RE: Mac and Windows mix

[Raper, Jonathan - Eagle]

I was wondering who pays for dinner myself...


Jonathan L. Raper, A+, MCSA, MCSE
Technology Coordinator
Eagle Physicians & Associates, PA
jra...@eaglemds.commailto:%20jra...@eaglemds.com>
www.eaglemds.comhttp://www.eaglemds.com/>


From: Don Ely [mailto:don@gmail.com]
Sent: Wednesday, September 08, 2010 12:33 PM
To: NT System Admin Issues
Subject: Re: Mac and Windows mix

You date yourself?!?!?  Interesting place to come out...
On Wed, Sep 8, 2010 at 9:31 AM, Steven M. Caesare 
mailto:scaes...@caesare.com>> wrote:
+1

And user rights assignments. And granularity for ACL's.

The NT executive kernel supports a superset of the primitives needed by either 
the Win32 protected mode subsystem, or UNIX. This is why you can(could) run 
UNIX or Win32 processes atop the same underlying kernel. (And OS/2 as well, but 
I'm dating myself).

-sc

From: Ken Schaefer [mailto:k...@adopenstatic.com]
Sent: Wednesday, September 08, 2010 11:42 AM

To: NT System Admin Issues
Subject: RE: Mac and Windows mix

User vs Administrator privileges are only one small part of a security model. 
In fact, Windows has many individual security rights, so "user" versus 
"administrator" is a somewhat pointless comparison.

How do you ACL files, ports, threads, memory?

How do processes protect themselves from other processes?

The typical NTFS file ACLs are far more granular than typical *Nix permissions. 
And that's just the DACLs, not including the SACLs.

Cheers
Ken

From: Mayo, Bill 
[mailto:bem...@pittcountync.gov]
Sent: Wednesday, 8 September 2010 11:38 PM

To: NT System Admin Issues
Subject: RE: Mac and Windows mix

Therefore, I don't think you can realistically compare the security model of 
*nix to NT.

Bill Mayo



~ Finally, powerful endpoint security that ISN'T a resource hog! ~

~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


Any medical information contained in this electronic message is CONFIDENTIAL 
and privileged. It is unlawful for unauthorized persons to view, copy, 
disclose, or disseminate CONFIDENTIAL information. This electronic message may 
contain information that is confidential and/or legally privileged. It is 
intended only for the use of the individual(s) and/or entity named as 
recipients in the message. If you are not an intended recipient of this 
message, please notify the sender immediately and delete this material from 
your computer. Do not deliver, distribute or copy this message, and do not 
disclose its contents or take any action in reliance on the information that it 
contains.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Mac and Windows mix

[John Aldrich]

I think you're trying to overcomplicate things. All I meant is that the
end-user normally runs as a non-privileged user and so any application they
run is going to run as a non-privileged user. Windows has had that ability
since the NT days, but has it really been usable? IME, no. Most applications
(other than Office) wanted to run as an admin, at least up until recent
vintages of Windows.

 

John-AldrichPerception_2

 

From: Steven M. Caesare [mailto:scaes...@caesare.com] 
Sent: Wednesday, September 08, 2010 12:22 PM
To: NT System Admin Issues
Subject: RE: Mac and Windows mix

 

And we need to define what he means by "userspace". as that infers that his
statement means he believes admin-owned processes run in. kernel space? 

 

If so, that's an incorrect understanding.

 

-sc

 

From: Ken Schaefer [mailto:k...@adopenstatic.com] 
Sent: Wednesday, September 08, 2010 10:27 AM
To: NT System Admin Issues
Subject: RE: Mac and Windows mix

 

This is only one, tiny, aspect of implementing a security model (reading
Windows Internals by Russinovich/Solomon is highly recommended).

 

That said, Windows NT has had the same model since the first released
version (v3.1 back in 1993)

 

Cheers

Ken

 

From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] 
Sent: Wednesday, 8 September 2010 10:13 PM
To: NT System Admin Issues
Subject: RE: Mac and Windows mix

 

Basically, that users are not admins and that everything runs in "userspace"
unless specifically run as an admin, including installation of software.

 

John-AldrichPerception_2

 

From: Steven M. Caesare [mailto:scaes...@caesare.com] 
Sent: Wednesday, September 08, 2010 8:49 AM
To: NT System Admin Issues
Subject: RE: Mac and Windows mix

 

What do you understand that model to be?

 

-sc

 

From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] 
Sent: Tuesday, September 07, 2010 3:15 PM
To: NT System Admin Issues
Subject: RE: Mac and Windows mix

 

Not to start a flame war or anything, but I was under the impression that
Mac OS/X was significantly *more* secure than a comparable Windows machine,
due to the *nix security model? Asking for information here, trying to
learn, not trying to start  a Mac Vs. Windows thread (there are enough of
those, that I don't need to start one! )

 

John-AldrichPerception_2

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<><>

Re: Mac and Windows mix

[Don Ely]

You date yourself?!?!?  Interesting place to come out...

On Wed, Sep 8, 2010 at 9:31 AM, Steven M. Caesare wrote:

>  +1
>
>
>
> And user rights assignments. And granularity for ACL’s.
>
>
>
> The NT executive kernel supports a superset of the primitives needed by
> either the Win32 protected mode subsystem, or UNIX. This is why you
> can(could) run UNIX or Win32 processes atop the same underlying kernel. (And
> OS/2 as well, but I’m dating myself).
>
>
>
> -sc
>
>
>
> *From:* Ken Schaefer [mailto:k...@adopenstatic.com]
> *Sent:* Wednesday, September 08, 2010 11:42 AM
>
> *To:* NT System Admin Issues
> *Subject:* RE: Mac and Windows mix
>
>
>
> User vs Administrator privileges are only one small part of a security
> model. In fact, Windows has many individual security rights, so “user”
> versus “administrator” is a somewhat pointless comparison.
>
>
>
> How do you ACL files, ports, threads, memory?
>
>
>
> How do processes protect themselves from other processes?
>
>
>
> The typical NTFS file ACLs are far more granular than typical *Nix
> permissions. And that’s just the DACLs, not including the SACLs.
>
>
> Cheers
>
> Ken
>
>
>
> *From:* Mayo, Bill [mailto:bem...@pittcountync.gov]
> *Sent:* Wednesday, 8 September 2010 11:38 PM
>
> *To:* NT System Admin Issues
> *Subject:* RE: Mac and Windows mix
>
>
>
> Therefore, I don't think you can realistically compare the security model
> of *nix to NT.
>
>
>
> Bill Mayo
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>  ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Mac and Windows mix

[Steven M. Caesare]

+1

 

And user rights assignments. And granularity for ACL's.

 

The NT executive kernel supports a superset of the primitives needed by
either the Win32 protected mode subsystem, or UNIX. This is why you
can(could) run UNIX or Win32 processes atop the same underlying kernel.
(And OS/2 as well, but I'm dating myself).

 

-sc

 

From: Ken Schaefer [mailto:k...@adopenstatic.com] 
Sent: Wednesday, September 08, 2010 11:42 AM
To: NT System Admin Issues
Subject: RE: Mac and Windows mix

 

User vs Administrator privileges are only one small part of a security
model. In fact, Windows has many individual security rights, so "user"
versus "administrator" is a somewhat pointless comparison.

 

How do you ACL files, ports, threads, memory?

 

How do processes protect themselves from other processes?

 

The typical NTFS file ACLs are far more granular than typical *Nix
permissions. And that's just the DACLs, not including the SACLs.


Cheers

Ken

 

From: Mayo, Bill [mailto:bem...@pittcountync.gov] 
Sent: Wednesday, 8 September 2010 11:38 PM
To: NT System Admin Issues
Subject: RE: Mac and Windows mix

 

Therefore, I don't think you can realistically compare the security
model of *nix to NT.

 

Bill Mayo

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Google email for corporate use

[Bob Hartung]

We're using Kerio Connect and there's no restrictions on where you store data.

--

Bob Hartung
Wisco Industries, Inc.
736 Janesville St.
Oregon, WI 53575
Tel: (608) 835-3106 x215
Fax: (608) 835-7399
e-mail: bhartung(at)wiscoind.com
  _  

From: John Aldrich [mailto:jaldr...@blueridgecarpet.com]
To: NT System Admin Issues [mailto:ntsysad...@lyris.sunbelt-software.com]
Sent: Wed, 08 Sep 2010 11:07:41 -0500
Subject: RE: Google email for corporate use




Well, your point is well taken, however, I have no plans for  Exchange… still 
looking very closely at Kerio Connect, as it has most of the  bells and 
whistles of Exchange, at about half the cost. Still, it would be good  to know 
that putting the mail store on a SAN is approved. J

 




 



From: Erik Goldoff  [mailto:egold...@gmail.com] 
  Sent: Wednesday, September 08, 2010 11:33 AM
  To: NT System Admin Issues
  Subject: RE: Google email for corporate use

 

Make sure your storage appliance drive connection method is  approved for your 
version of exchange.  Used to be most NAS was not usable  for exchange, it 
would have to be DASD or SAN ( FC or iSCSI ).  Just  mapping as a network 
attached drive is unsupported.  ( I think NetApp had  a MS widget that made 
their NAS supportable )

 


Erik Goldoff

IT  Consultant

Systems, Networks, &  Security 

'  Security is an ongoing process, not a one time event ! '



From: John Aldrich  [mailto:jaldr...@blueridgecarpet.com] 
  Sent: Wednesday, September 08, 2010 11:22 AM
  To: NT System Admin Issues
  Subject: RE: Google email for corporate use

 

Hmm… maybe worth considering getting our own spam/virus  filtering appliance 
then… currently our email is filtered by our ISP’s  RedCondor and it does a 
good job of filtering. Very little junk gets through.  Heck, it’s at least as 
good as SpamCop, which I use for my personal email. J

 

Any other comments on Google, specifically, or hosted email in  general? Main 
reason we want to bring email in house is because so many of our  users have 
smart phones and they have trouble getting them to work with our  hosted email. 
Also, we get charged based on the size of the mailbox, for disk  space and I 
want to get rid of that… if we put the mail store on the storage  appliance I’m 
looking at, we should have plenty of space to work with. J

 



 


From:  richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] 
  Sent: Wednesday, September 08, 2010 11:16 AM
  To: NT System Admin Issues
  Subject: Re: Google email for corporate use

 


  A wee bit OT  but related... 
  
  We are a Notes  shop.  We are strongly considering going to a hosed -er- 
hosted Exchange  service (once we find someone who can import our current 
Domino set-up and  provide the proper guarantees).  Lots of arguments in favor 
of the hosted  service. 
  
  Are you aware  that Google owns Postini?  Anyway, for spam filtering, many 
things get  through our Postini filters and into our Notes mailboxes.  These 
same spam  messages get snagged and sent to the "spam" box in GMail.  That  is, 
the spam filtering in GMail seems to be better than for Postini.
  --  
  Richard  D. McClary 
  Systems  Administrator, Information Technology Group 
  ASPCA®  
  1717  S. Philo Rd, Ste 36 
  Urbana,  IL  61802 
 
  richardmccl...@aspca.org  
 
  P:  217-337-9761 
  C:  217-417-1182 
  F:  217-337-9761 
  www.aspca.org  
 

The  information contained in this e-mail, and any attachments hereto, is from 
The  American Society for the Prevention of Cruelty to Animals® (ASPCA®)  and 
is intended only for use by the addressee(s) named herein and may contain  
legally privileged and/or confidential information. If you are not the intended 
 recipient of this e-mail, you are hereby notified that any dissemination,  
distribution, copying or use of the contents of this e-mail, and any  
attachments hereto, is strictly prohibited. If you have received this e-mail in 
 error, please immediately notify me by reply email and permanently delete the  
original and any copy of this e-mail and any printout thereof. 
 
  
  "John Aldrich"   wrote on 09/08/2010 10:09:27 
AM:
  
  > Anyone here using Google for their corporate email? I’ve got a 
  > Google rep trying to sell me on using their service instead of 
  > bringing email in-house. I don’t see the benefit, myself. Sure they 
  > have 99.999% uptime, but other than that, what’s the benefit? She 
  > says they can integrate with Active Directory, but I don’t 
  > necessarily want Google reaching out and touching my domain 
  > controllers….scares the crap outta me. J I would NOT oppose using 
  > Postini to filter/scan my email, but I don’t necessarily want them 
  > handling my email for me. 
  >   
  > [image removed] [image removed] 
  >   
  > ~ Finall

RE: Mac and Windows mix

[Steven M. Caesare]

Funny, it was my user OS since pre-beta.

 

Are you speaking of the NT "family", or strictly the versions of the
same codebase named "NT"?

 

-sc

 

From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] 
Sent: Wednesday, September 08, 2010 10:29 AM
To: NT System Admin Issues
Subject: RE: Mac and Windows mix

 

True... but NT was not a "user" operating system. :-)

 

  

 

From: Ken Schaefer [mailto:k...@adopenstatic.com] 
Sent: Wednesday, September 08, 2010 10:27 AM
To: NT System Admin Issues
Subject: RE: Mac and Windows mix

 

This is only one, tiny, aspect of implementing a security model (reading
Windows Internals by Russinovich/Solomon is highly recommended).

