having an up-to-date Vipre? Issue I'm debating is a switch from another product to Vipre, and even though the price is very good, I'm looking at the Virusbtn RAP quadrant (http://www.virusbtn.com/vb100/rap-index.xml) with a very poor showing for Sunbelt. Including the false positives and cost of switching, it doesn't add up to a good choice. At least if the protection was much better, then the occasional false positive might be justified. Is there any 3rd party comparison or statistic that gives Vipre a better than average result? I'm not looking for endorsements or praise for their tech support - heard that all before. But if you've had Vipre on 10
RE: It's that day!
It's just been a rough week. People on vacation and I can't get anything done on my projects. I'm hoping to get out on the water this weekend and recharge for next week. From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] Sent: Friday, July 30, 2010 9:22 AM To: NT System Admin Issues Subject: RE: It's that day! Anyway, for those of us who feel our career is in the crapper- I had to replace one of those on Sysadmin Appreciation Day a few years back. -- richard Maglinger, Paul pmaglin...@scvl.com wrote on 07/30/2010 09:11:52 AM: Just got an email from a co-worker. Happy S.A.D. Ironic? From: Brumbaugh, Luke [mailto:luke.brumba...@butlerschein.com] Sent: Friday, July 30, 2010 9:03 AM To: NT System Admin Issues Subject: RE: It's that day! So it's worth 25cents? Starbucks is $2 here. I like that miserable stuff from Mickey D's ($1) From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Friday, July 30, 2010 9:47 AM To: NT System Admin Issues Subject: RE: It's that day! This, and $1.75 gets you a cup of coffee at Starbucks. And there was much rejoicing. yea... From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] Sent: Friday, July 30, 2010 8:10 AM To: NT System Admin Issues Subject: It's that day! http://www.sysadminday.com/ And my Help Desk guy got the day off! -- Richard ** CONFIDENTIALITY NOTICE - The information transmitted in this message is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy all copies of this document. Thank you. Butler Schein Animal Health ** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Auditing in Windows 2008 and R2 what are folks doing?
They still don't scale -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Thursday, July 29, 2010 9:26 AM To: NT System Admin Issues Subject: Re: Auditing in Windows 2008 and R2 what are folks doing? There are TCP syslog options. On Thu, Jul 29, 2010 at 01:50, Ken Schaefer k...@adopenstatic.com wrote: We are implementing this in an even bigger environment. However syslog runs over UDP (natively) and it’s not reliable. You’d need to use software that gives you more reliability (e.g. by sending the traffic over TCP) if you need this to produce reliable log files centrally. Cheers Ken From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Thursday, 29 July 2010 3:50 AM To: NT System Admin Issues Subject: RE: Auditing in Windows 2008 and R2 what are folks doing? 800+ servers to a syslog? Plus going to have to put agents on every single server in the domain? Really haven’t used Syslog much for the windows event logging Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Wednesday, July 28, 2010 3:48 PM To: NT System Admin Issues Subject: Re: Auditing in Windows 2008 and R2 what are folks doing? EventCombMT still works... :) Why not export all the logs to SysLog, and spend a few tiny dollars on searching those logs? Syslog servers are cheap/free. Syslog forwarders for Windows are cheap/free. Tools to search consolidated logs range from free to exorbitant. See Splunk on both accounts. :) Once you have established the value of log parsing and management, you'll have a slightly better chance of procuring some funds. -ASB: http://XeeSM.com/AndrewBaker On Wed, Jul 28, 2010 at 3:38 PM, Ziots, Edward ezi...@lifespan.org wrote: Naa its far harder than that, I think someone said we can dump the event logs via powershell, but using EventCombMT when I need to get something I hope still works. Either that or I am going to have to bug MGMT again about a dedicated eventlog management tool. Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 From: James Rankin [mailto:kz2...@googlemail.com] Sent: Wednesday, July 28, 2010 3:36 PM To: NT System Admin Issues Subject: Re: Auditing in Windows 2008 and R2 what are folks doing? Tough gig then. Looks like you're going to be doing a lot of creative stuff with dumpel.exe and the findstr command :-) On 28 July 2010 13:06, Ziots, Edward ezi...@lifespan.org wrote: I don’t have SCOM, I wish I had some event log auditing solution, been asking for 5+ yrs, and all it ever falls on is deaf ears…. Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 From: Malcolm Reitz [mailto:malcolm.re...@live.com] Sent: Tuesday, July 27, 2010 6:29 PM To: NT System Admin Issues Subject: RE: Auditing in Windows 2008 and R2 what are folks doing? Have you looked in to using the Audit Collection Services piece of SCOM? I think ACS could be valuable for security event reporting and forensics use. -Malcolm From: James Rankin [mailto:kz2...@googlemail.com] Sent: Tuesday, July 27, 2010 15:41 To: NT System Admin Issues Subject: Re: Auditing in Windows 2008 and R2 what are folks doing? I'm mainly interested in account lockouts, logons attempted under things like built-in administrator accounts, high numbers of logon failures, and any attempts to modify security policies and/or protected groups (such as local admins, domain admins, server ops, and the like). We've also got certain areas where file access is audited. I use SCOM to try and aggregate the events for me. This is quite handy, as it also monitors things like failed su to root on our ESX servers and other stuff outside of the Windows event logging arena. On 27 July 2010 20:15, Ziots, Edward ezi...@lifespan.org wrote: Hey gang, well I wanted to ask the group, what is everyone doing about their audit policies on Windows 2008 R2 for domain controllers or member servers. I have mapped out all the audit categories and sub-categories, and events, but I don’t want the logs to turn into soup, so kinda wanted to see what others were doing for which categories and subcategories they turned on auditing for. Would be nice to bounce some ideas off about certain events. ( Already plowed through M$ site descriptions, the Microsoft Security Resource Kit and Randy Franklin Smith’s Eventlog site) Feel free to post here, or if you like catch me offline, love to hear the feedback. After this its on to Firewall rules accordingly for the servers and either scripting or GPOing that out for a baseline. Z Edward E. Ziots CISSP, Network +, Security + Network Engineer
FW: Wireless Machine Authentication
All Cisco LWAP access points using a 5508 wireless controller. We have PEAP set up so users can authenticate on the wireless network using their AD login...peachy. BUT...we have some machines that need to authenticate on the wireless before the user logs on (so they get can group policies and such). I thought we could just provide a generic credential and it would work but no such luck. How the heck do you make this work? The workstations are XP SP3 with intel wireless cards. Thanks all! * John C. Kelsey DuBois Regional Medical Center (: 814.375.3073 2 : 814.375.4005 *: jckel...@drmc.org mailto:jckel...@drmc.org * This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: It's that day!
I'd say, more like oxym-oronic From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Friday, July 30, 2010 9:12 AM To: NT System Admin Issues Subject: RE: It's that day! Just got an email from a co-worker. Happy S.A.D. Ironic? From: Brumbaugh, Luke [mailto:luke.brumba...@butlerschein.com] Sent: Friday, July 30, 2010 9:03 AM To: NT System Admin Issues Subject: RE: It's that day! So it's worth 25cents? Starbucks is $2 here. I like that miserable stuff from Mickey D's ($1) From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Friday, July 30, 2010 9:47 AM To: NT System Admin Issues Subject: RE: It's that day! This, and $1.75 gets you a cup of coffee at Starbucks. And there was much rejoicing. yea... From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] Sent: Friday, July 30, 2010 8:10 AM To: NT System Admin Issues Subject: It's that day! http://www.sysadminday.com/ And my Help Desk guy got the day off! -- Richard ** CONFIDENTIALITY NOTICE - The information transmitted in this message is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy all copies of this document. Thank you. Butler Schein Animal Health ** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Wireless Machine Authentication
We use EAP-TLS authenticating to Microsoft's IAS. The workstations all have a machine certificate generated by an internal certificate server. Workstations authenticate and connect to wireless before the user ever logs in. From: Kelsey, John [mailto:jckel...@drmc.org] Sent: Friday, July 30, 2010 10:36 AM To: NT System Admin Issues Subject: FW: Wireless Machine Authentication All Cisco LWAP access points using a 5508 wireless controller. We have PEAP set up so users can authenticate on the wireless network using their AD login...peachy. BUT...we have some machines that need to authenticate on the wireless before the user logs on (so they get can group policies and such). I thought we could just provide a generic credential and it would work but no such luck. How the heck do you make this work? The workstations are XP SP3 with intel wireless cards. Thanks all! * John C. Kelsey DuBois Regional Medical Center *: 814.375.3073 * : 814.375.4005 *: jckel...@drmc.orgmailto:jckel...@drmc.org * This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: OT: Vipre effectiveness false positives
I can understand FP's against lesser used applications, but when part of Windows or a commonly installed MS product is tagged, there's no real excuse for that IMHO. Still, I've asked Alex to provide any comparison data he can come up with, and to the extent the evidence is unbiased and convincing, I may put forth Vipre as an alternative. Thanks everybody for all the feedback. Carl From: David Lum [mailto:david@nwea.org] Sent: Friday, July 30, 2010 2:23 AM To: NT System Admin Issues Subject: RE: OT: Vipre effectiveness false positives As I have stated in previous AV threads, I actually use/manage 3 different AV products: Vipre Enterprise (3 clients, ~25 systems, plus my home machines), Trend WorryFree (1 client, 55 systems) and McAfee (%dayjob%, ~500 systems) and Vipre easily has more false positives than the other two: 3 in the last 12 months, vs zero for Trend and McAfee. Twice it ate Outlook.exe, one other time it ate Iexplore.exe. Not enough to make we want to switch from Vipre, just offering a data point. A bit over a year ago Vipre replaced Trend at home (1 server, 3PC's), Symantec at a client of 17, and standalone McAfee at a client of 7, no major issues transitioning any of them. There were enough teething pains (FP's) early on to prevent me from replacing it at the bigger client as well as %dayjob%. I avoided the recent McAfee fiasco because I grab updates ~20 hours after they typcically release, didn't know Trend had one recently. Alternately, none of these sites have had infections requiring a HDD wipe. Dave _ From: Ralph Smith m...@gatewayindustries.org Sent: Thursday, July 29, 2010 8:49 PM To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Subject: RE: Vipre effectiveness false positives I don't disagree, but when you are presented with information you have to evaluate the validity of the data, and hopefully get clarification from those involved when it implies that there may be a problem. Virus Bulletin actually warned in the explanation of the chart that it was just one result and that conclusions shouldn't be jumped to until there was more data. And sometimes, a horse is just a horse, of course. _ From: Kim Longenbaugh [mailto:k...@colonialsavings.com] Sent: Thursday, July 29, 2010 4:39 PM To: NT System Admin Issues Subject: RE: Vipre effectiveness false positives My point was really that all AV vendors have experience FPs, not just Vipre. I agree that statistics can be a valuable tool, it's just that which ones you choose and how you present them can be misleading. For example, in a horse race between the US and Russia, the US horse won. In the American papers, it was reported that the US was took first place. In the Russian papers, it was reported that the US was next to last and that Russia was second place. The statistics reported in both cases were true, but the picture they gave of the race was very different. From: Ralph Smith [mailto:m...@gatewayindustries.org] Sent: Thursday, July 29, 2010 3:08 PM To: NT System Admin Issues Subject: RE: Vipre effectiveness false positives True, but there were people on the VIPRE forum that were hit just as hard by a couple of the FPs that VIPRE had. I'm not knocking VIPRE at all - I like it a lot and would purchase it again with no hesitation. However, when a well known organization like Virus Bulletin publishes test results, it makes sense to look at the data and try to understand what it means and how it may impact your organization. I personally feel confident with Sunbelt, but I would be interested to understand how they interpret the chart and what they feel the implications are for their product. By the way, some lies may be statistics, but not all statistics are lies. Information, including statistical, is the basis for sound decision making. _ From: Kim Longenbaugh [mailto:k...@colonialsavings.com] Sent: Thursday, July 29, 2010 2:28 PM To: NT System Admin Issues Subject: RE: Vipre effectiveness false positives How about a little perspective on false positives? http://news.cnet.com/8301-1009_3-20003074-83.html and a reminder about statistics from Mark Twain: there's 3 kinds of lies: lies, damned lies, and statistics From: Ralph Smith [mailto:m...@gatewayindustries.org] Sent: Thursday, July 29, 2010 1:20 PM To: NT System Admin Issues Subject: RE: Vipre effectiveness false positives I've had VIPRE for a couple of years now, and was fortunately not hit hard with the false positive problems others have had. With about 180 Win XP machines, I've had only a half dozen infections in that time - all but one of the rogue AV kind, so I have been feeling pretty good. However, the chart that was linked to is a bit worrying - the only popular business class AV solution that scored worse was CA (my former solution), and most of the others - McAfee, ESET, Kaspersky, Sophos to name a
RE: It's that day!
