RE: Your copy of ?Networking and Security for Dummies
If that's an issue then a hub ain't gonna be cutting it for ya anyway!! ;o) Mind you .. last time I worked in a fully hubbed environment about a decade back, the network basically ceased to work once critical mass was achieved at 09:30! Throwing a hub in somewhere is still sometimes useful for quick investigations/diagnostics. Depends on the business and their relationships with their switches .. a -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: 02 August 2010 16:16 To: NT System Admin Issues Subject: Re: Your copy of ?Networking and Security for Dummies Not if you want to capture data at modern speeds. On Mon, Aug 2, 2010 at 01:32, Alan Davies adav...@cls-services.com wrote: Yep - great for sniffing traffic too when you don't want to bother with a span port ;) a -Original Message- From: Angus Scott-Fleming [mailto:angu...@geoapps.com] Sent: 31 July 2010 05:31 To: NT System Admin Issues Subject: Re: Your copy of ?Networking and Security for Dummies On 30 Jul 2010 at 14:55, richardmccl...@aspca.org wrote: Hubs are still out there! Years ago, some folks did a great job of hiding them, like over ceilings, etc for workgroups. I've heard some motels use them since they're cheaper than switches. Download without form here: http://lto.libredigital.com/?SonicWALL_Dell_GettingStartedwithNetworking andSecurityforDummies Or use any email address @thisisnotmyrealemail.com in the form. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ WARNING: The information in this email and any attachments is confidential and may be legally privileged. If you are not the named addressee, you must not use, copy or disclose this email (including any attachments) or the information in it save to the named addressee nor take any action in reliance on it. If you receive this email or any attachments in error, please notify the sender immediately and then delete the same and any copies. CLS Services Ltd × Registered in England No 4132704 × Registered Office: Exchange Tower × One Harbour Exchange Square × London E14 9GE ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ WARNING: The information in this email and any attachments is confidential and may be legally privileged. If you are not the named addressee, you must not use, copy or disclose this email (including any attachments) or the information in it save to the named addressee nor take any action in reliance on it. If you receive this email or any attachments in error, please notify the sender immediately and then delete the same and any copies. CLS Services Ltd × Registered in England No 4132704 × Registered Office: Exchange Tower × One Harbour Exchange Square × London E14 9GE ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Free Outlook Alternatives
Maybe I'm missing something, but it doesn't work for me. The evolution-storage-exchange.exe process continually crashes and Evolution itself therefore hangs and runs away with all the PC's CPU resource. I'm running WinXP Pro SP3 all fully patched and up to date, so I don't know what else I'm missing. I'm assuming I don't have to do anything at the Exchange Server side and that it should connect to our server straight out of the box? TIA. From: Andrew Levicki [mailto:and...@levicki.me.uk] Sent: Monday 02 August 2010 08:32 To: NT System Admin Issues Subject: Re: Free Outlook Alternatives Hi Rab, Evolution has been ported to Windows recently: http://www.dipconsultants.com/evolution/ Regards, Andrew On 2 August 2010 16:20, Robert Jackson r...@walkermartyn.co.uk wrote: Anyone recommend a good free M$ Outlook alternative (for Windows) that fully integrates with Exchange Server (2003)? Regards, Rab. = Robert Jackson Phone: +44 (0) 141 332 7999 IT Manager Fax: +44 (0) 141 331 2820 Walker Martyn Ltd 1 Park Circus PlaceEmail: r...@walkermartyn.co.uk mailto:r...@walkermartyn.co.uk Glasgow G3 6AH, Scotland Web: http://www.walkermartyn.co.uk http://www.walkermartyn.co.uk = The information in this internet E-mail is confidential and is intended solely for the addressee. Access, copying or re-use of information in it by anyone else is unauthorised. Any views or opinions presented are solely those of the author and do not necessarily represent those of Walker Martyn Ltd or any of its affiliates. If you are not the intended recipient please contact administra...@walkermartyn.co.uk. Walker Martyn Ltd, company number SC197533. Company is registered in Scotland and has its registered office at 1 Park Circus Place, Glasgow G3 6AH, UK. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Holy mother of Vlad Tepes...
Very nice!! I'd love to see how they managed the sorting algorithm for the Indy category when they had to do it with chunks of data, rather than the whole data set at one time. There is only a *little* bit more data here: http://sortbenchmark.org/ *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * Signature powered by WiseStamp http://www.wisestamp.com/email-install On Tue, Aug 3, 2010 at 12:53 AM, Kurt Buff kurt.b...@gmail.com wrote: http://scienceblog.com/36957/data-sorting-world-record-falls-computer-scientists-break-terabyte-sort-barrier-in-60-seconds/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Desktop/Laptop Backup Software
Hi All, We are looking at options to enable us backup desktops and laptops automatically to a central storage system. I am aware of Symantec DLO. Anybody aware of alternatives cheaper in cost? Thanks, Lumumba. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: malware that creates Outlook rules
Not sure on the UM questions. Not an issue here as we don't have student housing or provide phones for them. I'm betting that it is possible though. -Original Message- From: Crawford, Scott [mailto:crawfo...@evangel.edu] Sent: Monday, August 02, 2010 5:46 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules Yeah, it's on the investigate list. It does happen with staff on occasion too, but not nearly as much as students. The major outstanding question I have is how to do Unified Messaging with Exchange if the mailbox is outsourced? It's prolly something simple, but I just haven't looked into it yet. -Original Message- From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, August 02, 2010 3:14 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules Ah ha. Didn't notice the .edu addy. In that case, I would seriously investigate outsourcing that to MS or Google. The entire Va. Community College System went with Google for student email and so far it has worked really well. Can't beat the cost too. Zero and the student gets to keep their same email as long as they want it. No advertisements in their account while they are students. No backups, spam, outages and all that other support headaches for me. Great big plus. -Original Message- From: Crawford, Scott [mailto:crawfo...@evangel.edu] Sent: Monday, August 02, 2010 4:05 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules Yeah, that sounds nice except we have 2000 students with an average of 500 new ones every year so our major issue isn't repeat offenders. -Original Message- From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, August 02, 2010 2:51 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules When this happened here, we disabled their email account until they completed our security awareness training, for the second time. With supervisors complete support. -Original Message- From: Osborne, Richard [mailto:richard.osbo...@wth.org] Sent: Monday, August 02, 2010 3:40 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules I have been monitoring the Exchange queues. It's the only way I can tell when it is happening. I found the aqadmcli.exe utility and have been using it to clean the queues (aqadmcli delmsg flags=SENDER,sender=bob.sm...@wth.org. I'll check the OWA logs ASAP. Assuming I have had three users reply to phishing e-mails, is there anything to fix besides changing their passwords? Thanks everyone for the suggestions. -Original Message- From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, August 02, 2010 2:35 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules Also check those exchange smtp queues. If it is compromised accounts the spammers can send spam via you owa faster than your exchange server can process so it will get backed up so disabling accounts or changing passwords wont stop it until the queues are emptied. -Original Message- From: Osborne, Richard [mailto:richard.osbo...@wth.org] Sent: Monday, August 02, 2010 3:32 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules I'm glad I'm not the only sufferer! I'll try and answer the other questions that were asked: 1) yes, the spam continued even with the user's account disabled and their PC powered off 2) yes, only our Exchange server can send SMTP to the Internet 3) my OWA servers are clean according to VIPRE MalwareBytes So far this has hit 3 users (out of ~5000). I have not seen any spam sent in the last 5 hours but I don't have any confidence that I have found the source. Maybe there's a PC with a high-privileged account that has been compromised and is sending out spam runs on a schedule? Currently I am getting up-to-date on patches on all my Exchange boxes. -Original Message- From: Thomas Mullins [mailto:tsmull...@wise.k12.va.us] Sent: Monday, August 02, 2010 2:17 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules We are having a similar issue. We changed the users password, and since that user is in a meeting, we turned his machine off. Looks like it has to be coming from OWA. Here is some info from an error message our external MTA sent to me (our Exchange guys are looking into the matter): Transcript of session follows. Out: 220 mail3.wise.k12.va.us ESMTP In: EHLO mail.wise.k12.va.us Out: 250-mail3.wise.k12.va.us Out: 250-PIPELINING Out: 250-SIZE 8 Out: 250-VRFY Out: 250-ETRN Out: 250-ENHANCEDSTATUSCODES Out: 250-8BITMIME Out: 250 DSN In: MAIL FROM:jev...@wise.k12.va.us SIZE=1163 Out: 250 2.1.0 Ok In: RCPT TO:fox2...@naseej.com Out: 250 2.1.5 Ok In: RCPT TO:khale...@naseej.com Out: 250 2.1.5 Ok In: RCPT TO:aboshw...@naseej.com Out: 250 2.1.5 Ok In: RCPT TO:abdul...@naseej.com Out: 250 2.1.5 Ok In: RCPT
RE: malware that creates Outlook rules
And just after I sent this the light came on, Google Voice should do UM. I'd let google handle voice mail, email and anything else they want to give to the students. -Original Message- From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Tuesday, August 03, 2010 7:42 AM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules Not sure on the UM questions. Not an issue here as we don't have student housing or provide phones for them. I'm betting that it is possible though. -Original Message- From: Crawford, Scott [mailto:crawfo...@evangel.edu] Sent: Monday, August 02, 2010 5:46 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules Yeah, it's on the investigate list. It does happen with staff on occasion too, but not nearly as much as students. The major outstanding question I have is how to do Unified Messaging with Exchange if the mailbox is outsourced? It's prolly something simple, but I just haven't looked into it yet. -Original Message- From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, August 02, 2010 3:14 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules Ah ha. Didn't notice the .edu addy. In that case, I would seriously investigate outsourcing that to MS or Google. The entire Va. Community College System went with Google for student email and so far it has worked really well. Can't beat the cost too. Zero and the student gets to keep their same email as long as they want it. No advertisements in their account while they are students. No backups, spam, outages and all that other support headaches for me. Great big plus. -Original Message- From: Crawford, Scott [mailto:crawfo...@evangel.edu] Sent: Monday, August 02, 2010 4:05 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules Yeah, that sounds nice except we have 2000 students with an average of 500 new ones every year so our major issue isn't repeat offenders. -Original Message- From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, August 02, 2010 2:51 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules When this happened here, we disabled their email account until they completed our security awareness training, for the second time. With supervisors complete support. -Original Message- From: Osborne, Richard [mailto:richard.osbo...@wth.org] Sent: Monday, August 02, 2010 3:40 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules I have been monitoring the Exchange queues. It's the only way I can tell when it is happening. I found the aqadmcli.exe utility and have been using it to clean the queues (aqadmcli delmsg flags=SENDER,sender=bob.sm...@wth.org. I'll check the OWA logs ASAP. Assuming I have had three users reply to phishing e-mails, is there anything to fix besides changing their passwords? Thanks everyone for the suggestions. -Original Message- From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, August 02, 2010 2:35 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules Also check those exchange smtp queues. If it is compromised accounts the spammers can send spam via you owa faster than your exchange server can process so it will get backed up so disabling accounts or changing passwords wont stop it until the queues are emptied. -Original Message- From: Osborne, Richard [mailto:richard.osbo...@wth.org] Sent: Monday, August 02, 2010 3:32 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules I'm glad I'm not the only sufferer! I'll try and answer the other questions that were asked: 1) yes, the spam continued even with the user's account disabled and their PC powered off 2) yes, only our Exchange server can send SMTP to the Internet 3) my OWA servers are clean according to VIPRE MalwareBytes So far this has hit 3 users (out of ~5000). I have not seen any spam sent in the last 5 hours but I don't have any confidence that I have found the source. Maybe there's a PC with a high-privileged account that has been compromised and is sending out spam runs on a schedule? Currently I am getting up-to-date on patches on all my Exchange boxes. -Original Message- From: Thomas Mullins [mailto:tsmull...@wise.k12.va.us] Sent: Monday, August 02, 2010 2:17 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules We are having a similar issue. We changed the users password, and since that user is in a meeting, we turned his machine off. Looks like it has to be coming from OWA. Here is some info from an error message our external MTA sent to me (our Exchange guys are looking into the matter): Transcript of session follows. Out: 220 mail3.wise.k12.va.us ESMTP In: EHLO mail.wise.k12.va.us Out: 250-mail3.wise.k12.va.us Out: 250-PIPELINING Out: 250-SIZE 8 Out: 250-VRFY Out: 250-ETRN
RE: Finding a huge file dump from June...
We're running Windows Storage Server 2003 R2 on one of our file servers here. As somewhat mentioned in the article, the reports are good but can be misleading. The reports are based on file ownership. If you have quotas set up for your user's home directories and all of the files in the directory are not owned by the user, then the reports don't come out right. We've had cases where users have filled their hard quota, yet the report states that they still have room. It's not perfect, but it came with the OS and does provide quota management and some useful, if not totally accurate, reporting. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Tuesday, August 03, 2010 12:07 AM To: NT System Admin Issues Subject: Re: Finding a huge file dump from June... Thanks - looks like a good read. On Mon, Aug 2, 2010 at 21:47, Sean Martin seanmarti...@gmail.com wrote: I like the command line options but the file resource reporting features are a good way to trend utilization. http://technet.microsoft.com/en-us/magazine/2006.05.getcontrol.aspx - Sean On Aug 2, 2010, at 8:14 PM, Kurt Buff kurt.b...@gmail.com wrote: The other thing that comes to mind is to check the backup logs from those dates. I don't know if my minion has set the logs to record files backed up, but if they are set that way, I can diff them and see what happened. If they aren't set that way, I'll have to see what kind of impact that logging will entail, and make a judgment... Kurt On Mon, Aug 2, 2010 at 17:59, Michael B. Smith mich...@smithcons.com wrote: In re: [1], either 'du' or 'find' can do what you want. I'm pretty sure that I had a native Windows application called scanner.exe that did that too - but I'm unable to locate it right now. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Monday, August 02, 2010 8:49 PM To: NT System Admin Issues Subject: Finding a huge file dump from June... All, On our file server we have a single 1.5tb partition - it's on a SAN. Over the course of 4 days recently it went from about 30% free to about 13% free - someone slammed around 200gb onto the file server. I have a general idea of where it might be - there are two top-level directories that are over 200gb each. However, windirstat hasn't been completely helpful, as I can't seem to isolate which files were loaded during those days, and none of the files that I've been looking at were huge - no ISO or VHD files worth mentioning, etc.. I also am pretty confident that there are a *bunch* of duplicate files on those directories. So, I'm looking for a couple of things: 1) A way to get a directory listing that supports a time/date stamp (my choice of atime, mtime or ctime) size and a complete path name for each file/directory on a single line - something like: 2009-01-08 16:12 854,509 K:\Groups\training\On-Site_Special_Training\Customer1.doc I've tried every trick I can think of for the 'dir' command and it won't do what I want, and the 'ls' command from gunuwin32 doesn't seem to want to do this either. Is there a powershell one-liner that can do this for me perhaps? 2) A recommendation for a duplicate file finder - cheap or free would be preferred. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Desktop/Laptop Backup Software
Are you looking to centrally manage the backups, or would each one backing up independently to a common storage area be good enough? Are you looking primarily for file based backup for important data, or do you need the up-and-running-quickly convenience of image based backup? On Tue, Aug 3, 2010 at 7:32 AM, Juma, Lumumba lcj...@icipe.org wrote: Hi All, We are looking at options to enable us backup desktops and laptops automatically to a central storage system. I am aware of Symantec DLO. Anybody aware of alternatives cheaper in cost? Thanks, Lumumba. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Finding a huge file dump from June...
Treesize Pro has a file search utility that let's you specify date ranges based on creation, changed and last access dates as well as name, size range, attributes and ownership. -- Bob Hartung Wisco Industries, Inc. 736 Janesville St. Oregon, WI 53575 Tel: (608) 835-3106 x215 Fax: (608) 835-7399 e-mail: bhartung(at)wiscoind.com _ From: Kurt Buff [mailto:kurt.b...@gmail.com] To: NT System Admin Issues [mailto:ntsysad...@lyris.sunbelt-software.com] Sent: Mon, 02 Aug 2010 19:48:59 -0500 Subject: Finding a huge file dump from June... All, On our file server we have a single 1.5tb partition - it's on a SAN. Over the course of 4 days recently it went from about 30% free to about 13% free - someone slammed around 200gb onto the file server. I have a general idea of where it might be - there are two top-level directories that are over 200gb each. However, windirstat hasn't been completely helpful, as I can't seem to isolate which files were loaded during those days, and none of the files that I've been looking at were huge - no ISO or VHD files worth mentioning, etc.. I also am pretty confident that there are a *bunch* of duplicate files on those directories. So, I'm looking for a couple of things: 1) A way to get a directory listing that supports a time/date stamp (my choice of atime, mtime or ctime) size and a complete path name for each file/directory on a single line - something like: 2009-01-08 16:12 854,509 K:\Groups\training\On-Site_Special_Training\Customer1.doc I've tried every trick I can think of for the 'dir' command and it won't do what I want, and the 'ls' command from gunuwin32 doesn't seem to want to do this either. Is there a powershell one-liner that can do this for me perhaps? 2) A recommendation for a duplicate file finder - cheap or free would be preferred. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Desktop/Laptop Backup Software
Centrally managed backups will be a better option, cant be too sure with users doing it themselves. I'd appreciate your proposals for image-based backup solns as well. Costs will determine what to go for. From: Richard Stovall [mailto:rich...@gmail.com] Sent: Tuesday, August 03, 2010 3:56 PM To: NT System Admin Issues Subject: Re: Desktop/Laptop Backup Software Are you looking to centrally manage the backups, or would each one backing up independently to a common storage area be good enough? Are you looking primarily for file based backup for important data, or do you need the up-and-running-quickly convenience of image based backup? On Tue, Aug 3, 2010 at 7:32 AM, Juma, Lumumba lcj...@icipe.orgmailto:lcj...@icipe.org wrote: Hi All, We are looking at options to enable us backup desktops and laptops automatically to a central storage system. I am aware of Symantec DLO. Anybody aware of alternatives cheaper in cost? Thanks, Lumumba. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Desktop/Laptop Backup Software
Not centrally managed, but we use Syncback (freeware) on our laptops to automagically backup the local Docs Settings folders to the server when they log in to the network. Desktop users know their locally stored files are at risk and are instructed to always save on the server shares. Die dulci fruere! Roger Wright ___ On Tue, Aug 3, 2010 at 7:32 AM, Juma, Lumumba lcj...@icipe.org wrote: Hi All, We are looking at options to enable us backup desktops and laptops automatically to a central storage system. I am aware of Symantec DLO. Anybody aware of alternatives cheaper in cost? Thanks, Lumumba. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Holy mother of Vlad Tepes...
Don't you remember tape sorts? If you have two sets of sorted data, A and B, creating a joined set of sorted data C involves only comparing one record each of A and B to determine which goes first. Then iterate. You can optimize that by retaining indices for each set of sorted data. So...joining the data is the easy part. Sorting the chunks is still the hard part. :) Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Tuesday, August 03, 2010 6:26 AM To: NT System Admin Issues Subject: Re: Holy mother of Vlad Tepes... Very nice!! I'd love to see how they managed the sorting algorithm for the Indy category when they had to do it with chunks of data, rather than the whole data set at one time. There is only a *little* bit more data here: http://sortbenchmark.org/ ASB (My XeeSM Profile)http://XeeSM.com/AndrewBaker Exploiting Technology for Business Advantage... Signature powered by WiseStamphttp://www.wisestamp.com/email-install On Tue, Aug 3, 2010 at 12:53 AM, Kurt Buff kurt.b...@gmail.commailto:kurt.b...@gmail.com wrote: http://scienceblog.com/36957/data-sorting-world-record-falls-computer-scientists-break-terabyte-sort-barrier-in-60-seconds/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Favs gone as result of KB2286198?
Win7 32-bit here, favs still there, although I rebooted right away after install. 64-bit box at home, will see what happened after I installed last night (at shutdown). Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com mailto:don.gu...@prufoxroach.com From: Steven M. Caesare [mailto:scaes...@caesare.com] Sent: Tuesday, August 03, 2010 9:57 AM To: NT System Admin Issues Subject: Favs gone as result of KB2286198? Well, that's interesting: Windows Update grabbed KB2286198 (the .lnk shell vuln fix) for me last night on my Win7x64 box. Now all my IE favorites are gone. It doesn't appear as if the box rebooted after the hotfix install. Anybody else? Perhaps I'll reboot the box. -sc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Favs gone as result of KB2286198?
Well, on my XP (SP3) box, my favorites are still here, and my box *did* reboot overnight. John-AldrichTile-Tools From: Steven M. Caesare [mailto:scaes...@caesare.com] Sent: Tuesday, August 03, 2010 9:57 AM To: NT System Admin Issues Subject: Favs gone as result of KB2286198? Well, that's interesting: Windows Update grabbed KB2286198 (the .lnk shell vuln fix) for me last night on my Win7x64 box. Now all my IE favorites are gone. It doesn't appear as if the box rebooted after the hotfix install. Anybody else? Perhaps I'll reboot the box. -sc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~image001.jpgimage002.jpg
Re: Favs gone as result of KB2286198?