 

That said, Windows NT has had the same model since the first released
version (v3.1 back in 1993)

 

Cheers

Ken

 

From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] 
Sent: Wednesday, 8 September 2010 10:13 PM
To: NT System Admin Issues
Subject: RE: Mac and Windows mix

 

Basically, that users are not admins and that everything runs in
"userspace" unless specifically run as an admin, including installation
of software.

 



 

From: Steven M. Caesare [mailto:scaes...@caesare.com] 
Sent: Wednesday, September 08, 2010 8:49 AM
To: NT System Admin Issues
Subject: RE: Mac and Windows mix

 

What do you understand that model to be?

 

-sc

 

From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] 
Sent: Tuesday, September 07, 2010 3:15 PM
To: NT System Admin Issues
Subject: RE: Mac and Windows mix

 

Not to start a flame war or anything, but I was under the impression
that Mac OS/X was significantly *more* secure than a comparable Windows
machine, due to the *nix security model? Asking for information here,
trying to learn, not trying to start  a Mac Vs. Windows thread (there
are enough of those, that I don't need to start one! )

 



 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<><>

RE: To be diverse...or not

[Charlie Kaiser]

You could go either way. I think that being able to provide diverse
solutions is much better for the client; many clients will balk at using
%vendor% and being able to provide them with an alternative is advantageous.
At the same time, being able to efficiently install and configure a product
saves time/money all the way around.

My philosophy as a consultant is to offer a solution that fits the client
rather than shoehorning them into my paradigm. In some cases this means
AD/multiple servers, in some it's SBS, in some it's hosted exchange. Much of
the decision making has to do with the client's budget and the type of data
they need to protect/access.

By being familiar/proficient with multiple product lines, you become better
able to fit the solution to the client's needs...

***
Charlie Kaiser
charl...@golden-eagle.org
Kingman, AZ
***  


> -Original Message-
> From: David Lum [mailto:david@nwea.org]
> Sent: Wednesday, September 08, 2010 9:13 AM
> To: NT System Admin Issues
> Subject: To be diverse...or not
> 
> Scenario: Full time Systems Engineer by day, IT consultant by night (4
clients 5 servers
> ~100 workstations).
> 
> 
> 
> Does it make sense to have any diversity in products (AV, patch
management, etc) or is it
> better to leverage knowledge? I ask because I would think it makes more
sense to stick
> with one product and be pretty much the de-facto expert, but I have found
that having
> experience with different AV products (McAfee, Trend, Vipre) at this point
to be
> beneficial and doesn't really add any overhead vs. a single product. The
catch is I had
> prior experience with Trend Micro at %PriorDayjob%  so one client got
that,
> %Currentdayjob% has McAfee so I learned that, and Vipre Enterprise came
out so I tried
> that at smaller clients.
> 
> 
> 
> I say that to say this: Patching is my current dilemma and I have WSUS
everywhere and
> no 3rd party stuff anywhere. If I choose a tool for one place does it make
sense to use
> this same tool everywhere else if the price is acceptable to each party
involved? Some
> tools are cheaper than others and can save a client money even though they
could afford
> the more expensive option, but the cheaper option means I am working with
more than one
> tool (which means it could be argued the client ends up spending more due
to my spool up
> time to learn a new app). I don't see expanding my client base by more
than a client or
> two every other year in the forseeable future.
> 
> 
> 
> Thoughts and comments?
> 
> David Lum // SYSTEMS ENGINEER
> NORTHWEST EVALUATION ASSOCIATION
> (Desk) 971.222.1025 // (Cell) 503.267.9764
> 
> 
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
> 
> ---
> To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Mac and Windows mix

[Steven M. Caesare]

And we need to define what he means by "userspace"... as that infers
that his statement means he believes admin-owned processes run in...
kernel space? 

 

If so, that's an incorrect understanding.

 

-sc

 

From: Ken Schaefer [mailto:k...@adopenstatic.com] 
Sent: Wednesday, September 08, 2010 10:27 AM
To: NT System Admin Issues
Subject: RE: Mac and Windows mix

 

This is only one, tiny, aspect of implementing a security model (reading
Windows Internals by Russinovich/Solomon is highly recommended).

 

That said, Windows NT has had the same model since the first released
version (v3.1 back in 1993)

 

Cheers

Ken

 

From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] 
Sent: Wednesday, 8 September 2010 10:13 PM
To: NT System Admin Issues
Subject: RE: Mac and Windows mix

 

Basically, that users are not admins and that everything runs in
"userspace" unless specifically run as an admin, including installation
of software.

 

  

 

From: Steven M. Caesare [mailto:scaes...@caesare.com] 
Sent: Wednesday, September 08, 2010 8:49 AM
To: NT System Admin Issues
Subject: RE: Mac and Windows mix

 

What do you understand that model to be?

 

-sc

 

From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] 
Sent: Tuesday, September 07, 2010 3:15 PM
To: NT System Admin Issues
Subject: RE: Mac and Windows mix

 

Not to start a flame war or anything, but I was under the impression
that Mac OS/X was significantly *more* secure than a comparable Windows
machine, due to the *nix security model? Asking for information here,
trying to learn, not trying to start  a Mac Vs. Windows thread (there
are enough of those, that I don't need to start one! )

 



 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<><>

To be diverse...or not

[David Lum]

Scenario: Full time Systems Engineer by day, IT consultant by night (4 clients 
5 servers ~100 workstations).

Does it make sense to have any diversity in products (AV, patch management, 
etc) or is it better to leverage knowledge? I ask because I would think it 
makes more sense to stick with one product and be pretty much the de-facto 
expert, but I have found that having experience with different AV products 
(McAfee, Trend, Vipre) at this point to be beneficial and doesn't really add 
any overhead vs. a single product. The catch is I had prior experience with 
Trend Micro at %PriorDayjob%  so one client got that, %Currentdayjob% has 
McAfee so I learned that, and Vipre Enterprise came out so I tried that at 
smaller clients.

I say that to say this: Patching is my current dilemma and I have WSUS 
everywhere and no 3rd party stuff anywhere. If I choose a tool for one place 
does it make sense to use this same tool everywhere else if the price is 
acceptable to each party involved? Some tools are cheaper than others and can 
save a client money even though they could afford the more expensive option, 
but the cheaper option means I am working with more than one tool (which means 
it could be argued the client ends up spending more due to my spool up time to 
learn a new app). I don't see expanding my client base by more than a client or 
two every other year in the forseeable future.

Thoughts and comments?
David Lum // SYSTEMS ENGINEER
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Mac and Windows mix

[Mayo, Bill]

I don't disagree with anything you said.  The OP said that not making
the user run with elevated permissions has been a historical advantage
of *nix over Windows, and you countered that Windows had the same model
as of NT.  I am simply saying that I don't believe that is an accurate
comparison.



From: Ken Schaefer [mailto:k...@adopenstatic.com] 
Sent: Wednesday, September 08, 2010 11:42 AM
To: NT System Admin Issues
Subject: RE: Mac and Windows mix



User vs Administrator privileges are only one small part of a security
model. In fact, Windows has many individual security rights, so "user"
versus "administrator" is a somewhat pointless comparison.

 

How do you ACL files, ports, threads, memory?

 

How do processes protect themselves from other processes?

 

The typical NTFS file ACLs are far more granular than typical *Nix
permissions. And that's just the DACLs, not including the SACLs.


Cheers

Ken

 

From: Mayo, Bill [mailto:bem...@pittcountync.gov] 
Sent: Wednesday, 8 September 2010 11:38 PM
To: NT System Admin Issues
Subject: RE: Mac and Windows mix

 

Therefore, I don't think you can realistically compare the security
model of *nix to NT.

 

Bill Mayo

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: what is the rss feed url here

[James Winzenz]

From Sunbelt's website:


"All newsletters are available through an RSS reader. However lists 
currently have RSS disabled as we await a software upgrade."


http://www.sunbeltsoftware.com/Communities/

James

--
From: "Steph Balog" 
Sent: Wednesday, September 08, 2010 8:38 AM
To: "NT System Admin Issues" 
Subject: what is the rss feed url here


I would like to add it to the ipad feedler.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/

or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Mac and Windows mix

[Ken Schaefer]

User vs Administrator privileges are only one small part of a security model. 
In fact, Windows has many individual security rights, so "user" versus 
"administrator" is a somewhat pointless comparison.

How do you ACL files, ports, threads, memory?

How do processes protect themselves from other processes?

The typical NTFS file ACLs are far more granular than typical *Nix permissions. 
And that's just the DACLs, not including the SACLs.

Cheers
Ken

From: Mayo, Bill [mailto:bem...@pittcountync.gov]
Sent: Wednesday, 8 September 2010 11:38 PM
To: NT System Admin Issues
Subject: RE: Mac and Windows mix

Therefore, I don't think you can realistically compare the security model of 
*nix to NT.

Bill Mayo



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

re: Google email for corporate use

[Steph Balog]

Read the very small print. Google owns everything on their server.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

what is the rss feed url here

[Steph Balog]

I would like to add it to the ipad feedler.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Mac and Windows mix

[Ken Schaefer]

SQL Server 6.0/6.5 was a whole different kettle of fish to 7.0

Ken Schaefer
Architect | CTO Office | SOEasy Program
Microsoft MVP (Windows Server - IIS)
MCITP (EA, SA), MCTS (ISA, SQL Server, Hyper-V, Ops Manager, MOSS), 
MCSE+Security, MCDBA
Mobile: +65 82485156 (SG) | +61 412 529 449 (AU)

HP Enterprise Services
Level 3, Block C, Jackson Square, 11 Lorong 3,
Toa Payoh, Singapore, 319759



From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Wednesday, 8 September 2010 11:35 PM
To: NT System Admin Issues
Subject: RE: Mac and Windows mix

+1

And I was a "Microsoft Certified SQL 7.0 Administrator".

Now, I can barely spell SQL.

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Don Guyer [mailto:don.gu...@prufoxroach.com]
Sent: Wednesday, September 08, 2010 11:21 AM
To: NT System Admin Issues
Subject: RE: Mac and Windows mix

Ditto on that. Got my first MCSE doing the NT 4 track.

Don Guyer
Systems Engineer - Information Services
Prudential, Fox & Roach/Trident Group
431 W. Lancaster Avenue
Devon, PA 19333
Direct: (610) 993-3299
Fax: (610) 650-5306
don.gu...@prufoxroach.com

From: Jonathan Link [mailto:jonathan.l...@gmail.com]
Sent: Wednesday, September 08, 2010 11:12 AM
To: NT System Admin Issues
Subject: Re: Mac and Windows mix

Also the US Military standardized on NT workstation back in the mid 90's, IIRC. 
 I joined this list, mainly because I was using and deploying NT as a 
workstation back in '97.

Just because it wasn't done by someone you know doesn't mean it wasn't done at 
all.
On Wed, Sep 8, 2010 at 11:05 AM, John Aldrich 
mailto:jaldr...@blueridgecarpet.com>> wrote:
NT was never adopted as an end-user operating system, at least not by anyone I 
know. It was primarily used as a server O/S except for a few specialized 
situations. Granted, in my previous career, I did use an NT-based video editing 
workstation, but most people I know used Win9x and it's successors until 
Microsoft finally got smart and forced everyone to move to an O/S with a 
separate admin and user workspace (started with XP, and improved in Vista and 
even more in Win7.)
A "user" O/S I define as what you'd find in most workspaces... i.e. end-user 
workstations. I'm just happy that Microsoft finally got with the program and 
stopped letting users run as the local admin by default.




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Mac and Windows mix

[Mayo, Bill]

I agree that NT was a user operating system.  However, the real point is
that, at least as of Windows XP, a whole lot of "user" programs just
plain didn't work if you logged on as a regular user.  Therefore, people
were trained to run with higher permissions to be able to get anything
done.  I can't tell you how many times I have been told by a sofware
vendor, "It works fine if you log on as administrator."  To get around
these problems, you either have to do as suggested, or use various
tools/auditing to try and figure out what was being blocked and work
around it.  Therefore, I don't think you can realistically compare the
security model of *nix to NT.
 
Bill Mayo




From: James Kerr [mailto:cluster...@gmail.com] 
Sent: Wednesday, September 08, 2010 11:26 AM
To: NT System Admin Issues
Subject: Re: Mac and Windows mix


I was under the impression that NT4 workstation was for users, business
users and 9x was for home, and small peer to peer networks. The company
I worked for at the time didn't have any 9x machines but maybe that was
because they are an engineering firm.
 
James

- Original Message - 
From: John Aldrich   
To: NT System Admin Issues
  
Sent: Wednesday, September 08, 2010 10:28 AM
Subject: RE: Mac and Windows mix


True... but NT was not a "user" operating system. J

 

  

 

From: Ken Schaefer [mailto:k...@adopenstatic.com] 
Sent: Wednesday, September 08, 2010 10:27 AM
To: NT System Admin Issues
Subject: RE: Mac and Windows mix

 

This is only one, tiny, aspect of implementing a security model
(reading Windows Internals by Russinovich/Solomon is highly
recommended).