I got offered a new job today, so I'm happy :) Regards Tony Patton Desktop Support Analyst - Cavan Ext 8078 Direct Dial 049 435 2878 email: tony.pat...@quinn-insurance.com From: richardmccl...@aspca.org To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Date: 30/07/2010 15:22 Subject:RE: It's that day! Anyway, for those of us who feel our career is in the crapper- I had to replace one of those on Sysadmin Appreciation Day a few years back. -- richard Maglinger, Paul pmaglin...@scvl.com wrote on 07/30/2010 09:11:52 AM: Just got an email from a co-worker. ?Happy S.A.D.? Ironic? From: Brumbaugh, Luke [mailto:luke.brumba...@butlerschein.com] Sent: Friday, July 30, 2010 9:03 AM To: NT System Admin Issues Subject: RE: It's that day! So it?s worth 25cents? Starbucks is $2 here. I like that miserable stuff from Mickey D?s ($1) From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Friday, July 30, 2010 9:47 AM To: NT System Admin Issues Subject: RE: It's that day! This, and $1.75 gets you a cup of coffee at Starbucks. And there was much rejoicing. yea??. From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] Sent: Friday, July 30, 2010 8:10 AM To: NT System Admin Issues Subject: It's that day! http://www.sysadminday.com/ And my Help Desk guy got the day off! -- Richard ** CONFIDENTIALITY NOTICE - The information transmitted in this message is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy all copies of this document. Thank you. Butler Schein Animal Health ** This e-mail is intended only for the addressee named above. The contents should not be copied nor disclosed to any other person. Any views or opinions expressed are solely those of the sender and do not necessarily represent those of QUINN-Insurance Limited (Under Administration), unless otherwise specifically stated . As internet communications are not secure, QUINN-Insurance Limited (Under Administration) is not responsible for the contents of this message nor responsible for any change made to this message after it was sent by the original sender. Although virus scanning is used on all inbound and outbound e-mail, we advise you to carry out your own virus check before opening any attachment. We cannot accept liability for any damage sustained as a result of any software viruses. QUINN-Insurance Limited (Under Administration) is regulated by the Financial Regulator and regulated by the Financial Services Authority for the conduct of UK business. QUINN-Insurance Limited (Under Administration) is registered in Ireland, registration number 240768 and is a private company limited by shares. Its head office is at Dublin Road, Cavan, Co. Cavan. This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Hyper-V and 'Default Gateway'
Is it possible to use a different default gateway on one Hyper-V guest than the Hyper-V host is using? What I have is a situation where we have multiple IP ranges within the same network meaning there is no router nor firewall between the different IP segments, but each IP subnet is different so I have multiple default gateways. let's say the first is 192.168.0.1 with a mask of 255.255.255.192 and the second would be 192.168.0.70 / mask of 255.255.255.192. In short I have tried all kinds of configurations but i can't seem to get a connection using any other gateway address, and it would make sense that it should agree with the host, but I cant find anywhere to 'verify' that! I have found many documents telling me that all the virtual servers on a Hyper-V host must be in the same network but no where does it define the parameters of the network! (Each of my Hyper-V guests are pointed directly at a physical network card on the host, they are _not_ NATed) ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: It's that day!
Congrats! Die dulci fruere! Roger Wright ___ On Fri, Jul 30, 2010 at 11:26 AM, tony patton tony.pat...@quinn-insurance.com wrote: I got offered a new job today, so I'm happy :) Regards Tony Patton Desktop Support Analyst - Cavan Ext 8078 Direct Dial 049 435 2878 email: tony.pat...@quinn-insurance.com From: richardmccl...@aspca.org To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Date: 30/07/2010 15:22 Subject: RE: It's that day! Anyway, for those of us who feel our career is in the crapper- I had to replace one of those on Sysadmin Appreciation Day a few years back. -- richard Maglinger, Paul pmaglin...@scvl.com wrote on 07/30/2010 09:11:52 AM: Just got an email from a co-worker. “Happy S.A.D.” Ironic? From: Brumbaugh, Luke [mailto:luke.brumba...@butlerschein.com] Sent: Friday, July 30, 2010 9:03 AM To: NT System Admin Issues Subject: RE: It's that day! So it’s worth 25cents? Starbucks is $2 here. I like that miserable stuff from Mickey D’s ($1) From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Friday, July 30, 2010 9:47 AM To: NT System Admin Issues Subject: RE: It's that day! This, and $1.75 gets you a cup of coffee at Starbucks. And there was much rejoicing. yea……. From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] Sent: Friday, July 30, 2010 8:10 AM To: NT System Admin Issues Subject: It's that day! http://www.sysadminday.com/ And my Help Desk guy got the day off! -- Richard ** CONFIDENTIALITY NOTICE - The information transmitted in this message is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy all copies of this document. Thank you. Butler Schein Animal Health ** This e-mail is intended only for the addressee named above. The contents should not be copied nor disclosed to any other person. Any views or opinions expressed are solely those of the sender and do not necessarily represent those of QUINN-Insurance Limited (Under Administration), unless otherwise specifically stated . As internet communications are not secure, QUINN-Insurance Limited (Under Administration) is not responsible for the contents of this message nor responsible for any change made to this message after it was sent by the original sender. Although virus scanning is used on all inbound and outbound e-mail, we advise you to carry out your own virus check before opening any attachment. We cannot accept liability for any damage sustained as a result of any software viruses. QUINN-Insurance Limited (Under Administration) is regulated by the Financial Regulator and regulated by the Financial Services Authority for the conduct of UK business. QUINN-Insurance Limited (Under Administration) is registered in Ireland, registration number 240768 and is a private company limited by shares. Its head office is at Dublin Road, Cavan, Co. Cavan. This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: It's that day!
Congrats Tony! Hopefully some of that good fortune will rub off :) Don K From: tony patton tony.pat...@quinn-insurance.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Fri, July 30, 2010 10:26:40 AM Subject: RE: It's that day! I got offered a new job today, so I'm happy :) Regards Tony Patton Desktop Support Analyst - Cavan Ext 8078 Direct Dial 049 435 2878 email: tony.pat...@quinn-insurance.com From: richardmccl...@aspca.org To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Date: 30/07/2010 15:22 Subject: RE: It's that day! Anyway, for those of us who feel our career is in the crapper- I had to replace one of those on Sysadmin Appreciation Day a few years back. -- richard Maglinger, Paul pmaglin...@scvl.com wrote on 07/30/2010 09:11:52 AM: Just got an email from a co-worker. “Happy S.A.D.” Ironic? From: Brumbaugh, Luke [mailto:luke.brumba...@butlerschein.com] Sent: Friday, July 30, 2010 9:03 AM To: NT System Admin Issues Subject: RE: It's that day! So it’s worth 25cents? Starbucks is $2 here. I like that miserable stuff from Mickey D’s ($1) From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Friday, July 30, 2010 9:47 AM To: NT System Admin Issues Subject: RE: It's that day! This, and $1.75 gets you a cup of coffee at Starbucks. And there was much rejoicing. yea……. From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] Sent: Friday, July 30, 2010 8:10 AM To: NT System Admin Issues Subject: It's that day! http://www.sysadminday.com/ And my Help Desk guy got the day off! -- Richard ** CONFIDENTIALITY NOTICE - The information transmitted in this message is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy all copies of this document. Thank you. Butler Schein Animal Health ** This e-mail is intended only for the addressee named above. The contents should not be copied nor disclosed to any other person. Any views or opinions expressed are solely those of the sender and do not necessarily represent those of QUINN-Insurance Limited (Under Administration), unless otherwise specifically stated . As internet communications are not secure, QUINN-Insurance Limited (Under Administration) is not responsible for the contents of this message nor responsible for any change made to this message after it was sent by the original sender. Although virus scanning is used on all inbound and outbound e-mail, we advise you to carry out your own virus check before opening any attachment. We cannot accept liability for any damage sustained as a result of any software viruses. QUINN-Insurance Limited (Under Administration) is regulated by the Financial Regulator and regulated by the Financial Services Authority for the conduct of UK business. QUINN-Insurance Limited (Under Administration) is registered in Ireland, registration number 240768 and is a private company limited by shares. Its head office is at Dublin Road, Cavan, Co. Cavan. This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: It's that day!
Congrats! John-AldrichTile-Tools From: tony patton [mailto:tony.pat...@quinn-insurance.com] Sent: Friday, July 30, 2010 11:27 AM To: NT System Admin Issues Subject: RE: It's that day! I got offered a new job today, so I'm happy :) Regards Tony Patton Desktop Support Analyst - Cavan Ext 8078 Direct Dial 049 435 2878 email: tony.pat...@quinn-insurance.com From:richardmccl...@aspca.org To:NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Date:30/07/2010 15:22 Subject:RE: It's that day! _ Anyway, for those of us who feel our career is in the crapper- I had to replace one of those on Sysadmin Appreciation Day a few years back. -- richard Maglinger, Paul pmaglin...@scvl.com wrote on 07/30/2010 09:11:52 AM: Just got an email from a co-worker. Happy S.A.D. Ironic? From: Brumbaugh, Luke [ mailto:luke.brumba...@butlerschein.com mailto:luke.brumba...@butlerschein.com] Sent: Friday, July 30, 2010 9:03 AM To: NT System Admin Issues Subject: RE: It's that day! So it's worth 25cents? Starbucks is $2 here. I like that miserable stuff from Mickey D's ($1) From: Maglinger, Paul [ mailto:pmaglin...@scvl.com mailto:pmaglin...@scvl.com] Sent: Friday, July 30, 2010 9:47 AM To: NT System Admin Issues Subject: RE: It's that day! This, and $1.75 gets you a cup of coffee at Starbucks. And there was much rejoicing. yea... From: richardmccl...@aspca.org [ mailto:richardmccl...@aspca.org mailto:richardmccl...@aspca.org] Sent: Friday, July 30, 2010 8:10 AM To: NT System Admin Issues Subject: It's that day! http://www.sysadminday.com/ http://www.sysadminday.com/ And my Help Desk guy got the day off! -- Richard ** CONFIDENTIALITY NOTICE - The information transmitted in this message is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy all copies of this document. Thank you. Butler Schein Animal Health ** This e-mail is intended only for the addressee named above. The contents should not be copied nor disclosed to any other person. Any views or opinions expressed are solely those of the sender and do not necessarily represent those of QUINN-Insurance Limited (Under Administration), unless otherwise specifically stated . As internet communications are not secure, QUINN-Insurance Limited (Under Administration) is not responsible for the contents of this message nor responsible for any change made to this message after it was sent by the original sender. Although virus scanning is used on all inbound and outbound e-mail, we advise you to carry out your own virus check before opening any attachment. We cannot accept liability for any damage sustained as a result of any software viruses. QUINN-Insurance Limited (Under Administration) is regulated by the Financial Regulator and regulated by the Financial Services Authority for the conduct of UK business. QUINN-Insurance Limited (Under Administration) is registered in Ireland, registration number 240768 and is a private company limited by shares. Its head office is at Dublin Road, Cavan, Co. Cavan. This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~image001.jpgimage002.jpg
Re: It's that day!