No such behavior here on both Pro and Home versions of Win7 x64. I installed it manually on a couple of machines and each required a reboot. When they came back up the favorites were still there. (Though I don't have many because I rarely use IE.) Are they gone, gone, or did they revert to the default set? (MSN, Live, Microsoft, etc.) On Tue, Aug 3, 2010 at 9:57 AM, Steven M. Caesare scaes...@caesare.comwrote: Well, that’s interesting: Windows Update grabbed KB2286198 (the .lnk shell vuln fix) for me last night on my Win7x64 box. Now all my IE favorites are gone. It doesn’t appear as if the box rebooted after the hotfix install. Anybody else? Perhaps I’ll reboot the box. -sc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Favs gone as result of KB2286198?
All my IE faves are still there on my Win7 Ult x64 laptop. Webster From: Steven M. Caesare [mailto:scaes...@caesare.com] Subject: Favs gone as result of KB2286198? Well, that's interesting: Windows Update grabbed KB2286198 (the .lnk shell vuln fix) for me last night on my Win7x64 box. Now all my IE favorites are gone. It doesn't appear as if the box rebooted after the hotfix install. Anybody else? Perhaps I'll reboot the box. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Holy mother of Vlad Tepes...
No, I had quite forgotten... Thanks for reactivating that portion of my brain. There are other things there which were better left dormant. :) -ASB: http://XeeSM.com/AndrewBaker On Tue, Aug 3, 2010 at 9:36 AM, Michael B. Smith mich...@smithcons.comwrote: Don’t you remember tape sorts? If you have two sets of sorted data, “A” and “B”, creating a joined set of sorted data “C” involves only comparing one record each of “A” and “B” to determine which goes first. Then iterate. You can optimize that by retaining indices for each set of sorted data. So…joining the data is the easy part. Sorting the chunks is still the hard part. J Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com *From:* Andrew S. Baker [mailto:asbz...@gmail.com] *Sent:* Tuesday, August 03, 2010 6:26 AM *To:* NT System Admin Issues *Subject:* Re: Holy mother of Vlad Tepes... Very nice!! I'd love to see how they managed the sorting algorithm for the Indy category when they had to do it with chunks of data, rather than the whole data set at one time. There is only a *little* bit more data here: http://sortbenchmark.org/ *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * Signature powered by WiseStamp http://www.wisestamp.com/email-install On Tue, Aug 3, 2010 at 12:53 AM, Kurt Buff kurt.b...@gmail.com wrote: http://scienceblog.com/36957/data-sorting-world-record-falls-computer-scientists-break-terabyte-sort-barrier-in-60-seconds/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Favs gone as result of KB2286198?
Three or four so far all windows 7 64-Bit, and all have come up just fine, Favorites are still there. From: Steven M. Caesare [mailto:scaes...@caesare.com] Sent: Tuesday, August 03, 2010 8:57 AM To: NT System Admin Issues Subject: Favs gone as result of KB2286198? Well, that's interesting: Windows Update grabbed KB2286198 (the .lnk shell vuln fix) for me last night on my Win7x64 box. Now all my IE favorites are gone. It doesn't appear as if the box rebooted after the hotfix install. Anybody else? Perhaps I'll reboot the box. -sc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Favs gone as result of KB2286198?
Blank completely... no reverting. -sc From: Richard Stovall [mailto:rich...@gmail.com] Sent: Tuesday, August 03, 2010 10:08 AM To: NT System Admin Issues Subject: Re: Favs gone as result of KB2286198? No such behavior here on both Pro and Home versions of Win7 x64. I installed it manually on a couple of machines and each required a reboot. When they came back up the favorites were still there. (Though I don't have many because I rarely use IE.) Are they gone, gone, or did they revert to the default set? (MSN, Live, Microsoft, etc.) On Tue, Aug 3, 2010 at 9:57 AM, Steven M. Caesare scaes...@caesare.com wrote: Well, that's interesting: Windows Update grabbed KB2286198 (the .lnk shell vuln fix) for me last night on my Win7x64 box. Now all my IE favorites are gone. It doesn't appear as if the box rebooted after the hotfix install. Anybody else? Perhaps I'll reboot the box. -sc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Favs gone as result of KB2286198?
Windows XP SP3, IE 7.0. Favs still here, no probs. From: Steven M. Caesare [mailto:scaes...@caesare.com] Sent: Tuesday, August 03, 2010 8:57 AM To: NT System Admin Issues Subject: Favs gone as result of KB2286198? Well, that's interesting: Windows Update grabbed KB2286198 (the .lnk shell vuln fix) for me last night on my Win7x64 box. Now all my IE favorites are gone. It doesn't appear as if the box rebooted after the hotfix install. Anybody else? Perhaps I'll reboot the box. -sc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Favs gone as result of KB2286198?
Reboot fixed it. Wonder why my box didn't, nor was I given notification I needed to... I don't appear to have had anything open that would have prevented it, altho it does look like Security Essentials may have been in the middle of a scan. Thanks all. -sc From: Steven M. Caesare [mailto:scaes...@caesare.com] Sent: Tuesday, August 03, 2010 10:13 AM To: NT System Admin Issues Subject: RE: Favs gone as result of KB2286198? Blank completely... no reverting. -sc From: Richard Stovall [mailto:rich...@gmail.com] Sent: Tuesday, August 03, 2010 10:08 AM To: NT System Admin Issues Subject: Re: Favs gone as result of KB2286198? No such behavior here on both Pro and Home versions of Win7 x64. I installed it manually on a couple of machines and each required a reboot. When they came back up the favorites were still there. (Though I don't have many because I rarely use IE.) Are they gone, gone, or did they revert to the default set? (MSN, Live, Microsoft, etc.) On Tue, Aug 3, 2010 at 9:57 AM, Steven M. Caesare scaes...@caesare.com wrote: Well, that's interesting: Windows Update grabbed KB2286198 (the .lnk shell vuln fix) for me last night on my Win7x64 box. Now all my IE favorites are gone. It doesn't appear as if the box rebooted after the hotfix install. Anybody else? Perhaps I'll reboot the box. -sc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Desktop/Laptop Backup Software
Acronis workstation does image backups and can be centrally managed, but costs $74 US per license (per the website). I use it on my $WORK computer and it has been excellent. I have played around with Storegrid ( http://www.storegrid.com/online-backup/network-backup.php) and Robobak ( http://www.robobak.com/Solutions/smb.aspx), but haven't ever used either of them past the demonstration/POC phase. GFI has an interesting, and aggressively priced, product, but I have never tried it. http://www.gfi.com/business-backup-software/backup-be-pricing.htm Other GFI software I have used has been rock solid. If you don't have to manage the workstations centrally, there are tons of additional possibilities from reputable firms, and any number of FOSS options can be managed or unmanaged. Hope this helps, RS On Tue, Aug 3, 2010 at 9:03 AM, Juma, Lumumba lcj...@icipe.org wrote: Centrally managed backups will be a better option, cant be too sure with users doing it themselves. I'd appreciate your proposals for image-based backup solns as well. Costs will determine what to go for. -- *From:* Richard Stovall [mailto:rich...@gmail.com] *Sent:* Tuesday, August 03, 2010 3:56 PM *To:* NT System Admin Issues *Subject:* Re: Desktop/Laptop Backup Software Are you looking to centrally manage the backups, or would each one backing up independently to a common storage area be good enough? Are you looking primarily for file based backup for important data, or do you need the up-and-running-quickly convenience of image based backup? On Tue, Aug 3, 2010 at 7:32 AM, Juma, Lumumba lcj...@icipe.org wrote: Hi All, We are looking at options to enable us backup desktops and laptops automatically to a central storage system. I am aware of Symantec DLO. Anybody aware of alternatives cheaper in cost? Thanks, Lumumba. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Hyper-V and 'Default Gateway'
The box has four NICs in it. Although we currently only have two connected, one is the Host NIC and the other is used for the different virtual machines. We have two others we can grow into as need arises. Our Network department charges us per network connection, so we are trying to limit our connections until need arises. The free alternative would be to request multiple IP Addresses in the same range and grow into them as needed. On Sun, Aug 1, 2010 at 10:33 AM, Ken Schaefer k...@adopenstatic.com wrote: If you have multiple NICs on your machine, then there is no need for them to be all in the same subnet. Obviously they would connect to different interfaces of a router, or to ports on a switch that are on different VLANs. My guess is that you only have a single NIC. In that case, the virtual NIC on the guest, and the physical NIC on the host are both connected *at the other end* to a single switch port that needs to be connected to a single VLAN or router interface. In that case, they need to be on the same subnet. Cheers Ken -Original Message- From: Stephen Wimberly [mailto:swimbe...@gmail.com] Sent: Saturday, 31 July 2010 5:41 AM To: NT System Admin Issues Subject: Re: Hyper-V and 'Default Gateway' Thanks for the replies! Now I just need to beg our network team for addresses in the same subnet!!! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: malware that creates Outlook rules
Hmm, interesting. I like that. Of course, setting it up for all students automatically might prove to be tricky. -Original Message- From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Tuesday, August 03, 2010 6:44 AM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules And just after I sent this the light came on, Google Voice should do UM. I'd let google handle voice mail, email and anything else they want to give to the students. -Original Message- From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Tuesday, August 03, 2010 7:42 AM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules Not sure on the UM questions. Not an issue here as we don't have student housing or provide phones for them. I'm betting that it is possible though. -Original Message- From: Crawford, Scott [mailto:crawfo...@evangel.edu] Sent: Monday, August 02, 2010 5:46 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules Yeah, it's on the investigate list. It does happen with staff on occasion too, but not nearly as much as students. The major outstanding question I have is how to do Unified Messaging with Exchange if the mailbox is outsourced? It's prolly something simple, but I just haven't looked into it yet. -Original Message- From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, August 02, 2010 3:14 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules Ah ha. Didn't notice the .edu addy. In that case, I would seriously investigate outsourcing that to MS or Google. The entire Va. Community College System went with Google for student email and so far it has worked really well. Can't beat the cost too. Zero and the student gets to keep their same email as long as they want it. No advertisements in their account while they are students. No backups, spam, outages and all that other support headaches for me. Great big plus. -Original Message- From: Crawford, Scott [mailto:crawfo...@evangel.edu] Sent: Monday, August 02, 2010 4:05 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules Yeah, that sounds nice except we have 2000 students with an average of 500 new ones every year so our major issue isn't repeat offenders. -Original Message- From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, August 02, 2010 2:51 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules When this happened here, we disabled their email account until they completed our security awareness training, for the second time. With supervisors complete support. -Original Message- From: Osborne, Richard [mailto:richard.osbo...@wth.org] Sent: Monday, August 02, 2010 3:40 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules I have been monitoring the Exchange queues. It's the only way I can tell when it is happening. I found the aqadmcli.exe utility and have been using it to clean the queues (aqadmcli delmsg flags=SENDER,sender=bob.sm...@wth.org. I'll check the OWA logs ASAP. Assuming I have had three users reply to phishing e-mails, is there anything to fix besides changing their passwords? Thanks everyone for the suggestions. -Original Message- From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, August 02, 2010 2:35 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules Also check those exchange smtp queues. If it is compromised accounts the spammers can send spam via you owa faster than your exchange server can process so it will get backed up so disabling accounts or changing passwords wont stop it until the queues are emptied. -Original Message- From: Osborne, Richard [mailto:richard.osbo...@wth.org] Sent: Monday, August 02, 2010 3:32 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules I'm glad I'm not the only sufferer! I'll try and answer the other questions that were asked: 1) yes, the spam continued even with the user's account disabled and their PC powered off 2) yes, only our Exchange server can send SMTP to the Internet 3) my OWA servers are clean according to VIPRE MalwareBytes So far this has hit 3 users (out of ~5000). I have not seen any spam sent in the last 5 hours but I don't have any confidence that I have found the source. Maybe there's a PC with a high-privileged account that has been compromised and is sending out spam runs on a schedule? Currently I am getting up-to-date on patches on all my Exchange boxes. -Original Message- From: Thomas Mullins [mailto:tsmull...@wise.k12.va.us] Sent: Monday, August 02, 2010 2:17 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules We are having a similar issue. We changed the users password, and since that user is in a meeting, we turned his machine off. Looks like it has to be coming from OWA. Here is some info from
RE: Hyper-V and 'Default Gateway'
Then, there is no need for the IPs (host and guest) to be on the same subnet. The NIC that is used for the guests needs to be allocated to one VLAN (on your L3 switch, or otherwise connected to the appropriate interface on your router), and the NIC used by the host needs to be patched to a switch port on the other VLAN. Cheers Ken -Original Message- From: Stephen Wimberly [mailto:swimbe...@gmail.com] Sent: Tuesday, 3 August 2010 11:13 PM To: NT System Admin Issues Subject: Re: Hyper-V and 'Default Gateway' The box has four NICs in it. Although we currently only have two connected, one is the Host NIC and the other is used for the different virtual machines. We have two others we can grow into as need arises. Our Network department charges us per network connection, so we are trying to limit our connections until need arises. The free alternative would be to request multiple IP Addresses in the same range and grow into them as needed. On Sun, Aug 1, 2010 at 10:33 AM, Ken Schaefer k...@adopenstatic.com wrote: If you have multiple NICs on your machine, then there is no need for them to be all in the same subnet. Obviously they would connect to different interfaces of a router, or to ports on a switch that are on different VLANs. My guess is that you only have a single NIC. In that case, the virtual NIC on the guest, and the physical NIC on the host are both connected *at the other end* to a single switch port that needs to be connected to a single VLAN or router interface. In that case, they need to be on the same subnet. Cheers Ken -Original Message- From: Stephen Wimberly [mailto:swimbe...@gmail.com] Sent: Saturday, 31 July 2010 5:41 AM To: NT System Admin Issues Subject: Re: Hyper-V and 'Default Gateway' Thanks for the replies! Now I just need to beg our network team for addresses in the same subnet!!! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Desktop/Laptop Backup Software
BackupPC is a Linux based backup solution which I like for backing up laptops/desktops on at a file-based level. Version 3.2 was released a few days ago. http://backuppc.sourceforge.net/ Pros: * Free! (in both senses) * File-based full and incremental backups with versioning. * File-based de-duplication by linux hard-links. * Web based access to setup backups and restore. * Users can initiate their own backups, or restore their own files using the web interface. Cons: * SMB transfer is not VSS aware, so it doesn't copy open files. * Requires Linux experience (Although, you can just install a package on most distros, such as Ubuntu.) * Read the docs! Use a filesystem that supports large numbers of files. Ext(2|3|4) not recommended, but I've used XFS with success. --Matt Ross Ephrata School District - Original Message - From: Juma, Lumumba [mailto:lcj...@icipe.org] To: NT System Admin Issues [mailto:ntsysad...@lyris.sunbelt-software.com] Sent: Tue, 03 Aug 2010 04:32:15 -0700 Subject: Desktop/Laptop Backup Software Hi All, We are looking at options to enable us backup desktops and laptops automatically to a central storage system. I am aware of Symantec DLO. Anybody aware of alternatives cheaper in cost? Thanks, Lumumba. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Guilty, will change after reading this.
- do not plug surge protectors into a UPS. If they UPS runs on batteries it will usually generate a step sine wave which may destroy surge protectors (in particular tricky to find power strips without surge protector) http://isc.sans.edu/diary.html?storyid=9319 David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Guilty, will change after reading this.
Don't plug space heaters into them, either! David Lum david@nwea.org wrote on 08/03/2010 12:01:04 PM: - do not plug surge protectors into a UPS. If they UPS runs on batteries it will usually generate a step sine wave which may destroy surge protectors (in particular tricky to find power strips without surge protector) http://isc.sans.edu/diary.html?storyid=9319 David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: malware that creates Outlook rules
Actually this was happening all weekend. I was chasing my tail so hard I didn't think to e-mail this list until Monday. Lesson learned. Just to wrap up: thanks to Glen, Scott, Thomas, and anyone else who suggested the spam was coming from OWA via phished accounts. I looked at the IIS logs on the OWA server and found entries like this: ... GET /exchange/bob.smith/Drafts/ Cmd=new 443 bsmith x.x.x.x Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+InfoPath.2;+Crazy+Browser+3.0.3)... Which I suppose shows new e-mails being created in the Drafts folder. Any advice regarding interpreting these logs would be welcome. After changing the affected user's passwords I think we are in the clear. Exchange queues are quiet since yesterday. We publish OWA via ISA Server, so the OWA logs only the address of the ISA Server. We checked our firewall logs and found quite a bit of traffic to OWA from Nigeria India. We're in Tennessee, so we are able to block those addresses as we won't have any legitimate traffic from them. Based on the agent string above, I told URLScan to block Crazy Browser (http://www.crazybrowser.com/). I wonder how many other browsers there are I've never even heard of. Now I need to consider some kind of outbound anti-spam, figure out some scripting to notify me if the queues get out of hand, and get off all the blacklists I'm on. -- From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] Sent: Monday, August 02, 2010 2:50 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules We're a Lotus Notes shop using Postini as a relay, if it makes any difference... We had one desktop system here, and a few in NYC, where spam as being spewed out. This actually had nothing at all to do with Domino/Lotus but rather a rogue SMTP server which got snuck onto some workstations. We were able to track this down by monitoring SMTP traffic through our firewall. All SMTP traffic was to be comming from only one IP at each location, and it was all supposed to be directed to our Postini host. At least yours does not seem to be happening on a weekend... -- Richard D. McClary Systems Administrator, Information Technology Group ASPCA® 1717 S. Philo Rd, Ste 36 Urbana, IL 61802 richardmccl...@aspca.org P: 217-337-9761 C: 217-417-1182 F: 217-337-9761 www.aspca.org The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals® (ASPCA®) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. Osborne, Richard richard.osbo...@wth.org wrote on 08/02/2010 02:40:09 PM: I have been monitoring the Exchange queues. It's the only way I can tell when it is happening. I found the aqadmcli.exe utility and have been using it to clean the queues (aqadmcli delmsg flags=SENDER,sender=bob.sm...@wth.org. I'll check the OWA logs ASAP. Assuming I have had three users reply to phishing e-mails, is there anything to fix besides changing their passwords? Thanks everyone for the suggestions. -Original Message- From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, August 02, 2010 2:35 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules Also check those exchange smtp queues. If it is compromised accounts the spammers can send spam via you owa faster than your exchange server can process so it will get backed up so disabling accounts or changing passwords wont stop it until the queues are emptied. -Original Message- From: Osborne, Richard [mailto:richard.osbo...@wth.org] Sent: Monday, August 02, 2010 3:32 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules I'm glad I'm not the only sufferer! I'll try and answer the other questions that were asked: 1) yes, the spam continued even with the user's account disabled and their PC powered off 2) yes, only our Exchange server can send SMTP to the Internet 3) my OWA servers are clean according to VIPRE MalwareBytes So far this has hit 3 users (out of ~5000). I have not seen any spam sent in the last 5 hours but I don't have any confidence that I have found the source. Maybe there's a PC with a high-privileged account that has been compromised and is sending out spam runs on a schedule? Currently I am getting up-to-date on patches on all my Exchange boxes. -Original Message-
Re: Guilty, will change after reading this.
Personal mishap, Richard? richardmccl...@aspca.org 8/3/2010 10:06 AM Don't plug space heaters into them, either! David Lum david@nwea.org wrote on 08/03/2010 12:01:04 PM: - do not plug surge protectors into a UPS. If they UPS runs on batteries it will usually generate a step sine wave which may destroy surge protectors (in particular tricky to find power strips without surge protector) http://isc.sans.edu/diary.html?storyid=9319 David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: WMI information gathering
Anyone have any idea on this one? Joseph Heaton jhea...@dfg.ca.gov 8/2/2010 3:42 PM We have a group that wants to come in, and scan our servers to gather information. We want to cooperate with this effort, but we don't want to give them access to be able to write back to the servers. Is this possible? Is there a tool that can be used without an admin account, in order to gather information from within WMI? Please contact offline for further details, if needed. As always, I sincerely appreciate any assistance any of you may be able to provide. Thanks, Joe ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: WMI information gathering
Yes. You can give them a normal domain user's account and then set a GPO that assigns security via WMI Control at the root to give that user full read access. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] Sent: Tuesday, August 03, 2010 1:18 PM To: NT System Admin Issues Subject: Re: WMI information gathering Anyone have any idea on this one? Joseph Heaton jhea...@dfg.ca.gov 8/2/2010 3:42 PM We have a group that wants to come in, and scan our servers to gather information. We want to cooperate with this effort, but we don't want to give them access to be able to write back to the servers. Is this possible? Is there a tool that can be used without an admin account, in order to gather information from within WMI? Please contact offline for further details, if needed. As always, I sincerely appreciate any assistance any of you may be able to provide. Thanks, Joe ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: WMI information gathering
A quick Google for wmi access non administrator turned up quite a lot of hits, a number of which look like HowTo docs.. -Original Message- From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] Sent: Tuesday, August 03, 2010 1:18 PM To: NT System Admin Issues Subject: Re: WMI information gathering Anyone have any idea on this one? Joseph Heaton jhea...@dfg.ca.gov 8/2/2010 3:42 PM We have a group that wants to come in, and scan our servers to gather information. We want to cooperate with this effort, but we don't want to give them access to be able to write back to the servers. Is this possible? Is there a tool that can be used without an admin account, in order to gather information from within WMI? Please contact offline for further details, if needed. As always, I sincerely appreciate any assistance any of you may be able to provide. Thanks, Joe ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: WMI information gathering
My experience with WMI and CMDB or security scanner products tells me you are out of luck, at some point, the information they require is situated such that they require admin privs just to be able to read it. -Original Message- From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] Sent: Tuesday, August 03, 2010 10:18 AM To: NT System Admin Issues Subject: Re: WMI information gathering Anyone have any idea on this one? Joseph Heaton jhea...@dfg.ca.gov 8/2/2010 3:42 PM We have a group that wants to come in, and scan our servers to gather information. We want to cooperate with this effort, but we don't want to give them access to be able to write back to the servers. Is this possible? Is there a tool that can be used without an admin account, in order to gather information from within WMI? Please contact offline for further details, if needed. As always, I sincerely appreciate any assistance any of you may be able to provide. Thanks, Joe ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Guilty, will change after reading this.