 

That said, Windows NT has had the same model since the first
released version (v3.1 back in 1993)

 

Cheers

Ken

 

From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] 
Sent: Wednesday, 8 September 2010 10:13 PM
To: NT System Admin Issues
Subject: RE: Mac and Windows mix

 

Basically, that users are not admins and that everything runs in
"userspace" unless specifically run as an admin, including installation
of software.

 



 

From: Steven M. Caesare [mailto:scaes...@caesare.com] 
Sent: Wednesday, September 08, 2010 8:49 AM
To: NT System Admin Issues
Subject: RE: Mac and Windows mix

 

What do you understand that model to be?

 

-sc

 

From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] 
Sent: Tuesday, September 07, 2010 3:15 PM
To: NT System Admin Issues
Subject: RE: Mac and Windows mix

 

Not to start a flame war or anything, but I was under the
impression that Mac OS/X was significantly *more* secure than a
comparable Windows machine, due to the *nix security model? Asking for
information here, trying to learn, not trying to start  a Mac Vs.
Windows thread (there are enough of those, that I don't need to start
one! )

 



 

 

~ Finally, powerful endpoint security that ISN'T a resource hog!
~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog!
~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<><>

RE: Google email for corporate use

[Erik Goldoff]

Make sure your storage appliance drive connection method is approved for
your version of exchange.  Used to be most NAS was not usable for exchange,
it would have to be DASD or SAN ( FC or iSCSI ).  Just mapping as a network
attached drive is unsupported.  ( I think NetApp had a MS widget that made
their NAS supportable )

 

Erik Goldoff

IT  Consultant

Systems, Networks, & Security 

'  Security is an ongoing process, not a one time event ! '

From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] 
Sent: Wednesday, September 08, 2010 11:22 AM
To: NT System Admin Issues
Subject: RE: Google email for corporate use

 

Hmm… maybe worth considering getting our own spam/virus filtering appliance
then… currently our email is filtered by our ISP’s RedCondor and it does a
good job of filtering. Very little junk gets through. Heck, it’s at least as
good as SpamCop, which I use for my personal email. J

 

Any other comments on Google, specifically, or hosted email in general? Main
reason we want to bring email in house is because so many of our users have
smart phones and they have trouble getting them to work with our hosted
email. Also, we get charged based on the size of the mailbox, for disk space
and I want to get rid of that… if we put the mail store on the storage
appliance I’m looking at, we should have plenty of space to work with. J

 

John-AldrichPerception_2

 

From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] 
Sent: Wednesday, September 08, 2010 11:16 AM
To: NT System Admin Issues
Subject: Re: Google email for corporate use

 


A wee bit OT but related... 

We are a Notes shop.  We are strongly considering going to a hosed -er-
hosted Exchange service (once we find someone who can import our current
Domino set-up and provide the proper guarantees).  Lots of arguments in
favor of the hosted service. 

Are you aware that Google owns Postini?  Anyway, for spam filtering, many
things get through our Postini filters and into our Notes mailboxes.  These
same spam messages get snagged and sent to the "spam" box in GMail.  That
is, the spam filtering in GMail seems to be better than for Postini.
-- 
Richard D. McClary 
Systems Administrator, Information Technology Group 
ASPCA® 
1717 S. Philo Rd, Ste 36 
Urbana, IL  61802 
  
richardmccl...@aspca.org 
  
P: 217-337-9761 
C: 217-417-1182 
F: 217-337-9761 
  www.aspca.org 
  

The information contained in this e-mail, and any attachments hereto, is
from The American Society for the Prevention of Cruelty to Animals® (ASPCA®)
and is intended only for use by the addressee(s) named herein and may
contain legally privileged and/or confidential information. If you are not
the intended recipient of this e-mail, you are hereby notified that any
dissemination, distribution, copying or use of the contents of this e-mail,
and any attachments hereto, is strictly prohibited. If you have received
this e-mail in error, please immediately notify me by reply email and
permanently delete the original and any copy of this e-mail and any printout
thereof. 
  

"John Aldrich"  wrote on 09/08/2010 10:09:27
AM:

> Anyone here using Google for their corporate email? I’ve got a 
> Google rep trying to sell me on using their service instead of 
> bringing email in-house. I don’t see the benefit, myself. Sure they 
> have 99.999% uptime, but other than that, what’s the benefit? She 
> says they can integrate with Active Directory, but I don’t 
> necessarily want Google reaching out and touching my domain 
> controllers….scares the crap outta me. J I would NOT oppose using 
> Postini to filter/scan my email, but I don’t necessarily want them 
> handling my email for me. 
>   
> [image removed] [image removed] 
>   
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
> 
> ---
> To manage subscriptions click here: http://lyris.sunbelt-software.
> com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftw

Re: Mac and Windows mix

[James Kerr]

I was under the impression that NT4 workstation was for users, business users 
and 9x was for home, and small peer to peer networks. The company I worked for 
at the time didn't have any 9x machines but maybe that was because they are an 
engineering firm.

James
  - Original Message - 
  From: John Aldrich 
  To: NT System Admin Issues 
  Sent: Wednesday, September 08, 2010 10:28 AM
  Subject: RE: Mac and Windows mix


  True. but NT was not a "user" operating system. J

   



   

  From: Ken Schaefer [mailto:k...@adopenstatic.com] 
  Sent: Wednesday, September 08, 2010 10:27 AM
  To: NT System Admin Issues
  Subject: RE: Mac and Windows mix

   

  This is only one, tiny, aspect of implementing a security model (reading 
Windows Internals by Russinovich/Solomon is highly recommended).

   

  That said, Windows NT has had the same model since the first released version 
(v3.1 back in 1993)

   

  Cheers

  Ken

   

  From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] 
  Sent: Wednesday, 8 September 2010 10:13 PM
  To: NT System Admin Issues
  Subject: RE: Mac and Windows mix

   

  Basically, that users are not admins and that everything runs in "userspace" 
unless specifically run as an admin, including installation of software.

   



   

  From: Steven M. Caesare [mailto:scaes...@caesare.com] 
  Sent: Wednesday, September 08, 2010 8:49 AM
  To: NT System Admin Issues
  Subject: RE: Mac and Windows mix

   

  What do you understand that model to be?

   

  -sc

   

  From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] 
  Sent: Tuesday, September 07, 2010 3:15 PM
  To: NT System Admin Issues
  Subject: RE: Mac and Windows mix

   

  Not to start a flame war or anything, but I was under the impression that Mac 
OS/X was significantly *more* secure than a comparable Windows machine, due to 
the *nix security model? Asking for information here, trying to learn, not 
trying to start  a Mac Vs. Windows thread (there are enough of those, that I 
don't need to start one! )

   



   

   

  ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
  ~   ~

  ---
  To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
  or send an email to listmana...@lyris.sunbeltsoftware.com
  with the body: unsubscribe ntsysadmin

  ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
  ~   ~

  ---
  To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
  or send an email to listmana...@lyris.sunbeltsoftware.com
  with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<><>

RE: Google email for corporate use

[Ziots, Edward]

Even before that I would be working on a Security SLA for the contract
with the provider accordingly. And be prepared to audit that provider a
lot to ensure they are sticking to the SLA. 

 

Z

 

Edward E. Ziots

CISSP, Network +, Security +

Network Engineer

Lifespan Organization

Email:ezi...@lifespan.org

Cell:401-639-3505

 

From: Paul Hutchings [mailto:paul.hutchi...@mira.co.uk] 
Sent: Wednesday, September 08, 2010 11:18 AM
To: NT System Admin Issues
Subject: RE: Google email for corporate use

 

The first thing I'd do before even looking at the technical stuff is
read their terms of service.

 

From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] 
Sent: 08 September 2010 16:09
To: NT System Admin Issues
Subject: Google email for corporate use

 

Anyone here using Google for their corporate email? I've got a Google
rep trying to sell me on using their service instead of bringing email
in-house. I don't see the benefit, myself. Sure they have 99.999%
uptime, but other than that, what's the benefit? She says they can
integrate with Active Directory, but I don't necessarily want Google
reaching out and touching my domain controllersscares the crap outta
me. J I would NOT oppose using Postini to filter/scan my email, but I
don't necessarily want them handling my email for me.

 

  

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



MIRA Ltd

 

Watling Street, Nuneaton, Warwickshire, CV10 0TU, England

Registered in England and Wales No. 402570

VAT Registration  GB 114 5409 96

 

The contents of this e-mail are confidential and are solely for the use
of the intended recipient.  If you receive this e-mail in error, please
delete it and notify us either by e-mail, telephone or fax.  You should
not copy, forward or otherwise disclose the content of the e-mail as
this is prohibited.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<><>

RE: Mac and Windows mix

[Matthew W. Ross]

I am unsure if you can make it work with a modified AD schema alone. (I haven't 
dared try.)

But yes, you join a Mac client to Open Directory just as you would join a 
Windows computer to a windows Domain. It can be an "Anonymous Bind", where the 
mac is not added to the client list (and is only managed by the "Guest 
Computer" generic account) or it can be bound and given specific settings.


--Matt Ross
Ephrata School District


- Original Message -
From: De Williman, Shih
[mailto:sdewilli...@g2.com]
To: NT System Admin Issues
[mailto:ntsysad...@lyris.sunbelt-software.com]
Sent: Wed, 08 Sep 2010
07:32:25 -0700
Subject: RE: Mac and Windows mix


> I believe WGM _can_ manage unbound machines, provided that you first import
> them into WGM (Matt can correct if this is misinfo since we modified AD
> schema & leverage AD/WGM to manage users). Even then, that in itself,
> whether you do it in an strictly OD environment or Magic Triangle, is a pain
> without third party utility like Passenger. 
> 
> 
> 
> -Original Message-
> From: Ken Schaefer [mailto:k...@adopenstatic.com] 
> Sent: Wednesday, September 08, 2010 6:16 AM
> To: NT System Admin Issues
> Subject: RE: Mac and Windows mix
> 
> Question: how does one bring a Mac under scope of management of WGM?
> 
> For AD - the machine has to be joined to the domain. For Macs?
> 
> Cheers
> Ken
> 
> -Original Message-
> From: Ken Schaefer [mailto:k...@adopenstatic.com] 
> Sent: Wednesday, 8 September 2010 5:05 PM
> To: NT System Admin Issues
> Subject: RE: Mac and Windows mix
> 
> I think sdewilliam is saying that there is no modelling capability.
> 
> GPMC lets you pick a user, a computer and an AD site, and dynamically layers
> all the policies at all levels that will affect the user, and gives you the
> resulting effective settings (after group filtering, WMI filtering etc). The
> advanced GPM also lets you do check-in/check-out, versioning control,
> workflow etc.
> 
> Cheers
> Ken
> 
> -Original Message-
> From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
> Sent: Wednesday, 8 September 2010 2:21 PM
> To: NT System Admin Issues
> Subject: Re: Mac and Windows mix
> 
> Perhaps I'm misunderstanding: Isn't that exactly what Workgroup Manager does
> in Open Directory? There are plenty of settings which can be applied to
> individual Macs, users, user groups and computer groups.
> 
> - Original Message -
> From: sdewilliman
> [mailto:sdewilli...@g2.com]
> To: NT System Admin Issues
> [mailto:ntsysad...@lyris.sunbelt-software.com]
> Sent: Tue, 07 Sep 2010
> 17:41:34 -0700
> Subject: Re: Mac and Windows mix
> 
> 
> > Precisely, with OD /WGM there¹s no central mgmt console whereby an 
> > admin can tell which/what policy is applied to what group.
> > Administration easily becoems a nightmare without 3rd party mgmt 
> > software such as Centrify.
> 
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
> 
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
> 
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
> 
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
> 
> 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Google email for corporate use

[John Aldrich]

Hmm. maybe worth considering getting our own spam/virus filtering appliance
then. currently our email is filtered by our ISP's RedCondor and it does a
good job of filtering. Very little junk gets through. Heck, it's at least as
good as SpamCop, which I use for my personal email. J

 

Any other comments on Google, specifically, or hosted email in general? Main
reason we want to bring email in house is because so many of our users have
smart phones and they have trouble getting them to work with our hosted
email. Also, we get charged based on the size of the mailbox, for disk space
and I want to get rid of that. if we put the mail store on the storage
appliance I'm looking at, we should have plenty of space to work with. J

 

John-AldrichPerception_2

 

From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] 
Sent: Wednesday, September 08, 2010 11:16 AM
To: NT System Admin Issues
Subject: Re: Google email for corporate use

 


A wee bit OT but related... 

We are a Notes shop.  We are strongly considering going to a hosed -er-
hosted Exchange service (once we find someone who can import our current
Domino set-up and provide the proper guarantees).  Lots of arguments in
favor of the hosted service. 