Thx folks, hope it rubs off on everyone else that needs/wants it :) Its an advancement career-wise, moving to full-time server support with another company. It's a bit of a pay-cut, but it'll pay off in the long term, the new company will provide a new challenge and the technologies that they are involved in are wide-ranging. A busy schedule ahead of me, finish up here on the 10th September, re-locate, start the new job, and twins on the way Xmas week. Fun times ahead :) Regards Tony Patton Desktop Support Analyst - Cavan Ext 8078 Direct Dial 049 435 2878 email: tony.pat...@quinn-insurance.com From: Don Kuhlman drkuhl...@yahoo.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Date: 30/07/2010 16:50 Subject:Re: It's that day! Congrats Tony! Hopefully some of that good fortune will rub off :) Don K From: tony patton tony.pat...@quinn-insurance.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Fri, July 30, 2010 10:26:40 AM Subject: RE: It's that day! I got offered a new job today, so I'm happy :) Regards Tony Patton Desktop Support Analyst - Cavan Ext 8078 Direct Dial 049 435 2878 email: tony.pat...@quinn-insurance.com From:richardmccl...@aspca.org To:NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Date:30/07/2010 15:22 Subject:RE: It's that day! Anyway, for those of us who feel our career is in the crapper- I had to replace one of those on Sysadmin Appreciation Day a few years back. -- richard Maglinger, Paul pmaglin...@scvl.com wrote on 07/30/2010 09:11:52 AM: Just got an email from a co-worker. ?Happy S.A.D.? Ironic? From: Brumbaugh, Luke [mailto:luke.brumba...@butlerschein.com] Sent: Friday, July 30, 2010 9:03 AM To: NT System Admin Issues Subject: RE: It's that day! So it?s worth 25cents? Starbucks is $2 here. I like that miserable stuff from Mickey D?s ($1) From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Friday, July 30, 2010 9:47 AM To: NT System Admin Issues Subject: RE: It's that day! This, and $1.75 gets you a cup of coffee at Starbucks. And there was much rejoicing. yea??. From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] Sent: Friday, July 30, 2010 8:10 AM To: NT System Admin Issues Subject: It's that day! http://www.sysadminday.com/ And my Help Desk guy got the day off! -- Richard ** CONFIDENTIALITY NOTICE - The information transmitted in this message is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy all copies of this document. Thank you. Butler Schein Animal Health ** This e-mail is intended only for the addressee named above. The contents should not be copied nor disclosed to any other person. Any views or opinions expressed are solely those of the sender and do not necessarily represent those of QUINN-Insurance Limited (Under Administration), unless otherwise specifically stated . As internet communications are not secure, QUINN-Insurance Limited (Under Administration) is not responsible for the contents of this message nor responsible for any change made to this message after it was sent by the original sender. Although virus scanning is used on all inbound and outbound e-mail, we advise you to carry out your own virus check before opening any attachment. We cannot accept liability for any damage sustained as a result of any software viruses. QUINN-Insurance Limited (Under Administration) is regulated by the Financial Regulator and regulated by the Financial Services Authority for the conduct of UK business. QUINN-Insurance Limited (Under Administration) is registered in Ireland, registration number 240768 and is a private company limited by shares. Its head office is at Dublin Road, Cavan, Co. Cavan. This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. This e-mail is intended only for the addressee named above. The contents should not be copied nor disclosed to any other person. Any views or opinions expressed are solely those of the sender and do not necessarily represent those
RE: It's that day!
Congrats Tony! From: tony patton [mailto:tony.pat...@quinn-insurance.com] Sent: Friday, July 30, 2010 10:27 AM To: NT System Admin Issues Subject: RE: It's that day! I got offered a new job today, so I'm happy :) Regards Tony Patton Desktop Support Analyst - Cavan Ext 8078 Direct Dial 049 435 2878 email: tony.pat...@quinn-insurance.com From:richardmccl...@aspca.org To:NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Date:30/07/2010 15:22 Subject:RE: It's that day! Anyway, for those of us who feel our career is in the crapper- I had to replace one of those on Sysadmin Appreciation Day a few years back. -- richard Maglinger, Paul pmaglin...@scvl.com wrote on 07/30/2010 09:11:52 AM: Just got an email from a co-worker. Happy S.A.D. Ironic? From: Brumbaugh, Luke [mailto:luke.brumba...@butlerschein.com mailto:luke.brumba...@butlerschein.com ] Sent: Friday, July 30, 2010 9:03 AM To: NT System Admin Issues Subject: RE: It's that day! So it's worth 25cents? Starbucks is $2 here. I like that miserable stuff from Mickey D's ($1) From: Maglinger, Paul [mailto:pmaglin...@scvl.com mailto:pmaglin...@scvl.com ] Sent: Friday, July 30, 2010 9:47 AM To: NT System Admin Issues Subject: RE: It's that day! This, and $1.75 gets you a cup of coffee at Starbucks. And there was much rejoicing. yea... From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org mailto:richardmccl...@aspca.org ] Sent: Friday, July 30, 2010 8:10 AM To: NT System Admin Issues Subject: It's that day! http://www.sysadminday.com/ http://www.sysadminday.com/ And my Help Desk guy got the day off! -- Richard ** CONFIDENTIALITY NOTICE - The information transmitted in this message is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy all copies of this document. Thank you. Butler Schein Animal Health ** This e-mail is intended only for the addressee named above. The contents should not be copied nor disclosed to any other person. Any views or opinions expressed are solely those of the sender and do not necessarily represent those of QUINN-Insurance Limited (Under Administration), unless otherwise specifically stated . As internet communications are not secure, QUINN-Insurance Limited (Under Administration) is not responsible for the contents of this message nor responsible for any change made to this message after it was sent by the original sender. Although virus scanning is used on all inbound and outbound e-mail, we advise you to carry out your own virus check before opening any attachment. We cannot accept liability for any damage sustained as a result of any software viruses. QUINN-Insurance Limited (Under Administration) is regulated by the Financial Regulator and regulated by the Financial Services Authority for the conduct of UK business. QUINN-Insurance Limited (Under Administration) is registered in Ireland, registration number 240768 and is a private company limited by shares. Its head office is at Dublin Road, Cavan, Co. Cavan. This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: It's that day!
Too bad I cant drink coffee, even decaf, due to MY BLEEDING ULCER! - Original Message - From: Maglinger, Paul To: NT System Admin Issues Sent: Friday, July 30, 2010 9:46 AM Subject: RE: It's that day! This, and $1.75 gets you a cup of coffee at Starbucks. And there was much rejoicing. yea... From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] Sent: Friday, July 30, 2010 8:10 AM To: NT System Admin Issues Subject: It's that day! http://www.sysadminday.com/ And my Help Desk guy got the day off! -- Richard ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: It's that day!
Tony, are you an Irishman? - Original Message - From: tony patton To: NT System Admin Issues Sent: Friday, July 30, 2010 11:59 AM Subject: Re: It's that day! Thx folks, hope it rubs off on everyone else that needs/wants it :) Its an advancement career-wise, moving to full-time server support with another company. It's a bit of a pay-cut, but it'll pay off in the long term, the new company will provide a new challenge and the technologies that they are involved in are wide-ranging. A busy schedule ahead of me, finish up here on the 10th September, re-locate, start the new job, and twins on the way Xmas week. Fun times ahead :) Regards Tony Patton Desktop Support Analyst - Cavan Ext 8078 Direct Dial 049 435 2878 email: tony.pat...@quinn-insurance.com From:Don Kuhlman drkuhl...@yahoo.com To:NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Date:30/07/2010 16:50 Subject:Re: It's that day! -- Congrats Tony! Hopefully some of that good fortune will rub off :) Don K -- From: tony patton tony.pat...@quinn-insurance.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Fri, July 30, 2010 10:26:40 AM Subject: RE: It's that day! I got offered a new job today, so I'm happy :) Regards Tony Patton Desktop Support Analyst - Cavan Ext 8078 Direct Dial 049 435 2878 email: tony.pat...@quinn-insurance.com From:richardmccl...@aspca.org To:NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Date:30/07/2010 15:22 Subject:RE: It's that day! -- Anyway, for those of us who feel our career is in the crapper- I had to replace one of those on Sysadmin Appreciation Day a few years back. -- richard Maglinger, Paul pmaglin...@scvl.com wrote on 07/30/2010 09:11:52 AM: Just got an email from a co-worker. Happy S.A.D. Ironic? From: Brumbaugh, Luke [mailto:luke.brumba...@butlerschein.com] Sent: Friday, July 30, 2010 9:03 AM To: NT System Admin Issues Subject: RE: It's that day! So it's worth 25cents? Starbucks is $2 here. I like that miserable stuff from Mickey D's ($1) From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Friday, July 30, 2010 9:47 AM To: NT System Admin Issues Subject: RE: It's that day! This, and $1.75 gets you a cup of coffee at Starbucks. And there was much rejoicing. yea... From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] Sent: Friday, July 30, 2010 8:10 AM To: NT System Admin Issues Subject: It's that day! http://www.sysadminday.com/ And my Help Desk guy got the day off! -- Richard ** CONFIDENTIALITY NOTICE - The information transmitted in this message is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy all copies of this document. Thank you. Butler Schein Animal Health ** This e-mail is intended only for the addressee named above. The contents should not be copied nor disclosed to any other person. Any views or opinions expressed are solely those of the sender and do not necessarily represent those of QUINN-Insurance Limited (Under Administration), unless otherwise specifically stated . As internet communications are not secure, QUINN-Insurance Limited (Under Administration) is not responsible for the contents of this message nor responsible for any change made to this message after it was sent by the original sender. Although virus scanning is used on all inbound and outbound e-mail, we advise you to carry out your own virus check before opening any attachment. We cannot accept liability for any damage sustained as a result of any software viruses. QUINN-Insurance Limited (Under Administration) is regulated by the Financial Regulator and regulated by the Financial Services Authority for the conduct of UK business. QUINN-Insurance Limited (Under Administration) is registered in
Re: It's that day!
And congrats on the Twins too Tony! Woohooo From: tony patton tony.pat...@quinn-insurance.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Fri, July 30, 2010 10:59:37 AM Subject: Re: It's that day! Thx folks, hope it rubs off on everyone else that needs/wants it :) Its an advancement career-wise, moving to full-time server support with another company. It's a bit of a pay-cut, but it'll pay off in the long term, the new company will provide a new challenge and the technologies that they are involved in are wide-ranging. A busy schedule ahead of me, finish up here on the 10th September, re-locate, start the new job, and twins on the way Xmas week. Fun times ahead :) Regards Tony Patton Desktop Support Analyst - Cavan Ext 8078 Direct Dial 049 435 2878 email: tony.pat...@quinn-insurance.com From: Don Kuhlman drkuhl...@yahoo.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Date: 30/07/2010 16:50 Subject: Re: It's that day! Congrats Tony! Hopefully some of that good fortune will rub off :) Don K From: tony patton tony.pat...@quinn-insurance.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Fri, July 30, 2010 10:26:40 AM Subject: RE: It's that day! I got offered a new job today, so I'm happy :) Regards Tony Patton Desktop Support Analyst - Cavan Ext 8078 Direct Dial 049 435 2878 email: tony.pat...@quinn-insurance.com From: richardmccl...@aspca.org To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Date: 30/07/2010 15:22 Subject: RE: It's that day! Anyway, for those of us who feel our career is in the crapper- I had to replace one of those on Sysadmin Appreciation Day a few years back. -- richard Maglinger, Paul pmaglin...@scvl.com wrote on 07/30/2010 09:11:52 AM: Just got an email from a co-worker. “Happy S.A.D.” Ironic? From: Brumbaugh, Luke [mailto:luke.brumba...@butlerschein.com] Sent: Friday, July 30, 2010 9:03 AM To: NT System Admin Issues Subject: RE: It's that day! So it’s worth 25cents? Starbucks is $2 here. I like that miserable stuff from Mickey D’s ($1) From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Friday, July 30, 2010 9:47 AM To: NT System Admin Issues Subject: RE: It's that day! This, and $1.75 gets you a cup of coffee at Starbucks. And there was much rejoicing. yea……. From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] Sent: Friday, July 30, 2010 8:10 AM To: NT System Admin Issues Subject: It's that day! http://www.sysadminday.com/ And my Help Desk guy got the day off! -- Richard ** CONFIDENTIALITY NOTICE - The information transmitted in this message is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy all copies of this document. Thank you. Butler Schein Animal Health ** This e-mail is intended only for the addressee named above. The contents should not be copied nor disclosed to any other person. Any views or opinions expressed are solely those of the sender and do not necessarily represent those of QUINN-Insurance Limited (Under Administration), unless otherwise specifically stated . As internet communications are not secure, QUINN-Insurance Limited (Under Administration) is not responsible for the contents of this message nor responsible for any change made to this message after it was sent by the original sender. Although virus scanning is used on all inbound and outbound e-mail, we advise you to carry out your own virus check before opening any attachment. We cannot accept liability for any damage sustained as a result of any software viruses. QUINN-Insurance Limited (Under Administration) is regulated by the Financial Regulator and regulated by the Financial Services Authority for the conduct of UK business. QUINN-Insurance Limited (Under Administration) is registered in Ireland, registration number 240768 and is a private company limited by shares. Its head office is at Dublin Road, Cavan, Co. Cavan. This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error,
Symantec Power Eraser ???
Has anyone evaluated this tool yet ? They position it alongside Malwarebytes as a supplementary tool to their primary (SEP) software, but state it is aggressive and errs towards the side of false positives Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Hyper-V and 'Default Gateway'
The problem is not that the host address is different, but that the gateway address is not on the same subnet as the machine's IP address. The machine had to be able to figure out how to reach its default gateway, so it cannot be on a different subnet. -ASB: http://XeeSM.com/AndrewBaker Sent from my Motorola Droid On Jul 30, 2010 11:27 AM, Stephen Wimberly swimbe...@gmail.com wrote: Is it possible to use a different default gateway on one Hyper-V guest than the Hyper-V host is using? What I have is a situation where we have multiple IP ranges within the same network meaning there is no router nor firewall between the different IP segments, but each IP subnet is different so I have multiple default gateways. let's say the first is 192.168.0.1 with a mask of 255.255.255.192 and the second would be 192.168.0.70 / mask of 255.255.255.192. In short I have tried all kinds of configurations but i can't seem to get a connection using any other gateway address, and it would make sense that it should agree with the host, but I cant find anywhere to 'verify' that! I have found many documents telling me that all the virtual servers on a Hyper-V host must be in the same network but no where does it define the parameters of the network! (Each of my Hyper-V guests are pointed directly at a physical network card on the host, they are _not_ NATed) ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Hyper-V and 'Default Gateway'
The short story is that although the two IP subnets may be on the same physical segment (or virtual physical segment), they are not on the same IP subnet or, as you call it, network. Therefore, there has to be a router with an interface on each subnet to act as the default gateway to the other subnet. -Original Message- From: Stephen Wimberly [mailto:swimbe...@gmail.com] Sent: Friday, July 30, 2010 10:27 AM To: NT System Admin Issues Subject: Hyper-V and 'Default Gateway' Is it possible to use a different default gateway on one Hyper-V guest than the Hyper-V host is using? What I have is a situation where we have multiple IP ranges within the same network meaning there is no router nor firewall between the different IP segments, but each IP subnet is different so I have multiple default gateways. let's say the first is 192.168.0.1 with a mask of 255.255.255.192 and the second would be 192.168.0.70 / mask of 255.255.255.192. In short I have tried all kinds of configurations but i can't seem to get a connection using any other gateway address, and it would make sense that it should agree with the host, but I cant find anywhere to 'verify' that! I have found many documents telling me that all the virtual servers on a Hyper-V host must be in the same network but no where does it define the parameters of the network! (Each of my Hyper-V guests are pointed directly at a physical network card on the host, they are _not_ NATed) ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Auditing in Windows 2008 and R2 what are folks doing?
The systems I've seen described don't depend on a single syslog server - it's usually a set of them, and the data is aggregated. to a central repository. Mind you, I've not worked in a large scale environment, but discussion on lists like the one at loganalysis.org has been interesting. On Fri, Jul 30, 2010 at 07:34, Free, Bob r...@pge.com wrote: They still don't scale -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Thursday, July 29, 2010 9:26 AM To: NT System Admin Issues Subject: Re: Auditing in Windows 2008 and R2 what are folks doing? There are TCP syslog options. On Thu, Jul 29, 2010 at 01:50, Ken Schaefer k...@adopenstatic.com wrote: We are implementing this in an even bigger environment. However syslog runs over UDP (natively) and it’s not reliable. You’d need to use software that gives you more reliability (e.g. by sending the traffic over TCP) if you need this to produce reliable log files centrally. Cheers Ken From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Thursday, 29 July 2010 3:50 AM To: NT System Admin Issues Subject: RE: Auditing in Windows 2008 and R2 what are folks doing? 800+ servers to a syslog? Plus going to have to put agents on every single server in the domain? Really haven’t used Syslog much for the windows event logging Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Wednesday, July 28, 2010 3:48 PM To: NT System Admin Issues Subject: Re: Auditing in Windows 2008 and R2 what are folks doing? EventCombMT still works... :) Why not export all the logs to SysLog, and spend a few tiny dollars on searching those logs? Syslog servers are cheap/free. Syslog forwarders for Windows are cheap/free. Tools to search consolidated logs range from free to exorbitant. See Splunk on both accounts. :) Once you have established the value of log parsing and management, you'll have a slightly better chance of procuring some funds. -ASB: http://XeeSM.com/AndrewBaker On Wed, Jul 28, 2010 at 3:38 PM, Ziots, Edward ezi...@lifespan.org wrote: Naa its far harder than that, I think someone said we can dump the event logs via powershell, but using EventCombMT when I need to get something I hope still works. Either that or I am going to have to bug MGMT again about a dedicated eventlog management tool. Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 From: James Rankin [mailto:kz2...@googlemail.com] Sent: Wednesday, July 28, 2010 3:36 PM To: NT System Admin Issues Subject: Re: Auditing in Windows 2008 and R2 what are folks doing? Tough gig then. Looks like you're going to be doing a lot of creative stuff with dumpel.exe and the findstr command :-) On 28 July 2010 13:06, Ziots, Edward ezi...@lifespan.org wrote: I don’t have SCOM, I wish I had some event log auditing solution, been asking for 5+ yrs, and all it ever falls on is deaf ears…. Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 From: Malcolm Reitz [mailto:malcolm.re...@live.com] Sent: Tuesday, July 27, 2010 6:29 PM To: NT System Admin Issues Subject: RE: Auditing in Windows 2008 and R2 what are folks doing? Have you looked in to using the Audit Collection Services piece of SCOM? I think ACS could be valuable for security event reporting and forensics use. -Malcolm From: James Rankin [mailto:kz2...@googlemail.com] Sent: Tuesday, July 27, 2010 15:41 To: NT System Admin Issues Subject: Re: Auditing in Windows 2008 and R2 what are folks doing? I'm mainly interested in account lockouts, logons attempted under things like built-in administrator accounts, high numbers of logon failures, and any attempts to modify security policies and/or protected groups (such as local admins, domain admins, server ops, and the like). We've also got certain areas where file access is audited. I use SCOM to try and aggregate the events for me. This is quite handy, as it also monitors things like failed su to root on our ESX servers and other stuff outside of the Windows event logging arena. On 27 July 2010 20:15, Ziots, Edward ezi...@lifespan.org wrote: Hey gang, well I wanted to ask the group, what is everyone doing about their audit policies on Windows 2008 R2 for domain controllers or member servers. I have mapped out all the audit categories and sub-categories, and events, but I don’t want the logs to turn into soup, so kinda wanted to see what others were doing for which categories and subcategories they turned on auditing for. Would be nice to bounce some ideas off about certain events. ( Already plowed through M$ site descriptions, the
Your copy of “Networking and Security for D ummies
Not sure if anyone's interested but thought I would share...could be good for educating non-technical type folks or just a review of some basics... Don K SonicWALL.com| MySonicWALL.com View this newsletter in your browser Online Book July 28, 2010 Want to learn more about Networking and Security Best Practices? Download the online book: Getting Started with Networking and Security for Dummies DOWNLOAD NOW Featuring “Top 10 Strategies to Consider” and five real-world solutions in action, this complimentary online book offers smart strategies you can use to establish and manage many types of networks. Review the basics of networking and security, and learn how SonicWALL helps organizations like yours implement effective network security strategies. Read the SonicWALL case study on page 61 to discover how a large school district implemented a SonicWALL Network Security Solution to secure the distributed network, control application usage, connect remote users, and meet regulatory compliance requirements. Download the online book: Getting Started with Networking and Security for Dummies DOWNLOAD NOW Regards, SonicWALL More Information on SonicWALL Looking for an all-in-one Network, Communication and Security Appliance? Check out the NEW 2400MX Read the Gartner report placing SonicWALL in the Leaders Quadrant for SMB Multifunction Firewalls Read Gartner’s First Take on the SonicWALL merger with Thoma Bravo You are receiving this message because you've indicated that you were interested in information from SonicWALL. Click here to change your email subscription preferences. © 2010 SonicWALL, INC. | Privacy Statement SonicWALL, Inc. Head Offices: 2001 Logic Drive, San Jose, CA 95124-3452, USA ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Your copy of “Networking and Security for Dummies
Thanks Man From: Don Kuhlman [mailto:drkuhl...@yahoo.com] Sent: Friday, July 30, 2010 3:47 PM To: NT System Admin Issues Subject: Your copy of “Networking and Security for Dummies Not sure if anyone's interested but thought I would share...could be good for educating non-technical type folks or just a review of some basics... Don K SonicWall - logo http://images.messages.sonicwall.com/eloquaimages/clients/sonicwall/%7B37ff1137-b0bc-4072-8f90-a2ee3b9bcc59%7D_logo.jpg http://app.messages.sonicwall.com/e/er.aspx?elq_mid=8997elq_cid=1079681s=373lid=4elq=efd2863e283441fea65fb3d626ca485b SonicWALL.com | http://app.messages.sonicwall.com/e/er.aspx?elq_mid=8997elq_cid=1079681s=373lid=34elq=efd2863e283441fea65fb3d626ca485b MySonicWALL.com http://app.messages.sonicwall.com/e/es.aspx?s=373e=324961elq=efd2863e283441fea65fb3d626ca485b View this newsletter in your browser Online Book July 28, 2010 2010-newsletter-WP_IT Issues http://images.messages.sonicwall.com/eloquaimages/clients/sonicwall/%7b674a9b62-be6e-4ac2-ad30-03627154244b%7d_2010-newsletter-wp_it_issues.jpg http://images.messages.sonicwall.com/eloquaimages/tinydot.gif Want to learn more about Networking and Security Best Practices? Download the online book: Getting Started with Networking and Security for Dummies http://app.messages.sonicwall.com/e/er.aspx?elq_mid=8997elq_cid=1079681s=373lid=3343elq=efd2863e283441fea65fb3d626ca485b DOWNLOAD NOW Featuring “Top 10 Strategies to Consider” and five real-world solutions in action, this http://app.messages.sonicwall.com/e/er.aspx?elq_mid=8997elq_cid=1079681s=373lid=3343elq=efd2863e283441fea65fb3d626ca485b complimentary online book offers smart strategies you can use to establish and manage many types of networks. Review the basics of networking and security, and learn how SonicWALL helps organizations like yours implement effective network security strategies. Read the SonicWALL case study on page 61 to discover how a large school district implemented a SonicWALL Network Security Solution to secure the distributed network, control application usage, connect remote users, and meet regulatory compliance requirements. Download the online book: Getting Started with Networking and Security for Dummies http://app.messages.sonicwall.com/e/er.aspx?elq_mid=8997elq_cid=1079681s=373lid=3343elq=efd2863e283441fea65fb3d626ca485b DOWNLOAD NOW http://images.messages.sonicwall.com/eloquaimages/tinydot.gif Regards, SonicWALL More Information on SonicWALL Looking for an all-in-one Network, Communication and Security Appliance? http://app.messages.sonicwall.com/e/er.aspx?elq_mid=8997elq_cid=1079681s=373lid=3112elq=efd2863e283441fea65fb3d626ca485b Check out the NEW 2400MX http://app.messages.sonicwall.com/e/er.aspx?elq_mid=8997elq_cid=1079681s=373lid=2280elq=efd2863e283441fea65fb3d626ca485b Read the Gartner report placing SonicWALL in the Leaders Quadrant for SMB Multifunction Firewalls http://app.messages.sonicwall.com/e/er.aspx?elq_mid=8997elq_cid=1079681s=373lid=3329elq=efd2863e283441fea65fb3d626ca485b Read Gartner’s First Take on the SonicWALL merger with Thoma Bravo SonicWall - newsletter footer http://images.messages.sonicwall.com/eloquaimages/clients/sonicwall/%7b2420049e-36a5-44ca-bbc7-f19a0504c730%7d_wave.jpg http://images.messages.sonicwall.com/eloquaimages/tinydot.gif You are receiving this message because you've indicated that you were interested in information from SonicWALL. http://app.messages.sonicwall.com/e/e.aspx?s=373e=324961elq=efd2863e283441fea65fb3d626ca485b Click here to change your email subscription preferences. © 2010 SonicWALL, INC. | http://app.messages.sonicwall.com/e/er.aspx?elq_mid=8997elq_cid=1079681s=373lid=269elq=efd2863e283441fea65fb3d626ca485b Privacy Statement SonicWALL, Inc. Head Offices: 2001 Logic Drive, San Jose, CA 95124-3452, USA http://app.messages.sonicwall.com/e/FooterImages/FooterImage1.aspx?elq=efd2863e283441fea65fb3d626ca485bsiteid=373 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Your copy of “Networking and Security for Dummies
Thanks a bunch. Although… they talk about hubs… when was this written?! From: Don Kuhlman [mailto:drkuhl...@yahoo.com] Sent: Friday, July 30, 2010 3:47 PM To: NT System Admin Issues Subject: Your copy of “Networking and Security for Dummies Not sure if anyone's interested but thought I would share...could be good for educating non-technical type folks or just a review of some basics... Don K SonicWall - logo http://images.messages.sonicwall.com/eloquaimages/clients/sonicwall/%7B37ff1137-b0bc-4072-8f90-a2ee3b9bcc59%7D_logo.jpg http://app.messages.sonicwall.com/e/er.aspx?elq_mid=8997elq_cid=1079681s=373lid=4elq=efd2863e283441fea65fb3d626ca485b SonicWALL.com | http://app.messages.sonicwall.com/e/er.aspx?elq_mid=8997elq_cid=1079681s=373lid=34elq=efd2863e283441fea65fb3d626ca485b MySonicWALL.com http://app.messages.sonicwall.com/e/es.aspx?s=373e=324961elq=efd2863e283441fea65fb3d626ca485b View this newsletter in your browser Online Book July 28, 2010 2010-newsletter-WP_IT Issues http://images.messages.sonicwall.com/eloquaimages/clients/sonicwall/%7b674a9b62-be6e-4ac2-ad30-03627154244b%7d_2010-newsletter-wp_it_issues.jpg http://images.messages.sonicwall.com/eloquaimages/tinydot.gif Want to learn more about Networking and Security Best Practices? Download the online book: Getting Started with Networking and Security for Dummies http://app.messages.sonicwall.com/e/er.aspx?elq_mid=8997elq_cid=1079681s=373lid=3343elq=efd2863e283441fea65fb3d626ca485b DOWNLOAD NOW Featuring “Top 10 Strategies to Consider” and five real-world solutions in action, this http://app.messages.sonicwall.com/e/er.aspx?elq_mid=8997elq_cid=1079681s=373lid=3343elq=efd2863e283441fea65fb3d626ca485b complimentary online book offers smart strategies you can use to establish and manage many types of networks. Review the basics of networking and security, and learn how SonicWALL helps organizations like yours implement effective network security strategies. Read the SonicWALL case study on page 61 to discover how a large school district implemented a SonicWALL Network Security Solution to secure the distributed network, control application usage, connect remote users, and meet regulatory compliance requirements. Download the online book: Getting Started with Networking and Security for Dummies http://app.messages.sonicwall.com/e/er.aspx?elq_mid=8997elq_cid=1079681s=373lid=3343elq=efd2863e283441fea65fb3d626ca485b DOWNLOAD NOW http://images.messages.sonicwall.com/eloquaimages/tinydot.gif Regards, SonicWALL More Information on SonicWALL Looking for an all-in-one Network, Communication and Security Appliance? http://app.messages.sonicwall.com/e/er.aspx?elq_mid=8997elq_cid=1079681s=373lid=3112elq=efd2863e283441fea65fb3d626ca485b Check out the NEW 2400MX http://app.messages.sonicwall.com/e/er.aspx?elq_mid=8997elq_cid=1079681s=373lid=2280elq=efd2863e283441fea65fb3d626ca485b Read the Gartner report placing SonicWALL in the Leaders Quadrant for SMB Multifunction Firewalls http://app.messages.sonicwall.com/e/er.aspx?elq_mid=8997elq_cid=1079681s=373lid=3329elq=efd2863e283441fea65fb3d626ca485b Read Gartner’s First Take on the SonicWALL merger with Thoma Bravo SonicWall - newsletter footer http://images.messages.sonicwall.com/eloquaimages/clients/sonicwall/%7b2420049e-36a5-44ca-bbc7-f19a0504c730%7d_wave.jpg http://images.messages.sonicwall.com/eloquaimages/tinydot.gif You are receiving this message because you've indicated that you were interested in information from SonicWALL. http://app.messages.sonicwall.com/e/e.aspx?s=373e=324961elq=efd2863e283441fea65fb3d626ca485b Click here to change your email subscription preferences. © 2010 SonicWALL, INC. | http://app.messages.sonicwall.com/e/er.aspx?elq_mid=8997elq_cid=1079681s=373lid=269elq=efd2863e283441fea65fb3d626ca485b Privacy Statement SonicWALL, Inc. Head Offices: 2001 Logic Drive, San Jose, CA 95124-3452, USA http://app.messages.sonicwall.com/e/FooterImages/FooterImage1.aspx?elq=efd2863e283441fea65fb3d626ca485bsiteid=373 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Your copy of ?Networking and Security for Dummies
Hubs are still out there! Years ago, some folks did a great job of hiding them, like over ceilings, etc for workgroups. -- richard gro...@beachcomp.com wrote on 07/30/2010 02:54:20 PM: Thanks a bunch. Although? they talk about hubs? when was this written?! From: Don Kuhlman [mailto:drkuhl...@yahoo.com] Sent: Friday, July 30, 2010 3:47 PM To: NT System Admin Issues Subject: Your copy of ?Networking and Security for Dummies Not sure if anyone's interested but thought I would share...could be good for educating non-technical type folks or just a review of somebasics... Don K [image removed] SonicWALL.com | MySonicWALL.com View this newsletter in your browser Online Book July 28, 2010 [image removed] [image removed] Want to learn more about Networking and Security Best Practices? Download the online book: Getting Started with Networking and Security for Dummies DOWNLOAD NOW Featuring ?Top 10 Strategies to Consider? and five real-world solutions in action, this complimentary online book offers smart strategies you can use to establish and manage many types of networks. Review the basics of networking and security, and learn how SonicWALL helps organizations like yours implement effective network security strategies. Read the SonicWALL case study on page 61 to discover how a large school district implemented a SonicWALL Network Security Solution to secure the distributed network, control application usage, connect remote users, and meet regulatory compliance requirements. Download the online book: Getting Started with Networking and Security for Dummies DOWNLOAD NOW [image removed] Regards, SonicWALL More Information on SonicWALL Looking for an all-in-one Network, Communication and Security Appliance? Check out the NEW 2400MX Read the Gartner report placing SonicWALL in the Leaders Quadrant for SMB Multifunction Firewalls Read Gartner?s First Take on the SonicWALL merger with Thoma Bravo [image removed] [image removed] You are receiving this message because you've indicated that you were interested in information from SonicWALL. Click here to change your email subscription preferences. © 2010 SonicWALL, INC. | Privacy Statement SonicWALL, Inc. Head Offices: 2001 Logic Drive, San Jose, CA 95124-3452, USA [image removed] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Your copy of “Networking and Security for Dummies
Hubs caught your attention but not RING TOPOLOGY ??? LOL ! Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' From: gro...@beachcomp.com [mailto:gro...@beachcomp.com] Sent: Friday, July 30, 2010 3:54 PM To: NT System Admin Issues Subject: RE: Your copy of “Networking and Security for Dummies Thanks a bunch. Although… they talk about hubs… when was this written?! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Your copy of ?Networking and Security for Dummies
On Fri, Jul 30, 2010 at 3:55 PM, richardmccl...@aspca.org wrote: Hubs are still out there! Maybe they're using hub in the classic sense, to mean the equipment in the center of any star topology network. ... You're not buying it, are you? Me neither. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Symantec Power Eraser ???
On Fri, Jul 30, 2010 at 2:24 PM, Erik Goldoff egold...@gmail.com wrote: Has anyone evaluated this tool yet ? What does it do, erase all Symantec products? That might be useful... -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Auditing in Windows 2008 and R2 what are folks doing?
Yea, we have a grid of LogLogic appliances, they are quite cool for pure syslog from the *NIX boxes, IDS, routers, switches, firewalls etc. Managing agents on thousands of Windows systems is another story and a major PITA on all the implementations I've seen. Syslog is cool for what it was originally designed for but it is going to be hard to convince me it is an enterprise solution for Windows security logs, the myriad auditing options and the data they contain. Heck, it was unmanageable with the W2K* audit framework, the new one in 2K8 is an order of magnitude more complicated. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Friday, July 30, 2010 12:08 PM To: NT System Admin Issues Subject: Re: Auditing in Windows 2008 and R2 what are folks doing? The systems I've seen described don't depend on a single syslog server - it's usually a set of them, and the data is aggregated. to a central repository. Mind you, I've not worked in a large scale environment, but discussion on lists like the one at loganalysis.org has been interesting. On Fri, Jul 30, 2010 at 07:34, Free, Bob r...@pge.com wrote: They still don't scale -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Thursday, July 29, 2010 9:26 AM To: NT System Admin Issues Subject: Re: Auditing in Windows 2008 and R2 what are folks doing? There are TCP syslog options. On Thu, Jul 29, 2010 at 01:50, Ken Schaefer k...@adopenstatic.com wrote: We are implementing this in an even bigger environment. However syslog runs over UDP (natively) and it’s not reliable. You’d need to use software that gives you more reliability (e.g. by sending the traffic over TCP) if you need this to produce reliable log files centrally. Cheers Ken From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Thursday, 29 July 2010 3:50 AM To: NT System Admin Issues Subject: RE: Auditing in Windows 2008 and R2 what are folks doing? 800+ servers to a syslog? Plus going to have to put agents on every single server in the domain? Really haven’t used Syslog much for the windows event logging Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Wednesday, July 28, 2010 3:48 PM To: NT System Admin Issues Subject: Re: Auditing in Windows 2008 and R2 what are folks doing? EventCombMT still works... :) Why not export all the logs to SysLog, and spend a few tiny dollars on searching those logs? Syslog servers are cheap/free. Syslog forwarders for Windows are cheap/free. Tools to search consolidated logs range from free to exorbitant. See Splunk on both accounts. :) Once you have established the value of log parsing and management, you'll have a slightly better chance of procuring some funds. -ASB: http://XeeSM.com/AndrewBaker On Wed, Jul 28, 2010 at 3:38 PM, Ziots, Edward ezi...@lifespan.org wrote: Naa its far harder than that, I think someone said we can dump the event logs via powershell, but using EventCombMT when I need to get something I hope still works. Either that or I am going to have to bug MGMT again about a dedicated eventlog management tool. Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 From: James Rankin [mailto:kz2...@googlemail.com] Sent: Wednesday, July 28, 2010 3:36 PM To: NT System Admin Issues Subject: Re: Auditing in Windows 2008 and R2 what are folks doing? Tough gig then. Looks like you're going to be doing a lot of creative stuff with dumpel.exe and the findstr command :-) On 28 July 2010 13:06, Ziots, Edward ezi...@lifespan.org wrote: I don’t have SCOM, I wish I had some event log auditing solution, been asking for 5+ yrs, and all it ever falls on is deaf ears…. Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 From: Malcolm Reitz [mailto:malcolm.re...@live.com] Sent: Tuesday, July 27, 2010 6:29 PM To: NT System Admin Issues Subject: RE: Auditing in Windows 2008 and R2 what are folks doing? Have you looked in to using the Audit Collection Services piece of SCOM? I think ACS could be valuable for security event reporting and forensics use. -Malcolm From: James Rankin [mailto:kz2...@googlemail.com] Sent: Tuesday, July 27, 2010 15:41 To: NT System Admin Issues Subject: Re: Auditing in Windows 2008 and R2 what are folks doing? I'm mainly interested in account lockouts, logons attempted under things like built-in administrator accounts, high numbers of logon failures, and any attempts to modify security policies and/or protected groups (such as local admins, domain admins, server ops, and the like). We've also got certain areas where file
RE: Auditing in Windows 2008 and R2 what are folks doing?
They are also in cleartext which always bothers me with authentication logs, I can often correlate passwords to user IDs by looking at failed logins in DC logs where the user accidentally puts their password in the user name box. It appears way more often than some might think, especially when a lot of disparate systems with slightly different login interfaces use AD for authN. From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Thursday, July 29, 2010 1:50 AM To: NT System Admin Issues Subject: RE: Auditing in Windows 2008 and R2 what are folks doing? We are implementing this in an even bigger environment. However syslog runs over UDP (natively) and it's not reliable. You'd need to use software that gives you more reliability (e.g. by sending the traffic over TCP) if you need this to produce reliable log files centrally. Cheers Ken From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Thursday, 29 July 2010 3:50 AM To: NT System Admin Issues Subject: RE: Auditing in Windows 2008 and R2 what are folks doing? 800+ servers to a syslog? Plus going to have to put agents on every single server in the domain? Really haven't used Syslog much for the windows event logging Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Wednesday, July 28, 2010 3:48 PM To: NT System Admin Issues Subject: Re: Auditing in Windows 2008 and R2 what are folks doing? EventCombMT still works... :) Why not export all the logs to SysLog, and spend a few tiny dollars on searching those logs? * Syslog servers are cheap/free. * Syslog forwarders for Windows are cheap/free. * Tools to search consolidated logs range from free to exorbitant. See Splunk on both accounts. :) Once you have established the value of log parsing and management, you'll have a slightly better chance of procuring some funds. -ASB: http://XeeSM.com/AndrewBaker On Wed, Jul 28, 2010 at 3:38 PM, Ziots, Edward ezi...@lifespan.org wrote: Naa its far harder than that, I think someone said we can dump the event logs via powershell, but using EventCombMT when I need to get something I hope still works. Either that or I am going to have to bug MGMT again about a dedicated eventlog management tool. Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:ezi...@lifespan.org mailto:email%3aezi...@lifespan.org Cell:401-639-3505 From: James Rankin [mailto:kz2...@googlemail.com] Sent: Wednesday, July 28, 2010 3:36 PM To: NT System Admin Issues Subject: Re: Auditing in Windows 2008 and R2 what are folks doing? Tough gig then. Looks like you're going to be doing a lot of creative stuff with dumpel.exe and the findstr command :-) On 28 July 2010 13:06, Ziots, Edward ezi...@lifespan.org wrote: I don't have SCOM, I wish I had some event log auditing solution, been asking for 5+ yrs, and all it ever falls on is deaf ears Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:ezi...@lifespan.org mailto:email%3aezi...@lifespan.org Cell:401-639-3505 From: Malcolm Reitz [mailto:malcolm.re...@live.com] Sent: Tuesday, July 27, 2010 6:29 PM To: NT System Admin Issues Subject: RE: Auditing in Windows 2008 and R2 what are folks doing? Have you looked in to using the Audit Collection Services piece of SCOM? I think ACS could be valuable for security event reporting and forensics use. -Malcolm From: James Rankin [mailto:kz2...@googlemail.com] Sent: Tuesday, July 27, 2010 15:41 To: NT System Admin Issues Subject: Re: Auditing in Windows 2008 and R2 what are folks doing? I'm mainly interested in account lockouts, logons attempted under things like built-in administrator accounts, high numbers of logon failures, and any attempts to modify security policies and/or protected groups (such as local admins, domain admins, server ops, and the like). We've also got certain areas where file access is audited. I use SCOM to try and aggregate the events for me. This is quite handy, as it also monitors things like failed su to root on our ESX servers and other stuff outside of the Windows event logging arena. On 27 July 2010 20:15, Ziots, Edward ezi...@lifespan.org wrote: Hey gang, well I wanted to ask the group, what is everyone doing about their audit policies on Windows 2008 R2 for domain controllers or member servers. I have mapped out all the audit categories and sub-categories, and events, but I don't want the logs to turn into soup, so kinda wanted to see what others were doing for which categories and subcategories they turned on auditing for. Would be nice to bounce some ideas off about certain events. ( Already plowed through M$ site descriptions, the Microsoft Security Resource Kit and Randy Franklin Smith's Eventlog site) Feel free
RE: Symantec Power Eraser ???
What does it do, erase all Symantec products? That might be useful... LOL. Made me think of the old axiom that the only solution one ever needed for Symantec was fdisk :-] -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Friday, July 30, 2010 1:40 PM To: NT System Admin Issues Subject: Re: Symantec Power Eraser ??? On Fri, Jul 30, 2010 at 2:24 PM, Erik Goldoff egold...@gmail.com wrote: Has anyone evaluated this tool yet ? What does it do, erase all Symantec products? That might be useful... -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Hyper-V and 'Default Gateway'
Thanks for the replies! Now I just need to beg our network team for addresses in the same subnet!!! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Your copy of ?Networking and Security for Dummies
I just did a quick scan - date says 2010 - wow that is a bit funny using those old legacy terms, but they are also saying hubs are older, rings are gone, buses are out of favor... It may be a compilation of stuff which is why there are some outdated terms in there...not sure. Hopefully the later stuff will be more helpful like the case study, etc. for a quick reference or overview. Don K - Original Message From: Ben Scott mailvor...@gmail.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Fri, July 30, 2010 3:39:19 PM Subject: Re: Your copy of ?Networking and Security for Dummies On Fri, Jul 30, 2010 at 3:55 PM, richardmccl...@aspca.org wrote: Hubs are still out there! Maybe they're using hub in the classic sense, to mean the equipment in the center of any star topology network. ... You're not buying it, are you? Me neither. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Auditing in Windows 2008 and R2 what are folks doing?