Interesting, but isn't A/C power typically a sine wave? Or is it implying that the UPS generates a special sine wave that is different than what the utility company generates? 60Hz is the norm, is it not? Surge strips are typically no more than some metal oxide varistors placed across hot, neutral and ground. Some put torodial coils for noise reduction, but I don't know of anything in any of them that would damage the UPS or the surge strip. IMHO, I think the more accepted reason not to do it is because of the temptation to plug in more devices than the UPS is designed to handle, and thereby overload it. -Paul From: David Lum [mailto:david@nwea.org] Sent: Tuesday, August 03, 2010 12:01 PM To: NT System Admin Issues Subject: Guilty, will change after reading this. - do not plug surge protectors into a UPS. If they UPS runs on batteries it will usually generate a step sine wave which may destroy surge protectors (in particular tricky to find power strips without surge protector) http://isc.sans.edu/diary.html?storyid=9319 David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Guilty, will change after reading this.
Make sure you always plug your copiers and laser printers into UPSs. :-P - Original Message - From: Maglinger, Paul To: NT System Admin Issues Sent: Tuesday, August 03, 2010 1:31 PM Subject: RE: Guilty, will change after reading this. Interesting, but isn't A/C power typically a sine wave? Or is it implying that the UPS generates a special sine wave that is different than what the utility company generates? 60Hz is the norm, is it not? Surge strips are typically no more than some metal oxide varistors placed across hot, neutral and ground. Some put torodial coils for noise reduction, but I don't know of anything in any of them that would damage the UPS or the surge strip. IMHO, I think the more accepted reason not to do it is because of the temptation to plug in more devices than the UPS is designed to handle, and thereby overload it. -Paul From: David Lum [mailto:david@nwea.org] Sent: Tuesday, August 03, 2010 12:01 PM To: NT System Admin Issues Subject: Guilty, will change after reading this. - do not plug surge protectors into a UPS. If they UPS runs on batteries it will usually generate a step sine wave which may destroy surge protectors (in particular tricky to find power strips without surge protector) http://isc.sans.edu/diary.html?storyid=9319 David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Guilty, will change after reading this.
A stepped sine wave isn't really a sine wave. It's a multi-part set of square waves that somewhat approximate a since wave, and there are some electronic components that don't like them. I don't know if MOVs are still used in surge protectors, or if they're sensitive to them, but it's plausible to me that this might be true... Kurt On Tue, Aug 3, 2010 at 10:31, Maglinger, Paul pmaglin...@scvl.com wrote: Interesting, but isn’t A/C power typically a sine wave? Or is it implying that the UPS generates a “special” sine wave that is different than what the utility company generates? 60Hz is the norm, is it not? Surge strips are typically no more than some metal oxide varistors placed across hot, neutral and ground. Some put torodial coils for noise reduction, but I don’t know of anything in any of them that would damage the UPS or the surge strip. IMHO, I think the more accepted reason not to do it is because of the temptation to plug in more devices than the UPS is designed to handle, and thereby overload it. -Paul From: David Lum [mailto:david@nwea.org] Sent: Tuesday, August 03, 2010 12:01 PM To: NT System Admin Issues Subject: Guilty, will change after reading this. - do not plug surge protectors into a UPS. If they UPS runs on batteries it will usually generate a step sine wave which may destroy surge protectors (in particular tricky to find power strips without surge protector) http://isc.sans.edu/diary.html?storyid=9319 David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Guilty, will change after reading this.
When the UPS switches to battery power, it _can_ cause a dip or a spike which the surge protector may react to. I believe each time they do this it degrades the unit until it fails completely. I'm guilty of this too, but I've never had an issue with it. :) Thanks, Jeff Cain - supp...@sunbeltsoftware.commailto:supp...@sunbeltsoftware.com Technical Support Analyst Sunbelt Software, part of the GFI Software family www.sunbeltsoftware.comhttp://www.sunbeltsoftware.com/ Tel: 1-877-757-4094 Fax: +1 727-562-3402 From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Tuesday, August 03, 2010 1:31 PM To: NT System Admin Issues Subject: RE: Guilty, will change after reading this. Interesting, but isn't A/C power typically a sine wave? Or is it implying that the UPS generates a special sine wave that is different than what the utility company generates? 60Hz is the norm, is it not? Surge strips are typically no more than some metal oxide varistors placed across hot, neutral and ground. Some put torodial coils for noise reduction, but I don't know of anything in any of them that would damage the UPS or the surge strip. IMHO, I think the more accepted reason not to do it is because of the temptation to plug in more devices than the UPS is designed to handle, and thereby overload it. -Paul From: David Lum [mailto:david@nwea.org] Sent: Tuesday, August 03, 2010 12:01 PM To: NT System Admin Issues Subject: Guilty, will change after reading this. - do not plug surge protectors into a UPS. If they UPS runs on batteries it will usually generate a step sine wave which may destroy surge protectors (in particular tricky to find power strips without surge protector) http://isc.sans.edu/diary.html?storyid=9319 David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Guilty, will change after reading this.
Neither have I, but I have clients that are not immediately accessible to me and some of them have 2-3 power outages/year, long enough for the UPS to send a shutdown to systems. I *think* I'm ok for most of them but I wouldn't be surprised if somewhere I have a surge protector plugged into a UPS. Probably the client that will get a power outage 15 minutes after I hit *send* on this e-mail Dave From: Jeff Cain [mailto:je...@sunbelt-software.com] Sent: Tuesday, August 03, 2010 10:38 AM To: NT System Admin Issues Subject: RE: Guilty, will change after reading this. When the UPS switches to battery power, it _can_ cause a dip or a spike which the surge protector may react to. I believe each time they do this it degrades the unit until it fails completely. I'm guilty of this too, but I've never had an issue with it. :) Thanks, Jeff Cain - supp...@sunbeltsoftware.commailto:supp...@sunbeltsoftware.com Technical Support Analyst Sunbelt Software, part of the GFI Software family www.sunbeltsoftware.comhttp://www.sunbeltsoftware.com/ Tel: 1-877-757-4094 Fax: +1 727-562-3402 From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Tuesday, August 03, 2010 1:31 PM To: NT System Admin Issues Subject: RE: Guilty, will change after reading this. Interesting, but isn't A/C power typically a sine wave? Or is it implying that the UPS generates a special sine wave that is different than what the utility company generates? 60Hz is the norm, is it not? Surge strips are typically no more than some metal oxide varistors placed across hot, neutral and ground. Some put torodial coils for noise reduction, but I don't know of anything in any of them that would damage the UPS or the surge strip. IMHO, I think the more accepted reason not to do it is because of the temptation to plug in more devices than the UPS is designed to handle, and thereby overload it. -Paul From: David Lum [mailto:david@nwea.org] Sent: Tuesday, August 03, 2010 12:01 PM To: NT System Admin Issues Subject: Guilty, will change after reading this. - do not plug surge protectors into a UPS. If they UPS runs on batteries it will usually generate a step sine wave which may destroy surge protectors (in particular tricky to find power strips without surge protector) http://isc.sans.edu/diary.html?storyid=9319 David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
multihomed SQL, same subnet feasible?
Per subject line, as I've never dealt with a multiple NIC SQL server where both NICs are on the same IP range before. I have a situation where a production SQL instance has gone offline, and I lack the budget or time to simply replace it (out of warranty hardware, of course.). I DO have another server which I can transfer the load/backup to, but they would by necessity be on the same subnet and share the same gateway. Given this scenario, could I reasonably enable another NIC on my second server, using the IP of the downed machine, and enable a new instance of SQL for that network card? I don't need to worry about NetBIOS connections, as the client dumb devices and PCs are configured to use either the IP(dumb devices) or FQDN(PCs) ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Guilty, will change after reading this.
http://thomaswilburn.net/source/images/sample_sine.jpg A utility company sine wave is the blue line. The gray represents a stepped sine wave. In reality the utility output is generally full of jagged spikes :) On Tue, Aug 3, 2010 at 10:31 AM, Maglinger, Paul pmaglin...@scvl.com wrote: Interesting, but isn’t A/C power typically a sine wave? Or is it implying that the UPS generates a “special” sine wave that is different than what the utility company generates? 60Hz is the norm, is it not? Surge strips are typically no more than some metal oxide varistors placed across hot, neutral and ground. Some put torodial coils for noise reduction, but I don’t know of anything in any of them that would damage the UPS or the surge strip. IMHO, I think the more accepted reason not to do it is because of the temptation to plug in more devices than the UPS is designed to handle, and thereby overload it. -Paul From: David Lum [mailto:david@nwea.org] Sent: Tuesday, August 03, 2010 12:01 PM To: NT System Admin Issues Subject: Guilty, will change after reading this. - do not plug surge protectors into a UPS. If they UPS runs on batteries it will usually generate a step sine wave which may destroy surge protectors (in particular tricky to find power strips without surge protector) http://isc.sans.edu/diary.html?storyid=9319 David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Guilty, will change after reading this.
Ditto. John-AldrichTile-Tools From: Jeff Cain [mailto:je...@sunbelt-software.com] Sent: Tuesday, August 03, 2010 1:38 PM To: NT System Admin Issues Subject: RE: Guilty, will change after reading this. When the UPS switches to battery power, it _can_ cause a dip or a spike which the surge protector may react to. I believe each time they do this it degrades the unit until it fails completely. I'm guilty of this too, but I've never had an issue with it. J Thanks, Jeff Cain - supp...@sunbeltsoftware.com Technical Support Analyst Sunbelt Software, part of the GFI Software family www.sunbeltsoftware.com http://www.sunbeltsoftware.com/ Tel: 1-877-757-4094 Fax: +1 727-562-3402 From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Tuesday, August 03, 2010 1:31 PM To: NT System Admin Issues Subject: RE: Guilty, will change after reading this. Interesting, but isn't A/C power typically a sine wave? Or is it implying that the UPS generates a special sine wave that is different than what the utility company generates? 60Hz is the norm, is it not? Surge strips are typically no more than some metal oxide varistors placed across hot, neutral and ground. Some put torodial coils for noise reduction, but I don't know of anything in any of them that would damage the UPS or the surge strip. IMHO, I think the more accepted reason not to do it is because of the temptation to plug in more devices than the UPS is designed to handle, and thereby overload it. -Paul From: David Lum [mailto:david@nwea.org] Sent: Tuesday, August 03, 2010 12:01 PM To: NT System Admin Issues Subject: Guilty, will change after reading this. - do not plug surge protectors into a UPS. If they UPS runs on batteries it will usually generate a step sine wave which may destroy surge protectors (in particular tricky to find power strips without surge protector) http://isc.sans.edu/diary.html?storyid=9319 David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~image001.jpgimage002.jpg
Re: WMI information gathering
To be honest the real questions are; 1. Are you required to do this? (Usually yes) - if yes, can you gain benefit? (Usually you can) 2. Do they have documentation on least privilege necessary for their tools to run? On Tue, Aug 3, 2010 at 10:26 AM, Free, Bob r...@pge.com wrote: My experience with WMI and CMDB or security scanner products tells me you are out of luck, at some point, the information they require is situated such that they require admin privs just to be able to read it. -Original Message- From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] Sent: Tuesday, August 03, 2010 10:18 AM To: NT System Admin Issues Subject: Re: WMI information gathering Anyone have any idea on this one? Joseph Heaton jhea...@dfg.ca.gov 8/2/2010 3:42 PM We have a group that wants to come in, and scan our servers to gather information. We want to cooperate with this effort, but we don't want to give them access to be able to write back to the servers. Is this possible? Is there a tool that can be used without an admin account, in order to gather information from within WMI? Please contact offline for further details, if needed. As always, I sincerely appreciate any assistance any of you may be able to provide. Thanks, Joe ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Guilty, will change after reading this.
No... I was the one who had to console the poor student (giving the melted mass time to cool down) and then contact APC. You'd not believe it, but APC actually wanted to look at the unit to see why the breaker did not trip. They actually replaced it with a new one! Joseph Heaton jhea...@dfg.ca.gov wrote on 08/03/2010 12:17:37 PM: Personal mishap, Richard? richardmccl...@aspca.org 8/3/2010 10:06 AM Don't plug space heaters into them, either! David Lum david@nwea.org wrote on 08/03/2010 12:01:04 PM: - do not plug surge protectors into a UPS. If they UPS runs on batteries it will usually generate a step sine wave which may destroy surge protectors (in particular tricky to find power strips without surge protector) http://isc.sans.edu/diary.html?storyid=9319 David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Guilty, will change after reading this.
I would. Even if something like that is a 'no no', I can imagine it would disturb APC to no end that it happened without the unit shutting itself off at all. The closest I had was when I very forcefully explained to the electrician that he could NOT plug his drill into my UPS and he could get a damn extension cord as there were no other outlets available in the server room. We had dedicated plugs to the UPS and a few non-UPS outlets in the toom but they were all in use. He was not our regular guy. Steven On Tue, Aug 3, 2010 at 10:49 AM, richardmccl...@aspca.org wrote: No... I was the one who had to console the poor student (giving the melted mass time to cool down) and then contact APC. You'd not believe it, but APC actually wanted to look at the unit to see why the breaker did not trip. They actually replaced it with a new one! Joseph Heaton jhea...@dfg.ca.gov wrote on 08/03/2010 12:17:37 PM: Personal mishap, Richard? richardmccl...@aspca.org 8/3/2010 10:06 AM Don't plug space heaters into them, either! David Lum david@nwea.org wrote on 08/03/2010 12:01:04 PM: - do not plug surge protectors into a UPS. If they UPS runs on batteries it will usually generate a step sine wave which may destroy surge protectors (in particular tricky to find power strips without surge protector) http://isc.sans.edu/diary.html?storyid=9319 David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: WMI information gathering
1. Yes, we are required to do this. It's supposed to be for information gathering only, but we're trying to cover our backsides, in case they mess something up. Yes, we can gain benefit, in that we can use this to get WMI access for our Orion product. 2. Documentation is a difficult thing. The wording of their message is such that they feel it's not a big deal for us to just give them a domain admin account to play with. Steven Peck sep...@gmail.com 8/3/2010 10:49 AM To be honest the real questions are; 1. Are you required to do this? (Usually yes) - if yes, can you gain benefit? (Usually you can) 2. Do they have documentation on least privilege necessary for their tools to run? On Tue, Aug 3, 2010 at 10:26 AM, Free, Bob r...@pge.com wrote: My experience with WMI and CMDB or security scanner products tells me you are out of luck, at some point, the information they require is situated such that they require admin privs just to be able to read it. -Original Message- From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] Sent: Tuesday, August 03, 2010 10:18 AM To: NT System Admin Issues Subject: Re: WMI information gathering Anyone have any idea on this one? Joseph Heaton jhea...@dfg.ca.gov 8/2/2010 3:42 PM We have a group that wants to come in, and scan our servers to gather information. We want to cooperate with this effort, but we don't want to give them access to be able to write back to the servers. Is this possible? Is there a tool that can be used without an admin account, in order to gather information from within WMI? Please contact offline for further details, if needed. As always, I sincerely appreciate any assistance any of you may be able to provide. Thanks, Joe ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Guilty, will change after reading this.
We actually had a cabling contractor come in one time that plugged a fiber termination heater into a UPS that powered the main switch for a large 4 story multi-tenant building. Fortunately it didn't cause any damage - all it did was overload the UPS and consequently the switch lost power. Needless to say, I was not happy, as practically every tenant in the building at the time needed hospital connectivity, which was fed through the switch that he took down. Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA jra...@eaglemds.com www.eaglemds.com -Original Message- From: Steven Peck [mailto:sep...@gmail.com] Sent: Tuesday, August 03, 2010 1:54 PM To: NT System Admin Issues Subject: Re: Guilty, will change after reading this. I would. Even if something like that is a 'no no', I can imagine it would disturb APC to no end that it happened without the unit shutting itself off at all. The closest I had was when I very forcefully explained to the electrician that he could NOT plug his drill into my UPS and he could get a damn extension cord as there were no other outlets available in the server room. We had dedicated plugs to the UPS and a few non-UPS outlets in the toom but they were all in use. He was not our regular guy. Steven On Tue, Aug 3, 2010 at 10:49 AM, richardmccl...@aspca.org wrote: No... I was the one who had to console the poor student (giving the melted mass time to cool down) and then contact APC. You'd not believe it, but APC actually wanted to look at the unit to see why the breaker did not trip. They actually replaced it with a new one! Joseph Heaton jhea...@dfg.ca.gov wrote on 08/03/2010 12:17:37 PM: Personal mishap, Richard? richardmccl...@aspca.org 8/3/2010 10:06 AM Don't plug space heaters into them, either! David Lum david@nwea.org wrote on 08/03/2010 12:01:04 PM: - do not plug surge protectors into a UPS. If they UPS runs on batteries it will usually generate a step sine wave which may destroy surge protectors (in particular tricky to find power strips without surge protector) http://isc.sans.edu/diary.html?storyid=9319 David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ Any medical information contained in this electronic message is CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to view, copy, disclose, or disseminate CONFIDENTIAL information. This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and/or entity named as recipients in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete this material from your computer. Do not deliver, distribute or copy this message, and do not disclose its contents or take any action in reliance on the information that it contains. Any medical information contained in this electronic message is CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to view, copy, disclose, or disseminate CONFIDENTIAL information. This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and/or entity named as recipients in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete this material from your computer. Do not deliver, distribute or copy this message, and do not disclose its contents or take any action in reliance on the information that it contains. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: WMI information gathering
Oh. Orion. Yes, that response is somehow not a surprise to me. On Tue, Aug 3, 2010 at 11:15 AM, Joseph Heaton jhea...@dfg.ca.gov wrote: 1. Yes, we are required to do this. It's supposed to be for information gathering only, but we're trying to cover our backsides, in case they mess something up. Yes, we can gain benefit, in that we can use this to get WMI access for our Orion product. 2. Documentation is a difficult thing. The wording of their message is such that they feel it's not a big deal for us to just give them a domain admin account to play with. Steven Peck sep...@gmail.com 8/3/2010 10:49 AM To be honest the real questions are; 1. Are you required to do this? (Usually yes) - if yes, can you gain benefit? (Usually you can) 2. Do they have documentation on least privilege necessary for their tools to run? On Tue, Aug 3, 2010 at 10:26 AM, Free, Bob r...@pge.com wrote: My experience with WMI and CMDB or security scanner products tells me you are out of luck, at some point, the information they require is situated such that they require admin privs just to be able to read it. -Original Message- From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] Sent: Tuesday, August 03, 2010 10:18 AM To: NT System Admin Issues Subject: Re: WMI information gathering Anyone have any idea on this one? Joseph Heaton jhea...@dfg.ca.gov 8/2/2010 3:42 PM We have a group that wants to come in, and scan our servers to gather information. We want to cooperate with this effort, but we don't want to give them access to be able to write back to the servers. Is this possible? Is there a tool that can be used without an admin account, in order to gather information from within WMI? Please contact offline for further details, if needed. As always, I sincerely appreciate any assistance any of you may be able to provide. Thanks, Joe ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Guilty, will change after reading this.