Are you aware that Google owns Postini?  Anyway, for spam filtering, many
things get through our Postini filters and into our Notes mailboxes.  These
same spam messages get snagged and sent to the "spam" box in GMail.  That
is, the spam filtering in GMail seems to be better than for Postini.
-- 
Richard D. McClary 
Systems Administrator, Information Technology Group 
ASPCAR 
1717 S. Philo Rd, Ste 36 
Urbana, IL  61802 
  
richardmccl...@aspca.org 
  
P: 217-337-9761 
C: 217-417-1182 
F: 217-337-9761 
  www.aspca.org 
  

The information contained in this e-mail, and any attachments hereto, is
from The American Society for the Prevention of Cruelty to AnimalsR (ASPCAR)
and is intended only for use by the addressee(s) named herein and may
contain legally privileged and/or confidential information. If you are not
the intended recipient of this e-mail, you are hereby notified that any
dissemination, distribution, copying or use of the contents of this e-mail,
and any attachments hereto, is strictly prohibited. If you have received
this e-mail in error, please immediately notify me by reply email and
permanently delete the original and any copy of this e-mail and any printout
thereof. 
  

"John Aldrich"  wrote on 09/08/2010 10:09:27
AM:

> Anyone here using Google for their corporate email? I've got a 
> Google rep trying to sell me on using their service instead of 
> bringing email in-house. I don't see the benefit, myself. Sure they 
> have 99.999% uptime, but other than that, what's the benefit? She 
> says they can integrate with Active Directory, but I don't 
> necessarily want Google reaching out and touching my domain 
> controllers..scares the crap outta me. J I would NOT oppose using 
> Postini to filter/scan my email, but I don't necessarily want them 
> handling my email for me. 
>   
> [image removed] [image removed] 
>   
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
> 
> ---
> To manage subscriptions click here: http://lyris.sunbelt-software.
> com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<><>

RE: Google email for corporate use

[Michael B. Smith]

How aggressive do you have Postini configured? That can have a WORLD of impact.

(I used to resell Postini, but I no longer do.)

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org]
Sent: Wednesday, September 08, 2010 11:16 AM
To: NT System Admin Issues
Subject: Re: Google email for corporate use


A wee bit OT but related...

We are a Notes shop.  We are strongly considering going to a hosed -er- hosted 
Exchange service (once we find someone who can import our current Domino set-up 
and provide the proper guarantees).  Lots of arguments in favor of the hosted 
service.

Are you aware that Google owns Postini?  Anyway, for spam filtering, many 
things get through our Postini filters and into our Notes mailboxes.  These 
same spam messages get snagged and sent to the "spam" box in GMail.  That is, 
the spam filtering in GMail seems to be better than for Postini.
--
Richard D. McClary
Systems Administrator, Information Technology Group
ASPCA(r)
1717 S. Philo Rd, Ste 36
Urbana, IL  61802

richardmccl...@aspca.org

P: 217-337-9761
C: 217-417-1182
F: 217-337-9761
www.aspca.org


The information contained in this e-mail, and any attachments hereto, is from 
The American Society for the Prevention of Cruelty to Animals(r) (ASPCA(r)) and 
is intended only for use by the addressee(s) named herein and may contain 
legally privileged and/or confidential information. If you are not the intended 
recipient of this e-mail, you are hereby notified that any dissemination, 
distribution, copying or use of the contents of this e-mail, and any 
attachments hereto, is strictly prohibited. If you have received this e-mail in 
error, please immediately notify me by reply email and permanently delete the 
original and any copy of this e-mail and any printout thereof.


"John Aldrich" 
mailto:jaldr...@blueridgecarpet.com>> wrote on 
09/08/2010 10:09:27 AM:

> Anyone here using Google for their corporate email? I've got a
> Google rep trying to sell me on using their service instead of
> bringing email in-house. I don't see the benefit, myself. Sure they
> have 99.999% uptime, but other than that, what's the benefit? She
> says they can integrate with Active Directory, but I don't
> necessarily want Google reaching out and touching my domain
> controllersscares the crap outta me. J I would NOT oppose using
> Postini to filter/scan my email, but I don't necessarily want them
> handling my email for me.
>
> [image removed] [image removed]
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here: http://lyris.sunbelt-software.
> com/read/my_forums/
> or send an email to 
> listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Google email for corporate use

[Paul Hutchings]

The first thing I'd do before even looking at the technical stuff is
read their terms of service.

 

From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] 
Sent: 08 September 2010 16:09
To: NT System Admin Issues
Subject: Google email for corporate use

 

Anyone here using Google for their corporate email? I've got a Google
rep trying to sell me on using their service instead of bringing email
in-house. I don't see the benefit, myself. Sure they have 99.999%
uptime, but other than that, what's the benefit? She says they can
integrate with Active Directory, but I don't necessarily want Google
reaching out and touching my domain controllersscares the crap outta
me. J I would NOT oppose using Postini to filter/scan my email, but I
don't necessarily want them handling my email for me.

 

  

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


--
MIRA Ltd

Watling Street, Nuneaton, Warwickshire, CV10 0TU, England
Registered in England and Wales No. 402570
VAT Registration  GB 114 5409 96

The contents of this e-mail are confidential and are solely for the use of the 
intended recipient.  If you receive this e-mail in error, please delete it and 
notify us either by e-mail, telephone or fax.  You should not copy, forward or 
otherwise disclose the content of the e-mail as this is prohibited.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<><>

RE: Google email for corporate use

[Michael B. Smith]

Five-nines my buttocks.


Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: John Aldrich [mailto:jaldr...@blueridgecarpet.com]
Sent: Wednesday, September 08, 2010 11:09 AM
To: NT System Admin Issues
Subject: Google email for corporate use

Anyone here using Google for their corporate email? I've got a Google rep 
trying to sell me on using their service instead of bringing email in-house. I 
don't see the benefit, myself. Sure they have 99.999% uptime, but other than 
that, what's the benefit? She says they can integrate with Active Directory, 
but I don't necessarily want Google reaching out and touching my domain 
controllersscares the crap outta me. :) I would NOT oppose using Postini to 
filter/scan my email, but I don't necessarily want them handling my email for 
me.

[John-Aldrich][Perception_2]


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<><>

Re: Google email for corporate use

[RichardMcClary]

A wee bit OT but related...

We are a Notes shop.  We are strongly considering going to a hosed -er- 
hosted Exchange service (once we find someone who can import our current 
Domino set-up and provide the proper guarantees).  Lots of arguments in 
favor of the hosted service.

Are you aware that Google owns Postini?  Anyway, for spam filtering, many 
things get through our Postini filters and into our Notes mailboxes. These 
same spam messages get snagged and sent to the "spam" box in GMail.  That 
is, the spam filtering in GMail seems to be better than for Postini.
--
Richard D. McClary
Systems Administrator, Information Technology Group 
ASPCA®
1717 S. Philo Rd, Ste 36
Urbana, IL  61802
 
richardmccl...@aspca.org
 
P: 217-337-9761
C: 217-417-1182
F: 217-337-9761
www.aspca.org
 
The information contained in this e-mail, and any attachments hereto, is 
from The American Society for the Prevention of Cruelty to Animals® (ASPCA
®) and is intended only for use by the addressee(s) named herein and may 
contain legally privileged and/or confidential information. If you are not 
the intended recipient of this e-mail, you are hereby notified that any 
dissemination, distribution, copying or use of the contents of this 
e-mail, and any attachments hereto, is strictly prohibited. If you have 
received this e-mail in error, please immediately notify me by reply email 
and permanently delete the original and any copy of this e-mail and any 
printout thereof.
 

"John Aldrich"  wrote on 09/08/2010 10:09:27 
AM:

> Anyone here using Google for their corporate email? I?ve got a 
> Google rep trying to sell me on using their service instead of 
> bringing email in-house. I don?t see the benefit, myself. Sure they 
> have 99.999% uptime, but other than that, what?s the benefit? She 
> says they can integrate with Active Directory, but I don?t 
> necessarily want Google reaching out and touching my domain 
> controllers?.scares the crap outta me. J I would NOT oppose using 
> Postini to filter/scan my email, but I don?t necessarily want them 
> handling my email for me.
> 
> [image removed] [image removed] 
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
> 
> ---
> To manage subscriptions click here: http://lyris.sunbelt-software.
> com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Mac and Windows mix

[Jonathan Link]

Also the US Military standardized on NT workstation back in the mid 90's,
IIRC.  I joined this list, mainly because I was using and deploying NT as a
workstation back in '97.

Just because it wasn't done by someone you know doesn't mean it wasn't done
at all.

On Wed, Sep 8, 2010 at 11:05 AM, John Aldrich
wrote:

>  NT was never adopted as an end-user operating system, at least not by
> anyone I know. It was primarily used as a server O/S except for a few
> specialized situations. Granted, in my previous career, I did use an
> NT-based video editing workstation, but most people I know used Win9x and
> it’s successors until Microsoft finally got smart and forced everyone to
> move to an O/S with a separate admin and user workspace (started with XP,
> and improved in Vista and even more in Win7.)
>
> A “user” O/S I define as what you’d find in most workspaces… i.e. end-user
> workstations. I’m just happy that Microsoft finally got with the program and
> stopped letting users run as the local admin by default.
>
>
>
> [image: John-Aldrich][image: Perception_2]
>
>
>
> *From:* Jonathan Link [mailto:jonathan.l...@gmail.com]
> *Sent:* Wednesday, September 08, 2010 10:43 AM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Mac and Windows mix
>
>
>
> Yes, it was NT Workstation and NT Server were separate products.
>
> I deployed NT Workstation 3.51 and NT Workstation 4.0 many times.  Was it
> missing some stuff?  USB support was the biggest around the NT 4.0 time
> frame.  But it was a solid OS and had vastly superiour stability to Win3.1
> compared to NT 3.51 or Win9x compared to NT 4.0.
>
> On Wed, Sep 8, 2010 at 10:28 AM, John Aldrich <
> jaldr...@blueridgecarpet.com> wrote:
>
> True… but NT was not a “user” operating system. J
>
>
>
> [image: John-Aldrich][image: Perception_2]
>
>
>
> *From:* Ken Schaefer [mailto:k...@adopenstatic.com]
> *Sent:* Wednesday, September 08, 2010 10:27 AM
>
>
> *To:* NT System Admin Issues
> *Subject:* RE: Mac and Windows mix
>
>
>
> This is only one, tiny, aspect of implementing a security model (reading
> Windows Internals by Russinovich/Solomon is highly recommended).
>
>
>
> That said, Windows NT has had the same model since the first released
> version (v3.1 back in 1993)
>
>
>
> Cheers
>
> Ken
>
>
>
> *From:* John Aldrich [mailto:jaldr...@blueridgecarpet.com]
> *Sent:* Wednesday, 8 September 2010 10:13 PM
> *To:* NT System Admin Issues
> *Subject:* RE: Mac and Windows mix
>
>
>
> Basically, that users are not admins and that everything runs in
> “userspace” unless specifically run as an admin, including installation of
> software.
>
>
>
> [image: John-Aldrich][image: Perception_2]
>
>
>
> *From:* Steven M. Caesare [mailto:scaes...@caesare.com]
> *Sent:* Wednesday, September 08, 2010 8:49 AM
>
> *To:* NT System Admin Issues
> *Subject:* RE: Mac and Windows mix
>
>
>
> What do you understand that model to be?
>
>
>
> -sc
>
>
>
> *From:* John Aldrich [mailto:jaldr...@blueridgecarpet.com]
> *Sent:* Tuesday, September 07, 2010 3:15 PM
>
> *To:* NT System Admin Issues
> *Subject:* RE: Mac and Windows mix
>
>
>
> Not to start a flame war or anything, but I was under the impression that
> Mac OS/X was significantly **more* *secure than a comparable Windows
> machine, due to the *nix security model? Asking for information here, trying
> to learn, not trying to start  a Mac Vs. Windows thread (there are enough of
> those, that I don’t need to start one! )
>
>
>
> [image: John-Aldrich][image: Perception_2]
>
>
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>   ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manag

Google email for corporate use

[John Aldrich]

Anyone here using Google for their corporate email? I've got a Google rep
trying to sell me on using their service instead of bringing email in-house.
I don't see the benefit, myself. Sure they have 99.999% uptime, but other
than that, what's the benefit? She says they can integrate with Active
Directory, but I don't necessarily want Google reaching out and touching my
domain controllers..scares the crap outta me. J I would NOT oppose using
Postini to filter/scan my email, but I don't necessarily want them handling
my email for me.

 

John-AldrichPerception_2

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<><>

Re: Mac and Windows mix

[James Rankin]

We supported 375,000 NT4 workstations and 10,000 NT Servers - I loved mine.
Except for no USB.