Care to elaborate on that a bit? What about the complication makes syslog a poor choice for you? Is it line length limitations, sheer volume, client software management or something else? Kurt On Fri, Jul 30, 2010 at 13:40, Free, Bob r...@pge.com wrote: Yea, we have a grid of LogLogic appliances, they are quite cool for pure syslog from the *NIX boxes, IDS, routers, switches, firewalls etc. Managing agents on thousands of Windows systems is another story and a major PITA on all the implementations I've seen. Syslog is cool for what it was originally designed for but it is going to be hard to convince me it is an enterprise solution for Windows security logs, the myriad auditing options and the data they contain. Heck, it was unmanageable with the W2K* audit framework, the new one in 2K8 is an order of magnitude more complicated. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Friday, July 30, 2010 12:08 PM To: NT System Admin Issues Subject: Re: Auditing in Windows 2008 and R2 what are folks doing? The systems I've seen described don't depend on a single syslog server - it's usually a set of them, and the data is aggregated. to a central repository. Mind you, I've not worked in a large scale environment, but discussion on lists like the one at loganalysis.org has been interesting. On Fri, Jul 30, 2010 at 07:34, Free, Bob r...@pge.com wrote: They still don't scale -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Thursday, July 29, 2010 9:26 AM To: NT System Admin Issues Subject: Re: Auditing in Windows 2008 and R2 what are folks doing? There are TCP syslog options. On Thu, Jul 29, 2010 at 01:50, Ken Schaefer k...@adopenstatic.com wrote: We are implementing this in an even bigger environment. However syslog runs over UDP (natively) and it’s not reliable. You’d need to use software that gives you more reliability (e.g. by sending the traffic over TCP) if you need this to produce reliable log files centrally. Cheers Ken From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Thursday, 29 July 2010 3:50 AM To: NT System Admin Issues Subject: RE: Auditing in Windows 2008 and R2 what are folks doing? 800+ servers to a syslog? Plus going to have to put agents on every single server in the domain? Really haven’t used Syslog much for the windows event logging Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Wednesday, July 28, 2010 3:48 PM To: NT System Admin Issues Subject: Re: Auditing in Windows 2008 and R2 what are folks doing? EventCombMT still works... :) Why not export all the logs to SysLog, and spend a few tiny dollars on searching those logs? Syslog servers are cheap/free. Syslog forwarders for Windows are cheap/free. Tools to search consolidated logs range from free to exorbitant. See Splunk on both accounts. :) Once you have established the value of log parsing and management, you'll have a slightly better chance of procuring some funds. -ASB: http://XeeSM.com/AndrewBaker On Wed, Jul 28, 2010 at 3:38 PM, Ziots, Edward ezi...@lifespan.org wrote: Naa its far harder than that, I think someone said we can dump the event logs via powershell, but using EventCombMT when I need to get something I hope still works. Either that or I am going to have to bug MGMT again about a dedicated eventlog management tool. Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 From: James Rankin [mailto:kz2...@googlemail.com] Sent: Wednesday, July 28, 2010 3:36 PM To: NT System Admin Issues Subject: Re: Auditing in Windows 2008 and R2 what are folks doing? Tough gig then. Looks like you're going to be doing a lot of creative stuff with dumpel.exe and the findstr command :-) On 28 July 2010 13:06, Ziots, Edward ezi...@lifespan.org wrote: I don’t have SCOM, I wish I had some event log auditing solution, been asking for 5+ yrs, and all it ever falls on is deaf ears…. Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 From: Malcolm Reitz [mailto:malcolm.re...@live.com] Sent: Tuesday, July 27, 2010 6:29 PM To: NT System Admin Issues Subject: RE: Auditing in Windows 2008 and R2 what are folks doing? Have you looked in to using the Audit Collection Services piece of SCOM? I think ACS could be valuable for security event reporting and forensics use. -Malcolm From: James Rankin [mailto:kz2...@googlemail.com] Sent: Tuesday, July 27, 2010 15:41 To: NT System Admin Issues Subject: Re: Auditing in Windows 2008 and R2 what are folks doing? I'm mainly interested in account lockouts, logons
RE: Symantec Power Eraser ???
+10 Well played sir... well played. -sc -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Friday, July 30, 2010 4:40 PM To: NT System Admin Issues Subject: Re: Symantec Power Eraser ??? On Fri, Jul 30, 2010 at 2:24 PM, Erik Goldoff egold...@gmail.com wrote: Has anyone evaluated this tool yet ? What does it do, erase all Symantec products? That might be useful... -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Your copy of “Networking and Security f or Dummies
Sure thing - enjoy your weekend folks! Don K From: gro...@beachcomp.com gro...@beachcomp.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Fri, July 30, 2010 2:52:42 PM Subject: RE: Your copy of “Networking and Security for Dummies Thanks Man From:Don Kuhlman [mailto:drkuhl...@yahoo.com] Sent: Friday, July 30, 2010 3:47 PM To: NT System Admin Issues Subject: Your copy of “Networking and Security for Dummies Not sure if anyone's interested but thought I would share...could be good for educating non-technical type folks or just a review of some basics... Don K SonicWALL.com| MySonicWALL.com View this newsletter in your browser Online Book July 28, 2010 Want to learn more about Networking and Security Best Practices? Download the online book: Getting Started with Networking and Security for Dummies DOWNLOAD NOW Featuring “Top 10 Strategies to Consider” and five real-world solutions in action, this complimentary online book offers smart strategies you can use to establish and manage many types of networks. Review the basics of networking and security, and learn how SonicWALL helps organizations like yours implement effective network security strategies. Read the SonicWALL case study on page 61 to discover how a large school district implemented a SonicWALL Network Security Solution to secure the distributed network, control application usage, connect remote users, and meet regulatory compliance requirements. Download the online book: Getting Started with Networking and Security for Dummies DOWNLOAD NOW Regards, SonicWALL More Information on SonicWALL Looking for an all-in-one Network, Communication and Security Appliance? Check out the NEW 2400MX Read the Gartner report placing SonicWALL in the Leaders Quadrant for SMB Multifunction Firewalls Read Gartner’s First Take on the SonicWALL merger with Thoma Bravo You are receiving this message because you've indicated that you were interested in information from SonicWALL. Click here to change your email subscription preferences. © 2010 SonicWALL, INC. | Privacy Statement SonicWALL, Inc. Head Offices: 2001 Logic Drive, San Jose, CA 95124-3452, USA ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Auditing in Windows 2008 and R2 what are folks doing?
I have at least 4 or 5 times in this thread I believe ;-] -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Friday, July 30, 2010 2:45 PM To: NT System Admin Issues Subject: Re: Auditing in Windows 2008 and R2 what are folks doing? Care to elaborate on that a bit? What about the complication makes syslog a poor choice for you? Is it line length limitations, sheer volume, client software management or something else? Kurt On Fri, Jul 30, 2010 at 13:40, Free, Bob r...@pge.com wrote: Yea, we have a grid of LogLogic appliances, they are quite cool for pure syslog from the *NIX boxes, IDS, routers, switches, firewalls etc. Managing agents on thousands of Windows systems is another story and a major PITA on all the implementations I've seen. Syslog is cool for what it was originally designed for but it is going to be hard to convince me it is an enterprise solution for Windows security logs, the myriad auditing options and the data they contain. Heck, it was unmanageable with the W2K* audit framework, the new one in 2K8 is an order of magnitude more complicated. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Friday, July 30, 2010 12:08 PM To: NT System Admin Issues Subject: Re: Auditing in Windows 2008 and R2 what are folks doing? The systems I've seen described don't depend on a single syslog server - it's usually a set of them, and the data is aggregated. to a central repository. Mind you, I've not worked in a large scale environment, but discussion on lists like the one at loganalysis.org has been interesting. On Fri, Jul 30, 2010 at 07:34, Free, Bob r...@pge.com wrote: They still don't scale -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Thursday, July 29, 2010 9:26 AM To: NT System Admin Issues Subject: Re: Auditing in Windows 2008 and R2 what are folks doing? There are TCP syslog options. On Thu, Jul 29, 2010 at 01:50, Ken Schaefer k...@adopenstatic.com wrote: We are implementing this in an even bigger environment. However syslog runs over UDP (natively) and it’s not reliable. You’d need to use software that gives you more reliability (e.g. by sending the traffic over TCP) if you need this to produce reliable log files centrally. Cheers Ken From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Thursday, 29 July 2010 3:50 AM To: NT System Admin Issues Subject: RE: Auditing in Windows 2008 and R2 what are folks doing? 800+ servers to a syslog? Plus going to have to put agents on every single server in the domain? Really haven’t used Syslog much for the windows event logging Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Wednesday, July 28, 2010 3:48 PM To: NT System Admin Issues Subject: Re: Auditing in Windows 2008 and R2 what are folks doing? EventCombMT still works... :) Why not export all the logs to SysLog, and spend a few tiny dollars on searching those logs? Syslog servers are cheap/free. Syslog forwarders for Windows are cheap/free. Tools to search consolidated logs range from free to exorbitant. See Splunk on both accounts. :) Once you have established the value of log parsing and management, you'll have a slightly better chance of procuring some funds. -ASB: http://XeeSM.com/AndrewBaker On Wed, Jul 28, 2010 at 3:38 PM, Ziots, Edward ezi...@lifespan.org wrote: Naa its far harder than that, I think someone said we can dump the event logs via powershell, but using EventCombMT when I need to get something I hope still works. Either that or I am going to have to bug MGMT again about a dedicated eventlog management tool. Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 From: James Rankin [mailto:kz2...@googlemail.com] Sent: Wednesday, July 28, 2010 3:36 PM To: NT System Admin Issues Subject: Re: Auditing in Windows 2008 and R2 what are folks doing? Tough gig then. Looks like you're going to be doing a lot of creative stuff with dumpel.exe and the findstr command :-) On 28 July 2010 13:06, Ziots, Edward ezi...@lifespan.org wrote: I don’t have SCOM, I wish I had some event log auditing solution, been asking for 5+ yrs, and all it ever falls on is deaf ears…. Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 From: Malcolm Reitz [mailto:malcolm.re...@live.com] Sent: Tuesday, July 27, 2010 6:29 PM To: NT System Admin Issues Subject: RE: Auditing in Windows 2008 and R2 what are folks doing? Have you looked in to using the Audit Collection Services piece of SCOM? I think ACS could be valuable for security event reporting and
RE: Vipre false positives?
This is actually a really good idea. From: Angus Scott-Fleming [mailto:an...@geoapps.com] Sent: Thursday, July 29, 2010 9:43 PM To: NT System Admin Issues Cc: Alex Eckelberry Subject: Re: Vipre false positives? On 26 Jul 2010 at 9:08, Jeff Cain wrote: These should have been addressed in def version 6636. If not please let us know right away. IMHO VIPRE needs a Rescan Quarantined Files option -- an auto-recover from FP feature. The Rescan should allow us to select, from the console, an agent or set of agents, and allow us to tell each agent to rescan its quarantined items using the current set of defs, which presumably has corrected the FP. There should be an option to unquarantine -- to restore -- anything that scans clean, with an option to email the report to the administrator either way. There should be an option to time-limit the items being rescanned so we only scan a given date range, this would allow us to limit the scanning to the last day or week of quarantined items. We should be able to schedule the rescan, too, so the scan happens when it won't interfere with work. This would allow us to recover easily from an episode of False Positives that erroneously quarantines files on multiple systems (as long as those systems are still bootable and the VSE Agent is running there). It is tolerable if you have a few machines with FPs. I can't imagine cleaning up an FP episode on hundreds of machines. We all understand that all AV products either suffer from FPs or infections that get by. I'd rather have the FPs, but having a Rescan Quarantine would really set VIPRE apart from other AV products. I don't know of any other product which offers this. Discussion welcome. Angus ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Auditing in Windows 2008 and R2 what are folks doing?
Sigh - yes you did, twice anyway. Can anyone tell I'm having a distracted day? Agent management and change control would have been a nightmare. servers and agents must have automatic failover and agents must be deployable by SMS/SCCM and centrally manageable Those two seem to be stating the same thing in different ways. If your environment were *nix, I'd suggest chef/cfengine/puppet/bcfg, but I haven't seen any real success stories with any of those on Windows platforms. Kurt On Fri, Jul 30, 2010 at 15:23, Free, Bob r...@pge.com wrote: I have at least 4 or 5 times in this thread I believe ;-] -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Friday, July 30, 2010 2:45 PM To: NT System Admin Issues Subject: Re: Auditing in Windows 2008 and R2 what are folks doing? Care to elaborate on that a bit? What about the complication makes syslog a poor choice for you? Is it line length limitations, sheer volume, client software management or something else? Kurt On Fri, Jul 30, 2010 at 13:40, Free, Bob r...@pge.com wrote: Yea, we have a grid of LogLogic appliances, they are quite cool for pure syslog from the *NIX boxes, IDS, routers, switches, firewalls etc. Managing agents on thousands of Windows systems is another story and a major PITA on all the implementations I've seen. Syslog is cool for what it was originally designed for but it is going to be hard to convince me it is an enterprise solution for Windows security logs, the myriad auditing options and the data they contain. Heck, it was unmanageable with the W2K* audit framework, the new one in 2K8 is an order of magnitude more complicated. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Friday, July 30, 2010 12:08 PM To: NT System Admin Issues Subject: Re: Auditing in Windows 2008 and R2 what are folks doing? The systems I've seen described don't depend on a single syslog server - it's usually a set of them, and the data is aggregated. to a central repository. Mind you, I've not worked in a large scale environment, but discussion on lists like the one at loganalysis.org has been interesting. On Fri, Jul 30, 2010 at 07:34, Free, Bob r...@pge.com wrote: They still don't scale -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Thursday, July 29, 2010 9:26 AM To: NT System Admin Issues Subject: Re: Auditing in Windows 2008 and R2 what are folks doing? There are TCP syslog options. On Thu, Jul 29, 2010 at 01:50, Ken Schaefer k...@adopenstatic.com wrote: We are implementing this in an even bigger environment. However syslog runs over UDP (natively) and it’s not reliable. You’d need to use software that gives you more reliability (e.g. by sending the traffic over TCP) if you need this to produce reliable log files centrally. Cheers Ken From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Thursday, 29 July 2010 3:50 AM To: NT System Admin Issues Subject: RE: Auditing in Windows 2008 and R2 what are folks doing? 800+ servers to a syslog? Plus going to have to put agents on every single server in the domain? Really haven’t used Syslog much for the windows event logging Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Wednesday, July 28, 2010 3:48 PM To: NT System Admin Issues Subject: Re: Auditing in Windows 2008 and R2 what are folks doing? EventCombMT still works... :) Why not export all the logs to SysLog, and spend a few tiny dollars on searching those logs? Syslog servers are cheap/free. Syslog forwarders for Windows are cheap/free. Tools to search consolidated logs range from free to exorbitant. See Splunk on both accounts. :) Once you have established the value of log parsing and management, you'll have a slightly better chance of procuring some funds. -ASB: http://XeeSM.com/AndrewBaker On Wed, Jul 28, 2010 at 3:38 PM, Ziots, Edward ezi...@lifespan.org wrote: Naa its far harder than that, I think someone said we can dump the event logs via powershell, but using EventCombMT when I need to get something I hope still works. Either that or I am going to have to bug MGMT again about a dedicated eventlog management tool. Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 From: James Rankin [mailto:kz2...@googlemail.com] Sent: Wednesday, July 28, 2010 3:36 PM To: NT System Admin Issues Subject: Re: Auditing in Windows 2008 and R2 what are folks doing? Tough gig then. Looks like you're going to be doing a lot of creative stuff with dumpel.exe and the findstr command :-) On 28 July 2010 13:06, Ziots, Edward ezi...@lifespan.org wrote: I don’t have SCOM, I wish I had some event log auditing
Re: Vipre false positives?
Agreed. I just got done submitting (several days late) to virustotal.com a set of .LNK files that were marked on our file server. By the time I had submitted them, nobody thought that they were dangerous (except esafe, which is really weird.) They were marked as report only, so it was no big deal, but if I'd had to rescue them, it would have been more interesting. Kurt On Fri, Jul 30, 2010 at 15:52, Alex Eckelberry al...@sunbelt-software.com wrote: This is actually a really good idea. From: Angus Scott-Fleming [mailto:an...@geoapps.com] Sent: Thursday, July 29, 2010 9:43 PM To: NT System Admin Issues Cc: Alex Eckelberry Subject: Re: Vipre false positives? On 26 Jul 2010 at 9:08, Jeff Cain wrote: These should have been addressed in def version 6636. If not please let us know right away. IMHO VIPRE needs a Rescan Quarantined Files option -- an auto-recover from FP feature. The Rescan should allow us to select, from the console, an agent or set of agents, and allow us to tell each agent to rescan its quarantined items using the current set of defs, which presumably has corrected the FP. There should be an option to unquarantine -- to restore -- anything that scans clean, with an option to email the report to the administrator either way. There should be an option to time-limit the items being rescanned so we only scan a given date range, this would allow us to limit the scanning to the last day or week of quarantined items. We should be able to schedule the rescan, too, so the scan happens when it won't interfere with work. This would allow us to recover easily from an episode of False Positives that erroneously quarantines files on multiple systems (as long as those systems are still bootable and the VSE Agent is running there). It is tolerable if you have a few machines with FPs. I can't imagine cleaning up an FP episode on hundreds of machines. We all understand that all AV products either suffer from FPs or infections that get by. I'd rather have the FPs, but having a Rescan Quarantine would really set VIPRE apart from other AV products. I don't know of any other product which offers this. Discussion welcome. Angus ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: 2008 DC being offline
You'll be fine. Unless you've tinkered with the tombstone lifetime, even on Windows 2000 built domains you've got a 60 day TSL. Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 -Original Message- From: jesse-r...@wi.rr.com [mailto:jesse-r...@wi.rr.com] Sent: Wednesday, July 28, 2010 1:56 PM To: NT System Admin Issues Subject: 2008 DC being offline Hello, A 2008 DC (lets call it Server-F) we have at another site has been offline for 6 weeks. We powered it down because the building was undergoing construction, and the building was effectively CLOSED for those 6 weeks. Construction is done and I'm ready to bring the server back online. Is there a problem with just turning Server-F on and letting it re-sync with active directory even though its been offline for 6 weeks? or... would I be better off bringing Server-F up WITHOUT a network cable connected, run dcpromo /forceremoval on it... then remove any references to the Server-F from my other DCs, and eventually re-promote server F back as a DC? Thoughts? mail2web.com - Microsoft(r) Exchange solutions from a leading provider - http://link.mail2web.com/Business/Exchange ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: setspn persistence
Well I assure you it's a persistent change so you've got something modifying this and taking it out. You should turn on auditing of the servicePrincipalNames attribute and enable DS Access auditing on your DCs. Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 -Original Message- From: Phillip Partipilo [mailto:p...@psnet.com] Sent: Monday, July 26, 2010 2:31 PM To: NT System Admin Issues Subject: setspn persistence I'm decommissioning some servers, and to ease the transition, since we have some old code that is hardcoded with old server names, I'm going through the motions of setting up CNAME DNS records to point any queries to the old server to the new server, set up the key in HKLM\System\CurrentControlSet\Services\lanmanserver for DisableStrictNameChecking to 0x1, set up the key in HKLM\System\CurrentControlSet\Control\Lsa for DisableLoopBackCheck to 0x1, and then finally used the setspn tool to add SPNs to the new replacement server so it will happily accept and authenticate clients that are asking for resources and generating Kerberos tickets for the old server name. Problem is that the setspn additions aren't holding as persistent... Every so often they just disappear... During this transition I don't want to make this really ugly by having a scheduled task to run a batch file every minute to add these SPNs, so is there a way to force these entries as persistent? I know this is a severe hack but I'm trying to make my job easy with this transition, I'm stretched pretty thin these days :-( Phillip Partipilo Parametric Solutions Inc. Jupiter, Florida (561) 747-6107 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Possible Rogue device on the network
ARP tables are a layer above what you're troubleshooting. You need to look at the actual layer 2 switching/mac address tables. Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 From: Fergal O'Connell [mailto:foconn...@curamsoftware.com] Sent: Tuesday, July 27, 2010 4:35 AM To: NT System Admin Issues Subject: Possible Rogue device on the network HI Folks, We are having a sporadic network issue on our LAN which I am currently trouble shooting - I ran a wire shark capture on one of the hosts that is affected and I want to know what the following is I can't find that Mac address on our network. I checked the DHCP and I checked the arp table on all our switches and routers. MAC - 00:0f:1f:30:26:e3 is assigned to WW PCBA Test What I want to is find this device and turn off STP. Any idea's? [cid:image001.png@01CB2FB3.40857290] Regards Fergal O'Connell ICT Support The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. If you are not the intended addressee please contact the sender and dispose of this e-mail. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~inline: image001.png
RE: 2008 DC being offline
30 days not unless you tinkered with some tombstone lifetime settings which I don't know why you would lower it... Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 -Original Message- From: David Lum [mailto:david@nwea.org] Sent: Wednesday, July 28, 2010 2:55 PM To: NT System Admin Issues Subject: RE: 2008 DC being offline Past 30 days offline it will complain - at least 2003 servers do, but I think it's also related to some AD archive or backup time settingI ran into something about 30 days when I restored a DC from a backup that was 36 days old. Minor in the scheme of things, just something to keep in mind. ...Then again, maybe that was of no help... David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 -Original Message- From: jesse-r...@wi.rr.com [mailto:jesse-r...@wi.rr.com] Sent: Wednesday, July 28, 2010 11:56 AM To: NT System Admin Issues Subject: 2008 DC being offline Hello, A 2008 DC (lets call it Server-F) we have at another site has been offline for 6 weeks. We powered it down because the building was undergoing construction, and the building was effectively CLOSED for those 6 weeks. Construction is done and I'm ready to bring the server back online. Is there a problem with just turning Server-F on and letting it re-sync with active directory even though its been offline for 6 weeks? or... would I be better off bringing Server-F up WITHOUT a network cable connected, run dcpromo /forceremoval on it... then remove any references to the Server-F from my other DCs, and eventually re-promote server F back as a DC? Thoughts? mail2web.com - Microsoft(r) Exchange solutions from a leading provider - http://link.mail2web.com/Business/Exchange ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Symantec Power Eraser ???
OK, that would be a resounding NO … Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Friday, July 30, 2010 2:24 PM To: NT System Admin Issues Subject: Symantec Power Eraser ??? Has anyone evaluated this tool yet ? They position it alongside Malwarebytes as a supplementary tool to their primary (SEP) software, but state it is aggressive and errs towards the side of false positives Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Your copy of ?Networking and Security for Dummies
On 30 Jul 2010 at 14:55, richardmccl...@aspca.org wrote: Hubs are still out there! Years ago, some folks did a great job of hiding them, like over ceilings, etc for workgroups. I've heard some motels use them since they're cheaper than switches. Download without form here: http://lto.libredigital.com/?SonicWALL_Dell_GettingStartedwithNetworkingandSecurityforDummies Or use any email address @thisisnotmyrealemail.com in the form. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~