We replaced a UPS for a client where the old unit was used on a ship. Due to the fact the unit was not suitable it failed and left a diver at the bottom of the sea - they had to resort to tugging on ropes to get the guy back! They also had the most important bit of equipment plugged into the surge-only socket. In the UK it is a bit easier to control as power tools tend to have 3-pin plugs while UPS units have the IEC plugs and sockets Mike -Original Message- From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com] Sent: 03 August 2010 19:17 To: NT System Admin Issues Subject: RE: Guilty, will change after reading this. We actually had a cabling contractor come in one time that plugged a fiber termination heater into a UPS that powered the main switch for a large 4 story multi-tenant building. Fortunately it didn't cause any damage - all it did was overload the UPS and consequently the switch lost power. Needless to say, I was not happy, as practically every tenant in the building at the time needed hospital connectivity, which was fed through the switch that he took down. Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA jra...@eaglemds.com www.eaglemds.com -Original Message- From: Steven Peck [mailto:sep...@gmail.com] Sent: Tuesday, August 03, 2010 1:54 PM To: NT System Admin Issues Subject: Re: Guilty, will change after reading this. I would. Even if something like that is a 'no no', I can imagine it would disturb APC to no end that it happened without the unit shutting itself off at all. The closest I had was when I very forcefully explained to the electrician that he could NOT plug his drill into my UPS and he could get a damn extension cord as there were no other outlets available in the server room. We had dedicated plugs to the UPS and a few non-UPS outlets in the toom but they were all in use. He was not our regular guy. Steven On Tue, Aug 3, 2010 at 10:49 AM, richardmccl...@aspca.org wrote: No... I was the one who had to console the poor student (giving the melted mass time to cool down) and then contact APC. You'd not believe it, but APC actually wanted to look at the unit to see why the breaker did not trip. They actually replaced it with a new one! Joseph Heaton jhea...@dfg.ca.gov wrote on 08/03/2010 12:17:37 PM: Personal mishap, Richard? richardmccl...@aspca.org 8/3/2010 10:06 AM Don't plug space heaters into them, either! David Lum david@nwea.org wrote on 08/03/2010 12:01:04 PM: - do not plug surge protectors into a UPS. If they UPS runs on batteries it will usually generate a step sine wave which may destroy surge protectors (in particular tricky to find power strips without surge protector) http://isc.sans.edu/diary.html?storyid=9319 David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ Any medical information contained in this electronic message is CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to view, copy, disclose, or disseminate CONFIDENTIAL information. This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and/or entity named as recipients in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete this material from your computer. Do not deliver, distribute or copy this message, and do not disclose its contents or take any action in reliance on the information that it contains. Any medical information contained in this electronic message is CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to view, copy, disclose, or disseminate CONFIDENTIAL information. This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and/or entity named as recipients in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete this material from your computer. Do not deliver, distribute or copy this message, and do not disclose its contents or take any action in reliance on the information that it contains. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
Re: WMI information gathering
Orion is our internal benefit to implementing WMI, but the outside people coming in and wanting to use it to gather some mysterious, as of yet undefined, information is what concerns us. Steven Peck sep...@gmail.com 8/3/2010 11:21 AM Oh. Orion. Yes, that response is somehow not a surprise to me. On Tue, Aug 3, 2010 at 11:15 AM, Joseph Heaton jhea...@dfg.ca.gov wrote: 1. Yes, we are required to do this. It's supposed to be for information gathering only, but we're trying to cover our backsides, in case they mess something up. Yes, we can gain benefit, in that we can use this to get WMI access for our Orion product. 2. Documentation is a difficult thing. The wording of their message is such that they feel it's not a big deal for us to just give them a domain admin account to play with. Steven Peck sep...@gmail.com 8/3/2010 10:49 AM To be honest the real questions are; 1. Are you required to do this? (Usually yes) - if yes, can you gain benefit? (Usually you can) 2. Do they have documentation on least privilege necessary for their tools to run? On Tue, Aug 3, 2010 at 10:26 AM, Free, Bob r...@pge.com wrote: My experience with WMI and CMDB or security scanner products tells me you are out of luck, at some point, the information they require is situated such that they require admin privs just to be able to read it. -Original Message- From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] Sent: Tuesday, August 03, 2010 10:18 AM To: NT System Admin Issues Subject: Re: WMI information gathering Anyone have any idea on this one? Joseph Heaton jhea...@dfg.ca.gov 8/2/2010 3:42 PM We have a group that wants to come in, and scan our servers to gather information. We want to cooperate with this effort, but we don't want to give them access to be able to write back to the servers. Is this possible? Is there a tool that can be used without an admin account, in order to gather information from within WMI? Please contact offline for further details, if needed. As always, I sincerely appreciate any assistance any of you may be able to provide. Thanks, Joe ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Guilty, will change after reading this.
I have used the board room analogy for surge protectors into UPSs as using a stack of coffee filters in the coffee maker basket. If one filter is good, then 10 should be great, right ? But what happens, you impede the proper flow through the filter. I know, a crude analogy that is not technically accurrate to the details, but prevents the Charlie-Brown's Teacher (wa-wa-wah-wah )effect when I speak. On Tue, Aug 3, 2010 at 1:01 PM, David Lum david@nwea.org wrote: - do not plug surge protectors into a UPS. If they UPS runs on batteries it will usually generate a step sine wave which may destroy surge protectors (in particular tricky to find power strips without surge protector) http://isc.sans.edu/diary.html?storyid=9319 *David Lum** **// *SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 *// *(Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: WMI information gathering
Domain Admin access not a big deal? Morons. I wouldn't let any third parties near a Domain Admin account. On 3 August 2010 19:15, Joseph Heaton jhea...@dfg.ca.gov wrote: 1. Yes, we are required to do this. It's supposed to be for information gathering only, but we're trying to cover our backsides, in case they mess something up. Yes, we can gain benefit, in that we can use this to get WMI access for our Orion product. 2. Documentation is a difficult thing. The wording of their message is such that they feel it's not a big deal for us to just give them a domain admin account to play with. Steven Peck sep...@gmail.com 8/3/2010 10:49 AM To be honest the real questions are; 1. Are you required to do this? (Usually yes) - if yes, can you gain benefit? (Usually you can) 2. Do they have documentation on least privilege necessary for their tools to run? On Tue, Aug 3, 2010 at 10:26 AM, Free, Bob r...@pge.com wrote: My experience with WMI and CMDB or security scanner products tells me you are out of luck, at some point, the information they require is situated such that they require admin privs just to be able to read it. -Original Message- From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] Sent: Tuesday, August 03, 2010 10:18 AM To: NT System Admin Issues Subject: Re: WMI information gathering Anyone have any idea on this one? Joseph Heaton jhea...@dfg.ca.gov 8/2/2010 3:42 PM We have a group that wants to come in, and scan our servers to gather information. We want to cooperate with this effort, but we don't want to give them access to be able to write back to the servers. Is this possible? Is there a tool that can be used without an admin account, in order to gather information from within WMI? Please contact offline for further details, if needed. As always, I sincerely appreciate any assistance any of you may be able to provide. Thanks, Joe ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: WMI information gathering
Exactly! Which is why we're trying to figure out if we can comply, by letting them get whatever info they need, without giving them the keys to our domain... James Rankin kz2...@googlemail.com 8/3/2010 11:38 AM Domain Admin access not a big deal? Morons. I wouldn't let any third parties near a Domain Admin account. On 3 August 2010 19:15, Joseph Heaton jhea...@dfg.ca.gov wrote: 1. Yes, we are required to do this. It's supposed to be for information gathering only, but we're trying to cover our backsides, in case they mess something up. Yes, we can gain benefit, in that we can use this to get WMI access for our Orion product. 2. Documentation is a difficult thing. The wording of their message is such that they feel it's not a big deal for us to just give them a domain admin account to play with. Steven Peck sep...@gmail.com 8/3/2010 10:49 AM To be honest the real questions are; 1. Are you required to do this? (Usually yes) - if yes, can you gain benefit? (Usually you can) 2. Do they have documentation on least privilege necessary for their tools to run? On Tue, Aug 3, 2010 at 10:26 AM, Free, Bob r...@pge.com wrote: My experience with WMI and CMDB or security scanner products tells me you are out of luck, at some point, the information they require is situated such that they require admin privs just to be able to read it. -Original Message- From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] Sent: Tuesday, August 03, 2010 10:18 AM To: NT System Admin Issues Subject: Re: WMI information gathering Anyone have any idea on this one? Joseph Heaton jhea...@dfg.ca.gov 8/2/2010 3:42 PM We have a group that wants to come in, and scan our servers to gather information. We want to cooperate with this effort, but we don't want to give them access to be able to write back to the servers. Is this possible? Is there a tool that can be used without an admin account, in order to gather information from within WMI? Please contact offline for further details, if needed. As always, I sincerely appreciate any assistance any of you may be able to provide. Thanks, Joe ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: WMI information gathering
Scripts can do this - check out the Script-o-matics on the Microsoft scripting pages for both a PowerShell version and a VB Script version. Also, Kim Opalfens has done some really good articles on WMI recently: http://www.myitforum.com/absolutenm/default.aspx?zoneid=89search=Kim+Oppalf ens -Original Message- From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] Sent: Tuesday, August 03, 2010 7:49 PM To: NT System Admin Issues Subject: Re: WMI information gathering Exactly! Which is why we're trying to figure out if we can comply, by letting them get whatever info they need, without giving them the keys to our domain... James Rankin kz2...@googlemail.com 8/3/2010 11:38 AM Domain Admin access not a big deal? Morons. I wouldn't let any third parties near a Domain Admin account. On 3 August 2010 19:15, Joseph Heaton jhea...@dfg.ca.gov wrote: 1. Yes, we are required to do this. It's supposed to be for information gathering only, but we're trying to cover our backsides, in case they mess something up. Yes, we can gain benefit, in that we can use this to get WMI access for our Orion product. 2. Documentation is a difficult thing. The wording of their message is such that they feel it's not a big deal for us to just give them a domain admin account to play with. Steven Peck sep...@gmail.com 8/3/2010 10:49 AM To be honest the real questions are; 1. Are you required to do this? (Usually yes) - if yes, can you gain benefit? (Usually you can) 2. Do they have documentation on least privilege necessary for their tools to run? On Tue, Aug 3, 2010 at 10:26 AM, Free, Bob r...@pge.com wrote: My experience with WMI and CMDB or security scanner products tells me you are out of luck, at some point, the information they require is situated such that they require admin privs just to be able to read it. -Original Message- From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] Sent: Tuesday, August 03, 2010 10:18 AM To: NT System Admin Issues Subject: Re: WMI information gathering Anyone have any idea on this one? Joseph Heaton jhea...@dfg.ca.gov 8/2/2010 3:42 PM We have a group that wants to come in, and scan our servers to gather information. We want to cooperate with this effort, but we don't want to give them access to be able to write back to the servers. Is this possible? Is there a tool that can be used without an admin account, in order to gather information from within WMI? Please contact offline for further details, if needed. As always, I sincerely appreciate any assistance any of you may be able to provide. Thanks, Joe ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: WMI information gathering
I would go and test MBS's suggestion. Either that or I'd set up a standard user account myself and see what needed tweaking to make their WMI stuff work. Procmon may be a particular help here. This reminds me sometimes about the perception of admin access. When I used to work for a big outsourcer we got a lot of complaining from their previous IT guys about how they needed admin access to do certain things (I remember AutoCAD being a particular pain). We simply gave them a new account which was prefixed admin and added the Create Global Objects user right via GPO, which let AutoCAD function, and they were happy as pigs in poo. Despite the fact that their admin account couldn't really do much more than the account of a bog-standard user. On 3 August 2010 19:49, Joseph Heaton jhea...@dfg.ca.gov wrote: Exactly! Which is why we're trying to figure out if we can comply, by letting them get whatever info they need, without giving them the keys to our domain... James Rankin kz2...@googlemail.com 8/3/2010 11:38 AM Domain Admin access not a big deal? Morons. I wouldn't let any third parties near a Domain Admin account. On 3 August 2010 19:15, Joseph Heaton jhea...@dfg.ca.gov wrote: 1. Yes, we are required to do this. It's supposed to be for information gathering only, but we're trying to cover our backsides, in case they mess something up. Yes, we can gain benefit, in that we can use this to get WMI access for our Orion product. 2. Documentation is a difficult thing. The wording of their message is such that they feel it's not a big deal for us to just give them a domain admin account to play with. Steven Peck sep...@gmail.com 8/3/2010 10:49 AM To be honest the real questions are; 1. Are you required to do this? (Usually yes) - if yes, can you gain benefit? (Usually you can) 2. Do they have documentation on least privilege necessary for their tools to run? On Tue, Aug 3, 2010 at 10:26 AM, Free, Bob r...@pge.com wrote: My experience with WMI and CMDB or security scanner products tells me you are out of luck, at some point, the information they require is situated such that they require admin privs just to be able to read it. -Original Message- From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] Sent: Tuesday, August 03, 2010 10:18 AM To: NT System Admin Issues Subject: Re: WMI information gathering Anyone have any idea on this one? Joseph Heaton jhea...@dfg.ca.gov 8/2/2010 3:42 PM We have a group that wants to come in, and scan our servers to gather information. We want to cooperate with this effort, but we don't want to give them access to be able to write back to the servers. Is this possible? Is there a tool that can be used without an admin account, in order to gather information from within WMI? Please contact offline for further details, if needed. As always, I sincerely appreciate any assistance any of you may be able to provide. Thanks, Joe ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Acronis + trueimagecmd.exe, + scripting. Any scripted acronis echo bacups?
So far my script for each day is one image backup OF OS, one image backup of data. Script (I have scripts one for each day of the week). echo Monday Backup W drive D:\Program Files\Acronis\TrueImageEchoServer\TrueImageCmd.exe /create /partition:1-1,1-2,1-3 /filename:w:\OSimageBackup\Monday.tib ping -w 1000 -n 20 0.0.0.0 nul D:\Program Files\Acronis\TrueImageEchoServer\TrueImageCmd.exe /create /partition:2-1 /filename:w:\DataImageBackup\Mondaydata.tib -- I have a task for each day, and on friday two task, one for weekly and one for fridays. Most backup take up 20 gigs most for OS, and 20 gigs for data. Small office. Is this good idea the way I setup script. Script 2 D:\Program Files\Acronis\TrueImageEchoServer\TrueImageCmd.exe /create /partition:2-1 /filename:V:\DataImageBackup\week\week1data.tib frist friday of the month - script 3 D:\Program Files\Acronis\TrueImageEchoServer\TrueImageCmd.exe /create /partition:2-1 /filename:V:\DataImageBackup\week\week2data.tib second friday of the month script 4 D:\Program Files\Acronis\TrueImageEchoServer\TrueImageCmd.exe /create /partition:2-1 /filename:V:\DataImageBackup\week\week3data.tib third friday of the month - script5 D:\Program Files\Acronis\TrueImageEchoServer\TrueImageCmd.exe /create /partition:2-1 /filename:V:\DataImageBackup\week\week4data.tib last friday of the month -- What would you change if anything, the NAS I am backing up to is 500 gigs, and backup full are around 40gigs, one 20 gig OS image, and one 20 gig data image. Task scheduler runs the task. Acronis Echo CLI version does replace old *.tib with new one (e.g. TUESDAY.TIB from last week, is replace with TUESDAY.TIB of this week... -- AM I safe with this backup scripts. Justin IT-TECH ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Finding a huge file dump from June...
I tested this against a small directory, and am now running this: PS K:\ get-childitem k:\groups -force -recurse | format-table creationtime,length,fullname -auto | findstr ^2010-06-2 | findstr /v ^2010-06-20 | findstr /v ^2010-06-21 | findstr /v ^2010-06-22 | findstr /v ^2010-06-23 | findstr /v 2010-06-27 | findstr /v ^2010-06-28 | findstr /v ^2010-06-29 out.txt Your hint with 'fullname' was the last piece of the puzzle. I really need to start reading my powershell books - putting them underneath my pillow just isn't cutting it... Need. More. Time. Kurt On Mon, Aug 2, 2010 at 20:52, Rubens Almeida rubensalme...@gmail.com wrote: PowerShell... and here's one of my favorites one-liners to find big files: dir c:\temp -force -recurse | sort length -desc | format-table creationtime,lastwritetime,lastaccesstime,length,fullname -auto You can sort the results replacing the length by any of the properties after format-table On Mon, Aug 2, 2010 at 9:48 PM, Kurt Buff kurt.b...@gmail.com wrote: All, On our file server we have a single 1.5tb partition - it's on a SAN. Over the course of 4 days recently it went from about 30% free to about 13% free - someone slammed around 200gb onto the file server. I have a general idea of where it might be - there are two top-level directories that are over 200gb each. However, windirstat hasn't been completely helpful, as I can't seem to isolate which files were loaded during those days, and none of the files that I've been looking at were huge - no ISO or VHD files worth mentioning, etc.. I also am pretty confident that there are a *bunch* of duplicate files on those directories. So, I'm looking for a couple of things: 1) A way to get a directory listing that supports a time/date stamp (my choice of atime, mtime or ctime) size and a complete path name for each file/directory on a single line - something like: 2009-01-08 16:12 854,509 K:\Groups\training\On-Site_Special_Training\Customer1.doc I've tried every trick I can think of for the 'dir' command and it won't do what I want, and the 'ls' command from gunuwin32 doesn't seem to want to do this either. Is there a powershell one-liner that can do this for me perhaps? 2) A recommendation for a duplicate file finder - cheap or free would be preferred. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Finding a huge file dump from June...
You can also replace FindStr with native PowerShell CMDLet Select-String! I've even created me a nice alias to it suggestively called grep ;) On Tue, Aug 3, 2010 at 4:07 PM, Kurt Buff kurt.b...@gmail.com wrote: I tested this against a small directory, and am now running this: PS K:\ get-childitem k:\groups -force -recurse | format-table creationtime,length,fullname -auto | findstr ^2010-06-2 | findstr /v ^2010-06-20 | findstr /v ^2010-06-21 | findstr /v ^2010-06-22 | findstr /v ^2010-06-23 | findstr /v 2010-06-27 | findstr /v ^2010-06-28 | findstr /v ^2010-06-29 out.txt Your hint with 'fullname' was the last piece of the puzzle. I really need to start reading my powershell books - putting them underneath my pillow just isn't cutting it... Need. More. Time. Kurt On Mon, Aug 2, 2010 at 20:52, Rubens Almeida rubensalme...@gmail.com wrote: PowerShell... and here's one of my favorites one-liners to find big files: dir c:\temp -force -recurse | sort length -desc | format-table creationtime,lastwritetime,lastaccesstime,length,fullname -auto You can sort the results replacing the length by any of the properties after format-table On Mon, Aug 2, 2010 at 9:48 PM, Kurt Buff kurt.b...@gmail.com wrote: All, On our file server we have a single 1.5tb partition - it's on a SAN. Over the course of 4 days recently it went from about 30% free to about 13% free - someone slammed around 200gb onto the file server. I have a general idea of where it might be - there are two top-level directories that are over 200gb each. However, windirstat hasn't been completely helpful, as I can't seem to isolate which files were loaded during those days, and none of the files that I've been looking at were huge - no ISO or VHD files worth mentioning, etc.. I also am pretty confident that there are a *bunch* of duplicate files on those directories. So, I'm looking for a couple of things: 1) A way to get a directory listing that supports a time/date stamp (my choice of atime, mtime or ctime) size and a complete path name for each file/directory on a single line - something like: 2009-01-08 16:12 854,509 K:\Groups\training\On-Site_Special_Training\Customer1.doc I've tried every trick I can think of for the 'dir' command and it won't do what I want, and the 'ls' command from gunuwin32 doesn't seem to want to do this either. Is there a powershell one-liner that can do this for me perhaps? 2) A recommendation for a duplicate file finder - cheap or free would be preferred. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Finding a huge file dump from June...
get-childitem k:\groups -force -recurse |? {$_.CreationTime.ToString() -match ^2010-06-2[0-9] } | format-table creationtime,length,fullname -auto Or select-string. No need to drop to findstr. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Tuesday, August 03, 2010 3:07 PM To: NT System Admin Issues Subject: Re: Finding a huge file dump from June... I tested this against a small directory, and am now running this: PS K:\ get-childitem k:\groups -force -recurse | format-table creationtime,length,fullname -auto | findstr ^2010-06-2 | findstr /v ^2010-06-20 | findstr /v ^2010-06-21 | findstr /v ^2010-06-22 | findstr /v ^2010-06-23 | findstr /v 2010-06-27 | findstr /v ^2010-06-28 | findstr /v ^2010-06-29 out.txt Your hint with 'fullname' was the last piece of the puzzle. I really need to start reading my powershell books - putting them underneath my pillow just isn't cutting it... Need. More. Time. Kurt On Mon, Aug 2, 2010 at 20:52, Rubens Almeida rubensalme...@gmail.com wrote: PowerShell... and here's one of my favorites one-liners to find big files: dir c:\temp -force -recurse | sort length -desc | format-table creationtime,lastwritetime,lastaccesstime,length,fullname -auto You can sort the results replacing the length by any of the properties after format-table On Mon, Aug 2, 2010 at 9:48 PM, Kurt Buff kurt.b...@gmail.com wrote: All, On our file server we have a single 1.5tb partition - it's on a SAN. Over the course of 4 days recently it went from about 30% free to about 13% free - someone slammed around 200gb onto the file server. I have a general idea of where it might be - there are two top-level directories that are over 200gb each. However, windirstat hasn't been completely helpful, as I can't seem to isolate which files were loaded during those days, and none of the files that I've been looking at were huge - no ISO or VHD files worth mentioning, etc.. I also am pretty confident that there are a *bunch* of duplicate files on those directories. So, I'm looking for a couple of things: 1) A way to get a directory listing that supports a time/date stamp (my choice of atime, mtime or ctime) size and a complete path name for each file/directory on a single line - something like: 2009-01-08 16:12 854,509 K:\Groups\training\On-Site_Special_Training\Customer1.doc I've tried every trick I can think of for the 'dir' command and it won't do what I want, and the 'ls' command from gunuwin32 doesn't seem to want to do this either. Is there a powershell one-liner that can do this for me perhaps? 2) A recommendation for a duplicate file finder - cheap or free would be preferred. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Finding a huge file dump from June...