On 8 September 2010 16:05, John Aldrich wrote:

>  NT was never adopted as an end-user operating system, at least not by
> anyone I know. It was primarily used as a server O/S except for a few
> specialized situations. Granted, in my previous career, I did use an
> NT-based video editing workstation, but most people I know used Win9x and
> it’s successors until Microsoft finally got smart and forced everyone to
> move to an O/S with a separate admin and user workspace (started with XP,
> and improved in Vista and even more in Win7.)
>
> A “user” O/S I define as what you’d find in most workspaces… i.e. end-user
> workstations. I’m just happy that Microsoft finally got with the program and
> stopped letting users run as the local admin by default.
>
>
>
> [image: John-Aldrich][image: Perception_2]
>
>
>
> *From:* Jonathan Link [mailto:jonathan.l...@gmail.com]
> *Sent:* Wednesday, September 08, 2010 10:43 AM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Mac and Windows mix
>
>
>
> Yes, it was NT Workstation and NT Server were separate products.
>
> I deployed NT Workstation 3.51 and NT Workstation 4.0 many times.  Was it
> missing some stuff?  USB support was the biggest around the NT 4.0 time
> frame.  But it was a solid OS and had vastly superiour stability to Win3.1
> compared to NT 3.51 or Win9x compared to NT 4.0.
>
> On Wed, Sep 8, 2010 at 10:28 AM, John Aldrich <
> jaldr...@blueridgecarpet.com> wrote:
>
> True… but NT was not a “user” operating system. J
>
>
>
> [image: John-Aldrich][image: Perception_2]
>
>
>
> *From:* Ken Schaefer [mailto:k...@adopenstatic.com]
> *Sent:* Wednesday, September 08, 2010 10:27 AM
>
>
> *To:* NT System Admin Issues
> *Subject:* RE: Mac and Windows mix
>
>
>
> This is only one, tiny, aspect of implementing a security model (reading
> Windows Internals by Russinovich/Solomon is highly recommended).
>
>
>
> That said, Windows NT has had the same model since the first released
> version (v3.1 back in 1993)
>
>
>
> Cheers
>
> Ken
>
>
>
> *From:* John Aldrich [mailto:jaldr...@blueridgecarpet.com]
> *Sent:* Wednesday, 8 September 2010 10:13 PM
> *To:* NT System Admin Issues
> *Subject:* RE: Mac and Windows mix
>
>
>
> Basically, that users are not admins and that everything runs in
> “userspace” unless specifically run as an admin, including installation of
> software.
>
>
>
> [image: John-Aldrich][image: Perception_2]
>
>
>
> *From:* Steven M. Caesare [mailto:scaes...@caesare.com]
> *Sent:* Wednesday, September 08, 2010 8:49 AM
>
> *To:* NT System Admin Issues
> *Subject:* RE: Mac and Windows mix
>
>
>
> What do you understand that model to be?
>
>
>
> -sc
>
>
>
> *From:* John Aldrich [mailto:jaldr...@blueridgecarpet.com]
> *Sent:* Tuesday, September 07, 2010 3:15 PM
>
> *To:* NT System Admin Issues
> *Subject:* RE: Mac and Windows mix
>
>
>
> Not to start a flame war or anything, but I was under the impression that
> Mac OS/X was significantly **more* *secure than a comparable Windows
> machine, due to the *nix security model? Asking for information here, trying
> to learn, not trying to start  a Mac Vs. Windows thread (there are enough of
> those, that I don’t need to start one! )
>
>
>
> [image: John-Aldrich][image: Perception_2]
>
>
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>



-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ 

RE: Mac and Windows mix

[John Aldrich]

NT was never adopted as an end-user operating system, at least not by anyone
I know. It was primarily used as a server O/S except for a few specialized
situations. Granted, in my previous career, I did use an NT-based video
editing workstation, but most people I know used Win9x and it's successors
until Microsoft finally got smart and forced everyone to move to an O/S with
a separate admin and user workspace (started with XP, and improved in Vista
and even more in Win7.)

A "user" O/S I define as what you'd find in most workspaces. i.e. end-user
workstations. I'm just happy that Microsoft finally got with the program and
stopped letting users run as the local admin by default.

 

John-AldrichPerception_2

 

From: Jonathan Link [mailto:jonathan.l...@gmail.com] 
Sent: Wednesday, September 08, 2010 10:43 AM
To: NT System Admin Issues
Subject: Re: Mac and Windows mix

 

Yes, it was NT Workstation and NT Server were separate products.

I deployed NT Workstation 3.51 and NT Workstation 4.0 many times.  Was it
missing some stuff?  USB support was the biggest around the NT 4.0 time
frame.  But it was a solid OS and had vastly superiour stability to Win3.1
compared to NT 3.51 or Win9x compared to NT 4.0.

On Wed, Sep 8, 2010 at 10:28 AM, John Aldrich 
wrote:

True. but NT was not a "user" operating system. J

 

John-AldrichPerception_2

 

From: Ken Schaefer [mailto:k...@adopenstatic.com] 
Sent: Wednesday, September 08, 2010 10:27 AM 


To: NT System Admin Issues
Subject: RE: Mac and Windows mix

 

This is only one, tiny, aspect of implementing a security model (reading
Windows Internals by Russinovich/Solomon is highly recommended).

 

That said, Windows NT has had the same model since the first released
version (v3.1 back in 1993)

 

Cheers

Ken

 

From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] 
Sent: Wednesday, 8 September 2010 10:13 PM
To: NT System Admin Issues
Subject: RE: Mac and Windows mix

 

Basically, that users are not admins and that everything runs in "userspace"
unless specifically run as an admin, including installation of software.

 

John-AldrichPerception_2

 

From: Steven M. Caesare [mailto:scaes...@caesare.com] 
Sent: Wednesday, September 08, 2010 8:49 AM
To: NT System Admin Issues
Subject: RE: Mac and Windows mix

 

What do you understand that model to be?

 

-sc

 

From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] 
Sent: Tuesday, September 07, 2010 3:15 PM
To: NT System Admin Issues
Subject: RE: Mac and Windows mix

 

Not to start a flame war or anything, but I was under the impression that
Mac OS/X was significantly *more* secure than a comparable Windows machine,
due to the *nix security model? Asking for information here, trying to
learn, not trying to start  a Mac Vs. Windows thread (there are enough of
those, that I don't need to start one! )

 

John-AldrichPerception_2

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<><>

RE: Mac and Windows mix

[Ken Schaefer]

Huh? What is a "user" operating system?

Cheers
Ken

From: John Aldrich [mailto:jaldr...@blueridgecarpet.com]
Sent: Wednesday, 8 September 2010 10:29 PM
To: NT System Admin Issues
Subject: RE: Mac and Windows mix

True... but NT was not a "user" operating system. :)



From: Ken Schaefer [mailto:k...@adopenstatic.com]
Sent: Wednesday, September 08, 2010 10:27 AM
To: NT System Admin Issues
Subject: RE: Mac and Windows mix

This is only one, tiny, aspect of implementing a security model (reading 
Windows Internals by Russinovich/Solomon is highly recommended).

That said, Windows NT has had the same model since the first released version 
(v3.1 back in 1993)

Cheers
Ken

From: John Aldrich [mailto:jaldr...@blueridgecarpet.com]
Sent: Wednesday, 8 September 2010 10:13 PM
To: NT System Admin Issues
Subject: RE: Mac and Windows mix

Basically, that users are not admins and that everything runs in "userspace" 
unless specifically run as an admin, including installation of software.






~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Mac and Windows mix

[Jonathan Link]

Yes, it was NT Workstation and NT Server were separate products.
I deployed NT Workstation 3.51 and NT Workstation 4.0 many times.  Was it
missing some stuff?  USB support was the biggest around the NT 4.0 time
frame.  But it was a solid OS and had vastly superiour stability to Win3.1
compared to NT 3.51 or Win9x compared to NT 4.0.

On Wed, Sep 8, 2010 at 10:28 AM, John Aldrich
wrote:

>  True… but NT was not a “user” operating system. J
>
>
>
> [image: John-Aldrich][image: Perception_2]
>
>
>
> *From:* Ken Schaefer [mailto:k...@adopenstatic.com]
> *Sent:* Wednesday, September 08, 2010 10:27 AM
>
> *To:* NT System Admin Issues
> *Subject:* RE: Mac and Windows mix
>
>
>
> This is only one, tiny, aspect of implementing a security model (reading
> Windows Internals by Russinovich/Solomon is highly recommended).
>
>
>
> That said, Windows NT has had the same model since the first released
> version (v3.1 back in 1993)
>
>
>
> Cheers
>
> Ken
>
>
>
> *From:* John Aldrich [mailto:jaldr...@blueridgecarpet.com]
> *Sent:* Wednesday, 8 September 2010 10:13 PM
> *To:* NT System Admin Issues
> *Subject:* RE: Mac and Windows mix
>
>
>
> Basically, that users are not admins and that everything runs in
> “userspace” unless specifically run as an admin, including installation of
> software.
>
>
>
> [image: John-Aldrich][image: Perception_2]
>
>
>
> *From:* Steven M. Caesare [mailto:scaes...@caesare.com]
> *Sent:* Wednesday, September 08, 2010 8:49 AM
> *To:* NT System Admin Issues
> *Subject:* RE: Mac and Windows mix
>
>
>
> What do you understand that model to be?
>
>
>
> -sc
>
>
>
> *From:* John Aldrich [mailto:jaldr...@blueridgecarpet.com]
> *Sent:* Tuesday, September 07, 2010 3:15 PM
> *To:* NT System Admin Issues
> *Subject:* RE: Mac and Windows mix
>
>
>
> Not to start a flame war or anything, but I was under the impression that
> Mac OS/X was significantly **more* *secure than a comparable Windows
> machine, due to the *nix security model? Asking for information here, trying
> to learn, not trying to start  a Mac Vs. Windows thread (there are enough of
> those, that I don’t need to start one! )
>
>
>
> [image: John-Aldrich][image: Perception_2]
>
>
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<><>

Re: R: Connection speed

[Don Kuhlman]

Agreed - I think the easiest thing to do is bypass the firewall and see how 
things change from there.





From: HELP_PC 
To: NT System Admin Issues 
Sent: Wed, September 8, 2010 9:05:58 AM
Subject: R: Connection speed


I suspect it , as also Erik told.
 I'll give a look without it

GuidoElia
HELPPC




Da: Steven M. Caesare [mailto:scaes...@caesare.com] 
Inviato: mercoledì 8 settembre 2010 15.02
A: NT System Admin Issues
Oggetto: RE: Connection speed


Um... maybe the firewall?
 
-sc
 
From:HELP_PC [mailto:g...@enter.it] 
Sent: Wednesday, September 08, 2010 7:27 AM
To: NT System Admin Issues
Subject: Connection speed
 
 
A customer has a fiber connection that download at 4.5mb/s if connected 
straight 
to the ISP Router 

When connected to the company switch behind a Zywall firewall the speed drops 
to 
1.4 mb/s 

What can be the cause ? 
TIA 
GuidoElia 
HELPPC 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


  
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Mac and Windows mix

[De Williman, Shih]

Yes, and if you are the sole sysadmin that makes changes to WGM/policies & are 
diligent about tracking your changes, super. In an enterprise environment 
there's no central reporting feature with WGM . One can utilize mcxquery to 
find out what policies are applied to the client but that wd have to be done 
locally/polled into a syslog. Very inefficient, IMHO. 

For something as simple as dropping a file on a desktop, or, as is currently 
being discussed on the OsX Server forum, changing file associations, extensive 
scripting is involved. Again goes to show that there's very little development 
efforts made by Apple in the enterprise arena to facilitate central mgmt of 
their machines/OS.  

-Original Message-
From: Ken Schaefer [mailto:k...@adopenstatic.com] 
Sent: Wednesday, September 08, 2010 5:05 AM
To: NT System Admin Issues
Subject: RE: Mac and Windows mix

I think sdewilliam is saying that there is no modelling capability.

GPMC lets you pick a user, a computer and an AD site, and dynamically layers 
all the policies at all levels that will affect the user, and gives you the 
resulting effective settings (after group filtering, WMI filtering etc). The 
advanced GPM also lets you do check-in/check-out, versioning control, workflow 
etc.

Cheers
Ken

-Original Message-
From: Matthew W. Ross [mailto:mr...@ephrataschools.org] 
Sent: Wednesday, 8 September 2010 2:21 PM
To: NT System Admin Issues
Subject: Re: Mac and Windows mix

Perhaps I'm misunderstanding: Isn't that exactly what Workgroup Manager does in 
Open Directory? There are plenty of settings which can be applied to individual 
Macs, users, user groups and computer groups.

- Original Message -
From: sdewilliman
[mailto:sdewilli...@g2.com]
To: NT System Admin Issues
[mailto:ntsysad...@lyris.sunbelt-software.com]
Sent: Tue, 07 Sep 2010
17:41:34 -0700
Subject: Re: Mac and Windows mix


> Precisely, with OD /WGM there¹s no central mgmt console whereby an 
> admin can tell which/what policy is applied to what group. 
> Administration easily becoems a nightmare without 3rd party mgmt 
> software such as Centrify.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Mac and Windows mix

[De Williman, Shih]

I believe WGM _can_ manage unbound machines, provided that you first import 
them into WGM (Matt can correct if this is misinfo since we modified AD schema 
& leverage AD/WGM to manage users). Even then, that in itself, whether you do 
it in an strictly OD environment or Magic Triangle, is a pain without third 
party utility like Passenger. 



-Original Message-
From: Ken Schaefer [mailto:k...@adopenstatic.com] 
Sent: Wednesday, September 08, 2010 6:16 AM
To: NT System Admin Issues
Subject: RE: Mac and Windows mix

Question: how does one bring a Mac under scope of management of WGM?

For AD - the machine has to be joined to the domain. For Macs?

Cheers
Ken

-Original Message-
From: Ken Schaefer [mailto:k...@adopenstatic.com] 
Sent: Wednesday, 8 September 2010 5:05 PM
To: NT System Admin Issues
Subject: RE: Mac and Windows mix

I think sdewilliam is saying that there is no modelling capability.

GPMC lets you pick a user, a computer and an AD site, and dynamically layers 
all the policies at all levels that will affect the user, and gives you the 
resulting effective settings (after group filtering, WMI filtering etc). The 
advanced GPM also lets you do check-in/check-out, versioning control, workflow 
etc.

Cheers
Ken

-Original Message-
From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
Sent: Wednesday, 8 September 2010 2:21 PM
To: NT System Admin Issues
Subject: Re: Mac and Windows mix

Perhaps I'm misunderstanding: Isn't that exactly what Workgroup Manager does in 
Open Directory? There are plenty of settings which can be applied to individual 
Macs, users, user groups and computer groups.

- Original Message -
From: sdewilliman
[mailto:sdewilli...@g2.com]
To: NT System Admin Issues
[mailto:ntsysad...@lyris.sunbelt-software.com]
Sent: Tue, 07 Sep 2010
17:41:34 -0700
Subject: Re: Mac and Windows mix


> Precisely, with OD /WGM there¹s no central mgmt console whereby an 
> admin can tell which/what policy is applied to what group.
> Administration easily becoems a nightmare without 3rd party mgmt 
> software such as Centrify.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Mac and Windows mix

[John Aldrich]

True. but NT was not a "user" operating system. J

 

John-AldrichPerception_2

 

From: Ken Schaefer [mailto:k...@adopenstatic.com] 
Sent: Wednesday, September 08, 2010 10:27 AM
To: NT System Admin Issues
Subject: RE: Mac and Windows mix

 

This is only one, tiny, aspect of implementing a security model (reading
Windows Internals by Russinovich/Solomon is highly recommended).

 

That said, Windows NT has had the same model since the first released
version (v3.1 back in 1993)

 

Cheers

Ken

 

From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] 
Sent: Wednesday, 8 September 2010 10:13 PM
To: NT System Admin Issues
Subject: RE: Mac and Windows mix

 

Basically, that users are not admins and that everything runs in "userspace"
unless specifically run as an admin, including installation of software.

 

John-AldrichPerception_2

 

From: Steven M. Caesare [mailto:scaes...@caesare.com] 
Sent: Wednesday, September 08, 2010 8:49 AM
To: NT System Admin Issues
Subject: RE: Mac and Windows mix

 

What do you understand that model to be?

 

-sc

 

From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] 
Sent: Tuesday, September 07, 2010 3:15 PM
To: NT System Admin Issues
Subject: RE: Mac and Windows mix

 

Not to start a flame war or anything, but I was under the impression that
Mac OS/X was significantly *more* secure than a comparable Windows machine,
due to the *nix security model? Asking for information here, trying to
learn, not trying to start  a Mac Vs. Windows thread (there are enough of
those, that I don't need to start one! )

 

John-AldrichPerception_2

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<><>

RE: Mac and Windows mix

[Ken Schaefer]

This is only one, tiny, aspect of implementing a security model (reading 
Windows Internals by Russinovich/Solomon is highly recommended).

That said, Windows NT has had the same model since the first released version 
(v3.1 back in 1993)

Cheers
Ken

From: John Aldrich [mailto:jaldr...@blueridgecarpet.com]
Sent: Wednesday, 8 September 2010 10:13 PM
To: NT System Admin Issues
Subject: RE: Mac and Windows mix

Basically, that users are not admins and that everything runs in "userspace" 
unless specifically run as an admin, including installation of software.

[John-Aldrich][Perception_2]

From: Steven M. Caesare [mailto:scaes...@caesare.com]
Sent: Wednesday, September 08, 2010 8:49 AM
To: NT System Admin Issues
Subject: RE: Mac and Windows mix

What do you understand that model to be?

-sc

From: John Aldrich [mailto:jaldr...@blueridgecarpet.com]
Sent: Tuesday, September 07, 2010 3:15 PM
To: NT System Admin Issues
Subject: RE: Mac and Windows mix

Not to start a flame war or anything, but I was under the impression that Mac 
OS/X was significantly *more* secure than a comparable Windows machine, due to 
the *nix security model? Asking for information here, trying to learn, not 
trying to start  a Mac Vs. Windows thread (there are enough of those, that I 
don't need to start one! )

[John-Aldrich][Perception_2]




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<><>

R: Connection speed

[HELP_PC]

I suspect it , as also Erik told.
 I'll give a look without it
 
GuidoElia
HELPPC
 

  _  

Da: Steven M. Caesare [mailto:scaes...@caesare.com] 
Inviato: mercoledì 8 settembre 2010 15.02
A: NT System Admin Issues
Oggetto: RE: Connection speed



Um... maybe the firewall?

 

-sc

 

From: HELP_PC [mailto:g...@enter.it] 
Sent: Wednesday, September 08, 2010 7:27 AM
To: NT System Admin Issues
Subject: Connection speed

 

 

A customer has a fiber connection that download at 4.5mb/s if connected 
straight to the ISP Router 
When connected to the company switch behind a Zywall firewall the speed drops 
to 1.4 mb/s 

What can be the cause ? 

TIA 

GuidoElia 
HELPPC 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Mac and Windows mix

[Alan Davies]

It's just treating the PC as a terminal server.  My first thoughts are
that this could only be an issue where local resources are not
adequately secured or where you don't trust your admins.  In either of
those scenarios, you have bigger fish to fry!
 
The only place I can see this being a problem is in very high security
environments where a user may be logged in and locked while accessing
highly classified data.  An admin logging in could perhaps memory scrape
and steal this (or steal via firewire ..!).  But then both physical and
logical access in that environment should be tightly controlled too!
 
 
 
a



From: Steven M. Caesare [mailto:scaes...@caesare.com] 
Sent: 08 September 2010 14:01
To: NT System Admin Issues
Subject: RE: Mac and Windows mix



I'm of two minds on this... in some cases it might be useful, but it
would obviously have to be logged as a security event.

 

-sc

 

From: Andrew S. Baker [mailto:asbz...@gmail.com] 
Sent: Wednesday, September 08, 2010 6:26 AM
To: NT System Admin Issues
Subject: Re: Mac and Windows mix

 

Windows 7 has the best of both worlds, IMO.

 

As an admin, you can gain access to a computer that is locked by logging
in as a different user.  You can do this without logging the other
person off, and without violating their session.

 

As Ken mentions, this maintains non-repudiation.


ASB (My XeeSM Profile)   
Exploiting Technology for Business Advantage...
 

On Wed, Sep 8, 2010 at 1:18 AM, Ben Scott  wrote:

On Tue, Sep 7, 2010 at 9:11 PM, sdewilliman  wrote:
> Or, without editing the plist you can walk up to any Macs with
password
> protected screensaver on, enter the admin pswd & boom there's the
user's
> desktop at your disposal.

 I wish Windows had that option.

-- Ben

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



WARNING:
The information in this email and any attachments is confidential and may be 
legally privileged.

If you are not the named addressee, you must not use, copy or disclose this 
email (including any attachments) or the information in it save to the named 
addressee nor take any action in reliance on it. If you receive this email or 
any attachments in error, please notify the sender immediately and then delete 
the same and any copies.

"CLS Services Ltd × Registered in England No 4132704 × Registered Office: 
Exchange Tower × One Harbour Exchange Square × London E14 9GE"


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Connection speed

[Steven M. Caesare]

Um... maybe the firewall?

 

-sc

 

From: HELP_PC [mailto:g...@enter.it] 
Sent: Wednesday, September 08, 2010 7:27 AM
To: NT System Admin Issues
Subject: Connection speed

 

 

A customer has a fiber connection that download at 4.5mb/s if connected
straight to the ISP Router 
When connected to the company switch behind a Zywall firewall the speed
drops to 1.4 mb/s 

What can be the cause ? 

TIA 

GuidoElia 
HELPPC 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Mac and Windows mix

[Steven M. Caesare]

I'm of two minds on this... in some cases it might be useful, but it
would obviously have to be logged as a security event.

 

-sc

 

From: Andrew S. Baker [mailto:asbz...@gmail.com] 
Sent: Wednesday, September 08, 2010 6:26 AM
To: NT System Admin Issues
Subject: Re: Mac and Windows mix

 

Windows 7 has the best of both worlds, IMO.

 

As an admin, you can gain access to a computer that is locked by logging
in as a different user.  You can do this without logging the other
person off, and without violating their session.

 

As Ken mentions, this maintains non-repudiation.


ASB (My XeeSM Profile)   
Exploiting Technology for Business Advantage...
 

On Wed, Sep 8, 2010 at 1:18 AM, Ben Scott  wrote:

On Tue, Sep 7, 2010 at 9:11 PM, sdewilliman  wrote:
> Or, without editing the plist you can walk up to any Macs with
password
> protected screensaver on, enter the admin pswd & boom there's the
user's
> desktop at your disposal.

 I wish Windows had that option.

-- Ben

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Mac and Windows mix

[Steven M. Caesare]

>  Typically, a Mac user has no elevated rights.  SO, most malware would
run as a "least rights" user and go nowhere.  (This too is a unix
security feature.)

 

I suggest this is a security posture commonly implemented on UNIX
systems by their admins. It is now significantly more common in Windows
environments as well.

 

-sc

 

From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] 
Sent: Tuesday, September 07, 2010 3:25 PM
To: NT System Admin Issues
Subject: RE: Mac and Windows mix

 


Two Mac issues: 

1. Currently, it is a smaller "target" for hackers. 

2. Typically, a Mac user has no elevated rights.  SO, most malware would
run as a "least rights" user and go nowhere.  (This too is a unix
security feature.) 

OTOH, I believe Macs read PDF files.  These are insecure all by
themselves.  Throw in the breaks found in Safari, iTunes, QuickTime,
etc, and one can suspect time bombs can be planted which can go off when
someone needs to elevate "themselves" to run configuration tasks,
install software, etc. 

"John Aldrich"  wrote on 09/07/2010
02:15:16 PM:

> Not to start a flame war or anything, but I was under the impression
> that Mac OS/X was significantly *more* secure than a comparable 
> Windows machine, due to the *nix security model? Asking for 
> information here, trying to learn, not trying to start  a Mac Vs. 
> Windows thread (there are enough of those, that I don't need to 
> start one! ) 
>   
> [image removed] [image removed] 
>   
> From: Holstrom, Don [mailto:dholst...@nbm.org] 
> Sent: Tuesday, September 07, 2010 2:57 PM
> To: NT System Admin Issues
> Subject: RE: Mac and Windows mix 
>   
> We have about a dozen Macs here at the Museum. I give them each dual
> monitor set-ups, with Parallels and Windows with Microsoft Office so
> they can Outlook to their e-mail. So far, Mac doesn't really have a 
> good Rendezvous/Outlook set-up, although OWA is very good and 
> getting better. As I stroll by, I see that each Mac user keeps 
> Office up on one monitor, so that Outlook is always open. Each of 
> the Macs can already connect to our PC servers where they keep all 
> their files. I give Remote Desktop access to those who either PC or 
> Mac from the outside. 
>   
> Way too many security openings for Macs, this would not be good with
> a very secure network... 
>   
> From: Jeff Steward [mailto:jstew...@gmail.com] 
> Sent: Tuesday, September 07, 2010 2:34 PM
> To: NT System Admin Issues
> Subject: Re: Mac and Windows mix 
>   
> Don't knock yourself out here Matt, I'm just curious how one manages
> these issues in a mixed environment.  I have one Mac user who works 
> part time so we set him up with a Remote Desktop client and he works
> in a Terminal Server session. 
>   
> Regards, 
>   
> Jeff Steward 
> On Tue, Sep 7, 2010 at 2:26 PM, Matthew W. Ross
mailto:mr...@ephrataschools.org%0b> > > wrote: 
> Apple Remote Desktop is more akin to the Windows Management MMC, MS 
> Remote Desktop and the SysInternals Power Tools rolled into one 
> package. Open Directory is more akin to Group Policy. 
>   
> I will see what I can find out about those regulations. 
>   
> --Matt Ross 
> Ephrata School District 
> 
> On Sep 7, 2010, at 11:21 AM, "Jeff Steward" 
wrote: 
> HIPAA 
> SOX 
> MA 201 CMR 17.00 
>   
> To varying degrees they all boil down to: 
>   
> We define a security policy that meets the regulatory requirements 
> and base configurations to meet that policy and then report 
> regularly on performance to standards.  I see from one of your 
> follow-up posts that Apple Remote Desktop is akin to Group Policy. 
>   
> -Jeff Steward 
> On Tue, Sep 7, 2010 at 1:31 PM, Matthew W. Ross
mailto:mr...@ephrataschools.org%0b> > > wrote: 
> Can you be more specific? What standards are you needing to be 
> compliant to? An example regulation would help me answer your
question. 
>   
> --Matt Ross 
> Ephrata School District 
> 
> On Sep 7, 2010, at 10:26 AM, "Jeff Steward" 
wrote: 
> A school environment is not the same as a public company 
> environment.  Compliance to  and
> reporting on said compliance or non-trivial issues for public 
> companies or private companies subject to other regulations.  There 
> are a wealth of tools for managing these issues in a Windows 
> environment, can the same be said of the Mac environment? 
>   
> -Jeff Steward 
> On Tue, Sep 7, 2010 at 12:53 PM, Matthew W. Ross
mailto:mr...@ephrataschools.org%0b> > > wrote: 
> Macs are not the burden you make them sound to be.
> 
> Integrating a Mac into a windows network is never going to be 
> painless; the two systems are inherently different. If what you want
> is a Windows experience from your Mac, install Windows.
> 
> Now not everybody likes MacOS X, but the same can be said for 
> Windows. Insert the problem of subjective preference here.
> 
> Personally, I love working on my iMac, and managing the other Macs 
> in our district is very easy if you use the provided Apple tools: 
> Mac OS X server, Open Direc

RE: Connection speed

[Erik Goldoff]

If I were you, I would examine the specs on the Zywall firewall, either the
NIC configuration, or the actual firewall engine capability.