That's a nice one-liner Michael! Another nice trick to my PoSh black book! On Tue, Aug 3, 2010 at 4:22 PM, Michael B. Smith mich...@smithcons.com wrote: get-childitem k:\groups -force -recurse |? {$_.CreationTime.ToString() -match ^2010-06-2[0-9] } | format-table creationtime,length,fullname -auto Or select-string. No need to drop to findstr. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Tuesday, August 03, 2010 3:07 PM To: NT System Admin Issues Subject: Re: Finding a huge file dump from June... I tested this against a small directory, and am now running this: PS K:\ get-childitem k:\groups -force -recurse | format-table creationtime,length,fullname -auto | findstr ^2010-06-2 | findstr /v ^2010-06-20 | findstr /v ^2010-06-21 | findstr /v ^2010-06-22 | findstr /v ^2010-06-23 | findstr /v 2010-06-27 | findstr /v ^2010-06-28 | findstr /v ^2010-06-29 out.txt Your hint with 'fullname' was the last piece of the puzzle. I really need to start reading my powershell books - putting them underneath my pillow just isn't cutting it... Need. More. Time. Kurt On Mon, Aug 2, 2010 at 20:52, Rubens Almeida rubensalme...@gmail.com wrote: PowerShell... and here's one of my favorites one-liners to find big files: dir c:\temp -force -recurse | sort length -desc | format-table creationtime,lastwritetime,lastaccesstime,length,fullname -auto You can sort the results replacing the length by any of the properties after format-table On Mon, Aug 2, 2010 at 9:48 PM, Kurt Buff kurt.b...@gmail.com wrote: All, On our file server we have a single 1.5tb partition - it's on a SAN. Over the course of 4 days recently it went from about 30% free to about 13% free - someone slammed around 200gb onto the file server. I have a general idea of where it might be - there are two top-level directories that are over 200gb each. However, windirstat hasn't been completely helpful, as I can't seem to isolate which files were loaded during those days, and none of the files that I've been looking at were huge - no ISO or VHD files worth mentioning, etc.. I also am pretty confident that there are a *bunch* of duplicate files on those directories. So, I'm looking for a couple of things: 1) A way to get a directory listing that supports a time/date stamp (my choice of atime, mtime or ctime) size and a complete path name for each file/directory on a single line - something like: 2009-01-08 16:12 854,509 K:\Groups\training\On-Site_Special_Training\Customer1.doc I've tried every trick I can think of for the 'dir' command and it won't do what I want, and the 'ls' command from gunuwin32 doesn't seem to want to do this either. Is there a powershell one-liner that can do this for me perhaps? 2) A recommendation for a duplicate file finder - cheap or free would be preferred. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Finding a huge file dump from June...
Heh. I knew that something was available, but didn't have time to research it. Thanks. Kurt On Tue, Aug 3, 2010 at 12:19, Rubens Almeida rubensalme...@gmail.com wrote: You can also replace FindStr with native PowerShell CMDLet Select-String! I've even created me a nice alias to it suggestively called grep ;) On Tue, Aug 3, 2010 at 4:07 PM, Kurt Buff kurt.b...@gmail.com wrote: I tested this against a small directory, and am now running this: PS K:\ get-childitem k:\groups -force -recurse | format-table creationtime,length,fullname -auto | findstr ^2010-06-2 | findstr /v ^2010-06-20 | findstr /v ^2010-06-21 | findstr /v ^2010-06-22 | findstr /v ^2010-06-23 | findstr /v 2010-06-27 | findstr /v ^2010-06-28 | findstr /v ^2010-06-29 out.txt Your hint with 'fullname' was the last piece of the puzzle. I really need to start reading my powershell books - putting them underneath my pillow just isn't cutting it... Need. More. Time. Kurt On Mon, Aug 2, 2010 at 20:52, Rubens Almeida rubensalme...@gmail.com wrote: PowerShell... and here's one of my favorites one-liners to find big files: dir c:\temp -force -recurse | sort length -desc | format-table creationtime,lastwritetime,lastaccesstime,length,fullname -auto You can sort the results replacing the length by any of the properties after format-table On Mon, Aug 2, 2010 at 9:48 PM, Kurt Buff kurt.b...@gmail.com wrote: All, On our file server we have a single 1.5tb partition - it's on a SAN. Over the course of 4 days recently it went from about 30% free to about 13% free - someone slammed around 200gb onto the file server. I have a general idea of where it might be - there are two top-level directories that are over 200gb each. However, windirstat hasn't been completely helpful, as I can't seem to isolate which files were loaded during those days, and none of the files that I've been looking at were huge - no ISO or VHD files worth mentioning, etc.. I also am pretty confident that there are a *bunch* of duplicate files on those directories. So, I'm looking for a couple of things: 1) A way to get a directory listing that supports a time/date stamp (my choice of atime, mtime or ctime) size and a complete path name for each file/directory on a single line - something like: 2009-01-08 16:12 854,509 K:\Groups\training\On-Site_Special_Training\Customer1.doc I've tried every trick I can think of for the 'dir' command and it won't do what I want, and the 'ls' command from gunuwin32 doesn't seem to want to do this either. Is there a powershell one-liner that can do this for me perhaps? 2) A recommendation for a duplicate file finder - cheap or free would be preferred. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: malware that creates Outlook rules
I'm sure it is, and the Va. CC uses PeopleSoft for our Student Info System(SIS) and so they worked together to create an automated process in that, a student applies to the college, registers for classes and the next day, they have the email account active. All this is done via the web. Maybe google would work with your SIS vendor to create something similar. -Original Message- From: Crawford, Scott [mailto:crawfo...@evangel.edu] Sent: Tuesday, August 03, 2010 12:08 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules Hmm, interesting. I like that. Of course, setting it up for all students automatically might prove to be tricky. -Original Message- From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Tuesday, August 03, 2010 6:44 AM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules And just after I sent this the light came on, Google Voice should do UM. I'd let google handle voice mail, email and anything else they want to give to the students. -Original Message- From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Tuesday, August 03, 2010 7:42 AM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules Not sure on the UM questions. Not an issue here as we don't have student housing or provide phones for them. I'm betting that it is possible though. -Original Message- From: Crawford, Scott [mailto:crawfo...@evangel.edu] Sent: Monday, August 02, 2010 5:46 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules Yeah, it's on the investigate list. It does happen with staff on occasion too, but not nearly as much as students. The major outstanding question I have is how to do Unified Messaging with Exchange if the mailbox is outsourced? It's prolly something simple, but I just haven't looked into it yet. -Original Message- From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, August 02, 2010 3:14 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules Ah ha. Didn't notice the .edu addy. In that case, I would seriously investigate outsourcing that to MS or Google. The entire Va. Community College System went with Google for student email and so far it has worked really well. Can't beat the cost too. Zero and the student gets to keep their same email as long as they want it. No advertisements in their account while they are students. No backups, spam, outages and all that other support headaches for me. Great big plus. -Original Message- From: Crawford, Scott [mailto:crawfo...@evangel.edu] Sent: Monday, August 02, 2010 4:05 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules Yeah, that sounds nice except we have 2000 students with an average of 500 new ones every year so our major issue isn't repeat offenders. -Original Message- From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, August 02, 2010 2:51 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules When this happened here, we disabled their email account until they completed our security awareness training, for the second time. With supervisors complete support. -Original Message- From: Osborne, Richard [mailto:richard.osbo...@wth.org] Sent: Monday, August 02, 2010 3:40 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules I have been monitoring the Exchange queues. It's the only way I can tell when it is happening. I found the aqadmcli.exe utility and have been using it to clean the queues (aqadmcli delmsg flags=SENDER,sender=bob.sm...@wth.org. I'll check the OWA logs ASAP. Assuming I have had three users reply to phishing e-mails, is there anything to fix besides changing their passwords? Thanks everyone for the suggestions. -Original Message- From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, August 02, 2010 2:35 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules Also check those exchange smtp queues. If it is compromised accounts the spammers can send spam via you owa faster than your exchange server can process so it will get backed up so disabling accounts or changing passwords wont stop it until the queues are emptied. -Original Message- From: Osborne, Richard [mailto:richard.osbo...@wth.org] Sent: Monday, August 02, 2010 3:32 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules I'm glad I'm not the only sufferer! I'll try and answer the other questions that were asked: 1) yes, the spam continued even with the user's account disabled and their PC powered off 2) yes, only our Exchange server can send SMTP to the Internet 3) my OWA servers are clean according to VIPRE MalwareBytes So far this has hit 3 users (out of ~5000). I have not seen any spam sent in the last 5 hours but I don't have any confidence that I have found the source. Maybe there's a PC with
Re: Finding a huge file dump from June...
You Rock. Awesome. BTW: I'm running into lots of these errors: Get-ChildItem : The specified path, file name, or both are too long. The fully qualified file name must be less than 260 characters, and the directory name must be less than 248 characters. I keep yelling at people to shorten their file names, but do they listen? Any way to work around this in powershell? Kurt On Tue, Aug 3, 2010 at 12:22, Michael B. Smith mich...@smithcons.com wrote: get-childitem k:\groups -force -recurse |? {$_.CreationTime.ToString() -match ^2010-06-2[0-9] } | format-table creationtime,length,fullname -auto Or select-string. No need to drop to findstr. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Tuesday, August 03, 2010 3:07 PM To: NT System Admin Issues Subject: Re: Finding a huge file dump from June... I tested this against a small directory, and am now running this: PS K:\ get-childitem k:\groups -force -recurse | format-table creationtime,length,fullname -auto | findstr ^2010-06-2 | findstr /v ^2010-06-20 | findstr /v ^2010-06-21 | findstr /v ^2010-06-22 | findstr /v ^2010-06-23 | findstr /v 2010-06-27 | findstr /v ^2010-06-28 | findstr /v ^2010-06-29 out.txt Your hint with 'fullname' was the last piece of the puzzle. I really need to start reading my powershell books - putting them underneath my pillow just isn't cutting it... Need. More. Time. Kurt On Mon, Aug 2, 2010 at 20:52, Rubens Almeida rubensalme...@gmail.com wrote: PowerShell... and here's one of my favorites one-liners to find big files: dir c:\temp -force -recurse | sort length -desc | format-table creationtime,lastwritetime,lastaccesstime,length,fullname -auto You can sort the results replacing the length by any of the properties after format-table On Mon, Aug 2, 2010 at 9:48 PM, Kurt Buff kurt.b...@gmail.com wrote: All, On our file server we have a single 1.5tb partition - it's on a SAN. Over the course of 4 days recently it went from about 30% free to about 13% free - someone slammed around 200gb onto the file server. I have a general idea of where it might be - there are two top-level directories that are over 200gb each. However, windirstat hasn't been completely helpful, as I can't seem to isolate which files were loaded during those days, and none of the files that I've been looking at were huge - no ISO or VHD files worth mentioning, etc.. I also am pretty confident that there are a *bunch* of duplicate files on those directories. So, I'm looking for a couple of things: 1) A way to get a directory listing that supports a time/date stamp (my choice of atime, mtime or ctime) size and a complete path name for each file/directory on a single line - something like: 2009-01-08 16:12 854,509 K:\Groups\training\On-Site_Special_Training\Customer1.doc I've tried every trick I can think of for the 'dir' command and it won't do what I want, and the 'ls' command from gunuwin32 doesn't seem to want to do this either. Is there a powershell one-liner that can do this for me perhaps? 2) A recommendation for a duplicate file finder - cheap or free would be preferred. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Acronis + trueimagecmd.exe, + scripting. Any scripted acronis echo bacups?
As long as you have the space to backup the data, there's no particular problem with that. I have a daily script that creates systemstate backups (for the appropriate OSes, of course) and uses the same format.Overwrite the backups named for today. This keeps 7 days worth of backups available. -ASB: http://XeeSM.com/AndrewBaker On Tue, Aug 3, 2010 at 3:05 PM, justino garcia jgarciaitl...@gmail.comwrote: So far my script for each day is one image backup OF OS, one image backup of data. Script (I have scripts one for each day of the week). echo Monday Backup W drive D:\Program Files\Acronis\TrueImageEchoServer\TrueImageCmd.exe /create /partition:1-1,1-2,1-3 /filename:w:\OSimageBackup\Monday.tib ping -w 1000 -n 20 0.0.0.0 nul D:\Program Files\Acronis\TrueImageEchoServer\TrueImageCmd.exe /create /partition:2-1 /filename:w:\DataImageBackup\Mondaydata.tib -- I have a task for each day, and on friday two task, one for weekly and one for fridays. Most backup take up 20 gigs most for OS, and 20 gigs for data. Small office. Is this good idea the way I setup script. Script 2 D:\Program Files\Acronis\TrueImageEchoServer\TrueImageCmd.exe /create /partition:2-1 /filename:V:\DataImageBackup\week\week1data.tib frist friday of the month - script 3 D:\Program Files\Acronis\TrueImageEchoServer\TrueImageCmd.exe /create /partition:2-1 /filename:V:\DataImageBackup\week\week2data.tib second friday of the month script 4 D:\Program Files\Acronis\TrueImageEchoServer\TrueImageCmd.exe /create /partition:2-1 /filename:V:\DataImageBackup\week\week3data.tib third friday of the month - script5 D:\Program Files\Acronis\TrueImageEchoServer\TrueImageCmd.exe /create /partition:2-1 /filename:V:\DataImageBackup\week\week4data.tib last friday of the month -- What would you change if anything, the NAS I am backing up to is 500 gigs, and backup full are around 40gigs, one 20 gig OS image, and one 20 gig data image. Task scheduler runs the task. Acronis Echo CLI version does replace old *.tib with new one (e.g. TUESDAY.TIB from last week, is replace with TUESDAY.TIB of this week... -- AM I safe with this backup scripts. Justin IT-TECH ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Guilty, will change after reading this.
I know pretty much nothing about electricity, so this is news to me. I've done this before, like others, in order to allow UPSs to support more devices (without overloading them, of course-I only get the kind with load meters on them). So, a step sine wave created by a UPS could destroy a surge protector, but wouldn't harm equipment plugged directly into the UPS? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us From: David Lum [mailto:david@nwea.org] Sent: Tuesday, August 03, 2010 1:01 PM To: NT System Admin Issues Subject: Guilty, will change after reading this. - do not plug surge protectors into a UPS. If they UPS runs on batteries it will usually generate a step sine wave which may destroy surge protectors (in particular tricky to find power strips without surge protector) http://isc.sans.edu/diary.html?storyid=9319 David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: malware that creates Outlook rules
Currently UM in that scenario isn't possible. Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 -Original Message- From: Crawford, Scott [mailto:crawfo...@evangel.edu] Sent: Monday, August 02, 2010 4:46 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules Yeah, it's on the investigate list. It does happen with staff on occasion too, but not nearly as much as students. The major outstanding question I have is how to do Unified Messaging with Exchange if the mailbox is outsourced? It's prolly something simple, but I just haven't looked into it yet. -Original Message- From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, August 02, 2010 3:14 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules Ah ha. Didn't notice the .edu addy. In that case, I would seriously investigate outsourcing that to MS or Google. The entire Va. Community College System went with Google for student email and so far it has worked really well. Can't beat the cost too. Zero and the student gets to keep their same email as long as they want it. No advertisements in their account while they are students. No backups, spam, outages and all that other support headaches for me. Great big plus. -Original Message- From: Crawford, Scott [mailto:crawfo...@evangel.edu] Sent: Monday, August 02, 2010 4:05 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules Yeah, that sounds nice except we have 2000 students with an average of 500 new ones every year so our major issue isn't repeat offenders. -Original Message- From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, August 02, 2010 2:51 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules When this happened here, we disabled their email account until they completed our security awareness training, for the second time. With supervisors complete support. -Original Message- From: Osborne, Richard [mailto:richard.osbo...@wth.org] Sent: Monday, August 02, 2010 3:40 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules I have been monitoring the Exchange queues. It's the only way I can tell when it is happening. I found the aqadmcli.exe utility and have been using it to clean the queues (aqadmcli delmsg flags=SENDER,sender=bob.sm...@wth.org. I'll check the OWA logs ASAP. Assuming I have had three users reply to phishing e-mails, is there anything to fix besides changing their passwords? Thanks everyone for the suggestions. -Original Message- From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, August 02, 2010 2:35 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules Also check those exchange smtp queues. If it is compromised accounts the spammers can send spam via you owa faster than your exchange server can process so it will get backed up so disabling accounts or changing passwords wont stop it until the queues are emptied. -Original Message- From: Osborne, Richard [mailto:richard.osbo...@wth.org] Sent: Monday, August 02, 2010 3:32 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules I'm glad I'm not the only sufferer! I'll try and answer the other questions that were asked: 1) yes, the spam continued even with the user's account disabled and their PC powered off 2) yes, only our Exchange server can send SMTP to the Internet 3) my OWA servers are clean according to VIPRE MalwareBytes So far this has hit 3 users (out of ~5000). I have not seen any spam sent in the last 5 hours but I don't have any confidence that I have found the source. Maybe there's a PC with a high-privileged account that has been compromised and is sending out spam runs on a schedule? Currently I am getting up-to-date on patches on all my Exchange boxes. -Original Message- From: Thomas Mullins [mailto:tsmull...@wise.k12.va.us] Sent: Monday, August 02, 2010 2:17 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules We are having a similar issue. We changed the users password, and since that user is in a meeting, we turned his machine off. Looks like it has to be coming from OWA. Here is some info from an error message our external MTA sent to me (our Exchange guys are looking into the matter): Transcript of session follows. Out: 220 mail3.wise.k12.va.us ESMTP In: EHLO mail.wise.k12.va.us Out: 250-mail3.wise.k12.va.us Out: 250-PIPELINING Out: 250-SIZE 8 Out: 250-VRFY Out: 250-ETRN Out: 250-ENHANCEDSTATUSCODES Out: 250-8BITMIME Out: 250 DSN In: MAIL FROM:jev...@wise.k12.va.us SIZE=1163 Out: 250 2.1.0 Ok In: RCPT TO:fox2...@naseej.com Out: 250 2.1.5 Ok In: RCPT TO:khale...@naseej.com Out: 250 2.1.5 Ok In: RCPT TO:aboshw...@naseej.com Out: 250 2.1.5 Ok In: RCPT TO:abdul...@naseej.com Out: 250 2.1.5 Ok In: RCPT TO:bm...@naseej.com Out: 250 2.1.5 Ok
RE: multihomed SQL, same subnet feasible?
I'm lost. What's the second NIC got to do with anything? Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 -Original Message- From: Salvador Manzo [mailto:ma...@usc.edu] Sent: Tuesday, August 03, 2010 12:44 PM To: NT System Admin Issues Subject: multihomed SQL, same subnet feasible? Per subject line, as I've never dealt with a multiple NIC SQL server where both NICs are on the same IP range before. I have a situation where a production SQL instance has gone offline, and I lack the budget or time to simply replace it (out of warranty hardware, of course.). I DO have another server which I can transfer the load/backup to, but they would by necessity be on the same subnet and share the same gateway. Given this scenario, could I reasonably enable another NIC on my second server, using the IP of the downed machine, and enable a new instance of SQL for that network card? I don't need to worry about NetBIOS connections, as the client dumb devices and PCs are configured to use either the IP(dumb devices) or FQDN(PCs) ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: malware that creates Outlook rules
Most schools I've worked with either have something that plugs in to the message bus of their ERP/SIS system for provisioning to outsourced services, or, more frequently, they have a job which either scans an Oracle table every so often or a batch job on the ERP side that dumps delta flat files and a second job that picks them up and provisions to Google/etc. Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 -Original Message- From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Tuesday, August 03, 2010 2:27 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules I'm sure it is, and the Va. CC uses PeopleSoft for our Student Info System(SIS) and so they worked together to create an automated process in that, a student applies to the college, registers for classes and the next day, they have the email account active. All this is done via the web. Maybe google would work with your SIS vendor to create something similar. -Original Message- From: Crawford, Scott [mailto:crawfo...@evangel.edu] Sent: Tuesday, August 03, 2010 12:08 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules Hmm, interesting. I like that. Of course, setting it up for all students automatically might prove to be tricky. -Original Message- From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Tuesday, August 03, 2010 6:44 AM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules And just after I sent this the light came on, Google Voice should do UM. I'd let google handle voice mail, email and anything else they want to give to the students. -Original Message- From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Tuesday, August 03, 2010 7:42 AM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules Not sure on the UM questions. Not an issue here as we don't have student housing or provide phones for them. I'm betting that it is possible though. -Original Message- From: Crawford, Scott [mailto:crawfo...@evangel.edu] Sent: Monday, August 02, 2010 5:46 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules Yeah, it's on the investigate list. It does happen with staff on occasion too, but not nearly as much as students. The major outstanding question I have is how to do Unified Messaging with Exchange if the mailbox is outsourced? It's prolly something simple, but I just haven't looked into it yet. -Original Message- From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, August 02, 2010 3:14 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules Ah ha. Didn't notice the .edu addy. In that case, I would seriously investigate outsourcing that to MS or Google. The entire Va. Community College System went with Google for student email and so far it has worked really well. Can't beat the cost too. Zero and the student gets to keep their same email as long as they want it. No advertisements in their account while they are students. No backups, spam, outages and all that other support headaches for me. Great big plus. -Original Message- From: Crawford, Scott [mailto:crawfo...@evangel.edu] Sent: Monday, August 02, 2010 4:05 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules Yeah, that sounds nice except we have 2000 students with an average of 500 new ones every year so our major issue isn't repeat offenders. -Original Message- From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, August 02, 2010 2:51 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules When this happened here, we disabled their email account until they completed our security awareness training, for the second time. With supervisors complete support. -Original Message- From: Osborne, Richard [mailto:richard.osbo...@wth.org] Sent: Monday, August 02, 2010 3:40 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules I have been monitoring the Exchange queues. It's the only way I can tell when it is happening. I found the aqadmcli.exe utility and have been using it to clean the queues (aqadmcli delmsg flags=SENDER,sender=bob.sm...@wth.org. I'll check the OWA logs ASAP. Assuming I have had three users reply to phishing e-mails, is there anything to fix besides changing their passwords? Thanks everyone for the suggestions. -Original Message- From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, August 02, 2010 2:35 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules Also check those exchange smtp queues. If it is compromised accounts the spammers can send spam via you owa faster than your exchange server can process so it will get backed up so disabling accounts or changing passwords wont stop it until the queues are emptied. -Original Message- From: Osborne, Richard
RE: Guilty, will change after reading this.
Along with the laser printer. From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] Sent: Tuesday, August 03, 2010 10:07 AM To: NT System Admin Issues Subject: Re: Guilty, will change after reading this. Don't plug space heaters into them, either! David Lum david@nwea.org wrote on 08/03/2010 12:01:04 PM: - do not plug surge protectors into a UPS. If they UPS runs on batteries it will usually generate a step sine wave which may destroy surge protectors (in particular tricky to find power strips without surge protector) http://isc.sans.edu/diary.html?storyid=9319 David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Finding a huge file dump from June...
We all live in hope. Now at least I have some more ammunition for users. Thanks, Kurt On Tue, Aug 3, 2010 at 12:39, Michael B. Smith mich...@smithcons.com wrote: It is truly unfortunate, but that is actually a .NET framework limitation. .Net 4, plus a patch, supports arbitrary length pathnames (i.e., up to the NTFS limits), so I expect some future version of PS will too. I'm not promising anything, just hoping. :-) Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Tuesday, August 03, 2010 3:30 PM To: NT System Admin Issues Subject: Re: Finding a huge file dump from June... You Rock. Awesome. BTW: I'm running into lots of these errors: Get-ChildItem : The specified path, file name, or both are too long. The fully qualified file name must be less than 260 characters, and the directory name must be less than 248 characters. I keep yelling at people to shorten their file names, but do they listen? Any way to work around this in powershell? Kurt On Tue, Aug 3, 2010 at 12:22, Michael B. Smith mich...@smithcons.com wrote: get-childitem k:\groups -force -recurse |? {$_.CreationTime.ToString() -match ^2010-06-2[0-9] } | format-table creationtime,length,fullname -auto Or select-string. No need to drop to findstr. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Tuesday, August 03, 2010 3:07 PM To: NT System Admin Issues Subject: Re: Finding a huge file dump from June... I tested this against a small directory, and am now running this: PS K:\ get-childitem k:\groups -force -recurse | format-table creationtime,length,fullname -auto | findstr ^2010-06-2 | findstr /v ^2010-06-20 | findstr /v ^2010-06-21 | findstr /v ^2010-06-22 | findstr /v ^2010-06-23 | findstr /v 2010-06-27 | findstr /v ^2010-06-28 | findstr /v ^2010-06-29 out.txt Your hint with 'fullname' was the last piece of the puzzle. I really need to start reading my powershell books - putting them underneath my pillow just isn't cutting it... Need. More. Time. Kurt On Mon, Aug 2, 2010 at 20:52, Rubens Almeida rubensalme...@gmail.com wrote: PowerShell... and here's one of my favorites one-liners to find big files: dir c:\temp -force -recurse | sort length -desc | format-table creationtime,lastwritetime,lastaccesstime,length,fullname -auto You can sort the results replacing the length by any of the properties after format-table On Mon, Aug 2, 2010 at 9:48 PM, Kurt Buff kurt.b...@gmail.com wrote: All, On our file server we have a single 1.5tb partition - it's on a SAN. Over the course of 4 days recently it went from about 30% free to about 13% free - someone slammed around 200gb onto the file server. I have a general idea of where it might be - there are two top-level directories that are over 200gb each. However, windirstat hasn't been completely helpful, as I can't seem to isolate which files were loaded during those days, and none of the files that I've been looking at were huge - no ISO or VHD files worth mentioning, etc.. I also am pretty confident that there are a *bunch* of duplicate files on those directories. So, I'm looking for a couple of things: 1) A way to get a directory listing that supports a time/date stamp (my choice of atime, mtime or ctime) size and a complete path name for each file/directory on a single line - something like: 2009-01-08 16:12 854,509 K:\Groups\training\On-Site_Special_Training\Customer1.doc I've tried every trick I can think of for the 'dir' command and it won't do what I want, and the 'ls' command from gunuwin32 doesn't seem to want to do this either. Is there a powershell one-liner that can do this for me perhaps? 2) A recommendation for a duplicate file finder - cheap or free would be preferred. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Finding a huge file dump from June...
Here is an advanced look... For the edge case blogging guys on dotNet4: http://tfl09.blogspot.com/2010/08/using-newer-versions-of-net-with.html http://tfl09.blogspot.com/2010/08/more-on-using-different-versions-of-net.html http://tfl09.blogspot.com/2010/08/using-later-versions-of-net-framework.html Here is the Yahoo Pipes feed I use which is maintained by Joel Bennett http://pipes.yahoo.com/pipes/pipe.info?_id=uAmYy9xq3BGHcV361fC6Jw Steven Peck http://www.blkmtn.org On Tue, Aug 3, 2010 at 12:39 PM, Michael B. Smith mich...@smithcons.com wrote: It is truly unfortunate, but that is actually a .NET framework limitation. .Net 4, plus a patch, supports arbitrary length pathnames (i.e., up to the NTFS limits), so I expect some future version of PS will too. I'm not promising anything, just hoping. :-) Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Tuesday, August 03, 2010 3:30 PM To: NT System Admin Issues Subject: Re: Finding a huge file dump from June... You Rock. Awesome. BTW: I'm running into lots of these errors: Get-ChildItem : The specified path, file name, or both are too long. The fully qualified file name must be less than 260 characters, and the directory name must be less than 248 characters. I keep yelling at people to shorten their file names, but do they listen? Any way to work around this in powershell? Kurt On Tue, Aug 3, 2010 at 12:22, Michael B. Smith mich...@smithcons.com wrote: get-childitem k:\groups -force -recurse |? {$_.CreationTime.ToString() -match ^2010-06-2[0-9] } | format-table creationtime,length,fullname -auto Or select-string. No need to drop to findstr. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Tuesday, August 03, 2010 3:07 PM To: NT System Admin Issues Subject: Re: Finding a huge file dump from June... I tested this against a small directory, and am now running this: PS K:\ get-childitem k:\groups -force -recurse | format-table creationtime,length,fullname -auto | findstr ^2010-06-2 | findstr /v ^2010-06-20 | findstr /v ^2010-06-21 | findstr /v ^2010-06-22 | findstr /v ^2010-06-23 | findstr /v 2010-06-27 | findstr /v ^2010-06-28 | findstr /v ^2010-06-29 out.txt Your hint with 'fullname' was the last piece of the puzzle. I really need to start reading my powershell books - putting them underneath my pillow just isn't cutting it... Need. More. Time. Kurt On Mon, Aug 2, 2010 at 20:52, Rubens Almeida rubensalme...@gmail.com wrote: PowerShell... and here's one of my favorites one-liners to find big files: dir c:\temp -force -recurse | sort length -desc | format-table creationtime,lastwritetime,lastaccesstime,length,fullname -auto You can sort the results replacing the length by any of the properties after format-table On Mon, Aug 2, 2010 at 9:48 PM, Kurt Buff kurt.b...@gmail.com wrote: All, On our file server we have a single 1.5tb partition - it's on a SAN. Over the course of 4 days recently it went from about 30% free to about 13% free - someone slammed around 200gb onto the file server. I have a general idea of where it might be - there are two top-level directories that are over 200gb each. However, windirstat hasn't been completely helpful, as I can't seem to isolate which files were loaded during those days, and none of the files that I've been looking at were huge - no ISO or VHD files worth mentioning, etc.. I also am pretty confident that there are a *bunch* of duplicate files on those directories. So, I'm looking for a couple of things: 1) A way to get a directory listing that supports a time/date stamp (my choice of atime, mtime or ctime) size and a complete path name for each file/directory on a single line - something like: 2009-01-08 16:12 854,509 K:\Groups\training\On-Site_Special_Training\Customer1.doc I've tried every trick I can think of for the 'dir' command and it won't do what I want, and the 'ls' command from gunuwin32 doesn't seem to want to do this either. Is there a powershell one-liner that can do this for me perhaps? 2) A recommendation for a duplicate file finder - cheap or free would be preferred. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a
Re: Guilty, will change after reading this.
A surge protector generally lacks the electronics to care enough at the difference. It would have to be a fairly edge case to destroy something. If a stepped sine wave won't destroy an PSU then a surge protector should for hte most part be fine. Steven Peck http://www.blkmtn.org On Tue, Aug 3, 2010 at 12:34 PM, John Hornbuckle john.hornbuc...@taylor.k12.fl.us wrote: I know pretty much nothing about electricity, so this is news to me. I’ve done this before, like others, in order to allow UPSs to support more devices (without overloading them, of course—I only get the kind with load meters on them). So, a step sine wave created by a UPS could destroy a surge protector, but wouldn’t harm equipment plugged directly into the UPS? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us From: David Lum [mailto:david@nwea.org] Sent: Tuesday, August 03, 2010 1:01 PM To: NT System Admin Issues Subject: Guilty, will change after reading this. - do not plug surge protectors into a UPS. If they UPS runs on batteries it will usually generate a step sine wave which may destroy surge protectors (in particular tricky to find power strips without surge protector) http://isc.sans.edu/diary.html?storyid=9319 David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Win firewall
We've been having intermittent group policy processing errors, other servers losing time sync with domain controllers and just flaky networking issues. Sometimes uses will boot up in the morning, and the mapping to a file share will be gone. Almost every time, rebooting will fix it. While troubleshooting, I'm seeing packets dropped by the windows firewall on the DCs. Packed is from a local machine, destined to port 389 on the DC. The firewall has rules for Active Directory Domain Services enabled. The LSASS exe is listening on 389 and it appears that the FW isn't blocking all port 389 traffic, just random. DCs are win2k8 R2. Workstations are xp, vista, 7 and other 2003 servers. I found one post googling that said to disable the AD Domain Services firewall rule and create a plain allow rule for port 389. Anyone tried this or seen this behavior and know of a sure fire fix? Thanks. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: malware that creates Outlook rules
Microsoft also has a similar program for EDUs for hosted mail. http://www.microsoft.com/liveatedu/free-hosted-student-email.aspx They have powershell cmdlets that work over the web for administrator so there should be some ways to accomplish automation of a sort. Steven Peck http://www.blkmtn.org On Tue, Aug 3, 2010 at 12:39 PM, Brian Desmond br...@briandesmond.com wrote: Most schools I've worked with either have something that plugs in to the message bus of their ERP/SIS system for provisioning to outsourced services, or, more frequently, they have a job which either scans an Oracle table every so often or a batch job on the ERP side that dumps delta flat files and a second job that picks them up and provisions to Google/etc. Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 -Original Message- From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Tuesday, August 03, 2010 2:27 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules I'm sure it is, and the Va. CC uses PeopleSoft for our Student Info System(SIS) and so they worked together to create an automated process in that, a student applies to the college, registers for classes and the next day, they have the email account active. All this is done via the web. Maybe google would work with your SIS vendor to create something similar. -Original Message- From: Crawford, Scott [mailto:crawfo...@evangel.edu] Sent: Tuesday, August 03, 2010 12:08 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules Hmm, interesting. I like that. Of course, setting it up for all students automatically might prove to be tricky. -Original Message- From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Tuesday, August 03, 2010 6:44 AM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules And just after I sent this the light came on, Google Voice should do UM. I'd let google handle voice mail, email and anything else they want to give to the students. -Original Message- From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Tuesday, August 03, 2010 7:42 AM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules Not sure on the UM questions. Not an issue here as we don't have student housing or provide phones for them. I'm betting that it is possible though. -Original Message- From: Crawford, Scott [mailto:crawfo...@evangel.edu] Sent: Monday, August 02, 2010 5:46 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules Yeah, it's on the investigate list. It does happen with staff on occasion too, but not nearly as much as students. The major outstanding question I have is how to do Unified Messaging with Exchange if the mailbox is outsourced? It's prolly something simple, but I just haven't looked into it yet. -Original Message- From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, August 02, 2010 3:14 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules Ah ha. Didn't notice the .edu addy. In that case, I would seriously investigate outsourcing that to MS or Google. The entire Va. Community College System went with Google for student email and so far it has worked really well. Can't beat the cost too. Zero and the student gets to keep their same email as long as they want it. No advertisements in their account while they are students. No backups, spam, outages and all that other support headaches for me. Great big plus. -Original Message- From: Crawford, Scott [mailto:crawfo...@evangel.edu] Sent: Monday, August 02, 2010 4:05 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules Yeah, that sounds nice except we have 2000 students with an average of 500 new ones every year so our major issue isn't repeat offenders. -Original Message- From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, August 02, 2010 2:51 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules When this happened here, we disabled their email account until they completed our security awareness training, for the second time. With supervisors complete support. -Original Message- From: Osborne, Richard [mailto:richard.osbo...@wth.org] Sent: Monday, August 02, 2010 3:40 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules I have been monitoring the Exchange queues. It's the only way I can tell when it is happening. I found the aqadmcli.exe utility and have been using it to clean the queues (aqadmcli delmsg flags=SENDER,sender=bob.sm...@wth.org. I'll check the OWA logs ASAP. Assuming I have had three users reply to phishing e-mails, is there anything to fix besides changing their passwords? Thanks everyone for the suggestions. -Original Message- From: Glen Johnson
RE: Desktop/Laptop Backup Software
Shadowprotect from Storagecraft works well for me! Jay Dale Senior Systems Administrator o:713.785.0960 x290 -Original Message- From: Juma, Lumumba [mailto:lcj...@icipe.org] Sent: Tuesday, August 03, 2010 6:32 AM To: NT System Admin Issues Subject: Desktop/Laptop Backup Software Hi All, We are looking at options to enable us backup desktops and laptops automatically to a central storage system. I am aware of Symantec DLO. Anybody aware of alternatives cheaper in cost? Thanks, Lumumba. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Acronis + trueimagecmd.exe, + scripting. Any scripted acronis echo bacups?
Ahh yea, I notice about bettween both data and OS backup it is 40 gigs each day, and 20 gig weekly backup (that I keep 4 weeks worth) on a 500 gig NAS, should be enough storage right?? IT a five user office, with small data backups. 7X40gigs + 4 X20 gigs at one time. Plus log files. On Tue, Aug 3, 2010 at 3:31 PM, Andrew S. Baker asbz...@gmail.com wrote: As long as you have the space to backup the data, there's no particular problem with that. I have a daily script that creates systemstate backups (for the appropriate OSes, of course) and uses the same format.Overwrite the backups named for today. This keeps 7 days worth of backups available. -ASB: http://XeeSM.com/AndrewBaker On Tue, Aug 3, 2010 at 3:05 PM, justino garcia jgarciaitl...@gmail.comwrote: So far my script for each day is one image backup OF OS, one image backup of data. Script (I have scripts one for each day of the week). echo Monday Backup W drive D:\Program Files\Acronis\TrueImageEchoServer\TrueImageCmd.exe /create /partition:1-1,1-2,1-3 /filename:w:\OSimageBackup\Monday.tib ping -w 1000 -n 20 0.0.0.0 nul D:\Program Files\Acronis\TrueImageEchoServer\TrueImageCmd.exe /create /partition:2-1 /filename:w:\DataImageBackup\Mondaydata.tib -- I have a task for each day, and on friday two task, one for weekly and one for fridays. Most backup take up 20 gigs most for OS, and 20 gigs for data. Small office. Is this good idea the way I setup script. Script 2 D:\Program Files\Acronis\TrueImageEchoServer\TrueImageCmd.exe /create /partition:2-1 /filename:V:\DataImageBackup\week\week1data.tib frist friday of the month - script 3 D:\Program Files\Acronis\TrueImageEchoServer\TrueImageCmd.exe /create /partition:2-1 /filename:V:\DataImageBackup\week\week2data.tib second friday of the month script 4 D:\Program Files\Acronis\TrueImageEchoServer\TrueImageCmd.exe /create /partition:2-1 /filename:V:\DataImageBackup\week\week3data.tib third friday of the month - script5 D:\Program Files\Acronis\TrueImageEchoServer\TrueImageCmd.exe /create /partition:2-1 /filename:V:\DataImageBackup\week\week4data.tib last friday of the month -- What would you change if anything, the NAS I am backing up to is 500 gigs, and backup full are around 40gigs, one 20 gig OS image, and one 20 gig data image. Task scheduler runs the task. Acronis Echo CLI version does replace old *.tib with new one (e.g. TUESDAY.TIB from last week, is replace with TUESDAY.TIB of this week... -- AM I safe with this backup scripts. Justin IT-TECH -- Justin IT-TECH ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: malware that creates Outlook rules
Yep it's the same set of cmdlets you use for Exchange (as that's what l...@edu runs on). You can also use the OLSync ILM solution they offer. It's $500 + SQL Std for the ILM licensing but this will do GALSync from your existing AD/Exchange environment in to l...@edu. Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 -Original Message- From: Steven Peck [mailto:sep...@gmail.com] Sent: Tuesday, August 03, 2010 3:30 PM To: NT System Admin Issues Subject: Re: malware that creates Outlook rules Microsoft also has a similar program for EDUs for hosted mail. http://www.microsoft.com/liveatedu/free-hosted-student-email.aspx They have powershell cmdlets that work over the web for administrator so there should be some ways to accomplish automation of a sort. Steven Peck http://www.blkmtn.org On Tue, Aug 3, 2010 at 12:39 PM, Brian Desmond br...@briandesmond.com wrote: Most schools I've worked with either have something that plugs in to the message bus of their ERP/SIS system for provisioning to outsourced services, or, more frequently, they have a job which either scans an Oracle table every so often or a batch job on the ERP side that dumps delta flat files and a second job that picks them up and provisions to Google/etc. Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 -Original Message- From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Tuesday, August 03, 2010 2:27 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules I'm sure it is, and the Va. CC uses PeopleSoft for our Student Info System(SIS) and so they worked together to create an automated process in that, a student applies to the college, registers for classes and the next day, they have the email account active. All this is done via the web. Maybe google would work with your SIS vendor to create something similar. -Original Message- From: Crawford, Scott [mailto:crawfo...@evangel.edu] Sent: Tuesday, August 03, 2010 12:08 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules Hmm, interesting. I like that. Of course, setting it up for all students automatically might prove to be tricky. -Original Message- From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Tuesday, August 03, 2010 6:44 AM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules And just after I sent this the light came on, Google Voice should do UM. I'd let google handle voice mail, email and anything else they want to give to the students. -Original Message- From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Tuesday, August 03, 2010 7:42 AM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules Not sure on the UM questions. Not an issue here as we don't have student housing or provide phones for them. I'm betting that it is possible though. -Original Message- From: Crawford, Scott [mailto:crawfo...@evangel.edu] Sent: Monday, August 02, 2010 5:46 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules Yeah, it's on the investigate list. It does happen with staff on occasion too, but not nearly as much as students. The major outstanding question I have is how to do Unified Messaging with Exchange if the mailbox is outsourced? It's prolly something simple, but I just haven't looked into it yet. -Original Message- From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, August 02, 2010 3:14 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules Ah ha. Didn't notice the .edu addy. In that case, I would seriously investigate outsourcing that to MS or Google. The entire Va. Community College System went with Google for student email and so far it has worked really well. Can't beat the cost too. Zero and the student gets to keep their same email as long as they want it. No advertisements in their account while they are students. No backups, spam, outages and all that other support headaches for me. Great big plus. -Original Message- From: Crawford, Scott [mailto:crawfo...@evangel.edu] Sent: Monday, August 02, 2010 4:05 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules Yeah, that sounds nice except we have 2000 students with an average of 500 new ones every year so our major issue isn't repeat offenders. -Original Message- From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, August 02, 2010 2:51 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules When this happened here, we disabled their email account until they completed our security awareness training, for the second time. With supervisors complete support. -Original Message- From: Osborne, Richard [mailto:richard.osbo...@wth.org] Sent: Monday, August 02, 2010 3:40 PM To: NT System Admin Issues
Re: Acronis Backup Recovery Advanced Workstation 10
I also get that problem Any solution? On Tue, Jul 13, 2010 at 10:28 AM, Bob Hartung bhart...@wiscoind.com wrote: We have it working here. We're running the license server on a Windows 2003 SP2 server and run the Acronis Mgt Console on it as well. I've never seen your error message. Is it possible your problem is caused by workstation firewall settings? I checked a couple of my XP systems and they have firewall exceptions for Acronis. If you have to go to Acronis for tech support, you have my sympathy. Advice: use the bathroom first ;-) -- Bob Hartung Wisco Industries, Inc. 736 Janesville St. Oregon, WI 53575 Tel: (608) 835-3106 x215 Fax: (608) 835-7399 e-mail: bhartung(at)wiscoind.com -- *From:* IS Technical [mailto:ist...@intsolcan.com] *To:* NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com ] *Sent:* Mon, 12 Jul 2010 15:10:16 -0500 *Subject:* Acronis Backup Recovery Advanced Workstation 10 Has anyone been able to get Acronis Backup Recovery Advanced Workstation working. I've installed all the components of the licensed version a number of times on various machines without success. I've even tried various builds including the latest one without success. The persistent problem across all the installations is that I get this pop up in the system tray: acornis managed machine service in unavailable (presumably it's the reason I can't connect to the agent on the test machine). Of course, the service is running. I found the problem reported in the Acronis forums a year ago, and Acronic support claiming that it would be fixed in the next build' (presumably released some time ago). Next step: go throughout the painful process of dealing with Acronis support. Regards, Charles --- Charles Figueiredo PhD Integrated Solutions - Enhancing Small Business Systems --- ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ -- Justin IT-TECH ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Desktop/Laptop Backup Software
After looking at the storagecraft product it looks like it would also solve the problem we had during the discussion last week of going back and forth between physical and virtual hardware. -Original Message- From: Jay Dale [mailto:jd...@emlogis.com] Sent: Tuesday, August 03, 2010 3:37 PM To: NT System Admin Issues Subject: RE: Desktop/Laptop Backup Software Shadowprotect from Storagecraft works well for me! Jay Dale Senior Systems Administrator o:713.785.0960 x290 -Original Message- From: Juma, Lumumba [mailto:lcj...@icipe.org] Sent: Tuesday, August 03, 2010 6:32 AM To: NT System Admin Issues Subject: Desktop/Laptop Backup Software Hi All, We are looking at options to enable us backup desktops and laptops automatically to a central storage system. I am aware of Symantec DLO. Anybody aware of alternatives cheaper in cost? Thanks, Lumumba. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Finding a huge file dump from June...
I'm not going to suggest that this doesn't work - because it does. At least where-ever I've tried to use it. However, be aware that it is NOT SUPPORTED. Microsoft does not support using versions of the .Net framework later than v2.0 with either PS v1 or PS v2. It is not (and was not) part of the qualification criteria (i.e., QA testing) for those releases. This has not changed in the betas for Server 2008 R2 sp1 or Windows 7 sp1, and I don't expect it to for the final releases of those service packs (although I am not an insider - so that's just a guess on my part). Note: this is a fine-line drawn in the sand. The .Net framework for 2.0, 3.0, and 3.5 are all based on 2.0 (and if you install 3.5, it also installs 2.0 sp2 or whatever). But 4.0 is a break from that and is a new base release of .Net. Joel Bennett jay...@huddledmasses.org is a PowerShell MVP (as is Thomas Lee). Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: Steven Peck [mailto:sep...@gmail.com] Sent: Tuesday, August 03, 2010 4:21 PM To: NT System Admin Issues Subject: Re: Finding a huge file dump from June... Here is an advanced look... For the edge case blogging guys on dotNet4: http://tfl09.blogspot.com/2010/08/using-newer-versions-of-net-with.html http://tfl09.blogspot.com/2010/08/more-on-using-different-versions-of-net.html http://tfl09.blogspot.com/2010/08/using-later-versions-of-net-framework.html Here is the Yahoo Pipes feed I use which is maintained by Joel Bennett http://pipes.yahoo.com/pipes/pipe.info?_id=uAmYy9xq3BGHcV361fC6Jw Steven Peck http://www.blkmtn.org On Tue, Aug 3, 2010 at 12:39 PM, Michael B. Smith mich...@smithcons.com wrote: It is truly unfortunate, but that is actually a .NET framework limitation. .Net 4, plus a patch, supports arbitrary length pathnames (i.e., up to the NTFS limits), so I expect some future version of PS will too. I'm not promising anything, just hoping. :-) Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Tuesday, August 03, 2010 3:30 PM To: NT System Admin Issues Subject: Re: Finding a huge file dump from June... You Rock. Awesome. BTW: I'm running into lots of these errors: Get-ChildItem : The specified path, file name, or both are too long. The fully qualified file name must be less than 260 characters, and the directory name must be less than 248 characters. I keep yelling at people to shorten their file names, but do they listen? Any way to work around this in powershell? Kurt On Tue, Aug 3, 2010 at 12:22, Michael B. Smith mich...@smithcons.com wrote: get-childitem k:\groups -force -recurse |? {$_.CreationTime.ToString() -match ^2010-06-2[0-9] } | format-table creationtime,length,fullname -auto Or select-string. No need to drop to findstr. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Tuesday, August 03, 2010 3:07 PM To: NT System Admin Issues Subject: Re: Finding a huge file dump from June... I tested this against a small directory, and am now running this: PS K:\ get-childitem k:\groups -force -recurse | format-table creationtime,length,fullname -auto | findstr ^2010-06-2 | findstr /v ^2010-06-20 | findstr /v ^2010-06-21 | findstr /v ^2010-06-22 | findstr /v ^2010-06-23 | findstr /v 2010-06-27 | findstr /v ^2010-06-28 | findstr /v ^2010-06-29 out.txt Your hint with 'fullname' was the last piece of the puzzle. I really need to start reading my powershell books - putting them underneath my pillow just isn't cutting it... Need. More. Time. Kurt On Mon, Aug 2, 2010 at 20:52, Rubens Almeida rubensalme...@gmail.com wrote: PowerShell... and here's one of my favorites one-liners to find big files: dir c:\temp -force -recurse | sort length -desc | format-table creationtime,lastwritetime,lastaccesstime,length,fullname -auto You can sort the results replacing the length by any of the properties after format-table On Mon, Aug 2, 2010 at 9:48 PM, Kurt Buff kurt.b...@gmail.com wrote: All, On our file server we have a single 1.5tb partition - it's on a SAN. Over the course of 4 days recently it went from about 30% free to about 13% free - someone slammed around 200gb onto the file server. I have a general idea of where it might be - there are two top-level directories that are over 200gb each. However, windirstat hasn't been completely helpful, as I can't seem to isolate which files were loaded during those days, and none of the files that I've been looking at were huge - no ISO or VHD files worth mentioning, etc.. I also am pretty confident that there are a *bunch* of duplicate files on those directories. So, I'm looking for a couple of things: 1) A way to get a
UGH (Tivoli TSM clients)
So, I need to reinstall the Tivoli TSM client on dozens of machines. For the reinstall to work I need to kill one registry key since the uninstaller doesn't nuke it: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TSM_SCHEDULER_MACHINENAME To delete this key I need to change permissions on it which apparently requires installing SUBINACL, sound right? I need to do this for about 70 systems and wonder if there's another way to do this, as a script is going to require me to use a variable for the %machinename% part of the reg key name with adds more complexity. Ideally a .CMD file that nukes : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TSM_SCHEDULER* would be the easiest for me. Anyone? Bueller? Bueller? David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Guilty, will change after reading this.
On Tue, Aug 3, 2010 at 1:01 PM, David Lum david@nwea.org wrote: - do not plug surge protectors into a UPS. If they UPS runs on batteries it will usually generate a step sine wave which may destroy surge protectors It can, in theory, be a problem, although I've never seen it happen. But it's easy enough to avoid even taking the chance. You can also run into issues daisy-chaining even power strips. Most TVSSes (Transient Voltage Surge Suppressors) work by shunting excess energy into the equipment grounding line (third prong). What happens if you have multiple devices shunting is generally not part of the design assumption. Again, best to avoid it. Note that most UPSes also include TVSS circuitry. I haven't had any trouble finding RPTs (Relocatable Power Taps, the official term for a power strip) with*out* TVSS circuitry. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: UGH (Tivoli TSM clients)
Can you run the script under the context of LocalSystem and just delete the reg key that way? Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 From: David Lum [mailto:david@nwea.org] Sent: Tuesday, August 03, 2010 4:42 PM To: NT System Admin Issues Subject: UGH (Tivoli TSM clients) So, I need to reinstall the Tivoli TSM client on dozens of machines. For the reinstall to work I need to kill one registry key since the uninstaller doesn't nuke it: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TSM_SCHEDULER_MACHINENAME To delete this key I need to change permissions on it which apparently requires installing SUBINACL, sound right? I need to do this for about 70 systems and wonder if there's another way to do this, as a script is going to require me to use a variable for the %machinename% part of the reg key name with adds more complexity. Ideally a .CMD file that nukes : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TSM_SCHEDULER* would be the easiest for me. Anyone? Bueller? Bueller? David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Guilty, will change after reading this.
This is possibly the most plausible explanation I've found about plugging a power strip into a UPS. I know that Metal Oxide Varistors are by design a sacrificial device. Their sole purpose in life is to protect the component or device that lies beyond them. Every time they do their job, even though they may not be destroyed completely, they do weaken over time. Kind of like bending a coat hanger back and forth. Bend it once, it just loses a little bit of shape, but it is still useable. Bend it a few times, and you'll notice it start to weaken. Bend it back and forth rapidly and you'll experience it get hot and break down right before your very eyes: What you shouldn't do is plug a surge protector into an UPS. I've never seen a great explanation as to why, but what I have read is that the dirty output of the UPS operating on battery will look like many small surges to the surge protector. This in turn will cause the surge protector to shunt power to the ground wire, quickly draining the UPS's battery and destroying the surge protector (most surge protectors are the MOV type, which are degraded every time they activate). From http://www.hometheaterforum.com/forum/thread/213390/ups-plugged-into-a-surge-protector-bad And a comment posted to the article that started all of this. Based on what I know about electricity (My father is a EE and I've taken a number of courses on the subject as well), this guy knows exactly what he is talking about): Great post, but there's a bit of myth floating around, here - there's a HUGE difference between a strike hitting a structure, and the strike hitting a tree/pole that's 40 feet from a structure. First up, the surge from a true strike is ambient. Our old shop had a 100 foot tower attached to the building. It got struck twice, and I was charged with making us survive it. These are the realities: 1. Creating deliberate strike points, and CORRECT grounding of the strike points is key, lest you burn down your building. Having it grounded is not enough; run the cable wrong, and the cable will start a fire (or several fires) inside the walls and attic spaces. 2. When you see plasma flowing along the grids of your drop ceiling, you'll realize that the touting of surge protectors and ground everything and it'll be fine is a cute concept. 3. During an ACTUAL strike on the structure, the ambient step potential is several gazillion volts per foot for dozens of yards. Grounding does not mitigate this fact. Unplugging does not mitigate this fact. 4. Your hardware devices will live or die based on their shielding and orientation to the strikepoint/ground path, since every conductor in them is a low resistance path along that step potential. If there happens to be a little silicon in the way, well, there won't be when it's over. Note that we're talking KV per inch within a dozen yards of the strike point OR its grounding cable. Your UPS is not even relevant at this point; the grounding path is a huge inductor; every uncaged conductive sub-path in the area will have some amount of current induced, including inside the chip-level. 5. You will lose things like spare mice and keyboards that are not even plugged in, depending on orientation. And, you'll notice that the survival/loss is consistent with that orientation. :) 6. A faraday cage can work wonders, but only if it is done correctly. Many PCs with a cheap metal case will actually survive in some part, possibly enough to cannibalize. Plastic cased PCs will probably need to be removed from production unless the mainboard was exactly flat along the gradient; if they don't fail outright, they typically will before the month is over. Since most rack mounted devices have metal enclosures, the servers etc typically are ok regardless of the rack type, but connectivity may be lost depending on luck, cable shielding, etc. Fully enclosed (metallic all four sides) racks will generally fare slightly better as far as connectivity. Racks with plastic (or no) doors will typically lose NICs, switches, etc in bulk. As with any production, you already keep a stack of old NICs handy - so if lightning is likely, just keep them in a faraday cage of some type (metal storage box or foil wrap). For hubs, routers and switches... plastic case = dead device, doesn't matter how you ground/surge-protect it or the Cat5/6. So, revision of your quick summary: Surge protectors work fair for NEARBY strikes; they become mostly useless as the strike becomes a direct hit. Mitigation of a direct hit requires a different type of engineering (shielding, etc), since you're dealing with a huge ambient EMF gradient, and induced current, neither of which cares about grounding. posted by Steven, Tue Aug 03 2010, 18:02 Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA jra...@eaglemds.com www.eaglemds.com -Original Message- From:
Re: Guilty, will change after reading this.
On Tue, Aug 3, 2010 at 1:31 PM, Maglinger, Paul pmaglin...@scvl.com wrote: Interesting, but isn’t A/C power typically a sine wave? Cheaper UPSes use a square or stepped wave as an approximation. For many types of equipment (in particular, the switching power supplies used in most IT gear), that works just fine. (I've been told you can run many PC power supplies off a *DC* input at the right voltage.) More expensive UPSes output a pure sine wave. Some equipment really wants that. In particular, AC motors. 60Hz is the norm, is it not? In North America. In Europe and some other parts of the world, 50 Hz is the standard. Surge strips are typically no more than some metal oxide varistors placed across hot, neutral and ground. Some put torodial coils for noise reduction, but I don’t know of anything in any of them that would damage the UPS or the surge strip. Cheap components. I've seen cheap TVSSes burn up spontaneously, let alone with a UPS. I wouldn't put any kind of failure mode past some of the no-name crap you see these days. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Guilty, will change after reading this.
On Tue, Aug 3, 2010 at 1:35 PM, Kurt Buff kurt.b...@gmail.com wrote: I don't know if MOVs are still used in surge protectors, or if they're sensitive to them, but it's plausible to me that this might be true... Putting cheap MOVs on L-G and N-G is still the most common way to make a TVSS. Especially the cheap ones. Some of them don't even put anything on N-G. At the other end of the spectrum, I've seen stuff with multiple MOVs, diodes, chokes, filters, and who-knows-what-else. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: malware that creates Outlook rules
Take that paragraph out of contest and it scarcely looks like English... -Original Message- From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Tuesday, August 03, 2010 1:35 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules Yep it's the same set of cmdlets you use for Exchange (as that's what l...@edu runs on). You can also use the OLSync ILM solution they offer. It's $500 + SQL Std for the ILM licensing but this will do GALSync from your existing AD/Exchange environment in to l...@edu. Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Guilty, will change after reading this.
On Tue, Aug 3, 2010 at 5:53 PM, Raper, Jonathan - Eagle jra...@eaglemds.com wrote: 3. During an ACTUAL strike on the structure, the ambient step potential is several gazillion volts per foot for dozens of yards. Grounding does not mitigate this fact. Unplugging does not mitigate this fact. This. We had lightning hit our building once. It fried NICs and hubs all over the place, including in stuff that was switched off. It fried one serial port in one PC (but not the other serial port in the same PC). It causes an electrical outlet with nothing plugged into it to explode out of the wall into little bitty pieces. It fried one phase in a transformer, leaving the other two phases working. It killed AC compressors in the basement. I've also been told by our ISP about an incident where lightning apparently found a fiber cable was the best path to ground, and fried the equipment at one end. But it's not a conductor. Lighting jumps open air. We're talking millions of volts. At that kind of potential, *everything* is a conductor. Lightning can do whatever the hell it wants to. All bets are off. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Finding a huge file dump from June...
I should have *BOLDED* 'edge case'. :) For day to day use, I certainly wouldn't do it. On Tue, Aug 3, 2010 at 2:27 PM, Michael B. Smith mich...@smithcons.com wrote: I'm not going to suggest that this doesn't work - because it does. At least where-ever I've tried to use it. However, be aware that it is NOT SUPPORTED. Microsoft does not support using versions of the .Net framework later than v2.0 with either PS v1 or PS v2. It is not (and was not) part of the qualification criteria (i.e., QA testing) for those releases. This has not changed in the betas for Server 2008 R2 sp1 or Windows 7 sp1, and I don't expect it to for the final releases of those service packs (although I am not an insider - so that's just a guess on my part). Note: this is a fine-line drawn in the sand. The .Net framework for 2.0, 3.0, and 3.5 are all based on 2.0 (and if you install 3.5, it also installs 2.0 sp2 or whatever). But 4.0 is a break from that and is a new base release of .Net. Joel Bennett jay...@huddledmasses.org is a PowerShell MVP (as is Thomas Lee). Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: Steven Peck [mailto:sep...@gmail.com] Sent: Tuesday, August 03, 2010 4:21 PM To: NT System Admin Issues Subject: Re: Finding a huge file dump from June... Here is an advanced look... For the edge case blogging guys on dotNet4: http://tfl09.blogspot.com/2010/08/using-newer-versions-of-net-with.html http://tfl09.blogspot.com/2010/08/more-on-using-different-versions-of-net.html http://tfl09.blogspot.com/2010/08/using-later-versions-of-net-framework.html Here is the Yahoo Pipes feed I use which is maintained by Joel Bennett http://pipes.yahoo.com/pipes/pipe.info?_id=uAmYy9xq3BGHcV361fC6Jw Steven Peck http://www.blkmtn.org On Tue, Aug 3, 2010 at 12:39 PM, Michael B. Smith mich...@smithcons.com wrote: It is truly unfortunate, but that is actually a .NET framework limitation. .Net 4, plus a patch, supports arbitrary length pathnames (i.e., up to the NTFS limits), so I expect some future version of PS will too. I'm not promising anything, just hoping. :-) Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Tuesday, August 03, 2010 3:30 PM To: NT System Admin Issues Subject: Re: Finding a huge file dump from June... You Rock. Awesome. BTW: I'm running into lots of these errors: Get-ChildItem : The specified path, file name, or both are too long. The fully qualified file name must be less than 260 characters, and the directory name must be less than 248 characters. I keep yelling at people to shorten their file names, but do they listen? Any way to work around this in powershell? Kurt On Tue, Aug 3, 2010 at 12:22, Michael B. Smith mich...@smithcons.com wrote: get-childitem k:\groups -force -recurse |? {$_.CreationTime.ToString() -match ^2010-06-2[0-9] } | format-table creationtime,length,fullname -auto Or select-string. No need to drop to findstr. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Tuesday, August 03, 2010 3:07 PM To: NT System Admin Issues Subject: Re: Finding a huge file dump from June... I tested this against a small directory, and am now running this: PS K:\ get-childitem k:\groups -force -recurse | format-table creationtime,length,fullname -auto | findstr ^2010-06-2 | findstr /v ^2010-06-20 | findstr /v ^2010-06-21 | findstr /v ^2010-06-22 | findstr /v ^2010-06-23 | findstr /v 2010-06-27 | findstr /v ^2010-06-28 | findstr /v ^2010-06-29 out.txt Your hint with 'fullname' was the last piece of the puzzle. I really need to start reading my powershell books - putting them underneath my pillow just isn't cutting it... Need. More. Time. Kurt On Mon, Aug 2, 2010 at 20:52, Rubens Almeida rubensalme...@gmail.com wrote: PowerShell... and here's one of my favorites one-liners to find big files: dir c:\temp -force -recurse | sort length -desc | format-table creationtime,lastwritetime,lastaccesstime,length,fullname -auto You can sort the results replacing the length by any of the properties after format-table On Mon, Aug 2, 2010 at 9:48 PM, Kurt Buff kurt.b...@gmail.com wrote: All, On our file server we have a single 1.5tb partition - it's on a SAN. Over the course of 4 days recently it went from about 30% free to about 13% free - someone slammed around 200gb onto the file server. I have a general idea of where it might be - there are two top-level directories that are over 200gb each. However, windirstat hasn't been completely helpful, as I can't seem to isolate which files were loaded during those days, and none of the files that I've been looking at were huge - no ISO or VHD files worth mentioning, etc.. I
RE: malware that creates Outlook rules
Outbound anti-spam: I've been asking sunbelt to add this to Ninja for years. Still waiting on it, and I'm not sure why. In any case, I moved off Ninja and Vipre to Forefront so I'll let someone else continue the wait :). Exchange now has outbound message throttling so you can set limits like x number of emails per minute. I'm hoping to dig into it and see if I can add a trigger to let me know when a user hits more than 5 or so emails per minute. Blacklist removal - These links are the major ones we need: Comcast http://www.comcastsupport.com/rbl ATT http://wn.att.net/cgi-bin/block_admin.cgi Microsoft https://postmaster.live.com/snds/data.aspx https://support.msn.com/eform.aspx?productKey=edfsmsblct=eformts Barracuda http://www.barracudacentral.org/lookups/ip-reputation http://www.barracudacentral.org/rbl/removal-request Symantec http://ipremoval.sms.symantec.com/lookup -Original Message- From: Osborne, Richard [mailto:richard.osbo...@wth.org] Sent: Tuesday, August 03, 2010 12:16 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules Actually this was happening all weekend. I was chasing my tail so hard I didn't think to e-mail this list until Monday. Lesson learned. Just to wrap up: thanks to Glen, Scott, Thomas, and anyone else who suggested the spam was coming from OWA via phished accounts. I looked at the IIS logs on the OWA server and found entries like this: ... GET /exchange/bob.smith/Drafts/ Cmd=new 443 bsmith x.x.x.x Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+InfoPath.2;+Crazy+Browser+3.0.3)... Which I suppose shows new e-mails being created in the Drafts folder. Any advice regarding interpreting these logs would be welcome. After changing the affected user's passwords I think we are in the clear. Exchange queues are quiet since yesterday. We publish OWA via ISA Server, so the OWA logs only the address of the ISA Server. We checked our firewall logs and found quite a bit of traffic to OWA from Nigeria India. We're in Tennessee, so we are able to block those addresses as we won't have any legitimate traffic from them. Based on the agent string above, I told URLScan to block Crazy Browser (http://www.crazybrowser.com/). I wonder how many other browsers there are I've never even heard of. Now I need to consider some kind of outbound anti-spam, figure out some scripting to notify me if the queues get out of hand, and get off all the blacklists I'm on. -- From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] Sent: Monday, August 02, 2010 2:50 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules We're a Lotus Notes shop using Postini as a relay, if it makes any difference... We had one desktop system here, and a few in NYC, where spam as being spewed out. This actually had nothing at all to do with Domino/Lotus but rather a rogue SMTP server which got snuck onto some workstations. We were able to track this down by monitoring SMTP traffic through our firewall. All SMTP traffic was to be comming from only one IP at each location, and it was all supposed to be directed to our Postini host. At least yours does not seem to be happening on a weekend... -- Richard D. McClary Systems Administrator, Information Technology Group ASPCA® 1717 S. Philo Rd, Ste 36 Urbana, IL 61802 richardmccl...@aspca.org P: 217-337-9761 C: 217-417-1182 F: 217-337-9761 www.aspca.org The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals® (ASPCA®) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. Osborne, Richard richard.osbo...@wth.org wrote on 08/02/2010 02:40:09 PM: I have been monitoring the Exchange queues. It's the only way I can tell when it is happening. I found the aqadmcli.exe utility and have been using it to clean the queues (aqadmcli delmsg flags=SENDER,sender=bob.sm...@wth.org. I'll check the OWA logs ASAP. Assuming I have had three users reply to phishing e-mails, is there anything to fix besides changing their passwords? Thanks everyone for the suggestions. -Original Message- From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, August 02, 2010 2:35 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules Also check those exchange smtp queues. If it is compromised accounts the spammers can send
RE: malware that creates Outlook rules
The poster of one of the questions I answered today - I can't remember where - emailed me and said huh? That wasn't clear. So I rewrote my answer using lots more words. I generally answer questions with short-cut responses, as Brian did, assuming that the OP has most of the knowledge to get to the right answer. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: David Lum [mailto:david@nwea.org] Sent: Tuesday, August 03, 2010 6:05 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules Take that paragraph out of contest and it scarcely looks like English... -Original Message- From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Tuesday, August 03, 2010 1:35 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules Yep it's the same set of cmdlets you use for Exchange (as that's what l...@edu runs on). You can also use the OLSync ILM solution they offer. It's $500 + SQL Std for the ILM licensing but this will do GALSync from your existing AD/Exchange environment in to l...@edu. Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: malware that creates Outlook rules
Good to know. Is it possible to host additional mailboxes locally just for voicemail/faxes and leave the actual mail in the cloud? Not really UM per se, but it would allow us to get off of our 3rd party voicemail server and auto-attendant and use Exchange's considerably cheaper versions. -Original Message- From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Tuesday, August 03, 2010 2:38 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules Currently UM in that scenario isn't possible. Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 -Original Message- From: Crawford, Scott [mailto:crawfo...@evangel.edu] Sent: Monday, August 02, 2010 4:46 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules Yeah, it's on the investigate list. It does happen with staff on occasion too, but not nearly as much as students. The major outstanding question I have is how to do Unified Messaging with Exchange if the mailbox is outsourced? It's prolly something simple, but I just haven't looked into it yet. -Original Message- From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, August 02, 2010 3:14 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules Ah ha. Didn't notice the .edu addy. In that case, I would seriously investigate outsourcing that to MS or Google. The entire Va. Community College System went with Google for student email and so far it has worked really well. Can't beat the cost too. Zero and the student gets to keep their same email as long as they want it. No advertisements in their account while they are students. No backups, spam, outages and all that other support headaches for me. Great big plus. -Original Message- From: Crawford, Scott [mailto:crawfo...@evangel.edu] Sent: Monday, August 02, 2010 4:05 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules Yeah, that sounds nice except we have 2000 students with an average of 500 new ones every year so our major issue isn't repeat offenders. -Original Message- From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, August 02, 2010 2:51 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules When this happened here, we disabled their email account until they completed our security awareness training, for the second time. With supervisors complete support. -Original Message- From: Osborne, Richard [mailto:richard.osbo...@wth.org] Sent: Monday, August 02, 2010 3:40 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules I have been monitoring the Exchange queues. It's the only way I can tell when it is happening. I found the aqadmcli.exe utility and have been using it to clean the queues (aqadmcli delmsg flags=SENDER,sender=bob.sm...@wth.org. I'll check the OWA logs ASAP. Assuming I have had three users reply to phishing e-mails, is there anything to fix besides changing their passwords? Thanks everyone for the suggestions. -Original Message- From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, August 02, 2010 2:35 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules Also check those exchange smtp queues. If it is compromised accounts the spammers can send spam via you owa faster than your exchange server can process so it will get backed up so disabling accounts or changing passwords wont stop it until the queues are emptied. -Original Message- From: Osborne, Richard [mailto:richard.osbo...@wth.org] Sent: Monday, August 02, 2010 3:32 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules I'm glad I'm not the only sufferer! I'll try and answer the other questions that were asked: 1) yes, the spam continued even with the user's account disabled and their PC powered off 2) yes, only our Exchange server can send SMTP to the Internet 3) my OWA servers are clean according to VIPRE MalwareBytes So far this has hit 3 users (out of ~5000). I have not seen any spam sent in the last 5 hours but I don't have any confidence that I have found the source. Maybe there's a PC with a high-privileged account that has been compromised and is sending out spam runs on a schedule? Currently I am getting up-to-date on patches on all my Exchange boxes. -Original Message- From: Thomas Mullins [mailto:tsmull...@wise.k12.va.us] Sent: Monday, August 02, 2010 2:17 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules We are having a similar issue. We changed the users password, and since that user is in a meeting, we turned his machine off. Looks like it has to be coming from OWA. Here is some info from an error message our external MTA sent to me (our Exchange guys are looking into the matter): Transcript of session follows. Out: 220 mail3.wise.k12.va.us ESMTP In: EHLO mail.wise.k12.va.us Out:
RE: malware that creates Outlook rules
That's awesome. I look forward to playing with it. -Original Message- From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Tuesday, August 03, 2010 3:35 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules Yep it's the same set of cmdlets you use for Exchange (as that's what l...@edu runs on). You can also use the OLSync ILM solution they offer. It's $500 + SQL Std for the ILM licensing but this will do GALSync from your existing AD/Exchange environment in to l...@edu. Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 -Original Message- From: Steven Peck [mailto:sep...@gmail.com] Sent: Tuesday, August 03, 2010 3:30 PM To: NT System Admin Issues Subject: Re: malware that creates Outlook rules Microsoft also has a similar program for EDUs for hosted mail. http://www.microsoft.com/liveatedu/free-hosted-student-email.aspx They have powershell cmdlets that work over the web for administrator so there should be some ways to accomplish automation of a sort. Steven Peck http://www.blkmtn.org On Tue, Aug 3, 2010 at 12:39 PM, Brian Desmond br...@briandesmond.com wrote: Most schools I've worked with either have something that plugs in to the message bus of their ERP/SIS system for provisioning to outsourced services, or, more frequently, they have a job which either scans an Oracle table every so often or a batch job on the ERP side that dumps delta flat files and a second job that picks them up and provisions to Google/etc. Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 -Original Message- From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Tuesday, August 03, 2010 2:27 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules I'm sure it is, and the Va. CC uses PeopleSoft for our Student Info System(SIS) and so they worked together to create an automated process in that, a student applies to the college, registers for classes and the next day, they have the email account active. All this is done via the web. Maybe google would work with your SIS vendor to create something similar. -Original Message- From: Crawford, Scott [mailto:crawfo...@evangel.edu] Sent: Tuesday, August 03, 2010 12:08 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules Hmm, interesting. I like that. Of course, setting it up for all students automatically might prove to be tricky. -Original Message- From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Tuesday, August 03, 2010 6:44 AM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules And just after I sent this the light came on, Google Voice should do UM. I'd let google handle voice mail, email and anything else they want to give to the students. -Original Message- From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Tuesday, August 03, 2010 7:42 AM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules Not sure on the UM questions. Not an issue here as we don't have student housing or provide phones for them. I'm betting that it is possible though. -Original Message- From: Crawford, Scott [mailto:crawfo...@evangel.edu] Sent: Monday, August 02, 2010 5:46 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules Yeah, it's on the investigate list. It does happen with staff on occasion too, but not nearly as much as students. The major outstanding question I have is how to do Unified Messaging with Exchange if the mailbox is outsourced? It's prolly something simple, but I just haven't looked into it yet. -Original Message- From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, August 02, 2010 3:14 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules Ah ha. Didn't notice the .edu addy. In that case, I would seriously investigate outsourcing that to MS or Google. The entire Va. Community College System went with Google for student email and so far it has worked really well. Can't beat the cost too. Zero and the student gets to keep their same email as long as they want it. No advertisements in their account while they are students. No backups, spam, outages and all that other support headaches for me. Great big plus. -Original Message- From: Crawford, Scott [mailto:crawfo...@evangel.edu] Sent: Monday, August 02, 2010 4:05 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules Yeah, that sounds nice except we have 2000 students with an average of 500 new ones every year so our major issue isn't repeat offenders. -Original Message- From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, August 02, 2010 2:51 PM To: NT System Admin Issues Subject: RE: malware that creates Outlook rules When this happened here, we disabled their email account until they completed
RE: malware that creates Outlook rules
I didn't know we were having a contest! Webster -Original Message- From: David Lum [mailto:david@nwea.org] Subject: RE: malware that creates Outlook rules Take that paragraph out of contest... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: UGH (Tivoli TSM clients)
What is wrong with reg delete key-or-value ?? Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: David Lum [mailto:david@nwea.org] Sent: Tuesday, August 03, 2010 5:42 PM To: NT System Admin Issues Subject: UGH (Tivoli TSM clients) So, I need to reinstall the Tivoli TSM client on dozens of machines. For the reinstall to work I need to kill one registry key since the uninstaller doesn't nuke it: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TSM_SCHEDULER_MACHINENAME To delete this key I need to change permissions on it which apparently requires installing SUBINACL, sound right? I need to do this for about 70 systems and wonder if there's another way to do this, as a script is going to require me to use a variable for the %machinename% part of the reg key name with adds more complexity. Ideally a .CMD file that nukes : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TSM_SCHEDULER* would be the easiest for me. Anyone? Bueller? Bueller? David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Guilty, will change after reading this.
Yeah APC goes above a lot of the time if it is something real strange. Like a battery that explodes inside the unit after a lightening hit. They seem to really care about how their products do in the strange and unusual. Jon On Tue, Aug 3, 2010 at 1:49 PM, richardmccl...@aspca.org wrote: No... I was the one who had to console the poor student (giving the melted mass time to cool down) and then contact APC. You'd not believe it, but APC actually wanted to look at the unit to see why the breaker did not trip. They actually replaced it with a new one! Joseph Heaton jhea...@dfg.ca.gov wrote on 08/03/2010 12:17:37 PM: Personal mishap, Richard? richardmccl...@aspca.org 8/3/2010 10:06 AM Don't plug space heaters into them, either! David Lum david@nwea.org wrote on 08/03/2010 12:01:04 PM: - do not plug surge protectors into a UPS. If they UPS runs on batteries it will usually generate a step sine wave which may destroy surge protectors (in particular tricky to find power strips without surge protector) http://isc.sans.edu/diary.html?storyid=9319 David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: WMI information gathering
2- Never IME, it is a big fight. And they still end up wanting administrator level privs because they can only go so far with delegation via WMI and DCOM. BTDTGTTS Not little guys either, products from HP,IBM,BMC etc. Usually have big time backing from mgmt. Never gave them access to DCs but they did get access to a lot of app servers -Original Message- From: Steven Peck [mailto:sep...@gmail.com] Sent: Tuesday, August 03, 2010 10:49 AM To: NT System Admin Issues Subject: Re: WMI information gathering To be honest the real questions are; 1. Are you required to do this? (Usually yes) - if yes, can you gain benefit? (Usually you can) 2. Do they have documentation on least privilege necessary for their tools to run? On Tue, Aug 3, 2010 at 10:26 AM, Free, Bob r...@pge.com wrote: My experience with WMI and CMDB or security scanner products tells me you are out of luck, at some point, the information they require is situated such that they require admin privs just to be able to read it. -Original Message- From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] Sent: Tuesday, August 03, 2010 10:18 AM To: NT System Admin Issues Subject: Re: WMI information gathering Anyone have any idea on this one? Joseph Heaton jhea...@dfg.ca.gov 8/2/2010 3:42 PM We have a group that wants to come in, and scan our servers to gather information. We want to cooperate with this effort, but we don't want to give them access to be able to write back to the servers. Is this possible? Is there a tool that can be used without an admin account, in order to gather information from within WMI? Please contact offline for further details, if needed. As always, I sincerely appreciate any assistance any of you may be able to provide. Thanks, Joe ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: WMI information gathering
That shouldn't even be on the table. You really want to have your domain admins and server admins thoroughly separated. Not to say a person couldn't be both but you don't want every server admin being a domain admin and often, vice versa. Having to give up admin on all your servers is one thing, having to give it up on the entire domain is completely another. -Original Message- From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] Sent: Tuesday, August 03, 2010 11:49 AM To: NT System Admin Issues Subject: Re: WMI information gathering Exactly! Which is why we're trying to figure out if we can comply, by letting them get whatever info they need, without giving them the keys to our domain... James Rankin kz2...@googlemail.com 8/3/2010 11:38 AM Domain Admin access not a big deal? Morons. I wouldn't let any third parties near a Domain Admin account. On 3 August 2010 19:15, Joseph Heaton jhea...@dfg.ca.gov wrote: 1. Yes, we are required to do this. It's supposed to be for information gathering only, but we're trying to cover our backsides, in case they mess something up. Yes, we can gain benefit, in that we can use this to get WMI access for our Orion product. 2. Documentation is a difficult thing. The wording of their message is such that they feel it's not a big deal for us to just give them a domain admin account to play with. Steven Peck sep...@gmail.com 8/3/2010 10:49 AM To be honest the real questions are; 1. Are you required to do this? (Usually yes) - if yes, can you gain benefit? (Usually you can) 2. Do they have documentation on least privilege necessary for their tools to run? On Tue, Aug 3, 2010 at 10:26 AM, Free, Bob r...@pge.com wrote: My experience with WMI and CMDB or security scanner products tells me you are out of luck, at some point, the information they require is situated such that they require admin privs just to be able to read it. -Original Message- From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] Sent: Tuesday, August 03, 2010 10:18 AM To: NT System Admin Issues Subject: Re: WMI information gathering Anyone have any idea on this one? Joseph Heaton jhea...@dfg.ca.gov 8/2/2010 3:42 PM We have a group that wants to come in, and scan our servers to gather information. We want to cooperate with this effort, but we don't want to give them access to be able to write back to the servers. Is this possible? Is there a tool that can be used without an admin account, in order to gather information from within WMI? Please contact offline for further details, if needed. As always, I sincerely appreciate any assistance any of you may be able to provide. Thanks, Joe ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Finding a huge file dump from June...
Nuts. This works, except for two things: PS K:\Groups get-childitem k:\groups -force -recurse |? {$_.CreationTime.ToString() -match ^2010-06-2[3-6] } | format-table creationtime,length,fullname -auto | out-file out.txt 1) The output from the above is truncated - I'm only seeing 150 characters (the width I have the screen at), and many of the files are deeper than that. 2) Output is in Unicode, not ASCII - this is more annoyance than critical, but it would be nice to know how to get ASCII. On Tue, Aug 3, 2010 at 12:22, Michael B. Smith mich...@smithcons.com wrote: get-childitem k:\groups -force -recurse |? {$_.CreationTime.ToString() -match ^2010-06-2[0-9] } | format-table creationtime,length,fullname -auto Or select-string. No need to drop to findstr. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Tuesday, August 03, 2010 3:07 PM To: NT System Admin Issues Subject: Re: Finding a huge file dump from June... I tested this against a small directory, and am now running this: PS K:\ get-childitem k:\groups -force -recurse | format-table creationtime,length,fullname -auto | findstr ^2010-06-2 | findstr /v ^2010-06-20 | findstr /v ^2010-06-21 | findstr /v ^2010-06-22 | findstr /v ^2010-06-23 | findstr /v 2010-06-27 | findstr /v ^2010-06-28 | findstr /v ^2010-06-29 out.txt Your hint with 'fullname' was the last piece of the puzzle. I really need to start reading my powershell books - putting them underneath my pillow just isn't cutting it... Need. More. Time. Kurt On Mon, Aug 2, 2010 at 20:52, Rubens Almeida rubensalme...@gmail.com wrote: PowerShell... and here's one of my favorites one-liners to find big files: dir c:\temp -force -recurse | sort length -desc | format-table creationtime,lastwritetime,lastaccesstime,length,fullname -auto You can sort the results replacing the length by any of the properties after format-table On Mon, Aug 2, 2010 at 9:48 PM, Kurt Buff kurt.b...@gmail.com wrote: All, On our file server we have a single 1.5tb partition - it's on a SAN. Over the course of 4 days recently it went from about 30% free to about 13% free - someone slammed around 200gb onto the file server. I have a general idea of where it might be - there are two top-level directories that are over 200gb each. However, windirstat hasn't been completely helpful, as I can't seem to isolate which files were loaded during those days, and none of the files that I've been looking at were huge - no ISO or VHD files worth mentioning, etc.. I also am pretty confident that there are a *bunch* of duplicate files on those directories. So, I'm looking for a couple of things: 1) A way to get a directory listing that supports a time/date stamp (my choice of atime, mtime or ctime) size and a complete path name for each file/directory on a single line - something like: 2009-01-08 16:12 854,509 K:\Groups\training\On-Site_Special_Training\Customer1.doc I've tried every trick I can think of for the 'dir' command and it won't do what I want, and the 'ls' command from gunuwin32 doesn't seem to want to do this either. Is there a powershell one-liner that can do this for me perhaps? 2) A recommendation for a duplicate file finder - cheap or free would be preferred. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Finding a huge file dump from June...
In regards to [1], change -auto to -wrap in the format-table element of the pipeline. In regards to [2], on the out-file element of the pipeline, add -Encoding ASCII. Have I ever spoken with you about incomplete user requirement documents? :-) :-) :-) Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Tuesday, August 03, 2010 8:17 PM To: NT System Admin Issues Subject: Re: Finding a huge file dump from June... Nuts. This works, except for two things: PS K:\Groups get-childitem k:\groups -force -recurse |? {$_.CreationTime.ToString() -match ^2010-06-2[3-6] } | format-table creationtime,length,fullname -auto | out-file out.txt 1) The output from the above is truncated - I'm only seeing 150 characters (the width I have the screen at), and many of the files are deeper than that. 2) Output is in Unicode, not ASCII - this is more annoyance than critical, but it would be nice to know how to get ASCII. On Tue, Aug 3, 2010 at 12:22, Michael B. Smith mich...@smithcons.com wrote: get-childitem k:\groups -force -recurse |? {$_.CreationTime.ToString() -match ^2010-06-2[0-9] } | format-table creationtime,length,fullname -auto Or select-string. No need to drop to findstr. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Tuesday, August 03, 2010 3:07 PM To: NT System Admin Issues Subject: Re: Finding a huge file dump from June... I tested this against a small directory, and am now running this: PS K:\ get-childitem k:\groups -force -recurse | format-table creationtime,length,fullname -auto | findstr ^2010-06-2 | findstr /v ^2010-06-20 | findstr /v ^2010-06-21 | findstr /v ^2010-06-22 | findstr /v ^2010-06-23 | findstr /v 2010-06-27 | findstr /v ^2010-06-28 | findstr /v ^2010-06-29 out.txt Your hint with 'fullname' was the last piece of the puzzle. I really need to start reading my powershell books - putting them underneath my pillow just isn't cutting it... Need. More. Time. Kurt On Mon, Aug 2, 2010 at 20:52, Rubens Almeida rubensalme...@gmail.com wrote: PowerShell... and here's one of my favorites one-liners to find big files: dir c:\temp -force -recurse | sort length -desc | format-table creationtime,lastwritetime,lastaccesstime,length,fullname -auto You can sort the results replacing the length by any of the properties after format-table On Mon, Aug 2, 2010 at 9:48 PM, Kurt Buff kurt.b...@gmail.com wrote: All, On our file server we have a single 1.5tb partition - it's on a SAN. Over the course of 4 days recently it went from about 30% free to about 13% free - someone slammed around 200gb onto the file server. I have a general idea of where it might be - there are two top-level directories that are over 200gb each. However, windirstat hasn't been completely helpful, as I can't seem to isolate which files were loaded during those days, and none of the files that I've been looking at were huge - no ISO or VHD files worth mentioning, etc.. I also am pretty confident that there are a *bunch* of duplicate files on those directories. So, I'm looking for a couple of things: 1) A way to get a directory listing that supports a time/date stamp (my choice of atime, mtime or ctime) size and a complete path name for each file/directory on a single line - something like: 2009-01-08 16:12 854,509 K:\Groups\training\On-Site_Special_Training\Customer1.doc I've tried every trick I can think of for the 'dir' command and it won't do what I want, and the 'ls' command from gunuwin32 doesn't seem to want to do this either. Is there a powershell one-liner that can do this for me perhaps? 2) A recommendation for a duplicate file finder - cheap or free would be preferred. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~