If this model was designed for consumer xDSL and not very current, it may
have been designed with 1.5mb/s WAN bandwidth in mind.

 

Erik Goldoff

IT  Consultant

Systems, Networks, & Security 

'  Security is an ongoing process, not a one time event ! '

From: HELP_PC [mailto:g...@enter.it] 
Sent: Wednesday, September 08, 2010 7:27 AM
To: NT System Admin Issues
Subject: Connection speed

 

 

A customer has a fiber connection that download at 4.5mb/s if connected
straight to the ISP Router 
When connected to the company switch behind a Zywall firewall the speed
drops to 1.4 mb/s 

What can be the cause ? 

TIA 

GuidoElia 
HELPPC 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

R: Connection speed

[HELP_PC]

Yes but what is strange that the dl speed is lower but the same for all Pcs in 
the network, so I am pointing to something in the Zywall Nics
 
GuidoElia
HELPPC
 

  _  

Da: Paul Hutchings [mailto:paul.hutchi...@mira.co.uk] 
Inviato: mercoledì 8 settembre 2010 13.33
A: NT System Admin Issues
Oggetto: RE: Connection speed



The switch? The router NIC?  Could be anything in theory, could just be an auto 
negotiation issue?

 

From: HELP_PC [mailto:g...@enter.it] 
Sent: 08 September 2010 12:27
To: NT System Admin Issues
Subject: Connection speed

 

 

A customer has a fiber connection that download at 4.5mb/s if connected 
straight to the ISP Router 
When connected to the company switch behind a Zywall firewall the speed drops 
to 1.4 mb/s 

What can be the cause ? 

TIA 

GuidoElia 
HELPPC 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

  _  

MIRA Ltd


Watling Street, Nuneaton, Warwickshire, CV10 0TU, England
Registered in England and Wales No. 402570
VAT Registration  GB 114 5409 96


The contents of this e-mail are confidential and are solely for the use of the 
intended recipient.  If you receive this e-mail in error, please delete it and 
notify us either by e-mail, telephone or fax.  You should not copy, forward or 
otherwise disclose the content of the e-mail as this is prohibited.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Connection speed

[Paul Hutchings]

The switch? The router NIC?  Could be anything in theory, could just be
an auto negotiation issue?

 

From: HELP_PC [mailto:g...@enter.it] 
Sent: 08 September 2010 12:27
To: NT System Admin Issues
Subject: Connection speed

 

 

A customer has a fiber connection that download at 4.5mb/s if connected
straight to the ISP Router 
When connected to the company switch behind a Zywall firewall the speed
drops to 1.4 mb/s 

What can be the cause ? 

TIA 

GuidoElia 
HELPPC 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


--
MIRA Ltd

Watling Street, Nuneaton, Warwickshire, CV10 0TU, England
Registered in England and Wales No. 402570
VAT Registration  GB 114 5409 96

The contents of this e-mail are confidential and are solely for the use of the 
intended recipient.  If you receive this e-mail in error, please delete it and 
notify us either by e-mail, telephone or fax.  You should not copy, forward or 
otherwise disclose the content of the e-mail as this is prohibited.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Connection speed

[HELP_PC]

A customer has a fiber connection that download at 4.5mb/s if connected
straight to the ISP Router
When connected to the company switch behind a Zywall firewall the speed
drops to 1.4 mb/s

What can be the cause ?

TIA

GuidoElia
HELPPC


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Mac and Windows mix

[Holstrom, Don]

I don't...

From: Richard Stovall [mailto:rich...@gmail.com]
Sent: Tuesday, September 07, 2010 2:59 PM
To: NT System Admin Issues
Subject: Re: Mac and Windows mix

Please pardon the semi-hijack.

What solution do you use to give the Mac people remote access to their machines?

Thanks,
RS
On Tue, Sep 7, 2010 at 2:56 PM, Holstrom, Don 
mailto:dholst...@nbm.org>> wrote:
We have about a dozen Macs here at the Museum. I give them each dual monitor 
set-ups, with Parallels and Windows with Microsoft Office so they can Outlook 
to their e-mail. So far, Mac doesn't really have a good Rendezvous/Outlook 
set-up, although OWA is very good and getting better. As I stroll by, I see 
that each Mac user keeps Office up on one monitor, so that Outlook is always 
open. Each of the Macs can already connect to our PC servers where they keep 
all their files. I give Remote Desktop access to those who either PC or Mac 
from the outside.

Way too many security openings for Macs, this would not be good with a very 
secure network...

From: Jeff Steward [mailto:jstew...@gmail.com]
Sent: Tuesday, September 07, 2010 2:34 PM

To: NT System Admin Issues
Subject: Re: Mac and Windows mix

Don't knock yourself out here Matt, I'm just curious how one manages these 
issues in a mixed environment.  I have one Mac user who works part time so we 
set him up with a Remote Desktop client and he works in a Terminal Server 
session.

Regards,

Jeff Steward
On Tue, Sep 7, 2010 at 2:26 PM, Matthew W. Ross 
mailto:mr...@ephrataschools.org>> wrote:
Apple Remote Desktop is more akin to the Windows Management MMC, MS Remote 
Desktop and the SysInternals Power Tools rolled into one package. Open 
Directory is more akin to Group Policy.

I will see what I can find out about those regulations.

--Matt Ross
Ephrata School District

On Sep 7, 2010, at 11:21 AM, "Jeff Steward" 
mailto:jstew...@gmail.com>> wrote:
HIPAA
SOX
MA 201 CMR 17.00

To varying degrees they all boil down to:

We define a security policy that meets the regulatory requirements and base 
configurations to meet that policy and then report regularly on performance to 
standards.  I see from one of your follow-up posts that Apple Remote Desktop is 
akin to Group Policy.

-Jeff Steward
On Tue, Sep 7, 2010 at 1:31 PM, Matthew W. Ross 
mailto:mr...@ephrataschools.org>> wrote:
Can you be more specific? What standards are you needing to be compliant to? An 
example regulation would help me answer your question.

--Matt Ross
Ephrata School District

On Sep 7, 2010, at 10:26 AM, "Jeff Steward" 
mailto:jstew...@gmail.com>> wrote:
A school environment is not the same as a public company environment.  
Compliance to  and reporting on said 
compliance or non-trivial issues for public companies or private companies 
subject to other regulations.  There are a wealth of tools for managing these 
issues in a Windows environment, can the same be said of the Mac environment?

-Jeff Steward
On Tue, Sep 7, 2010 at 12:53 PM, Matthew W. Ross 
mailto:mr...@ephrataschools.org>> wrote:
Macs are not the burden you make them sound to be.

Integrating a Mac into a windows network is never going to be painless; the two 
systems are inherently different. If what you want is a Windows experience from 
your Mac, install Windows.

Now not everybody likes MacOS X, but the same can be said for Windows. Insert 
the problem of subjective preference here.

Personally, I love working on my iMac, and managing the other Macs in our 
district is very easy if you use the provided Apple tools: Mac OS X server, 
Open Directory, and Apple Remote Desktop.

Then again, I hate how a Mac _can_ cost 2x as much as a comparable PC. I do 
like that software upgrades are cheaper for Mac, but I don't like how apple 
drops support for anything that is not the current generation or the previous 
one. If you're 2 generations back, you're out of luck.

What can a Mac do that a PC Can't? Nothing. But I would argue that competition 
is one of the pillars of innovation. Without Mac OS X competing against 
Windows, what would Windows look like today?


--Matt Ross
Ephrata School District


- Original Message -
From: James Hill
[mailto:james.h...@superamart.com.au]
To: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com]
Sent: Sun, 05 Sep 2010
19:28:49 -0700
Subject: RE: Mac and Windows mix


> We have pretty much eliminated all of the Mac's here.
>
> We didn't have 3rd party products to manage them so they always required so
> much manual interaction.  Any global change we made we could easily automate
> with PC's thanks to group policy etc but it was always a manual change for
> the Mac's.
>
> They really aren't a corporate product imo.  You only have to look to Apple
> for a corporate grade management solution to realise that it doesn't exist.
>
> They do indeed need patching (http://support.apple.com/kb/HT1222) and 

RE: Mac and Windows mix

[Michael B. Smith]

Yeah - I read the post from sdewilliman yesterday and thought "wow - that's a 
unsecure vector large enough to drive a tank through".

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com


-Original Message-
From: Ken Schaefer [mailto:k...@adopenstatic.com] 
Sent: Wednesday, September 08, 2010 1:54 AM
To: NT System Admin Issues
Subject: RE: Mac and Windows mix

I hope it never doesn't. That will make very non-repudiation difficult.

Cheers
Ken

-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com]
Sent: Wednesday, 8 September 2010 1:18 PM
To: NT System Admin Issues
Subject: Re: Mac and Windows mix

On Tue, Sep 7, 2010 at 9:11 PM, sdewilliman  wrote:
> Or, without editing the plist you can walk up to any Macs with 
> password protected screensaver on, enter the admin pswd & boom there's 
> the user's desktop at your disposal.

  I wish Windows had that option.

-- Ben


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Mac and Windows mix

[Ken Schaefer]

Both Windows and *nix have robust security models. Windows can implement an ACL 
on just about every object you can access - down to the thread level.

Cheers
Ken

From: John Aldrich [mailto:jaldr...@blueridgecarpet.com]
Sent: Wednesday, 8 September 2010 3:15 AM
To: NT System Admin Issues
Subject: RE: Mac and Windows mix

Not to start a flame war or anything, but I was under the impression that Mac 
OS/X was significantly *more* secure than a comparable Windows machine, due to 
the *nix security model? Asking for information here, trying to learn, not 
trying to start  a Mac Vs. Windows thread (there are enough of those, that I 
don't need to start one! )

[John-Aldrich][Perception_2]

From: Holstrom, Don [mailto:dholst...@nbm.org]
Sent: Tuesday, September 07, 2010 2:57 PM
To: NT System Admin Issues
Subject: RE: Mac and Windows mix

We have about a dozen Macs here at the Museum. I give them each dual monitor 
set-ups, with Parallels and Windows with Microsoft Office so they can Outlook 
to their e-mail. So far, Mac doesn't really have a good Rendezvous/Outlook 
set-up, although OWA is very good and getting better. As I stroll by, I see 
that each Mac user keeps Office up on one monitor, so that Outlook is always 
open. Each of the Macs can already connect to our PC servers where they keep 
all their files. I give Remote Desktop access to those who either PC or Mac 
from the outside.

Way too many security openings for Macs, this would not be good with a very 
secure network...

From: Jeff Steward [mailto:jstew...@gmail.com]
Sent: Tuesday, September 07, 2010 2:34 PM
To: NT System Admin Issues
Subject: Re: Mac and Windows mix

Don't knock yourself out here Matt, I'm just curious how one manages these 
issues in a mixed environment.  I have one Mac user who works part time so we 
set him up with a Remote Desktop client and he works in a Terminal Server 
session.

Regards,

Jeff Steward
On Tue, Sep 7, 2010 at 2:26 PM, Matthew W. Ross 
mailto:mr...@ephrataschools.org>> wrote:
Apple Remote Desktop is more akin to the Windows Management MMC, MS Remote 
Desktop and the SysInternals Power Tools rolled into one package. Open 
Directory is more akin to Group Policy.

I will see what I can find out about those regulations.

--Matt Ross
Ephrata School District

On Sep 7, 2010, at 11:21 AM, "Jeff Steward" 
mailto:jstew...@gmail.com>> wrote:
HIPAA
SOX
MA 201 CMR 17.00

To varying degrees they all boil down to:

We define a security policy that meets the regulatory requirements and base 
configurations to meet that policy and then report regularly on performance to 
standards.  I see from one of your follow-up posts that Apple Remote Desktop is 
akin to Group Policy.

-Jeff Steward
On Tue, Sep 7, 2010 at 1:31 PM, Matthew W. Ross 
mailto:mr...@ephrataschools.org>> wrote:
Can you be more specific? What standards are you needing to be compliant to? An 
example regulation would help me answer your question.

--Matt Ross
Ephrata School District





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<><>

Re: Mac and Windows mix

[Andrew S. Baker]

Maybe.  :)

I can't remember.I do have one domain-joined Vista machine that I can
check, so I'll let you know later today...


*ASB *(My XeeSM Profile) 
*Exploiting Technology for Business Advantage...*
* *
On Wed, Sep 8, 2010 at 6:32 AM, Ken Schaefer  wrote:

> Couldn’t you do this in Vista as well? I thought the ability to use
> fast-user switching with domain joined machines was introduced with Vista…
>
>
>
> Cheers
>
> Ken
>
>
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Sent:* Wednesday, 8 September 2010 6:26 PM
> *To:* NT System Admin Issues
> *Subject:* Re: Mac and Windows mix
>
>
>
> Windows 7 has the best of both worlds, IMO.
>
>
>
> As an admin, you can gain access to a computer that is locked by logging in
> as a different user.  You can do this without logging the other person off,
> and without violating their session.
>
>
>
> As Ken mentions, this maintains non-repudiation.
>
>
> *ASB *(My XeeSM Profile) 
> *Exploiting Technology for Business Advantage...*
> * *
>
> On Wed, Sep 8, 2010 at 1:18 AM, Ben Scott  wrote:
>
> On Tue, Sep 7, 2010 at 9:11 PM, sdewilliman  wrote:
> > Or, without editing the plist you can walk up to any Macs with password
> > protected screensaver on, enter the admin pswd & boom there's the user's
> > desktop at your disposal.
>
>  I wish Windows had that option.
>
> -- Ben
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Mac and Windows mix

[Ken Schaefer]

Couldn't you do this in Vista as well? I thought the ability to use fast-user 
switching with domain joined machines was introduced with Vista...

Cheers
Ken

From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Wednesday, 8 September 2010 6:26 PM
To: NT System Admin Issues
Subject: Re: Mac and Windows mix

Windows 7 has the best of both worlds, IMO.

As an admin, you can gain access to a computer that is locked by logging in as 
a different user.  You can do this without logging the other person off, and 
without violating their session.

As Ken mentions, this maintains non-repudiation.

ASB (My XeeSM Profile)
Exploiting Technology for Business Advantage...

On Wed, Sep 8, 2010 at 1:18 AM, Ben Scott 
mailto:mailvor...@gmail.com>> wrote:
On Tue, Sep 7, 2010 at 9:11 PM, sdewilliman 
mailto:sdewilli...@g2.com>> wrote:
> Or, without editing the plist you can walk up to any Macs with password
> protected screensaver on, enter the admin pswd & boom there's the user's
> desktop at your disposal.
 I wish Windows had that option.

-- Ben




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Mac and Windows mix

[Andrew S. Baker]

Windows 7 has the best of both worlds, IMO.

As an admin, you can gain access to a computer that is locked by logging in
as a different user.  You can do this without logging the other person off,
and without violating their session.

As Ken mentions, this maintains non-repudiation.


*ASB *(My XeeSM Profile) 
*Exploiting Technology for Business Advantage...*
* *
On Wed, Sep 8, 2010 at 1:18 AM, Ben Scott  wrote:

> On Tue, Sep 7, 2010 at 9:11 PM, sdewilliman  wrote:
> > Or, without editing the plist you can walk up to any Macs with password
> > protected screensaver on, enter the admin pswd & boom there's the user's
> > desktop at your disposal.
>
>   I wish Windows had that option.
>
> -- Ben
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Mac and Windows mix

[Ken Schaefer]

Question: how does one bring a Mac under scope of management of WGM?

For AD - the machine has to be joined to the domain. For Macs?

Cheers
Ken

-Original Message-
From: Ken Schaefer [mailto:k...@adopenstatic.com] 
Sent: Wednesday, 8 September 2010 5:05 PM
To: NT System Admin Issues
Subject: RE: Mac and Windows mix

I think sdewilliam is saying that there is no modelling capability.

GPMC lets you pick a user, a computer and an AD site, and dynamically layers 
all the policies at all levels that will affect the user, and gives you the 
resulting effective settings (after group filtering, WMI filtering etc). The 
advanced GPM also lets you do check-in/check-out, versioning control, workflow 
etc.

Cheers
Ken

-Original Message-
From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
Sent: Wednesday, 8 September 2010 2:21 PM
To: NT System Admin Issues
Subject: Re: Mac and Windows mix

Perhaps I'm misunderstanding: Isn't that exactly what Workgroup Manager does in 
Open Directory? There are plenty of settings which can be applied to individual 
Macs, users, user groups and computer groups.

- Original Message -
From: sdewilliman
[mailto:sdewilli...@g2.com]
To: NT System Admin Issues
[mailto:ntsysad...@lyris.sunbelt-software.com]
Sent: Tue, 07 Sep 2010
17:41:34 -0700
Subject: Re: Mac and Windows mix


> Precisely, with OD /WGM there¹s no central mgmt console whereby an 
> admin can tell which/what policy is applied to what group.
> Administration easily becoems a nightmare without 3rd party mgmt 
> software such as Centrify.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Mac and Windows mix

[Ken Schaefer]

I think sdewilliam is saying that there is no modelling capability.

GPMC lets you pick a user, a computer and an AD site, and dynamically layers 
all the policies at all levels that will affect the user, and gives you the 
resulting effective settings (after group filtering, WMI filtering etc). The 
advanced GPM also lets you do check-in/check-out, versioning control, workflow 
etc.

Cheers
Ken

-Original Message-
From: Matthew W. Ross [mailto:mr...@ephrataschools.org] 
Sent: Wednesday, 8 September 2010 2:21 PM
To: NT System Admin Issues
Subject: Re: Mac and Windows mix

Perhaps I'm misunderstanding: Isn't that exactly what Workgroup Manager does in 
Open Directory? There are plenty of settings which can be applied to individual 
Macs, users, user groups and computer groups.

- Original Message -
From: sdewilliman
[mailto:sdewilli...@g2.com]
To: NT System Admin Issues
[mailto:ntsysad...@lyris.sunbelt-software.com]
Sent: Tue, 07 Sep 2010
17:41:34 -0700
Subject: Re: Mac and Windows mix


> Precisely, with OD /WGM there¹s no central mgmt console whereby an 
> admin can tell which/what policy is applied to what group. 
> Administration easily becoems a nightmare without 3rd party mgmt 
> software such as Centrify.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Mac and Windows mix

[Matthew W. Ross]

How could you trust a non-physical inventory? Was there an allowed loss rate? 
Anything disappearing from our district here is frowned upon greatly. We are 
constantly warned of our State Auditor's disapproval, and mishandling of 
"state-funded" equipment.

3rd party support tools for Open Directory is nearly non-existent.


--Matt Ross
Ephrata School District


- Original Message -
From: Brian Desmond
[mailto:br...@briandesmond.com]
To: NT System Admin Issues
[mailto:ntsysad...@lyris.sunbelt-software.com]
Sent: Tue, 07 Sep 2010
20:00:32 -0700
Subject: RE: Mac and Windows mix


> There was something like 15,000 - 30,000 Macs out there when I worked at
> this place plus another 60 to 90 thousand PCs so difference of scale there.
> Taking a physical inventory was a seriously expensive endeavor.
> 
> I really don't know enough about Open Directory to comment on the pros/cons
> of its capabilities versus those inherent in AD. One benefit of AD and
> Windows though is that you've got a substantial ecosystem of third party
> developers and there are A LOT of choices for management add-ons on top of
> AD if you want the added functionality. When I've had to evaluate this for
> the Mac platform those third parties have been few and far between. 
> 
> Thanks,
> Brian Desmond
> br...@briandesmond.com
> 
> c - 312.731.3132
> 
> 
> 
> -Original Message-
> From: Matthew W. Ross [mailto:mr...@ephrataschools.org] 
> Sent: Tuesday, September 07, 2010 4:40 PM
> To: NT System Admin Issues
> Subject: RE: Mac and Windows mix
> 
> That does make it difficult. Then again, so would any dual-booting Linux
> user on a PC. If you don't want them to do it, don't allow them too. (We
> make them choose one or the other.)
> 
> Users with their own personal VMs in VMWare Player or VirtualBox also make
> management frustrating. 
> 
> How does Microsoft's Active Directory manage users/computers better than
> Apple's Open Directory?
> 
> Our district requires a count of computers at least once a year. We do
> physical counts, not some network scan to see what's out there. That,
> happily, resolves any "Dual personality" problem. (Not to mention the
> teachers squirm a little when I ask there the Projector that was assigned to
> them is.)
> 
> Oh, and I do admit that we're not a large school. 1000 computers across 6
> locations isn't all that much compared to some. But it's a lot for 3 people,
> and I'm the only Mac/Linux/Network guy.
> 
> Toot!
> 
> 
> --Matt Ross
> Ephrata School District
> 
> 
> - Original Message -
> From: Brian Desmond
> [mailto:br...@briandesmond.com]
> To: NT System Admin Issues
> [mailto:ntsysad...@lyris.sunbelt-software.com]
> Sent: Tue, 07 Sep 2010
> 15:37:13 -0700
> Subject: RE: Mac and Windows mix
> 
> 
> > My experience having worked for one of the largest school districts in 
> > the US is that the solution you outlined doesn't really scale. I've 
> > seen it work well for relatively small environments but once you 
> > introduce a large number of Mac machines, things get difficult. When 
> > the solution works, you're still looking at some significant 
> > management overhead and duplication of infrastructure.
> > 
> > The key issue I've seen with Macs recently is their newfound bipolar 
> > disorder. One day they're a Mac, the next day they're a PC. Good luck 
> > accounting for that in your asset database.
> > 
> > Thanks,
> > Brian Desmond
> > br...@briandesmond.com
> > 
> > c - 312.731.3132
> > 
> > 
> > 
> > -Original Message-
> > From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
> > Sent: Tuesday, September 07, 2010 11:54 AM
> > To: NT System Admin Issues
> > Subject: RE: Mac and Windows mix
> > 
> > Macs are not the burden you make them sound to be.
> > 
> > Integrating a Mac into a windows network is never going to be 
> > painless; the two systems are inherently different. If what you want 
> > is a Windows experience from your Mac, install Windows.
> > 
> > Now not everybody likes MacOS X, but the same can be said for Windows.
> > Insert the problem of subjective preference here.
> > 
> > Personally, I love working on my iMac, and managing the other Macs in 
> > our district is very easy if you use the provided Apple tools: Mac OS 
> > X server, Open Directory, and Apple Remote Desktop.
> > 
> > Then again, I hate how a Mac _can_ cost 2x as much as a comparable PC. 
> > I do like that software upgrades are cheaper for Mac, but I don't like 
> > how apple drops support for anything that is not the current 
> > generation or the previous one. If you're 2 generations back, you're out
> of luck.
> > 
> > What can a Mac do that a PC Can't? Nothing. But I would argue that 
> > competition is one of the pillars of innovation. Without Mac OS X 
> > competing against Windows, what would Windows look like today?
> > 
> > 
> > --Matt Ross
> > Ephrata School District
> > 
> > 
> > - Original Message -
> > From: James Hill
> > [mailto:james.h...@superamart.com.au]
> 

RE: Mac and Windows mix

[Matthew W. Ross]

- Original Message -
From: James Hill
[mailto:james.h...@superamart.com.au]
To: NT System Admin Issues
[mailto:ntsysad...@lyris.sunbelt-software.com]
Sent: Tue, 07 Sep 2010
19:38:07 -0700
Subject: RE: Mac and Windows mix

> I find it hard to see the benefit of using Mac's in a corporate environment
> these days.  Once upon a time they were the system to have in certain
> environments (video editing etc).  but that really isn't the case anymore. 
> When I do see them in corporate environments they are almost always using
> RDP or Virtual Box etc to connect to a Windows environment.  Why add that
> complexity?

If the goal is to reduce complexity, then defiantly stay with one platform. My 
argument has never been that adding Macs to your PC environment will make it 
less complex. 

But what I guess is really bothering me here is the "But you can't do that with 
a Mac" mentality. Apple has made every effort to make their platform work for 
you. If it can't be done on a Mac, it's because what you want to do hasn't been 
made available for the Mac. Apple cannot implement .net, even if they wanted to 
use Mono. So your .net applications are never going to be useful on a Mac. Have 
a web application that requires IE because it requires ActiveX? Again, this 
isn't Apple's problem. Using Microsoft Word or Excel with a VBScript? Sorry, no 
dice on a Mac. These are a few of the vendor locking tactics which makes life 
(yours and mine) a living hell to support on a Mac.

I know that it's impractical to have a business which has fully developed tools 
and applications in a platform specific environment to move to something more 
cross-platform. And I'm not asking for the world to change. Just don't blame 
the Mac for being a Mac.


--Matt Ross
Ephrata School District

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin