date:20101007

RE: AV Opinions

2010-10-07 Thread Ryan Finnesey

No one as commented on the Forefront products.

From: Maglinger, Paul [mailto:pmaglin...@scvl.com] 
Sent: Thursday, October 07, 2010 4:04 PM
To: NT System Admin Issues
Subject: RE: AV Opinions

We thought their management sucked too.  Their SALES management, that is.  J

From: Ray [mailto:rz...@qwest.net] 
Sent: Thursday, October 07, 2010 2:39 PM
To: NT System Admin Issues
Subject: RE: AV Opinions

We thought pretty much everything about their management sucked, including 
agents. 

From: Alan Davies [mailto:adav...@cls-services.com] 
Sent: Thursday, October 07, 2010 5:48 AM
To: NT System Admin Issues
Subject: RE: AV Opinions

Hmmm ... my comments were more around the ability to manage/control agents than 
how nice the console was to use.  Also, on the additional functionality side, 
their local FW and software NAC components were very immature feature wise.  
Support varied - UK support a million times better than the out of hours US 
support!

a

From: Ray [mailto:rz...@qwest.net] 
Sent: 07 October 2010 12:42
To: NT System Admin Issues
Subject: RE: AV Opinions

That's interesting, because we absolutely hated McAfee and it's enterprise 
console, and couldn't wait to get rid of it.  We've ended up with significantly 
better coverage with Sophos than we ever did with McAfee. 

From: Alan Davies [mailto:adav...@cls-services.com] 
Sent: Thursday, October 07, 2010 2:42 AM
To: NT System Admin Issues
Subject: RE: AV Opinions

Sophos seem to be excellent detection wise.  As for not detecting Conficker 
below, that'll have been another issue as there is no AV product out there that 
can't detect it.  If I had to guess, perhaps one host was infected and locked 
out AD, but all the Sophos alerts were from machines missing MS08-067 that were 
"getting infected" because the OS could not protect against it, but immediately 
cleaned by Sophos.  Certainly behaviour I've seen before.  You must patch 
Windows, AV can do everything on its own.

One negative comment about Sophos - they are still, in my opinion, very low 
down the pecking order in Enterprise Management.  They have a long, long way to 
catch up on McAfee and the like for agent management, alerting, mandatory 
policies, etc.  You can work around these things and it's a great AV product, 
but if you're a large, sensitive environment, it may frustrate you a little.  
Going from 7 to 9 didn't improve these grumbles much ...

a

From: Ames Matthew B [mailto:mba...@qinetiq.com] 
Sent: 07 October 2010 08:12
To: NT System Admin Issues
Subject: RE: AV Opinions

We run Sophos here, and it seems to do a reasonable job.  Corporate IS got 
caught last year with their pants down after a departmental server without any 
AV on it (or seriously out of date - guess someone got a good telling off for 
that) managed to get Conficker.  Given we don't have a direct net connection to 
our deskstops or services network, they had not bothered to install the 
hotfixes to prevent this

For what ever reason Sophos did not detected it, and quite a few machines got 
infected, and a couple of thousand user accounts got locked out.  Took them a 
few days to get things under control - I wrote a little ldap tool to monitor 
the number of locked out user accounts :-)

Sophos is a bit of a memory hog (not sure how it compares to other versions), 
taking around 150MB (savservice.exe alone is taking 108MB on my machine 
currently).  We are currently using 7.6.20

tht,

Matt

From: Jim Holmgren [mailto:jholmg...@xlhealth.com] 
Sent: 07 October 2010 01:23
To: NT System Admin Issues
Subject: RE: AV Opinions

Give Sophos a long look.  I firmly believe they are the best of breed that 
nobody seems to talk about.  They don't market to the non-corporate crowd, so 
that probably has something to do with it.  I asked this list and a few other 
resources when I was evaluating solutions.  I did not hear from a single person 
using Sophos that did not like it.

We are replacing Symantec with Sophos right now and it is going very well so 
far.   

Sophos will sync with AD (if you want) to automatically protect computers when 
you add them.  It will remove Symantec cleanly (so far on about 25 test/pilot 
users it has been perfect) when pushing it out.  It includes device control 
(want to block USB storage devices...2-3 clicks and you are done), a NAC 
component, and a firewall. 

It also includes clients for Mac/Linux and with each corporate license, you get 
a free at-home license.   NFI - just a very satisfied customer so far.

Jim

From: Joseph L. Casale [mailto:jcas...@activenetwerx.com]
Sent: Wed 10/6/2010 7:09 PM
To: NT System Admin Issues
Subject: AV Opinions

At one of the shops that I look after, I have been asked to change the AV to 
something new and current.

Vipre and Forefront

Re: Need rack & vendor recommendations

2010-10-07 Thread Bill Humphries


Hi Angus,

We spec APC Net Shelter SX racks for most of our clients.  I like them.  
I really, really prefer the wider 750mm racks if you want to mounts 
things like PDUs vertically.  We just buy everything through CDW.


http://www.apc.com/products/category.cfm?id=10

Bill

Angus Scott-Fleming wrote:

All

I'm putting in a rack for about 6 servers in a vault at a client and need 
recommendations on what rack systems you're happy with.  Also need a vendor 
recommendation.


Since it's my first rack system I don't even know what questions to ask or 
features to look for or to avoid.


TIA

Angus


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

  



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: disk encryption

2010-10-07 Thread Lists - Level 5

Thanks guys, we considered moving to citrix but there are just too many
applications to make it feasible in my opinion besides that the majority of
the people are in the office the majority of the time. I am already playing
with true crypt and looks promising, and I also like phonefactor.com for
authentication. This basically intercepts and calls the cell phone of the
user at login to acknowledge the attempt.

 

I like not needing the extra device. I was looking at bit locker too as we
have about half the company on win 7 pro, but the other half is still XP so
we would obviously need to upgrade everyone just to get the same benefits of
true crypt.

 

 

 

From: John Cook [mailto:john.c...@pfsf.org] 
Sent: Thursday, October 07, 2010 11:44 AM
To: NT System Admin Issues
Subject: RE: disk encryption

 

We're evaluating Checkpoint as a whole disk encryption solution. We have a
product called NxTop (Virtual Computer is the company) that is a combination
of Imaging/encryption/USB management that works very well in most situations
but we're looking at Checkpoint for another project. We have also used
McAfee endpoint but don't get me started on that rant..

 

From: Steven M. Caesare [mailto:scaes...@caesare.com] 
Sent: Thursday, October 07, 2010 11:27 AM
To: NT System Admin Issues
Subject: RE: disk encryption

 

We have an existing PointSec implementation, and are moving towards PGP
and/or Bitlocker.

 

-sc

 

From: greg.swe...@actsconsulting.net [mailto:greg.swe...@actsconsulting.net]

Sent: Thursday, October 07, 2010 1:40 AM
To: NT System Admin Issues
Subject: RE: disk encryption

 

Ben,

 

We have done clients with whole disk encryption on the laptops.  Works
great.  Doesn't protect against anything when the system is actually
running, only when the laptops are stolen.  PGP Desktop Whole disk is what
we used then, but I would seriously look at Truecrypt now.  Nice thing about
PGP was the centralized management we had for maintaining PGP passwords and
accounts.

All of the data is stored on the server 2008 via RDP.  They use it both
internally and externally.  No data is stored on desktops or servers.
Desktops are locked down via GP and basically have a single icon for RDP, or
are running thin clients.

Takes care of most security issues, but if the servers have a problem you
hear about it quick.  J  

 

Greg Sweers

CEO

  ACTS360.com

P.O. Box 1193

Brandon, FL  33509

813-657-0849 Office

813-758-6850 Cell

813-341-1270 Fax

 

From: Lists - Level 5 [mailto:li...@levelfive.us] 
Sent: Thursday, October 07, 2010 12:38 AM
To: NT System Admin Issues
Subject: RE: disk encryption

 

Well that's what we are considering, the issue is they do have several
graphics and presentation people, they also have a bunch of little 'apps'
that im concerned with bog the server down. For example accounting dept has
2 different apps, then there is 3 people in graphics/marketing, and 2
attorneys who have their own app, HR has its own sql app, and then half the
company uses Yardi (property mgmt. sql based).

 

Then we get into cost, we already have 2 citrix servers, one is a vm, and
one is a standalone and being phased out. Its running 2003 with citrix 3.x??
I would say its 5 years old from the last time they purchased anything. 

 

 

From: Jon Harris [mailto:jk.har...@gmail.com] 
Sent: Wednesday, October 06, 2010 11:39 PM
To: NT System Admin Issues
Subject: Re: disk encryption

 

Why not just put everything on Citrix and have done with it?  Not
criticizing just asking?  I would avoid encrypting the servers and lock them
down tight and lock them up tighter.

 

Jon

On Wed, Oct 6, 2010 at 10:46 PM, Lists - Level 5  wrote:

I have a small client, 15 laptops, 20 desktops , 8 servers on a 2008 domain.
We were discussing full disk encryption and turning off cached mode for
outlook etc etc. the client is pretty sensitive to protecting their data. 

 

One of the items that came up was whether we should just move to citrix so
nothing is on the laptops and then encrypt the desktops in the office as
well. Are there are recommendations for encryption people can recommend? I
have only used the built in certificates with Windows to encrypt user
profiles and am wondering if people would consider that secure enough or
does pgp or some of these two factor disk encryption devices. 

 

Thanks

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsub

Need rack & vendor recommendations

2010-10-07 Thread Angus Scott-Fleming

All

I'm putting in a rack for about 6 servers in a vault at a client and need 
recommendations on what rack systems you're happy with.  Also need a vendor 
recommendation.

Since it's my first rack system I don't even know what questions to ask or 
features to look for or to avoid.

TIA

Angus


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Interesting run-down on Stuxnet from F-Secure

2010-10-07 Thread Jon Harris

Marc, not that this is the correct thread to ask this but, doesn't eEye have
an AV product that concentrates more on the actions of a file and less on
the definitions?

Jon

On Thu, Oct 7, 2010 at 8:43 PM,  wrote:

>  I’m a lot cheaper.  Just give me a cold coke..
>
>
>
> *From:* William J. Robbins [mailto:dangerw...@gmail.com]
> *Sent:* Thursday, October 07, 2010 8:27 PM
>
> *To:* NT System Admin Issues
>  *Subject:* Re: Interesting run-down on Stuxnet from F-Secure
>
>
>
> Who hasn't sold out for a beer? :)
>
>
> WJR
> - from my Crackberry.
>
> "If you find yourself in a fair fight, your tactics suck."
>  --
>
> *From: *"Andrew S. Baker" 
>
> *Date: *Thu, 7 Oct 2010 20:08:04 -0400
>
> *To: *NT System Admin Issues
>
> *ReplyTo: *"NT System Admin Issues" 
>
>
> *Subject: *Re: Interesting run-down on Stuxnet from F-Secure
>
>
>
>
>  You sold out for a beer?  :)
>
>
>
>
>
> >>These things are a great example of always being one step behind the bad
> guys but NOT because we actually had to be … only because technology
> companies allowed it to be.
>
> And I would say that we are were we are because as consumers and corporate
> customers, we don't push for things to be different.   Not that technology
> companies don't have their own responsibility to do the right thing, but
> they'll always favor features over security is *we* favor features over
> security.
>
>
>
> *ASB *(My XeeSM Profile) 
> *Exploiting Technology for Business Advantage...*
> * *
>
>
>
>  On Thu, Oct 7, 2010 at 7:33 PM, Marc Maiffret  wrote:
>
> Privilege escalation bugs are pretty much here and now and being used more
> commonly in attacks as the sophistication level is not necessarily as high
> as one would think. This has always been an area of interesting at eEye as
> we started discovering some of the first windows priv. escalation vulns by
> the handful almost 5 years ago knowing this was the future and hoping people
> would pay attention (security industry, technology companies) and be ready
> for it. We obviously are not ready as we all know the technology OS makers
> like Microsoft only just in the last years finally even got around to least
> privilege user roles and just as they played catch up with that they will
> now again play catch up to privilege escalation vulnerabilities which
> completely make all of this “we run as non-admin” stuff totally an
> irrelevant point anymore. These things are a great example of always being
> one step behind the bad guys but NOT because we actually had to be … only
> because technology companies allowed it to be.
>
>
>
> P.S. My marketing department told me if I mentioned this new cheesily named
> thing I am doing they would buy me a beer, so consider this the mention:
>
> http://www.eeye.com/Company/News-and-Events/Minute-With-Maiffret.aspx
>
>
>
>
>
> Signed,
>
> Marc Maiffret
>
> Co-Founder/CTO
>
> eEye Digital Security
>
> Web: http://www.eeye.com
>
> Blog: http://blog.eeye.com
>
> Twitter: http://www.twitter.com/marcmaiffret
>
>
>
>
>
>
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Sent:* Thursday, October 07, 2010 11:25 AM
>
>
> *To:* NT System Admin Issues
> *Subject:* Re: Interesting run-down on Stuxnet from F-Secure
>
>
>
> *>>**Looking forward a few years, non-admin users' risk will steadily
> increase as malware more often includes code to exploit priv escalation
> bugs.*
>
>
>
> I agree that we will see a rise in non-admin malware, but it will be much
> easier to go after the low hanging fruit of people with too much local
> access, because lots more sophistication is needed to implement these
> attacks.
>
>
>
> When this avenue is largely closed, then the malware folks will have no
> choice but to spend more of their time on those classes of attacks.
>
>
>
> *ASB *(My XeeSM Profile) 
> *Exploiting Technology for Business Advantage...*
> * *
>
>
>
> On Thu, Oct 7, 2010 at 12:33 PM, Carl Houseman 
> wrote:
>
> I'd say it's a good bet the privilege escalation bugs are used to get
> around limited user limitations and install the rootkit.
>
>
>
> Looking forward a few years, non-admin users' risk will steadily increase
> as malware more often includes code to exploit priv escalation bugs.
> There's always a priv escalation bug hiding around the next corner, and
> malware will use them to survive.
>
>
>
> Carl
>
>
>
> *From:* John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
> *Sent:* Thursday, October 07, 2010 12:04 PM
>
>
> *To:* NT System Admin Issues
>
> *Subject:* RE: Interesting run-down on Stuxnet from F-Secure
>
>
>
> An interesting read.
>
>
>
> Would running without elevated permissions eliminate the risk of infection?
> Or do the two zero-day exploits (privilege escalation via keyboard layout
> file and privilege escalation via Task Scheduler) allow infection even when
> running as a limited user?
>
>
>
>
>
>
>
> John Hornbuckle
>
> MIS Department
>
> Taylor County Sc

RE: Interesting run-down on Stuxnet from F-Secure

2010-10-07 Thread greg.sweers

I'm a lot cheaper.  Just give me a cold coke..

From: William J. Robbins [mailto:dangerw...@gmail.com]
Sent: Thursday, October 07, 2010 8:27 PM
To: NT System Admin Issues
Subject: Re: Interesting run-down on Stuxnet from F-Secure

Who hasn't sold out for a beer? :)

WJR
- from my Crackberry.

"If you find yourself in a fair fight, your tactics suck."

From: "Andrew S. Baker" 
Date: Thu, 7 Oct 2010 20:08:04 -0400
To: NT System Admin Issues
ReplyTo: "NT System Admin Issues" 
Subject: Re: Interesting run-down on Stuxnet from F-Secure

You sold out for a beer?  :)

>>These things are a great example of always being one step behind the bad guys 
>>but NOT because we actually had to be ... only because technology companies 
>>allowed it to be.

And I would say that we are were we are because as consumers and corporate 
customers, we don't push for things to be different.   Not that technology 
companies don't have their own responsibility to do the right thing, but 
they'll always favor features over security is *we* favor features over 
security.

ASB (My XeeSM Profile)
Exploiting Technology for Business Advantage...

On Thu, Oct 7, 2010 at 7:33 PM, Marc Maiffret 
mailto:mmaiff...@eeye.com>> wrote:
Privilege escalation bugs are pretty much here and now and being used more 
commonly in attacks as the sophistication level is not necessarily as high as 
one would think. This has always been an area of interesting at eEye as we 
started discovering some of the first windows priv. escalation vulns by the 
handful almost 5 years ago knowing this was the future and hoping people would 
pay attention (security industry, technology companies) and be ready for it. We 
obviously are not ready as we all know the technology OS makers like Microsoft 
only just in the last years finally even got around to least privilege user 
roles and just as they played catch up with that they will now again play catch 
up to privilege escalation vulnerabilities which completely make all of this 
"we run as non-admin" stuff totally an irrelevant point anymore. These things 
are a great example of always being one step behind the bad guys but NOT 
because we actually had to be ... only because technology companies allowed it 
to be.

P.S. My marketing department told me if I mentioned this new cheesily named 
thing I am doing they would buy me a beer, so consider this the mention:
http://www.eeye.com/Company/News-and-Events/Minute-With-Maiffret.aspx

Signed,
Marc Maiffret
Co-Founder/CTO
eEye Digital Security
Web: http://www.eeye.com
Blog: http://blog.eeye.com
Twitter: http://www.twitter.com/marcmaiffret

From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Thursday, October 07, 2010 11:25 AM

To: NT System Admin Issues
Subject: Re: Interesting run-down on Stuxnet from F-Secure

>>Looking forward a few years, non-admin users' risk will steadily increase as 
>>malware more often includes code to exploit priv escalation bugs.

I agree that we will see a rise in non-admin malware, but it will be much 
easier to go after the low hanging fruit of people with too much local access, 
because lots more sophistication is needed to implement these attacks.

When this avenue is largely closed, then the malware folks will have no choice 
but to spend more of their time on those classes of attacks.

ASB (My XeeSM Profile)
Exploiting Technology for Business Advantage...

On Thu, Oct 7, 2010 at 12:33 PM, Carl Houseman 
mailto:c.house...@gmail.com>> wrote:
I'd say it's a good bet the privilege escalation bugs are used to get around 
limited user limitations and install the rootkit.

Looking forward a few years, non-admin users' risk will steadily increase as 
malware more often includes code to exploit priv escalation bugs.  There's 
always a priv escalation bug hiding around the next corner, and malware will 
use them to survive.

Carl

From: John Hornbuckle 
[mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Thursday, October 07, 2010 12:04 PM

To: NT System Admin Issues
Subject: RE: Interesting run-down on Stuxnet from F-Secure

An interesting read.

Would running without elevated permissions eliminate the risk of infection? Or 
do the two zero-day exploits (privilege escalation via keyboard layout file and 
privilege escalation via Task Scheduler) allow infection even when running as a 
limited user?

John Hornbuckle
MIS Department
Taylor County School District
www.taylor.k12.fl.us

From: James Rankin [mailto:kz2...@googlemail.com]
Sent: Thursday, October 07, 2010 11:43 AM

To: NT System Admin Issues
Subject: Interesting run-down on Stuxnet from F-Secure

http://www.f-secure.com/weblog/archives/2040.html

They seem to draw a little bit of comparison between Stuxnet and Conficker, as 
well as some other mildly inter

Re: Interesting run-down on Stuxnet from F-Secure

2010-10-07 Thread William J. Robbins

Who hasn't sold out for a beer?  :)
 
WJR
 - from my Crackberry.

"If you find yourself in a fair fight, your tactics suck."

-Original Message-
From: "Andrew S. Baker" 
Date: Thu, 7 Oct 2010 20:08:04 
To: NT System Admin Issues
Reply-To: "NT System Admin Issues" 
Subject: Re: Interesting run-down on Stuxnet from F-Secure

You sold out for a beer?  :)



>>These things are a great example of always being one step behind the bad
guys but NOT because we actually had to be … only because technology
companies allowed it to be.

*And I would say that we are were we are because as consumers and corporate
customers, we don't push for things to be different.   Not that technology
companies don't have their own responsibility to do the right thing, but
they'll always favor features over security is *we* favor features over
security.*

*
*

*ASB *(My XeeSM Profile) 
*Exploiting Technology for Business Advantage...*
* *



On Thu, Oct 7, 2010 at 7:33 PM, Marc Maiffret  wrote:

> Privilege escalation bugs are pretty much here and now and being used more
> commonly in attacks as the sophistication level is not necessarily as high
> as one would think. This has always been an area of interesting at eEye as
> we started discovering some of the first windows priv. escalation vulns by
> the handful almost 5 years ago knowing this was the future and hoping people
> would pay attention (security industry, technology companies) and be ready
> for it. We obviously are not ready as we all know the technology OS makers
> like Microsoft only just in the last years finally even got around to least
> privilege user roles and just as they played catch up with that they will
> now again play catch up to privilege escalation vulnerabilities which
> completely make all of this “we run as non-admin” stuff totally an
> irrelevant point anymore. These things are a great example of always being
> one step behind the bad guys but NOT because we actually had to be … only
> because technology companies allowed it to be.
>
>
>
> P.S. My marketing department told me if I mentioned this new cheesily named
> thing I am doing they would buy me a beer, so consider this the mention:
>
> http://www.eeye.com/Company/News-and-Events/Minute-With-Maiffret.aspx
>
>
>
>
>
> Signed,
>
> Marc Maiffret
>
> Co-Founder/CTO
>
> eEye Digital Security
>
> Web: http://www.eeye.com
>
> Blog: http://blog.eeye.com
>
> Twitter: http://www.twitter.com/marcmaiffret
>
>
>
>
>
>
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Sent:* Thursday, October 07, 2010 11:25 AM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Interesting run-down on Stuxnet from F-Secure
>
>
>
> *>>**Looking forward a few years, non-admin users' risk will steadily
> increase as malware more often includes code to exploit priv escalation
> bugs.*
>
>
>
> I agree that we will see a rise in non-admin malware, but it will be much
> easier to go after the low hanging fruit of people with too much local
> access, because lots more sophistication is needed to implement these
> attacks.
>
>
>
> When this avenue is largely closed, then the malware folks will have no
> choice but to spend more of their time on those classes of attacks.
>
>
>
> *ASB *(My XeeSM Profile) 
> *Exploiting Technology for Business Advantage...*
> * *
>
>
>
> On Thu, Oct 7, 2010 at 12:33 PM, Carl Houseman 
> wrote:
>
> I'd say it's a good bet the privilege escalation bugs are used to get
> around limited user limitations and install the rootkit.
>
>
>
> Looking forward a few years, non-admin users' risk will steadily increase
> as malware more often includes code to exploit priv escalation bugs.
> There's always a priv escalation bug hiding around the next corner, and
> malware will use them to survive.
>
>
>
> Carl
>
>
>
> *From:* John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
> *Sent:* Thursday, October 07, 2010 12:04 PM
>
>
> *To:* NT System Admin Issues
>
> *Subject:* RE: Interesting run-down on Stuxnet from F-Secure
>
>
>
> An interesting read.
>
>
>
> Would running without elevated permissions eliminate the risk of infection?
> Or do the two zero-day exploits (privilege escalation via keyboard layout
> file and privilege escalation via Task Scheduler) allow infection even when
> running as a limited user?
>
>
>
>
>
>
>
> John Hornbuckle
>
> MIS Department
>
> Taylor County School District
>
> www.taylor.k12.fl.us
>
>
>
>
>
>
>
>
>
> *From:* James Rankin [mailto:kz2...@googlemail.com]
> *Sent:* Thursday, October 07, 2010 11:43 AM
>
>
> *To:* NT System Admin Issues
> *Subject:* Interesting run-down on Stuxnet from F-Secure
>
>
>
> http://www.f-secure.com/weblog/archives/2040.html
>
> They seem to draw a little bit of comparison between Stuxnet and Conficker,
> as well as some other mildly interesting bits
>
> --
> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
> the machine wrong figures, will the right answers

RE: Interesting run-down on Stuxnet from F-Secure

2010-10-07 Thread Marc Maiffret

Hmmm you know you are right about that, I should have held out for a 
grasshopper. Ohh movie trivia... :)

And to your second point I agree completely!

-Marc

From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Thursday, October 07, 2010 5:08 PM
To: NT System Admin Issues
Subject: Re: Interesting run-down on Stuxnet from F-Secure

You sold out for a beer?  :)

>>These things are a great example of always being one step behind the bad guys 
>>but NOT because we actually had to be ... only because technology companies 
>>allowed it to be.

And I would say that we are were we are because as consumers and corporate 
customers, we don't push for things to be different.   Not that technology 
companies don't have their own responsibility to do the right thing, but 
they'll always favor features over security is *we* favor features over 
security.

ASB (My XeeSM Profile)
Exploiting Technology for Business Advantage...

On Thu, Oct 7, 2010 at 7:33 PM, Marc Maiffret 
mailto:mmaiff...@eeye.com>> wrote:
Privilege escalation bugs are pretty much here and now and being used more 
commonly in attacks as the sophistication level is not necessarily as high as 
one would think. This has always been an area of interesting at eEye as we 
started discovering some of the first windows priv. escalation vulns by the 
handful almost 5 years ago knowing this was the future and hoping people would 
pay attention (security industry, technology companies) and be ready for it. We 
obviously are not ready as we all know the technology OS makers like Microsoft 
only just in the last years finally even got around to least privilege user 
roles and just as they played catch up with that they will now again play catch 
up to privilege escalation vulnerabilities which completely make all of this 
"we run as non-admin" stuff totally an irrelevant point anymore. These things 
are a great example of always being one step behind the bad guys but NOT 
because we actually had to be ... only because technology companies allowed it 
to be.

P.S. My marketing department told me if I mentioned this new cheesily named 
thing I am doing they would buy me a beer, so consider this the mention:
http://www.eeye.com/Company/News-and-Events/Minute-With-Maiffret.aspx

Signed,
Marc Maiffret
Co-Founder/CTO
eEye Digital Security
Web: http://www.eeye.com
Blog: http://blog.eeye.com
Twitter: http://www.twitter.com/marcmaiffret

From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Thursday, October 07, 2010 11:25 AM

To: NT System Admin Issues
Subject: Re: Interesting run-down on Stuxnet from F-Secure

>>Looking forward a few years, non-admin users' risk will steadily increase as 
>>malware more often includes code to exploit priv escalation bugs.

I agree that we will see a rise in non-admin malware, but it will be much 
easier to go after the low hanging fruit of people with too much local access, 
because lots more sophistication is needed to implement these attacks.

When this avenue is largely closed, then the malware folks will have no choice 
but to spend more of their time on those classes of attacks.

ASB (My XeeSM Profile)
Exploiting Technology for Business Advantage...

On Thu, Oct 7, 2010 at 12:33 PM, Carl Houseman 
mailto:c.house...@gmail.com>> wrote:
I'd say it's a good bet the privilege escalation bugs are used to get around 
limited user limitations and install the rootkit.

Looking forward a few years, non-admin users' risk will steadily increase as 
malware more often includes code to exploit priv escalation bugs.  There's 
always a priv escalation bug hiding around the next corner, and malware will 
use them to survive.

Carl

From: John Hornbuckle 
[mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Thursday, October 07, 2010 12:04 PM

To: NT System Admin Issues
Subject: RE: Interesting run-down on Stuxnet from F-Secure

An interesting read.

Would running without elevated permissions eliminate the risk of infection? Or 
do the two zero-day exploits (privilege escalation via keyboard layout file and 
privilege escalation via Task Scheduler) allow infection even when running as a 
limited user?

John Hornbuckle
MIS Department
Taylor County School District
www.taylor.k12.fl.us

From: James Rankin [mailto:kz2...@googlemail.com]
Sent: Thursday, October 07, 2010 11:43 AM

To: NT System Admin Issues
Subject: Interesting run-down on Stuxnet from F-Secure

http://www.f-secure.com/weblog/archives/2040.html

They seem to draw a little bit of comparison between Stuxnet and Conficker, as 
well as some other mildly interesting bits
--
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the 
machine wrong figures, will the right answers come out?' I am not able rightly 
to apprehend the kind of confusion of ideas that could provo

Re: Interesting run-down on Stuxnet from F-Secure

2010-10-07 Thread Andrew S. Baker

You sold out for a beer?  :)



>>These things are a great example of always being one step behind the bad
guys but NOT because we actually had to be … only because technology
companies allowed it to be.

*And I would say that we are were we are because as consumers and corporate
customers, we don't push for things to be different.   Not that technology
companies don't have their own responsibility to do the right thing, but
they'll always favor features over security is *we* favor features over
security.*

*
*

*ASB *(My XeeSM Profile) 
*Exploiting Technology for Business Advantage...*
* *



On Thu, Oct 7, 2010 at 7:33 PM, Marc Maiffret  wrote:

> Privilege escalation bugs are pretty much here and now and being used more
> commonly in attacks as the sophistication level is not necessarily as high
> as one would think. This has always been an area of interesting at eEye as
> we started discovering some of the first windows priv. escalation vulns by
> the handful almost 5 years ago knowing this was the future and hoping people
> would pay attention (security industry, technology companies) and be ready
> for it. We obviously are not ready as we all know the technology OS makers
> like Microsoft only just in the last years finally even got around to least
> privilege user roles and just as they played catch up with that they will
> now again play catch up to privilege escalation vulnerabilities which
> completely make all of this “we run as non-admin” stuff totally an
> irrelevant point anymore. These things are a great example of always being
> one step behind the bad guys but NOT because we actually had to be … only
> because technology companies allowed it to be.
>
>
>
> P.S. My marketing department told me if I mentioned this new cheesily named
> thing I am doing they would buy me a beer, so consider this the mention:
>
> http://www.eeye.com/Company/News-and-Events/Minute-With-Maiffret.aspx
>
>
>
>
>
> Signed,
>
> Marc Maiffret
>
> Co-Founder/CTO
>
> eEye Digital Security
>
> Web: http://www.eeye.com
>
> Blog: http://blog.eeye.com
>
> Twitter: http://www.twitter.com/marcmaiffret
>
>
>
>
>
>
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Sent:* Thursday, October 07, 2010 11:25 AM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Interesting run-down on Stuxnet from F-Secure
>
>
>
> *>>**Looking forward a few years, non-admin users' risk will steadily
> increase as malware more often includes code to exploit priv escalation
> bugs.*
>
>
>
> I agree that we will see a rise in non-admin malware, but it will be much
> easier to go after the low hanging fruit of people with too much local
> access, because lots more sophistication is needed to implement these
> attacks.
>
>
>
> When this avenue is largely closed, then the malware folks will have no
> choice but to spend more of their time on those classes of attacks.
>
>
>
> *ASB *(My XeeSM Profile) 
> *Exploiting Technology for Business Advantage...*
> * *
>
>
>
> On Thu, Oct 7, 2010 at 12:33 PM, Carl Houseman 
> wrote:
>
> I'd say it's a good bet the privilege escalation bugs are used to get
> around limited user limitations and install the rootkit.
>
>
>
> Looking forward a few years, non-admin users' risk will steadily increase
> as malware more often includes code to exploit priv escalation bugs.
> There's always a priv escalation bug hiding around the next corner, and
> malware will use them to survive.
>
>
>
> Carl
>
>
>
> *From:* John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
> *Sent:* Thursday, October 07, 2010 12:04 PM
>
>
> *To:* NT System Admin Issues
>
> *Subject:* RE: Interesting run-down on Stuxnet from F-Secure
>
>
>
> An interesting read.
>
>
>
> Would running without elevated permissions eliminate the risk of infection?
> Or do the two zero-day exploits (privilege escalation via keyboard layout
> file and privilege escalation via Task Scheduler) allow infection even when
> running as a limited user?
>
>
>
>
>
>
>
> John Hornbuckle
>
> MIS Department
>
> Taylor County School District
>
> www.taylor.k12.fl.us
>
>
>
>
>
>
>
>
>
> *From:* James Rankin [mailto:kz2...@googlemail.com]
> *Sent:* Thursday, October 07, 2010 11:43 AM
>
>
> *To:* NT System Admin Issues
> *Subject:* Interesting run-down on Stuxnet from F-Secure
>
>
>
> http://www.f-secure.com/weblog/archives/2040.html
>
> They seem to draw a little bit of comparison between Stuxnet and Conficker,
> as well as some other mildly interesting bits
>
> --
> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
> the machine wrong figures, will the right answers come out?' I am not able
> rightly to apprehend the kind of confusion of ideas that could provoke such
> a question."
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/

RE: Interesting run-down on Stuxnet from F-Secure

2010-10-07 Thread Marc Maiffret

Privilege escalation bugs are pretty much here and now and being used more 
commonly in attacks as the sophistication level is not necessarily as high as 
one would think. This has always been an area of interesting at eEye as we 
started discovering some of the first windows priv. escalation vulns by the 
handful almost 5 years ago knowing this was the future and hoping people would 
pay attention (security industry, technology companies) and be ready for it. We 
obviously are not ready as we all know the technology OS makers like Microsoft 
only just in the last years finally even got around to least privilege user 
roles and just as they played catch up with that they will now again play catch 
up to privilege escalation vulnerabilities which completely make all of this 
"we run as non-admin" stuff totally an irrelevant point anymore. These things 
are a great example of always being one step behind the bad guys but NOT 
because we actually had to be ... only because technology companies allowed it 
to be.

P.S. My marketing department told me if I mentioned this new cheesily named 
thing I am doing they would buy me a beer, so consider this the mention:
http://www.eeye.com/Company/News-and-Events/Minute-With-Maiffret.aspx

Signed,
Marc Maiffret
Co-Founder/CTO
eEye Digital Security
Web: http://www.eeye.com
Blog: http://blog.eeye.com
Twitter: http://www.twitter.com/marcmaiffret

From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Thursday, October 07, 2010 11:25 AM
To: NT System Admin Issues
Subject: Re: Interesting run-down on Stuxnet from F-Secure

>>Looking forward a few years, non-admin users' risk will steadily increase as 
>>malware more often includes code to exploit priv escalation bugs.

I agree that we will see a rise in non-admin malware, but it will be much 
easier to go after the low hanging fruit of people with too much local access, 
because lots more sophistication is needed to implement these attacks.

When this avenue is largely closed, then the malware folks will have no choice 
but to spend more of their time on those classes of attacks.

ASB (My XeeSM Profile)
Exploiting Technology for Business Advantage...

On Thu, Oct 7, 2010 at 12:33 PM, Carl Houseman 
mailto:c.house...@gmail.com>> wrote:
I'd say it's a good bet the privilege escalation bugs are used to get around 
limited user limitations and install the rootkit.

Looking forward a few years, non-admin users' risk will steadily increase as 
malware more often includes code to exploit priv escalation bugs.  There's 
always a priv escalation bug hiding around the next corner, and malware will 
use them to survive.

Carl

From: John Hornbuckle 
[mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Thursday, October 07, 2010 12:04 PM

To: NT System Admin Issues
Subject: RE: Interesting run-down on Stuxnet from F-Secure

An interesting read.

Would running without elevated permissions eliminate the risk of infection? Or 
do the two zero-day exploits (privilege escalation via keyboard layout file and 
privilege escalation via Task Scheduler) allow infection even when running as a 
limited user?

John Hornbuckle
MIS Department
Taylor County School District
www.taylor.k12.fl.us

From: James Rankin [mailto:kz2...@googlemail.com]
Sent: Thursday, October 07, 2010 11:43 AM

To: NT System Admin Issues
Subject: Interesting run-down on Stuxnet from F-Secure

http://www.f-secure.com/weblog/archives/2040.html

They seem to draw a little bit of comparison between Stuxnet and Conficker, as 
well as some other mildly interesting bits

--
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the 
machine wrong figures, will the right answers come out?' I am not able rightly 
to apprehend the kind of confusion of ideas that could provoke such a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

NOTICE: Florida has a broad public records law. Most written communications to 
or from this entity are public records that will be disclosed to the public and 
the media upon request. E-mail communications may be subject to public 
disclosure.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~

~

RE: 64 Bit flash beta 2

2010-10-07 Thread Crawford, Scott

That would be an L2+

http://erlegreer.com/LOL/

From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Thursday, October 07, 2010 5:18 PM
To: NT System Admin Issues
Subject: Re: 64 Bit flash beta 2

I enjoy reading your posts, Ben.  That one brought a good chuckle...



ASB



On Thu, Oct 7, 2010 at 6:11 PM, Ben Scott 
mailto:mailvor...@gmail.com>> wrote:
On Thu, Oct 7, 2010 at 12:11 PM, Steven M. Caesare 
mailto:scaes...@caesare.com>> wrote:
> On difference is that the working machine ALSO has a left-over 32 bit Flash
> 10 Active X installation on it that I didn't remove.
 Makes perfect sense to me -- there are at least 4096 different ways
which web designers detect Flash, and all of them are wrong.
Someone's prolly looking for the GUID of the 32-bit version or
something goofy like that.

 Linux users have been dealing with this for years.  It's amazing how
many websites think "not Microsoft Windows" means "Lynx on a ASR-33
teletype".

-- Ben


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: 64 Bit flash beta 2

2010-10-07 Thread Andrew S. Baker

I enjoy reading your posts, Ben.  That one brought a good chuckle...


*ASB*
* *



On Thu, Oct 7, 2010 at 6:11 PM, Ben Scott  wrote:

> On Thu, Oct 7, 2010 at 12:11 PM, Steven M. Caesare 
> wrote:
> > On difference is that the working machine ALSO has a left-over 32 bit
> Flash
> > 10 Active X installation on it that I didn’t remove.
>
>   Makes perfect sense to me -- there are at least 4096 different ways
> which web designers detect Flash, and all of them are wrong.
> Someone's prolly looking for the GUID of the 32-bit version or
> something goofy like that.
>
>  Linux users have been dealing with this for years.  It's amazing how
> many websites think "not Microsoft Windows" means "Lynx on a ASR-33
> teletype".
>
> -- Ben
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: 64 Bit flash beta 2

2010-10-07 Thread Ben Scott

On Thu, Oct 7, 2010 at 12:11 PM, Steven M. Caesare  wrote:
> On difference is that the working machine ALSO has a left-over 32 bit Flash
> 10 Active X installation on it that I didn’t remove.

  Makes perfect sense to me -- there are at least 4096 different ways
which web designers detect Flash, and all of them are wrong.
Someone's prolly looking for the GUID of the 32-bit version or
something goofy like that.

  Linux users have been dealing with this for years.  It's amazing how
many websites think "not Microsoft Windows" means "Lynx on a ASR-33
teletype".

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Need System/Application Security Advice

2010-10-07 Thread Andrew S. Baker

I wasn't necessarily recommending this approach.  I was pointing out that if
the current state of affairs is not desirable, then there are other ways to
address it.  (And those ways are not trivial.)

This is without any other information about what the data is or how it is
"sensitive".

As for encryption, it should be considered for things that are deemed
"sensitive".


*ASB *(My XeeSM Profile) 
*Exploiting Technology for Business Advantage...*
* *



On Thu, Oct 7, 2010 at 4:15 PM, Brian Desmond wrote:

> *You’re assuming that the app has no other network dependencies. You also
> need to at this point turn on SQL Auth on the DB which is not the default
> and not technically best practice. Further you still have the app pool
> running as network service which means it has the access a computer account
> has in the case of one of the OP’s scenarios.*
>
> * *
>
> *Encryption is pretty subjective. For all we know the OP’s app is
> returning yesterday’s weather from a database.*
>
> * *
>
> *Thanks,*
>
> *Brian Desmond*
>
> *br...@briandesmond.com*
>
> * *
>
> *c - 312.731.3132*
>
> * *
>
> * *
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Sent:* Thursday, October 07, 2010 8:44 PM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Need System/Application Security Advice
>
>
>
> What you're asking for is a redesign
>
>
>
> One way to address this issue is the place authentication in the hands of
> your database tier, and not grant any special domain level rights to IIS.
>  This way, successful attacks against the web servers [1] would still
> require subsequent successful attacks against the database [2] before
> getting at this sensitive data.
>
>
>
> I hope that lots of encryption is being intelligently used throughout this
> application -- in transit AND at rest.
>
>
>
> *ASB *(My XeeSM Profile) 
> *Exploiting Technology for Business Advantage...*
> * *
>
> [1] Where we hope not to find database connection strings
> for privileged accounts
>
> [2] Which would now be trivial
>
>
>
> *ASB *(My XeeSM Profile) 
> *Exploiting Technology for Business Advantage...*
> * *
>
> On Thu, Oct 7, 2010 at 1:53 PM, Klint Price 
> wrote:
>
> So what steps should be taken to secure it since no instructions are
> provided to do so?
>
>
>
> Because IIS knows the password for the xyzweb account. If someone can get
> IIS to execute arbitrary code (e.g. by uploading some of their own webpages)
> then IIS can connect to serverB using the domain\xyzweb account, and that
> account has privileges on serverB.
>
>
>
> By running your website as a domain user it is basically giving permission
> to your web server to access anything that the user has access to on the
> entire domain. Wouldn’t that mean that
> if someone manages to take advantage of one of the many IIS vulnerabilities
> they very well may have access to information all over your network instead
> of just the one machine?
>
>
>
> A workaround or possible solution would be to instruct the customer that if
> they are going to use a domain account (which by architecture they are
> forcing them to do), that they should use a non-privileged account, and
> remove it from the “domain users” group.  That way the account can be
> considered “authenticated”, but has no other default rights on the domain.
> Additional settings should be implemented to prevent the password from
> expiring, and locking out.
>
>
>
>
>
>
>
> *From:* Brian Desmond [mailto:br...@briandesmond.com]
> *Sent:* Thursday, October 07, 2010 10:49 AM
>
>
> *To:* NT System Admin Issues
> *Subject:* RE: Need System/Application Security Advice
>
>
>
> *It’s very common. There are many things you simply cannot do if you run
> in a local security context. FYI if you run the app pool as Network Service
> on a domain joined machine that provides it the domain rights of the
> server’s computer account.*
>
> * *
>
> *If an internet facing app even not in a corp environment runs on a web
> farm and is anything other than static content you’re almost guaranteed to
> have a domain and shared domain accounts running it too.*
>
> * *
>
> *Thanks,*
>
> *Brian Desmond*
>
> *br...@briandesmond.com*
>
> * *
>
> *c - 312.731.3132*
>
> * *
>
> * *
>
> *From:* Klint Price [mailto:kpr...@arizonaitpro.com]
> *Sent:* Thursday, October 07, 2010 7:36 PM
> *To:* NT System Admin Issues
> *Subject:* RE: Need System/Application Security Advice
>
>
>
> Internal corporate, yes.  Directly exposed to the internet? I would hope
> not.
>
>
>
> *From:* Brian Desmond [mailto:br...@briandesmond.com]
> *Sent:* Thursday, October 07, 2010 10:34 AM
> *To:* NT System Admin Issues
> *Subject:* RE: Need System/Application Security Advice
>
>
>
> *Ermm what you describe (as I understand it) is probably how 75-90 percent
> of apps run on IIS in a corporate environment.*
>
> * *
>
> *Thanks,*
>
> *Brian Desmond*
>
> *br...@briandesmond.com*
>
> * *
>
> *c - 312.73

Re: Need System/Application Security Advice

2010-10-07 Thread Jeff Bunting

Wouldn't restricting the systems the account can logon to in AD prevent
this?  I've done this in the past, but the web servers were in their own
domain.

Jeff

On Thu, Oct 7, 2010 at 1:53 PM, Klint Price  wrote:

>  So what steps should be taken to secure it since no instructions are
> provided to do so?
>
>
>
> Because IIS knows the password for the xyzweb account. If someone can get
> IIS to execute arbitrary code (e.g. by uploading some of their own webpages)
> then IIS can connect to serverB using the domain\xyzweb account, and that
> account has privileges on serverB.
>
>
>
> By running your website as a domain user it is basically giving permission
> to your web server to access anything that the user has access to on the
> entire domain. Wouldn’t that mean that
> if someone manages to take advantage of one of the many IIS vulnerabilities
> they very well may have access to information all over your network instead
> of just the one machine?
>
>
>
> A workaround or possible solution would be to instruct the customer that if
> they are going to use a domain account (which by architecture they are
> forcing them to do), that they should use a non-privileged account, and
> remove it from the “domain users” group.  That way the account can be
> considered “authenticated”, but has no other default rights on the domain.
> Additional settings should be implemented to prevent the password from
> expiring, and locking out.
>
>
>
>
>
>
>
> *From:* Brian Desmond [mailto:br...@briandesmond.com]
> *Sent:* Thursday, October 07, 2010 10:49 AM
>
> *To:* NT System Admin Issues
> *Subject:* RE: Need System/Application Security Advice
>
>
>
> *It’s very common. There are many things you simply cannot do if you run
> in a local security context. FYI if you run the app pool as Network Service
> on a domain joined machine that provides it the domain rights of the
> server’s computer account.*
>
> * *
>
> *If an internet facing app even not in a corp environment runs on a web
> farm and is anything other than static content you’re almost guaranteed to
> have a domain and shared domain accounts running it too.*
>
> * *
>
> *Thanks,*
>
> *Brian Desmond*
>
> *br...@briandesmond.com*
>
> * *
>
> *c - 312.731.3132*
>
> * *
>
> * *
>
> *From:* Klint Price [mailto:kpr...@arizonaitpro.com]
> *Sent:* Thursday, October 07, 2010 7:36 PM
> *To:* NT System Admin Issues
> *Subject:* RE: Need System/Application Security Advice
>
>
>
> Internal corporate, yes.  Directly exposed to the internet? I would hope
> not.
>
>
>
> *From:* Brian Desmond [mailto:br...@briandesmond.com]
> *Sent:* Thursday, October 07, 2010 10:34 AM
> *To:* NT System Admin Issues
> *Subject:* RE: Need System/Application Security Advice
>
>
>
> *Ermm what you describe (as I understand it) is probably how 75-90 percent
> of apps run on IIS in a corporate environment.*
>
> * *
>
> *Thanks,*
>
> *Brian Desmond*
>
> *br...@briandesmond.com*
>
> * *
>
> *c - 312.731.3132*
>
> * *
>
> * *
>
> *From:* Klint Price [mailto:kpr...@arizonaitpro.com]
> *Sent:* Thursday, October 07, 2010 7:28 PM
> *To:* NT System Admin Issues
> *Subject:* Need System/Application Security Advice
>
>
>
> My off-hour job is consulting for various companies.  One such small
> company puts out a product that I feel needs to be fixed.
>
>
>
> Company sells two products;  ProductA integrates with ProductB which both
> manage sensitive data and are exposed to the public Internet
>
>
>
> Windows Forms Authentication is tied to LDAP to authenticate users prior to
> allowing them into the inner-workings of the system.
>
>
>
> ProductA and ProductB are configured so that IIS allows a domain account to
> run the entire website for anonymous users (the equivalent of running an app
> pool with a domain account).
>
>
>
> Because the entire site runs under the domain account, there are inherent
> security risks which Company fails to disclose.
>
>
>
> I am about to send off an e-mail to the higher ups detailing why this is a
> bad idea without instructing the customer on the possible security risks,
> and associated steps to mitigate, let alone re-architect the application to
> reduce this exposure.
>
>
>
> Why is it a bad idea to configure a site in this way out-of-the-box, and
> what articles can you point me to?  Any security articles would also be
> appreciated.
>
>
>
> At minimum I think the domain user should be removed from the “domain
> users” group, with additional GPO’s applied to lock down the account.
>
>
>
> What say ye?
>
>
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---

Re: Redeploying Vista with WDS

2010-10-07 Thread Tony Patton

Can you use MDT 2010?

Should be able to just import the OS image.

T

typed slowly on HTC Desire
On 7 Oct 2010 20:34, "Joseph L. Casale"  wrote:
> I have a specific image I must use that only has SP1, well my current WAIK
> setup needs that image to have SP2 for me to accomplish what I want to
> the wim before I load it into my WDS server. Any ways to get around the
> reference computer buildout and `sysprep /oobe /generalize /reboot`
> then capture? What a PITA...
>
> Thanks!
> jlc
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~  ~
>
> ---
> To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Need System/Application Security Advice

2010-10-07 Thread Brian Desmond

You're assuming that the app has no other network dependencies. You also need 
to at this point turn on SQL Auth on the DB which is not the default and not 
technically best practice. Further you still have the app pool running as 
network service which means it has the access a computer account has in the 
case of one of the OP's scenarios.

Encryption is pretty subjective. For all we know the OP's app is returning 
yesterday's weather from a database.

Thanks,
Brian Desmond
br...@briandesmond.com

c - 312.731.3132


From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Thursday, October 07, 2010 8:44 PM
To: NT System Admin Issues
Subject: Re: Need System/Application Security Advice

What you're asking for is a redesign

One way to address this issue is the place authentication in the hands of your 
database tier, and not grant any special domain level rights to IIS.  This way, 
successful attacks against the web servers [1] would still require subsequent 
successful attacks against the database [2] before getting at this sensitive 
data.

I hope that lots of encryption is being intelligently used throughout this 
application -- in transit AND at rest.



ASB (My XeeSM Profile)
Exploiting Technology for Business Advantage...

[1] Where we hope not to find database connection strings for privileged 
accounts
[2] Which would now be trivial



ASB (My XeeSM Profile)
Exploiting Technology for Business Advantage...

On Thu, Oct 7, 2010 at 1:53 PM, Klint Price 
mailto:kpr...@arizonaitpro.com>> wrote:
So what steps should be taken to secure it since no instructions are provided 
to do so?

Because IIS knows the password for the xyzweb account. If someone can get IIS 
to execute arbitrary code (e.g. by uploading some of their own webpages) then 
IIS can connect to serverB using the domain\xyzweb account, and that account 
has privileges on serverB.

By running your website as a domain user it is basically giving permission to 
your web server to access anything that the user has access to on the entire 
domain. Wouldn't that mean that
if someone manages to take advantage of one of the many IIS vulnerabilities 
they very well may have access to information all over your network instead of 
just the one machine?

A workaround or possible solution would be to instruct the customer that if 
they are going to use a domain account (which by architecture they are forcing 
them to do), that they should use a non-privileged account, and remove it from 
the "domain users" group.  That way the account can be considered 
"authenticated", but has no other default rights on the domain.  Additional 
settings should be implemented to prevent the password from expiring, and 
locking out.



From: Brian Desmond 
[mailto:br...@briandesmond.com]
Sent: Thursday, October 07, 2010 10:49 AM

To: NT System Admin Issues
Subject: RE: Need System/Application Security Advice

It's very common. There are many things you simply cannot do if you run in a 
local security context. FYI if you run the app pool as Network Service on a 
domain joined machine that provides it the domain rights of the server's 
computer account.

If an internet facing app even not in a corp environment runs on a web farm and 
is anything other than static content you're almost guaranteed to have a domain 
and shared domain accounts running it too.

Thanks,
Brian Desmond
br...@briandesmond.com

c - 312.731.3132


From: Klint Price 
[mailto:kpr...@arizonaitpro.com]
Sent: Thursday, October 07, 2010 7:36 PM
To: NT System Admin Issues
Subject: RE: Need System/Application Security Advice

Internal corporate, yes.  Directly exposed to the internet? I would hope not.

From: Brian Desmond 
[mailto:br...@briandesmond.com]
Sent: Thursday, October 07, 2010 10:34 AM
To: NT System Admin Issues
Subject: RE: Need System/Application Security Advice

Ermm what you describe (as I understand it) is probably how 75-90 percent of 
apps run on IIS in a corporate environment.

Thanks,
Brian Desmond
br...@briandesmond.com

c - 312.731.3132


From: Klint Price 
[mailto:kpr...@arizonaitpro.com]
Sent: Thursday, October 07, 2010 7:28 PM
To: NT System Admin Issues
Subject: Need System/Application Security Advice

My off-hour job is consulting for various companies.  One such small company 
puts out a product that I feel needs to be fixed.

Company sells two products;  ProductA integrates with ProductB which both 
manage sensitive data and are exposed to the public Internet

Windows Forms Authentication is tied to LDAP to authenticate users prior to 
allowing them into the inner-workings of the system.

ProductA and ProductB are configured so that IIS allows a domain account to run 
the entire website for anonymous users (the equivalent of running an app

RE: Need System/Application Security Advice

2010-10-07 Thread Brian Desmond

Because IIS knows the password for the xyzweb account. If someone can get IIS 
to execute arbitrary code (e.g. by uploading some of their own webpages) then 
IIS can connect to serverB using the domain\xyzweb account, and that account 
has privileges on serverB.

Yes... If they are using a privileged account then something odd is up. You may 
see some very weird behavior if you remove the user from the Domain Users group 
by way of changing the primary group on the user object.

Wouldn't that mean that if someone manages to take advantage of one of the many 
IIS vulnerabilities they very well may have access to information all over your 
network instead of just the one machine?

Sounds like you're a) taking a very subjective approach to this and b) need to 
update your data. If you are arguing that the customer should redesign their 
app because customers might not install a security patch then IMO you are 
wasting your customer's money.

Personally I think you're making a mountain out of a mole hill. Like I said 
this is really a common design.

Thanks,
Brian Desmond
br...@briandesmond.com

c - 312.731.3132


From: Klint Price [mailto:kpr...@arizonaitpro.com]
Sent: Thursday, October 07, 2010 7:54 PM
To: NT System Admin Issues
Subject: RE: Need System/Application Security Advice

So what steps should be taken to secure it since no instructions are provided 
to do so?

Because IIS knows the password for the xyzweb account. If someone can get IIS 
to execute arbitrary code (e.g. by uploading some of their own webpages) then 
IIS can connect to serverB using the domain\xyzweb account, and that account 
has privileges on serverB.

By running your website as a domain user it is basically giving permission to 
your web server to access anything that the user has access to on the entire 
domain. Wouldn't that mean that
if someone manages to take advantage of one of the many IIS vulnerabilities 
they very well may have access to information all over your network instead of 
just the one machine?

A workaround or possible solution would be to instruct the customer that if 
they are going to use a domain account (which by architecture they are forcing 
them to do), that they should use a non-privileged account, and remove it from 
the "domain users" group.  That way the account can be considered 
"authenticated", but has no other default rights on the domain.  Additional 
settings should be implemented to prevent the password from expiring, and 
locking out.



From: Brian Desmond [mailto:br...@briandesmond.com]
Sent: Thursday, October 07, 2010 10:49 AM
To: NT System Admin Issues
Subject: RE: Need System/Application Security Advice

It's very common. There are many things you simply cannot do if you run in a 
local security context. FYI if you run the app pool as Network Service on a 
domain joined machine that provides it the domain rights of the server's 
computer account.

If an internet facing app even not in a corp environment runs on a web farm and 
is anything other than static content you're almost guaranteed to have a domain 
and shared domain accounts running it too.

Thanks,
Brian Desmond
br...@briandesmond.com

c - 312.731.3132


From: Klint Price [mailto:kpr...@arizonaitpro.com]
Sent: Thursday, October 07, 2010 7:36 PM
To: NT System Admin Issues
Subject: RE: Need System/Application Security Advice

Internal corporate, yes.  Directly exposed to the internet? I would hope not.

From: Brian Desmond [mailto:br...@briandesmond.com]
Sent: Thursday, October 07, 2010 10:34 AM
To: NT System Admin Issues
Subject: RE: Need System/Application Security Advice

Ermm what you describe (as I understand it) is probably how 75-90 percent of 
apps run on IIS in a corporate environment.

Thanks,
Brian Desmond
br...@briandesmond.com

c - 312.731.3132


From: Klint Price [mailto:kpr...@arizonaitpro.com]
Sent: Thursday, October 07, 2010 7:28 PM
To: NT System Admin Issues
Subject: Need System/Application Security Advice

My off-hour job is consulting for various companies.  One such small company 
puts out a product that I feel needs to be fixed.

Company sells two products;  ProductA integrates with ProductB which both 
manage sensitive data and are exposed to the public Internet

Windows Forms Authentication is tied to LDAP to authenticate users prior to 
allowing them into the inner-workings of the system.

ProductA and ProductB are configured so that IIS allows a domain account to run 
the entire website for anonymous users (the equivalent of running an app pool 
with a domain account).

Because the entire site runs under the domain account, there are inherent 
security risks which Company fails to disclose.

I am about to send off an e-mail to the higher ups detailing why this is a bad 
idea without instructing the customer on the possible security risks, and 
associated steps to mitigate, let alone re-architect the application to reduce 
this exposure.

Why is

RE: AV Opinions

2010-10-07 Thread Maglinger, Paul

We thought their management sucked too.  Their SALES management, that is.  J

From: Ray [mailto:rz...@qwest.net] 
Sent: Thursday, October 07, 2010 2:39 PM
To: NT System Admin Issues
Subject: RE: AV Opinions

We thought pretty much everything about their management sucked, including 
agents. 

From: Alan Davies [mailto:adav...@cls-services.com] 
Sent: Thursday, October 07, 2010 5:48 AM
To: NT System Admin Issues
Subject: RE: AV Opinions

Hmmm ... my comments were more around the ability to manage/control agents than 
how nice the console was to use.  Also, on the additional functionality side, 
their local FW and software NAC components were very immature feature wise.  
Support varied - UK support a million times better than the out of hours US 
support!

a

From: Ray [mailto:rz...@qwest.net] 
Sent: 07 October 2010 12:42
To: NT System Admin Issues
Subject: RE: AV Opinions

That's interesting, because we absolutely hated McAfee and it's enterprise 
console, and couldn't wait to get rid of it.  We've ended up with significantly 
better coverage with Sophos than we ever did with McAfee. 

From: Alan Davies [mailto:adav...@cls-services.com] 
Sent: Thursday, October 07, 2010 2:42 AM
To: NT System Admin Issues
Subject: RE: AV Opinions

Sophos seem to be excellent detection wise.  As for not detecting Conficker 
below, that'll have been another issue as there is no AV product out there that 
can't detect it.  If I had to guess, perhaps one host was infected and locked 
out AD, but all the Sophos alerts were from machines missing MS08-067 that were 
"getting infected" because the OS could not protect against it, but immediately 
cleaned by Sophos.  Certainly behaviour I've seen before.  You must patch 
Windows, AV can do everything on its own.

One negative comment about Sophos - they are still, in my opinion, very low 
down the pecking order in Enterprise Management.  They have a long, long way to 
catch up on McAfee and the like for agent management, alerting, mandatory 
policies, etc.  You can work around these things and it's a great AV product, 
but if you're a large, sensitive environment, it may frustrate you a little.  
Going from 7 to 9 didn't improve these grumbles much ...

a

From: Ames Matthew B [mailto:mba...@qinetiq.com] 
Sent: 07 October 2010 08:12
To: NT System Admin Issues
Subject: RE: AV Opinions

We run Sophos here, and it seems to do a reasonable job.  Corporate IS got 
caught last year with their pants down after a departmental server without any 
AV on it (or seriously out of date - guess someone got a good telling off for 
that) managed to get Conficker.  Given we don't have a direct net connection to 
our deskstops or services network, they had not bothered to install the 
hotfixes to prevent this

For what ever reason Sophos did not detected it, and quite a few machines got 
infected, and a couple of thousand user accounts got locked out.  Took them a 
few days to get things under control - I wrote a little ldap tool to monitor 
the number of locked out user accounts :-)

Sophos is a bit of a memory hog (not sure how it compares to other versions), 
taking around 150MB (savservice.exe alone is taking 108MB on my machine 
currently).  We are currently using 7.6.20

tht,

Matt

From: Jim Holmgren [mailto:jholmg...@xlhealth.com] 
Sent: 07 October 2010 01:23
To: NT System Admin Issues
Subject: RE: AV Opinions

Give Sophos a long look.  I firmly believe they are the best of breed that 
nobody seems to talk about.  They don't market to the non-corporate crowd, so 
that probably has something to do with it.  I asked this list and a few other 
resources when I was evaluating solutions.  I did not hear from a single person 
using Sophos that did not like it.

We are replacing Symantec with Sophos right now and it is going very well so 
far.   

Sophos will sync with AD (if you want) to automatically protect computers when 
you add them.  It will remove Symantec cleanly (so far on about 25 test/pilot 
users it has been perfect) when pushing it out.  It includes device control 
(want to block USB storage devices...2-3 clicks and you are done), a NAC 
component, and a firewall. 

It also includes clients for Mac/Linux and with each corporate license, you get 
a free at-home license.   NFI - just a very satisfied customer so far.

Jim

From: Joseph L. Casale [mailto:jcas...@activenetwerx.com]
Sent: Wed 10/6/2010 7:09 PM
To: NT System Admin Issues
Subject: AV Opinions

At one of the shops that I look after, I have been asked to change the AV to 
something new and current.

Vipre and Forefront excluded (I know enough about those already), what else are 
you guys using that's good?

It's been a while since I looked at all the other vendors, I have such little 
time to eval for this need, I c

RE: AV Opinions

2010-10-07 Thread Ray

We thought pretty much everything about their management sucked, including
agents. 

From: Alan Davies [mailto:adav...@cls-services.com] 
Sent: Thursday, October 07, 2010 5:48 AM
To: NT System Admin Issues
Subject: RE: AV Opinions

Hmmm ... my comments were more around the ability to manage/control agents
than how nice the console was to use.  Also, on the additional functionality
side, their local FW and software NAC components were very immature feature
wise.  Support varied - UK support a million times better than the out of
hours US support!

a

  _  

From: Ray [mailto:rz...@qwest.net] 
Sent: 07 October 2010 12:42
To: NT System Admin Issues
Subject: RE: AV Opinions

Thats interesting, because we absolutely hated McAfee and its enterprise
console, and couldnt wait to get rid of it.  Weve ended up with
significantly better coverage with Sophos than we ever did with McAfee. 

From: Alan Davies [mailto:adav...@cls-services.com] 
Sent: Thursday, October 07, 2010 2:42 AM
To: NT System Admin Issues
Subject: RE: AV Opinions

Sophos seem to be excellent detection wise.  As for not detecting Conficker
below, that'll have been another issue as there is no AV product out there
that can't detect it.  If I had to guess, perhaps one host was infected and
locked out AD, but all the Sophos alerts were from machines missing MS08-067
that were "getting infected" because the OS could not protect against it,
but immediately cleaned by Sophos.  Certainly behaviour I've seen before.
You must patch Windows, AV can do everything on its own.

One negative comment about Sophos - they are still, in my opinion, very low
down the pecking order in Enterprise Management.  They have a long, long way
to catch up on McAfee and the like for agent management, alerting, mandatory
policies, etc.  You can work around these things and it's a great AV
product, but if you're a large, sensitive environment, it may frustrate you
a little.  Going from 7 to 9 didn't improve these grumbles much ...

a

  _  

From: Ames Matthew B [mailto:mba...@qinetiq.com] 
Sent: 07 October 2010 08:12
To: NT System Admin Issues
Subject: RE: AV Opinions

We run Sophos here, and it seems to do a reasonable job.  Corporate IS got
caught last year with their pants down after a departmental server without
any AV on it (or seriously out of date - guess someone got a good telling
off for that) managed to get Conficker.  Given we don't have a direct net
connection to our deskstops or services network, they had not bothered to
install the hotfixes to prevent this

For what ever reason Sophos did not detected it, and quite a few machines
got infected, and a couple of thousand user accounts got locked out.  Took
them a few days to get things under control - I wrote a little ldap tool to
monitor the number of locked out user accounts :-)

Sophos is a bit of a memory hog (not sure how it compares to other
versions), taking around 150MB (savservice.exe alone is taking 108MB on my
machine currently).  We are currently using 7.6.20

tht,

Matt

  _  

From: Jim Holmgren [mailto:jholmg...@xlhealth.com] 
Sent: 07 October 2010 01:23
To: NT System Admin Issues
Subject: RE: AV Opinions

Give Sophos a long look.  I firmly believe they are the best of breed that
nobody seems to talk about.  They don't market to the non-corporate crowd,
so that probably has something to do with it.  I asked this list and a few
other resources when I was evaluating solutions.  I did not hear from a
single person using Sophos that did not like it.

We are replacing Symantec with Sophos right now and it is going very well so
far.   

Sophos will sync with AD (if you want) to automatically protect computers
when you add them.  It will remove Symantec cleanly (so far on about 25
test/pilot users it has been perfect) when pushing it out.  It includes
device control (want to block USB storage devices...2-3 clicks and you are
done), a NAC component, and a firewall. 

It also includes clients for Mac/Linux and with each corporate license, you
get a free at-home license.   NFI - just a very satisfied customer so far.

Jim

  _  

From: Joseph L. Casale [mailto:jcas...@activenetwerx.com]
Sent: Wed 10/6/2010 7:09 PM
To: NT System Admin Issues
Subject: AV Opinions

At one of the shops that I look after, I have been asked to change the AV to
something new and current.

Vipre and Forefront excluded (I know enough about those already), what else
are you guys using thats good?

Its been a while since I looked at all the other vendors, I have such
little time to eval for this need, I cant just download all vendors
packages and trial each one for 30 days, I need to look at one and hopefully
get it rightL

Thanks for any opinions,

jlc

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.su

Redeploying Vista with WDS

2010-10-07 Thread Joseph L. Casale

I have a specific image I must use that only has SP1, well my current WAIK
setup needs that image to have SP2 for me to accomplish what I want to
the wim before I load it into my WDS server. Any ways to get around the
reference computer buildout and `sysprep /oobe /generalize /reboot`
then capture? What a PITA...

Thanks!
jlc

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Adobe Reader

2010-10-07 Thread Terry Dickson

Thanks for the update.


-Original Message-
From: Carl Houseman [mailto:c.house...@gmail.com] 
Sent: Thursday, October 07, 2010 1:44 PM
To: NT System Admin Issues
Subject: RE: Adobe Reader

According to Secunia there are no unpatched vulnerabilities in Flash Player 
since the Sept release of 10.1.85.3.  So CNET was either jumping the gun or 
behind the curve.

Carl

-Original Message-
From: Terry Dickson [mailto:te...@treasurer.state.ks.us]
Sent: Tuesday, October 05, 2010 2:55 PM
To: NT System Admin Issues
Subject: RE: Adobe Reader

The article on CNET said they were going to have a new version of Flash out 
also, and that was just from last week.

-Original Message-
From: Carl Houseman [mailto:c.house...@gmail.com]
Sent: Tuesday, October 05, 2010 1:53 PM
To: NT System Admin Issues
Subject: RE: Adobe Reader

Thanks for the FYI.  Flash player was updated around 9/20.  Hope we don't need 
a new one already...

Carl

-Original Message-
From: Terry Dickson [mailto:te...@treasurer.state.ks.us]
Sent: Tuesday, October 05, 2010 2:44 PM
To: NT System Admin Issues
Subject: Adobe Reader

For those of you that care, Adobe Reader 9.4 is now available for download.
I have not checked on the new version of Flash yet.



~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

HP PODs

2010-10-07 Thread pchoward

Anyone have good or bad reviews on  the HP POD or other containerised DC?
Sent from my Verizon Wireless BlackBerry


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Interesting run-down on Stuxnet from F-Secure

2010-10-07 Thread Andrew S. Baker

There are still enough people running as admin on higher versions of Windows
AND some of those even disable UAC.

We will have enough stupidity for quite a while yet...

(Besides, 40-40% of all Windows users running XP will still be a pretty huge
number of juicy targets)


*ASB *(My XeeSM Profile) 
*Exploiting Technology for Business Advantage...*
* *



On Thu, Oct 7, 2010 at 2:41 PM, Carl Houseman  wrote:

>  The avenue closes as the percentage of XP machines ...  how long for
> that?  I'm guessing XP is less than 50% of Windows users before April 2014,
> and if not by then, real soon afterwards.
>
>
>
> Carl
>
>
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Sent:* Thursday, October 07, 2010 2:25 PM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Interesting run-down on Stuxnet from F-Secure
>
>
>
> *>>**Looking forward a few years, non-admin users' risk will steadily
> increase as malware more often includes code to exploit priv escalation
> bugs.*
>
>
>
> I agree that we will see a rise in non-admin malware, but it will be much
> easier to go after the low hanging fruit of people with too much local
> access, because lots more sophistication is needed to implement these
> attacks.
>
>
>
> When this avenue is largely closed, then the malware folks will have no
> choice but to spend more of their time on those classes of attacks.
>
>
>
> *ASB *(My XeeSM Profile) 
> *Exploiting Technology for Business Advantage...*
> * *
>
>
>
>  On Thu, Oct 7, 2010 at 12:33 PM, Carl Houseman 
> wrote:
>
> I'd say it's a good bet the privilege escalation bugs are used to get
> around limited user limitations and install the rootkit.
>
>
>
> Looking forward a few years, non-admin users' risk will steadily increase
> as malware more often includes code to exploit priv escalation bugs.
> There's always a priv escalation bug hiding around the next corner, and
> malware will use them to survive.
>
>
>
> Carl
>
>
>
> *From:* John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
> *Sent:* Thursday, October 07, 2010 12:04 PM
>
>
> *To:* NT System Admin Issues
>
> *Subject:* RE: Interesting run-down on Stuxnet from F-Secure
>
>
>
> An interesting read.
>
>
>
> Would running without elevated permissions eliminate the risk of infection?
> Or do the two zero-day exploits (privilege escalation via keyboard layout
> file and privilege escalation via Task Scheduler) allow infection even when
> running as a limited user?
>
>
>
>
>
>
>
> John Hornbuckle
>
> MIS Department
>
> Taylor County School District
>
> www.taylor.k12.fl.us
>
>
>
>
>
>
>
>
>
> *From:* James Rankin [mailto:kz2...@googlemail.com]
> *Sent:* Thursday, October 07, 2010 11:43 AM
>
>
> *To:* NT System Admin Issues
> *Subject:* Interesting run-down on Stuxnet from F-Secure
>
>
>
> http://www.f-secure.com/weblog/archives/2040.html
>
> They seem to draw a little bit of comparison between Stuxnet and Conficker,
> as well as some other mildly interesting bits
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Adobe Reader

2010-10-07 Thread Carl Houseman

According to Secunia there are no unpatched vulnerabilities in Flash Player
since the Sept release of 10.1.85.3.  So CNET was either jumping the gun or
behind the curve.

Carl

-Original Message-
From: Terry Dickson [mailto:te...@treasurer.state.ks.us] 
Sent: Tuesday, October 05, 2010 2:55 PM
To: NT System Admin Issues
Subject: RE: Adobe Reader

The article on CNET said they were going to have a new version of Flash out
also, and that was just from last week.

-Original Message-
From: Carl Houseman [mailto:c.house...@gmail.com] 
Sent: Tuesday, October 05, 2010 1:53 PM
To: NT System Admin Issues
Subject: RE: Adobe Reader

Thanks for the FYI.  Flash player was updated around 9/20.  Hope we don't
need a new one already...

Carl

-Original Message-
From: Terry Dickson [mailto:te...@treasurer.state.ks.us]
Sent: Tuesday, October 05, 2010 2:44 PM
To: NT System Admin Issues
Subject: Adobe Reader

For those of you that care, Adobe Reader 9.4 is now available for download.
I have not checked on the new version of Flash yet.



~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Need System/Application Security Advice

2010-10-07 Thread Andrew S. Baker

What you're asking for is a redesign

One way to address this issue is the place authentication in the hands of
your database tier, and not grant any special domain level rights to IIS.
 This way, successful attacks against the web servers [1] would still
require subsequent successful attacks against the database [2] before
getting at this sensitive data.

I hope that lots of encryption is being intelligently used throughout this
application -- in transit AND at rest.


*ASB *(My XeeSM Profile) 
*Exploiting Technology for Business Advantage...*
* *
[1] Where we hope not to find database connection strings
for privileged accounts
[2] Which would now be trivial




*ASB *(My XeeSM Profile) 
*Exploiting Technology for Business Advantage...*
* *
On Thu, Oct 7, 2010 at 1:53 PM, Klint Price  wrote:

>  So what steps should be taken to secure it since no instructions are
> provided to do so?
>
>
>
> Because IIS knows the password for the xyzweb account. If someone can get
> IIS to execute arbitrary code (e.g. by uploading some of their own webpages)
> then IIS can connect to serverB using the domain\xyzweb account, and that
> account has privileges on serverB.
>
>
>
> By running your website as a domain user it is basically giving permission
> to your web server to access anything that the user has access to on the
> entire domain. Wouldn’t that mean that
> if someone manages to take advantage of one of the many IIS vulnerabilities
> they very well may have access to information all over your network instead
> of just the one machine?
>
>
>
> A workaround or possible solution would be to instruct the customer that if
> they are going to use a domain account (which by architecture they are
> forcing them to do), that they should use a non-privileged account, and
> remove it from the “domain users” group.  That way the account can be
> considered “authenticated”, but has no other default rights on the domain.
> Additional settings should be implemented to prevent the password from
> expiring, and locking out.
>
>
>
>
>
>
>
> *From:* Brian Desmond [mailto:br...@briandesmond.com]
> *Sent:* Thursday, October 07, 2010 10:49 AM
>
> *To:* NT System Admin Issues
> *Subject:* RE: Need System/Application Security Advice
>
>
>
> *It’s very common. There are many things you simply cannot do if you run
> in a local security context. FYI if you run the app pool as Network Service
> on a domain joined machine that provides it the domain rights of the
> server’s computer account.*
>
> * *
>
> *If an internet facing app even not in a corp environment runs on a web
> farm and is anything other than static content you’re almost guaranteed to
> have a domain and shared domain accounts running it too.*
>
> * *
>
> *Thanks,*
>
> *Brian Desmond*
>
> *br...@briandesmond.com*
>
> * *
>
> *c - 312.731.3132*
>
> * *
>
> * *
>
> *From:* Klint Price [mailto:kpr...@arizonaitpro.com]
> *Sent:* Thursday, October 07, 2010 7:36 PM
> *To:* NT System Admin Issues
> *Subject:* RE: Need System/Application Security Advice
>
>
>
> Internal corporate, yes.  Directly exposed to the internet? I would hope
> not.
>
>
>
> *From:* Brian Desmond [mailto:br...@briandesmond.com]
> *Sent:* Thursday, October 07, 2010 10:34 AM
> *To:* NT System Admin Issues
> *Subject:* RE: Need System/Application Security Advice
>
>
>
> *Ermm what you describe (as I understand it) is probably how 75-90 percent
> of apps run on IIS in a corporate environment.*
>
> * *
>
> *Thanks,*
>
> *Brian Desmond*
>
> *br...@briandesmond.com*
>
> * *
>
> *c - 312.731.3132*
>
> * *
>
> * *
>
> *From:* Klint Price [mailto:kpr...@arizonaitpro.com]
> *Sent:* Thursday, October 07, 2010 7:28 PM
> *To:* NT System Admin Issues
> *Subject:* Need System/Application Security Advice
>
>
>
> My off-hour job is consulting for various companies.  One such small
> company puts out a product that I feel needs to be fixed.
>
>
>
> Company sells two products;  ProductA integrates with ProductB which both
> manage sensitive data and are exposed to the public Internet
>
>
>
> Windows Forms Authentication is tied to LDAP to authenticate users prior to
> allowing them into the inner-workings of the system.
>
>
>
> ProductA and ProductB are configured so that IIS allows a domain account to
> run the entire website for anonymous users (the equivalent of running an app
> pool with a domain account).
>
>
>
> Because the entire site runs under the domain account, there are inherent
> security risks which Company fails to disclose.
>
>
>
> I am about to send off an e-mail to the higher ups detailing why this is a
> bad idea without instructing the customer on the possible security risks,
> and associated steps to mitigate, let alone re-architect the application to
> reduce this exposure.
>
>
>
> Why is it a bad idea to configure a site in this way out-of-the-box, and
> what articles can you point me to?  Any security articles would also be
> appreciated.
>
>
>
> A

RE: Interesting run-down on Stuxnet from F-Secure

2010-10-07 Thread Carl Houseman

The avenue closes as the percentage of XP machines ...  how long for that?
I'm guessing XP is less than 50% of Windows users before April 2014, and if
not by then, real soon afterwards.

 

Carl

 

From: Andrew S. Baker [mailto:asbz...@gmail.com] 
Sent: Thursday, October 07, 2010 2:25 PM
To: NT System Admin Issues
Subject: Re: Interesting run-down on Stuxnet from F-Secure

 

>>Looking forward a few years, non-admin users' risk will steadily increase
as malware more often includes code to exploit priv escalation bugs.

 

I agree that we will see a rise in non-admin malware, but it will be much
easier to go after the low hanging fruit of people with too much local
access, because lots more sophistication is needed to implement these
attacks.

 

When this avenue is largely closed, then the malware folks will have no
choice but to spend more of their time on those classes of attacks.


 

ASB   (My XeeSM Profile) 
Exploiting Technology for Business Advantage...
 





On Thu, Oct 7, 2010 at 12:33 PM, Carl Houseman  wrote:

I'd say it's a good bet the privilege escalation bugs are used to get around
limited user limitations and install the rootkit.

 

Looking forward a few years, non-admin users' risk will steadily increase as
malware more often includes code to exploit priv escalation bugs.  There's
always a priv escalation bug hiding around the next corner, and malware will
use them to survive.

 

Carl

 

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Thursday, October 07, 2010 12:04 PM


To: NT System Admin Issues

Subject: RE: Interesting run-down on Stuxnet from F-Secure

 

An interesting read.

 

Would running without elevated permissions eliminate the risk of infection?
Or do the two zero-day exploits (privilege escalation via keyboard layout
file and privilege escalation via Task Scheduler) allow infection even when
running as a limited user?

 

 

 

John Hornbuckle

MIS Department

Taylor County School District

www.taylor.k12.fl.us

 

 

 

 

From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: Thursday, October 07, 2010 11:43 AM


To: NT System Admin Issues
Subject: Interesting run-down on Stuxnet from F-Secure

 

http://www.f-secure.com/weblog/archives/2040.html 

They seem to draw a little bit of comparison between Stuxnet and Conficker,
as well as some other mildly interesting bits

-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 
 
NOTICE: Florida has a broad public records law. Most written communications
to or from this entity are public records that will be disclosed to the
public and the media upon request. E-mail communications may be subject to
public disclosure.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~


~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Interesting run-down on Stuxnet from F-Secure

2010-10-07 Thread Andrew S. Baker

*>>**Looking forward a few years, non-admin users' risk will steadily
increase as malware more often includes code to exploit priv escalation
bugs.*

I agree that we will see a rise in non-admin malware, but it will be much
easier to go after the low hanging fruit of people with too much local
access, because lots more sophistication is needed to implement these
attacks.

When this avenue is largely closed, then the malware folks will have no
choice but to spend more of their time on those classes of attacks.


*ASB *(My XeeSM Profile) 
*Exploiting Technology for Business Advantage...*
* *



On Thu, Oct 7, 2010 at 12:33 PM, Carl Houseman  wrote:

>  I'd say it's a good bet the privilege escalation bugs are used to get
> around limited user limitations and install the rootkit.
>
>
>
> Looking forward a few years, non-admin users' risk will steadily increase
> as malware more often includes code to exploit priv escalation bugs.
> There's always a priv escalation bug hiding around the next corner, and
> malware will use them to survive.
>
>
>
> Carl
>
>
>
> *From:* John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
> *Sent:* Thursday, October 07, 2010 12:04 PM
>
> *To:* NT System Admin Issues
> *Subject:* RE: Interesting run-down on Stuxnet from F-Secure
>
>
>
> An interesting read.
>
>
>
> Would running without elevated permissions eliminate the risk of infection?
> Or do the two zero-day exploits (privilege escalation via keyboard layout
> file and privilege escalation via Task Scheduler) allow infection even when
> running as a limited user?
>
>
>
>
>
>
>
> John Hornbuckle
>
> MIS Department
>
> Taylor County School District
>
> www.taylor.k12.fl.us
>
>
>
>
>
>
>
>
>
> *From:* James Rankin [mailto:kz2...@googlemail.com]
> *Sent:* Thursday, October 07, 2010 11:43 AM
>
> *To:* NT System Admin Issues
> *Subject:* Interesting run-down on Stuxnet from F-Secure
>
>
>
> http://www.f-secure.com/weblog/archives/2040.html
>
> They seem to draw a little bit of comparison between Stuxnet and Conficker,
> as well as some other mildly interesting bits
>
> --
> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
> the machine wrong figures, will the right answers come out?' I am not able
> rightly to apprehend the kind of confusion of ideas that could provoke such
> a question."
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
>
>
>
> NOTICE: Florida has a broad public records law. Most written communications 
> to or from this entity are public records that will be disclosed to the 
> public and the media upon request. E-mail communications may be subject to 
> public disclosure.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: SORBS.NET - email RBL issues

2010-10-07 Thread Andrew S. Baker

You're welcome.

Looks like they have things under control right now, but they were under a
DDoS attack earlier.

http://blog.proofpoint.com/2010/10/sorbs-email-realtime-blocklist-hit-by-ddos-attack-causing-widespread-email-deliverability-problems.html


*ASB *(My XeeSM Profile) 
*Exploiting Technology for Business Advantage...*
* *



On Thu, Oct 7, 2010 at 11:10 AM, Steven M. Caesare wrote:

> Thanks for the heads up..
>
>
>
> -sc
>
>
>
> *Sent:* Thursday, October 07, 2010 9:28 AM
> *Subject:* SORBS.NET - email RBL issues
>
>
>
> https://isc.sans.edu/diary.html?storyid=9685
>
> If you're using SORBS.NET for email, be advised:  they're having issues
> this morning...  :)
>
>
> *ASB *(My XeeSM Profile) 
> *Exploiting Technology for Business Advantage...*
> * *
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Need System/Application Security Advice

2010-10-07 Thread Klint Price

So what steps should be taken to secure it since no instructions are provided 
to do so?

Because IIS knows the password for the xyzweb account. If someone can get IIS 
to execute arbitrary code (e.g. by uploading some of their own webpages) then 
IIS can connect to serverB using the domain\xyzweb account, and that account 
has privileges on serverB.

By running your website as a domain user it is basically giving permission to 
your web server to access anything that the user has access to on the entire 
domain. Wouldn't that mean that
if someone manages to take advantage of one of the many IIS vulnerabilities 
they very well may have access to information all over your network instead of 
just the one machine?

A workaround or possible solution would be to instruct the customer that if 
they are going to use a domain account (which by architecture they are forcing 
them to do), that they should use a non-privileged account, and remove it from 
the "domain users" group.  That way the account can be considered 
"authenticated", but has no other default rights on the domain.  Additional 
settings should be implemented to prevent the password from expiring, and 
locking out.



From: Brian Desmond [mailto:br...@briandesmond.com]
Sent: Thursday, October 07, 2010 10:49 AM
To: NT System Admin Issues
Subject: RE: Need System/Application Security Advice

It's very common. There are many things you simply cannot do if you run in a 
local security context. FYI if you run the app pool as Network Service on a 
domain joined machine that provides it the domain rights of the server's 
computer account.

If an internet facing app even not in a corp environment runs on a web farm and 
is anything other than static content you're almost guaranteed to have a domain 
and shared domain accounts running it too.

Thanks,
Brian Desmond
br...@briandesmond.com

c - 312.731.3132


From: Klint Price [mailto:kpr...@arizonaitpro.com]
Sent: Thursday, October 07, 2010 7:36 PM
To: NT System Admin Issues
Subject: RE: Need System/Application Security Advice

Internal corporate, yes.  Directly exposed to the internet? I would hope not.

From: Brian Desmond [mailto:br...@briandesmond.com]
Sent: Thursday, October 07, 2010 10:34 AM
To: NT System Admin Issues
Subject: RE: Need System/Application Security Advice

Ermm what you describe (as I understand it) is probably how 75-90 percent of 
apps run on IIS in a corporate environment.

Thanks,
Brian Desmond
br...@briandesmond.com

c - 312.731.3132


From: Klint Price [mailto:kpr...@arizonaitpro.com]
Sent: Thursday, October 07, 2010 7:28 PM
To: NT System Admin Issues
Subject: Need System/Application Security Advice

My off-hour job is consulting for various companies.  One such small company 
puts out a product that I feel needs to be fixed.

Company sells two products;  ProductA integrates with ProductB which both 
manage sensitive data and are exposed to the public Internet

Windows Forms Authentication is tied to LDAP to authenticate users prior to 
allowing them into the inner-workings of the system.

ProductA and ProductB are configured so that IIS allows a domain account to run 
the entire website for anonymous users (the equivalent of running an app pool 
with a domain account).

Because the entire site runs under the domain account, there are inherent 
security risks which Company fails to disclose.

I am about to send off an e-mail to the higher ups detailing why this is a bad 
idea without instructing the customer on the possible security risks, and 
associated steps to mitigate, let alone re-architect the application to reduce 
this exposure.

Why is it a bad idea to configure a site in this way out-of-the-box, and what 
articles can you point me to?  Any security articles would also be appreciated.

At minimum I think the domain user should be removed from the "domain users" 
group, with additional GPO's applied to lock down the account.

What say ye?



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com

RE: Need System/Application Security Advice

2010-10-07 Thread Brian Desmond

It's very common. There are many things you simply cannot do if you run in a 
local security context. FYI if you run the app pool as Network Service on a 
domain joined machine that provides it the domain rights of the server's 
computer account.

If an internet facing app even not in a corp environment runs on a web farm and 
is anything other than static content you're almost guaranteed to have a domain 
and shared domain accounts running it too.

Thanks,
Brian Desmond
br...@briandesmond.com

c - 312.731.3132


From: Klint Price [mailto:kpr...@arizonaitpro.com]
Sent: Thursday, October 07, 2010 7:36 PM
To: NT System Admin Issues
Subject: RE: Need System/Application Security Advice

Internal corporate, yes.  Directly exposed to the internet? I would hope not.

From: Brian Desmond [mailto:br...@briandesmond.com]
Sent: Thursday, October 07, 2010 10:34 AM
To: NT System Admin Issues
Subject: RE: Need System/Application Security Advice

Ermm what you describe (as I understand it) is probably how 75-90 percent of 
apps run on IIS in a corporate environment.

Thanks,
Brian Desmond
br...@briandesmond.com

c - 312.731.3132


From: Klint Price [mailto:kpr...@arizonaitpro.com]
Sent: Thursday, October 07, 2010 7:28 PM
To: NT System Admin Issues
Subject: Need System/Application Security Advice

My off-hour job is consulting for various companies.  One such small company 
puts out a product that I feel needs to be fixed.

Company sells two products;  ProductA integrates with ProductB which both 
manage sensitive data and are exposed to the public Internet

Windows Forms Authentication is tied to LDAP to authenticate users prior to 
allowing them into the inner-workings of the system.

ProductA and ProductB are configured so that IIS allows a domain account to run 
the entire website for anonymous users (the equivalent of running an app pool 
with a domain account).

Because the entire site runs under the domain account, there are inherent 
security risks which Company fails to disclose.

I am about to send off an e-mail to the higher ups detailing why this is a bad 
idea without instructing the customer on the possible security risks, and 
associated steps to mitigate, let alone re-architect the application to reduce 
this exposure.

Why is it a bad idea to configure a site in this way out-of-the-box, and what 
articles can you point me to?  Any security articles would also be appreciated.

At minimum I think the domain user should be removed from the "domain users" 
group, with additional GPO's applied to lock down the account.

What say ye?



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Need System/Application Security Advice

2010-10-07 Thread Klint Price

Internal corporate, yes.  Directly exposed to the internet? I would hope not.

From: Brian Desmond [mailto:br...@briandesmond.com]
Sent: Thursday, October 07, 2010 10:34 AM
To: NT System Admin Issues
Subject: RE: Need System/Application Security Advice

Ermm what you describe (as I understand it) is probably how 75-90 percent of 
apps run on IIS in a corporate environment.

Thanks,
Brian Desmond
br...@briandesmond.com

c - 312.731.3132

From: Klint Price [mailto:kpr...@arizonaitpro.com]
Sent: Thursday, October 07, 2010 7:28 PM
To: NT System Admin Issues
Subject: Need System/Application Security Advice

My off-hour job is consulting for various companies.  One such small company 
puts out a product that I feel needs to be fixed.

Company sells two products;  ProductA integrates with ProductB which both 
manage sensitive data and are exposed to the public Internet

Windows Forms Authentication is tied to LDAP to authenticate users prior to 
allowing them into the inner-workings of the system.

ProductA and ProductB are configured so that IIS allows a domain account to run 
the entire website for anonymous users (the equivalent of running an app pool 
with a domain account).

Because the entire site runs under the domain account, there are inherent 
security risks which Company fails to disclose.

I am about to send off an e-mail to the higher ups detailing why this is a bad 
idea without instructing the customer on the possible security risks, and 
associated steps to mitigate, let alone re-architect the application to reduce 
this exposure.

Why is it a bad idea to configure a site in this way out-of-the-box, and what 
articles can you point me to?  Any security articles would also be appreciated.

At minimum I think the domain user should be removed from the "domain users" 
group, with additional GPO's applied to lock down the account.

What say ye?

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Need System/Application Security Advice

2010-10-07 Thread Brian Desmond

Ermm what you describe (as I understand it) is probably how 75-90 percent of 
apps run on IIS in a corporate environment.

Thanks,
Brian Desmond
br...@briandesmond.com

c - 312.731.3132


From: Klint Price [mailto:kpr...@arizonaitpro.com]
Sent: Thursday, October 07, 2010 7:28 PM
To: NT System Admin Issues
Subject: Need System/Application Security Advice

My off-hour job is consulting for various companies.  One such small company 
puts out a product that I feel needs to be fixed.

Company sells two products;  ProductA integrates with ProductB which both 
manage sensitive data and are exposed to the public Internet

Windows Forms Authentication is tied to LDAP to authenticate users prior to 
allowing them into the inner-workings of the system.

ProductA and ProductB are configured so that IIS allows a domain account to run 
the entire website for anonymous users (the equivalent of running an app pool 
with a domain account).

Because the entire site runs under the domain account, there are inherent 
security risks which Company fails to disclose.

I am about to send off an e-mail to the higher ups detailing why this is a bad 
idea without instructing the customer on the possible security risks, and 
associated steps to mitigate, let alone re-architect the application to reduce 
this exposure.

Why is it a bad idea to configure a site in this way out-of-the-box, and what 
articles can you point me to?  Any security articles would also be appreciated.

At minimum I think the domain user should be removed from the "domain users" 
group, with additional GPO's applied to lock down the account.

What say ye?



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Need System/Application Security Advice

2010-10-07 Thread Klint Price

My off-hour job is consulting for various companies.  One such small company 
puts out a product that I feel needs to be fixed.

Company sells two products;  ProductA integrates with ProductB which both 
manage sensitive data and are exposed to the public Internet

Windows Forms Authentication is tied to LDAP to authenticate users prior to 
allowing them into the inner-workings of the system.

ProductA and ProductB are configured so that IIS allows a domain account to run 
the entire website for anonymous users (the equivalent of running an app pool 
with a domain account).

Because the entire site runs under the domain account, there are inherent 
security risks which Company fails to disclose.

I am about to send off an e-mail to the higher ups detailing why this is a bad 
idea without instructing the customer on the possible security risks, and 
associated steps to mitigate, let alone re-architect the application to reduce 
this exposure.

Why is it a bad idea to configure a site in this way out-of-the-box, and what 
articles can you point me to?  Any security articles would also be appreciated.

At minimum I think the domain user should be removed from the "domain users" 
group, with additional GPO's applied to lock down the account.

What say ye?



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Interesting run-down on Stuxnet from F-Secure

2010-10-07 Thread John Hornbuckle

Ah-this one confirms that it uses the two zero-day exploits to get around users 
running with limited permissions. And that it doesn't work on 64-bit OS flavors.



John Hornbuckle
MIS Department
Taylor County School District
www.taylor.k12.fl.us



From: Free, Bob [mailto:r...@pge.com]
Sent: Thursday, October 07, 2010 12:23 PM
To: NT System Admin Issues
Subject: RE: Interesting run-down on Stuxnet from F-Secure

FWIW- If you are interested in Stuxnet, Symantec published a nearly 50 page pdf 
titled  W32.Stuxnet Dossier. Pretty comprehensive coverage

http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf


From: James Rankin [mailto:kz2...@googlemail.com]
Sent: Thursday, October 07, 2010 8:43 AM
To: NT System Admin Issues
Subject: Interesting run-down on Stuxnet from F-Secure

http://www.f-secure.com/weblog/archives/2040.html

They seem to draw a little bit of comparison between Stuxnet and Conficker, as 
well as some other mildly interesting bits

--
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the 
machine wrong figures, will the right answers come out?' I am not able rightly 
to apprehend the kind of confusion of ideas that could provoke such a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



NOTICE: Florida has a broad public records law. Most written communications to 
or from this entity are public records that will be disclosed to the public and 
the media upon request. E-mail communications may be subject to public 
disclosure.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Interesting run-down on Stuxnet from F-Secure

2010-10-07 Thread Carl Houseman

I'd say it's a good bet the privilege escalation bugs are used to get around
limited user limitations and install the rootkit.

 

Looking forward a few years, non-admin users' risk will steadily increase as
malware more often includes code to exploit priv escalation bugs.  There's
always a priv escalation bug hiding around the next corner, and malware will
use them to survive.

 

Carl

 

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] 
Sent: Thursday, October 07, 2010 12:04 PM
To: NT System Admin Issues
Subject: RE: Interesting run-down on Stuxnet from F-Secure

 

An interesting read.

 

Would running without elevated permissions eliminate the risk of infection?
Or do the two zero-day exploits (privilege escalation via keyboard layout
file and privilege escalation via Task Scheduler) allow infection even when
running as a limited user?

 

 

 

John Hornbuckle

MIS Department

Taylor County School District

www.taylor.k12.fl.us

 

 

 

 

From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: Thursday, October 07, 2010 11:43 AM
To: NT System Admin Issues
Subject: Interesting run-down on Stuxnet from F-Secure

 

http://www.f-secure.com/weblog/archives/2040.html 

They seem to draw a little bit of comparison between Stuxnet and Conficker,
as well as some other mildly interesting bits

-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 
 
NOTICE: Florida has a broad public records law. Most written communications
to or from this entity are public records that will be disclosed to the
public and the media upon request. E-mail communications may be subject to
public disclosure.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: HP Project and Portfolio Management

2010-10-07 Thread Brian Desmond

In that case I'd suspect you could run your IT department out of a couple Excel 
files...

Thanks,
Brian Desmond
br...@briandesmond.com

c - 312.731.3132



-Original Message-
From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] 
Sent: Thursday, October 07, 2010 6:24 PM
To: NT System Admin Issues
Subject: RE: HP Project and Portfolio Management

Thanks, guys... That's kind of what I was figuring after I Googled it. :-) We 
are definitely a VERY small organization... and with only one person in the 
entire IT department, I figured it was unlikely we'd be able to use something 
like this. OTOH, I'm not the most organized person in the world.
;-)




-Original Message-
From: Brian Desmond [mailto:br...@briandesmond.com]
Sent: Thursday, October 07, 2010 11:16 AM
To: NT System Admin Issues
Subject: RE: HP Project and Portfolio Management

Agreed. I'd also infer based on other posts from the OP that it isn't remotely 
in his price range. 

Thanks,
Brian Desmond
br...@briandesmond.com

c - 312.731.3132



-Original Message-
From: Free, Bob [mailto:r...@pge.com]
Sent: Thursday, October 07, 2010 5:05 PM
To: NT System Admin Issues
Subject: RE: HP Project and Portfolio Management

>From what I have seen of your posts, your environment isn't of the scale PPMC 
>is usually attracted to. It is by no means a trivial exercise to implement.

-Original Message-
From: John Aldrich [mailto:jaldr...@blueridgecarpet.com]
Sent: Thursday, October 07, 2010 5:41 AM
To: NT System Admin Issues
Subject: HP Project and Portfolio Management

Anyone here used this? One of our senior managers got an email about it from a 
reseller and wants me to take a look. Before I do, I'd like to know more about 
it so I can at least ask some intelligent questions. Please email me off-list.

Thanks,
John Aldrich
IT Manager,
Blueridge Carpet
706-276-2001, Ext. 2233



~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: HP Project and Portfolio Management

2010-10-07 Thread John Aldrich

Thanks, guys... That's kind of what I was figuring after I Googled it. :-)
We are definitely a VERY small organization... and with only one person in
the entire IT department, I figured it was unlikely we'd be able to use
something like this. OTOH, I'm not the most organized person in the world.
;-)




-Original Message-
From: Brian Desmond [mailto:br...@briandesmond.com] 
Sent: Thursday, October 07, 2010 11:16 AM
To: NT System Admin Issues
Subject: RE: HP Project and Portfolio Management

Agreed. I'd also infer based on other posts from the OP that it isn't
remotely in his price range. 

Thanks,
Brian Desmond
br...@briandesmond.com

c - 312.731.3132



-Original Message-
From: Free, Bob [mailto:r...@pge.com] 
Sent: Thursday, October 07, 2010 5:05 PM
To: NT System Admin Issues
Subject: RE: HP Project and Portfolio Management

>From what I have seen of your posts, your environment isn't of the scale
PPMC is usually attracted to. It is by no means a trivial exercise to
implement.

-Original Message-
From: John Aldrich [mailto:jaldr...@blueridgecarpet.com]
Sent: Thursday, October 07, 2010 5:41 AM
To: NT System Admin Issues
Subject: HP Project and Portfolio Management

Anyone here used this? One of our senior managers got an email about it from
a reseller and wants me to take a look. Before I do, I'd like to know more
about it so I can at least ask some intelligent questions. Please email me
off-list.

Thanks,
John Aldrich
IT Manager,
Blueridge Carpet
706-276-2001, Ext. 2233



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Interesting run-down on Stuxnet from F-Secure

2010-10-07 Thread Free, Bob

FWIW- If you are interested in Stuxnet, Symantec published a nearly 50
page pdf titled  W32.Stuxnet Dossier. Pretty comprehensive coverage 

 

http://www.symantec.com/content/en/us/enterprise/media/security_response
/whitepapers/w32_stuxnet_dossier.pdf

 

 

From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: Thursday, October 07, 2010 8:43 AM
To: NT System Admin Issues
Subject: Interesting run-down on Stuxnet from F-Secure

 

http://www.f-secure.com/weblog/archives/2040.html 

They seem to draw a little bit of comparison between Stuxnet and
Conficker, as well as some other mildly interesting bits

-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put
into the machine wrong figures, will the right answers come out?' I am
not able rightly to apprehend the kind of confusion of ideas that could
provoke such a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: 64 Bit flash beta 2

2010-10-07 Thread Steven M. Caesare

Well this is interesting IE9beta + Flash "square" preview 2 on two
Win7x64 boxes. This is the 64bit flavor if IE9beta.

 

Both machines list "Adobe Flash player 10 Active-X 64-bit" v10.2.161.23
in CtrlPnl.

 

On one machine I can play flash videos from Vimeo, on the second machine
I cannot, instead getting a "You need flash 10 to play this" msg.

 

On difference is that the working machine ALSO has a left-over 32 bit
Flash 10 Active X installation on it that I didn't remove.

 

Odd.

 

-sc

 

From: Steven M. Caesare 
Sent: Wednesday, October 06, 2010 11:19 AM
To: comput...@ultratech-llc.com; NTSysAdminList
Subject: 64 Bit flash beta 2

 

Second beta of flash 64bit available at Adobe labs page.

 

Note: they seem to have an uninstaller on that page they want you to run
for the previous beta (as opposed to the Win add/remove programs).

 

On first use, it appears to have solved some of the initial page load
hangs I was getting on IE9beta...

 

-sc


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Classic Shell on R2?

2010-10-07 Thread Pete Howard

Agreed, minimize interactive logon time on the server but use the kb shortcuts 
along with the run functionality in the address bar to keep the server 
pristine. 
Shell integration issues can lead to all
kinds of nuisance behavior. It is a cool shell tho




From:Andrew S. Baker 
To:NT System Admin Issues 
Sent: Thu, October 7, 2010 11:59:38 AM
Subject: Re: Classic Shell on R2?

Agreed!

The integrated search is awesome, IMO.


ASB 



On Thu, Oct 7, 2010 at 11:03 AM, Jim Mediger  wrote:

I still prefer the address bar to “run” much faster for me.
> 
>Click Start and start typing (or use Windows key):
> 
>s | Return (Enter) – will bring up Server Manager
>ev | Return (Enter) – will bring up Event Manager
> 
>Once you know the Window name for everything it is a huge time saver. Even if 
>you don’t recall the name you can guess and it will most likely show up in the 
>list to choose from.
> 
>Jim
> 
>From:Don Guyer [mailto:don.gu...@prufoxroach.com] 
>Sent: Thursday, October 07, 2010 9:40 AM
>
>To: NT System Admin Issues
>
>Subject: RE: Classic Shell on R2?
> 
>Thx James! We have only put up a handful of 2k8 so far and haven’t had time to 
>look at things like that yet.
> 
>Don Guyer
>Systems Engineer - Information Services
>Prudential, Fox & Roach/Trident Group
>431 W. Lancaster Avenue
>Devon, PA 19333
>Direct: (610) 993-3299
>Fax: (610) 650-5306
>don.gu...@prufoxroach.com
> 
>From:James Rankin [mailto:kz2...@googlemail.com] 
>Sent: Thursday, October 07, 2010 10:38 AM
>To: NT System Admin Issues
>Subject: Re: Classic Shell on R2?
> 
>Shortcut for Server Manager in the taskbar
>
>Start | Run | Eventvwr | Return
>
>UAC off by GPO
>On 7 October 2010 15:34, Don Guyer  wrote:
>I don’t mind the interface changes. What I do hate is how long 
>it takes to open items such as Roles, Event Logs, etc. Even on high-powered 
>servers.
> 
>Don Guyer
>Systems Engineer - Information Services
>Prudential, Fox & Roach/Trident Group
>431 W. Lancaster Avenue
>Devon, PA 19333
>Direct: (610) 993-3299
>Fax: (610) 650-5306
>don.gu...@prufoxroach.com
> 
>From:James Rankin [mailto:kz2...@googlemail.com] 
>Sent: Thursday, October 07, 2010 9:59 AM
>To: NT System Admin Issues
>Subject: Re: Classic Shell on R2?
> 
>I hated the new interface...as with all things MS, it grows on you. I can't 
>stand the old-style 2003 servers now.
>
>As for 2000 - had to use that the other day. Eugh!
>On 7 October 2010 14:57, Christopher Bodnar  
wrote:
>Anyone using this on production servers? 
>
>http://classicshell.sourceforge.net/index.html 
>
>I'm tempted, since none of us love the new interface. 
>Chris Bodnar, MCSE
>Systems Engineer
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Interesting run-down on Stuxnet from F-Secure

2010-10-07 Thread John Hornbuckle

An interesting read.

Would running without elevated permissions eliminate the risk of infection? Or 
do the two zero-day exploits (privilege escalation via keyboard layout file and 
privilege escalation via Task Scheduler) allow infection even when running as a 
limited user?



John Hornbuckle
MIS Department
Taylor County School District
www.taylor.k12.fl.us




From: James Rankin [mailto:kz2...@googlemail.com]
Sent: Thursday, October 07, 2010 11:43 AM
To: NT System Admin Issues
Subject: Interesting run-down on Stuxnet from F-Secure

http://www.f-secure.com/weblog/archives/2040.html

They seem to draw a little bit of comparison between Stuxnet and Conficker, as 
well as some other mildly interesting bits

--
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the 
machine wrong figures, will the right answers come out?' I am not able rightly 
to apprehend the kind of confusion of ideas that could provoke such a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



NOTICE: Florida has a broad public records law. Most written communications to 
or from this entity are public records that will be disclosed to the public and 
the media upon request. E-mail communications may be subject to public 
disclosure.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Classic Shell on R2?

2010-10-07 Thread Andrew S. Baker

Agreed!

The integrated search is awesome, IMO.


*ASB *



On Thu, Oct 7, 2010 at 11:03 AM, Jim Mediger  wrote:

> I still prefer the address bar to “run” much faster for me.
>
>
>
> Click Start and start typing (or use Windows key):
>
>
>
> s | Return (Enter) – will bring up Server Manager
>
> ev | Return (Enter) – will bring up Event Manager
>
>
>
> Once you know the Window name for everything it is a huge time saver. Even
> if you don’t recall the name you can guess and it will most likely show up
> in the list to choose from.
>
>
>
> Jim
>
>
>
> *From:* Don Guyer [mailto:don.gu...@prufoxroach.com]
> *Sent:* Thursday, October 07, 2010 9:40 AM
>
> *To:* NT System Admin Issues
> *Subject:* RE: Classic Shell on R2?
>
>
>
> Thx James! We have only put up a handful of 2k8 so far and haven’t had time
> to look at things like that yet.
>
>
>
> Don Guyer
>
> Systems Engineer - Information Services
>
> Prudential, Fox & Roach/Trident Group
>
> 431 W. Lancaster Avenue
>
> Devon, PA 19333
>
> Direct: (610) 993-3299
>
> Fax: (610) 650-5306
>
> don.gu...@prufoxroach.com
>
>
>
> *From:* James Rankin [mailto:kz2...@googlemail.com]
> *Sent:* Thursday, October 07, 2010 10:38 AM
> *To:* NT System Admin Issues
> *Subject:* Re: Classic Shell on R2?
>
>
>
> Shortcut for Server Manager in the taskbar
>
> Start | Run | Eventvwr | Return
>
> UAC off by GPO
>
> On 7 October 2010 15:34, Don Guyer  wrote:
>
> I don’t mind the interface changes. What I do hate is how
> long it takes to open items such as Roles, Event Logs, etc.
> Even on high-powered servers.
>
>
>
> Don Guyer
>
> Systems Engineer - Information Services
>
> Prudential, Fox & Roach/Trident Group
>
> 431 W. Lancaster Avenue
>
> Devon, PA 19333
>
> Direct: (610) 993-3299
>
> Fax: (610) 650-5306
>
> don.gu...@prufoxroach.com
>
>
>
> *From:* James Rankin [mailto:kz2...@googlemail.com]
> *Sent:* Thursday, October 07, 2010 9:59 AM
> *To:* NT System Admin Issues
> *Subject:* Re: Classic Shell on R2?
>
>
>
> I hated the new interface...as with all things MS, it grows on you. I can't
> stand the old-style 2003 servers now.
>
> As for 2000 - had to use that the other day. Eugh!
>
> On 7 October 2010 14:57, Christopher Bodnar 
> wrote:
>
> Anyone using this on production servers?
>
> http://classicshell.sourceforge.net/index.html
>
> I'm tempted, since none of us love the new interface.
>
> Chris Bodnar, MCSE
> Systems Engineer
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Classic Shell on R2?

2010-10-07 Thread Steven Peck

Install PowerShell v2, configure remoting (Enable-PSRemote -Force or GPO).
Brand new world.

Steven Peck
http://www.blkmtn.org

On Thu, Oct 7, 2010 at 8:40 AM, James Rankin  wrote:

> I do do most management tasks from my workstation, but some stuff (like
> installations) still requires local access. Well technically it doesn't, but
> it's easier to RDP than try to install stuff via psexec
>
>
> On 7 October 2010 16:36, Brian Desmond  wrote:
>
>> *And when you move on your profile will still be on all new VMs until
>> they refresh the template (and someone happens to discover this and clean it
>> up). I don’t mean to be negative but IMO this is pretty silly and frankly
>> I’d be less than pleased if I was a manager here. *
>>
>> * *
>>
>> *Do your management tasks from your local workstation and you can have it
>> however you want. :)*
>>
>> * *
>>
>> *Thanks,*
>>
>> *Brian Desmond*
>>
>> *br...@briandesmond.com*
>>
>> * *
>>
>> *c - 312.731.3132*
>>
>> * *
>>
>> * *
>>
>> *From:* James Rankin [mailto:kz2...@googlemail.com]
>> *Sent:* Thursday, October 07, 2010 4:51 PM
>>
>> *To:* NT System Admin Issues
>> *Subject:* Re: Classic Shell on R2?
>>
>>
>>
>> What I cunningly did was logged my user account onto the template we use
>> for all of our 2008 R2 servers and customised my local profile exactly how I
>> wanted it. Whenever a new server is deployed through VMWare, it already has
>> my profile loaded and working the way I like it :-) If you're not a VMWare
>> shop, though, you may have to find another method to do this
>>
>> On 7 October 2010 15:39, Don Guyer  wrote:
>>
>> Thx James! We have only put up a handful of 2k8 so far and haven’t had
>> time to look at things like that yet.
>>
>>
>>
>> Don Guyer
>>
>> Systems Engineer - Information Services
>>
>> Prudential, Fox & Roach/Trident Group
>>
>> 431 W. Lancaster Avenue
>>
>> Devon, PA 19333
>>
>> Direct: (610) 993-3299
>>
>> Fax: (610) 650-5306
>>
>> don.gu...@prufoxroach.com
>>
>>
>>
>> *From:* James Rankin [mailto:kz2...@googlemail.com]
>> *Sent:* Thursday, October 07, 2010 10:38 AM
>>
>>
>> *To:* NT System Admin Issues
>> *Subject:* Re: Classic Shell on R2?
>>
>>
>>
>> Shortcut for Server Manager in the taskbar
>>
>>
>>
>> Start | Run | Eventvwr | Return
>>
>> UAC off by GPO
>>
>> On 7 October 2010 15:34, Don Guyer  wrote:
>>
>> I don’t mind the interface changes. What I do hate is how
>> long it takes to open items such as Roles, Event Logs, etc.
>> Even on high-powered servers.
>>
>>
>>
>> Don Guyer
>>
>> Systems Engineer - Information Services
>>
>> Prudential, Fox & Roach/Trident Group
>>
>> 431 W. Lancaster Avenue
>>
>> Devon, PA 19333
>>
>> Direct: (610) 993-3299
>>
>> Fax: (610) 650-5306
>>
>> don.gu...@prufoxroach.com
>>
>>
>>
>> *From:* James Rankin [mailto:kz2...@googlemail.com]
>> *Sent:* Thursday, October 07, 2010 9:59 AM
>> *To:* NT System Admin Issues
>> *Subject:* Re: Classic Shell on R2?
>>
>>
>>
>> I hated the new interface...as with all things MS, it grows on you. I
>> can't stand the old-style 2003 servers now.
>>
>> As for 2000 - had to use that the other day. Eugh!
>>
>> On 7 October 2010 14:57, Christopher Bodnar 
>> wrote:
>>
>> Anyone using this on production servers?
>>
>> http://classicshell.sourceforge.net/index.html
>>
>> I'm tempted, since none of us love the new interface.
>>
>> Chris Bodnar, MCSE
>> Systems Engineer
>>
>> Distributed Systems Service Delivery - Intel Services
>>
>>
>> Guardian Life Insurance Company of America
>> Email: christopher_bod...@glic.com
>> Phone: 610-807-6459
>> Fax: 610-807-6003
>>
>> - This message, and any
>> attachments to it, may contain information that is privileged, confidential,
>> and exempt from disclosure under applicable law. If the reader of this
>> message is not the intended recipient, you are notified that any use,
>> dissemination, distribution, copying, or communication of this message is
>> strictly prohibited. If you have received this message in error, please
>> notify the sender immediately by return e-mail and delete the message and
>> any attachments. Thank you.
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>>
>>
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>>
>>
>>
>> --
>> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
>> the machine wrong figures, will the right answers come out?' I am not able
>> rightly to apprehend the kind of confusion of ideas that could provoke such
>> a question."
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>>
>>
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/

Interesting run-down on Stuxnet from F-Secure

2010-10-07 Thread James Rankin

http://www.f-secure.com/weblog/archives/2040.html

They seem to draw a little bit of comparison between Stuxnet and Conficker,
as well as some other mildly interesting bits

-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: EMC CX4 and FAST 2.0

2010-10-07 Thread Jim Holmgren

Good luck, I'll be interested to hear about your experience with FAST. 

 

We have migrated most of our VMs to EQL now, leaving EMC for the 'heavy 
lifting' - DBs mostly.  

 

Jim

 

Jim Holmgren

Manager of Server Engineering

XLHealth Corporation

The Warehouse at Camden Yards

351 West Camden Street, Suite 100

Baltimore, MD 21201 

410.625.2200 (main)

443.524.8573 (direct)

443-506.2400 (cell)

www.xlhealth.com

 

 

 

From: Sean Martin [mailto:seanmarti...@gmail.com] 
Sent: Thursday, October 07, 2010 11:35 AM
To: NT System Admin Issues
Subject: Re: EMC CX4 and FAST 2.0

 

Thanks for the feedback Jim. That feature of the EQL is one of the reasons 
we're giving them serious thought for our VMWare environment. 

 

It sounds like the latest version of FAST has some of the same capabilities. 
The previous versions required entire LUNs to be moved between storage tiers. I 
guess now it will move 1GB chunks at the block level, automagically of course. 
I'll post back if we end up getting to play with the features.

 

- Sean

On Wed, Oct 6, 2010 at 4:35 PM, Jim Holmgren  wrote:

We aren't using FAST on any of our CXs, but we'll soon be implementing the 
equivalent on some of our Equallogic gear.   We have a couple of their new 
'hybrid' shelves on order (some SSD and some spindle) and we'll be using it for 
that.  Equallogic does analyze I/O and "automagically" move the data to the 
'sweet spots'.

 

We did just implement a shelf of EFDs on one of our CX4's.  We split it between 
our 2 biggest SQL servers.  We've seen some pretty significant performance 
gains, but yeah - they were not cheap for sure.

 

Jim

 



From: Sean Martin [mailto:seanmarti...@gmail.com]
Sent: Tue 10/5/2010 6:33 PM
To: NT System Admin Issues
Subject: EMC CX4 and FAST 2.0

Anyone out there with a CX4 using FAST 2.0? I'm looking for some real world 
feedback on how it functions. I remember reading a little bit into FAST (Fully 
Automated Storage Tiering) when EMC first announced it and from what I read, it 
didn't seem as "automated" as the acronym made it sound. It seemed like you had 
to manually review NaviAnalyzer results and manually move data based on the 
recommendation from the performance analysis.

 

Anyway, we're looking into EMC's EFDs for our CX4 but I certainly can't justify 
the expense if the drives are going to be implemented on a per system basis, or 
requires that I manually identify hot spots and move LUNs accordingly. If the 
new version will actually move blocks of data based on IO rates I'd be willing 
to give it more serious thought.

 

Also, I've love to hear any feedback from those of you that have implemented 
Fast Cache. 

 

- Sean

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use 
of the intended recipient(s) and may contain confidential and/or protected 
health information. Under the Federal Law (HIPAA), the intended recipient is 
obligated to keep this information secure and confidential. Any disclosure to 
third parties without authorization from the member of as permitted by law is 
prohibited and punishable under Federal Law. If you are not the intended 
recipient, please contact the sender by reply e-mail and destroy all copies of 
the original message. 

NOTA DE CONFIDENCIALIDAD: Este mensaje incluyendo cualquier anejo es para uso 
exclusivo del (los) destinatario (s) y puede incluir información confidencial 
y/o información de salud protegida. La Ley Federal (HIPAA) establece que el 
destinatario está obligado a mantener la información confidencial y sequra. 
HIPAA prohíbe y castiga cualquier divulgación a terceras personas sin 
autorización del afiliado o permitido por ley. Si usted no es el destinatario, 
redirija esta mensaje al remitente, y destruye cualquier copia existente del 
mensaje original. 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use 
of the intended recipient(s) and may contain confidential and/or protected 
health informa

Re: Classic Shell on R2?

2010-10-07 Thread James Rankin

I do do most management tasks from my workstation, but some stuff (like
installations) still requires local access. Well technically it doesn't, but
it's easier to RDP than try to install stuff via psexec

On 7 October 2010 16:36, Brian Desmond  wrote:

> *And when you move on your profile will still be on all new VMs until they
> refresh the template (and someone happens to discover this and clean it up).
> I don’t mean to be negative but IMO this is pretty silly and frankly I’d be
> less than pleased if I was a manager here. *
>
> * *
>
> *Do your management tasks from your local workstation and you can have it
> however you want. :)*
>
> * *
>
> *Thanks,*
>
> *Brian Desmond*
>
> *br...@briandesmond.com*
>
> * *
>
> *c - 312.731.3132*
>
> * *
>
> * *
>
> *From:* James Rankin [mailto:kz2...@googlemail.com]
> *Sent:* Thursday, October 07, 2010 4:51 PM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Classic Shell on R2?
>
>
>
> What I cunningly did was logged my user account onto the template we use
> for all of our 2008 R2 servers and customised my local profile exactly how I
> wanted it. Whenever a new server is deployed through VMWare, it already has
> my profile loaded and working the way I like it :-) If you're not a VMWare
> shop, though, you may have to find another method to do this
>
> On 7 October 2010 15:39, Don Guyer  wrote:
>
> Thx James! We have only put up a handful of 2k8 so far and haven’t had time
> to look at things like that yet.
>
>
>
> Don Guyer
>
> Systems Engineer - Information Services
>
> Prudential, Fox & Roach/Trident Group
>
> 431 W. Lancaster Avenue
>
> Devon, PA 19333
>
> Direct: (610) 993-3299
>
> Fax: (610) 650-5306
>
> don.gu...@prufoxroach.com
>
>
>
> *From:* James Rankin [mailto:kz2...@googlemail.com]
> *Sent:* Thursday, October 07, 2010 10:38 AM
>
>
> *To:* NT System Admin Issues
> *Subject:* Re: Classic Shell on R2?
>
>
>
> Shortcut for Server Manager in the taskbar
>
>
>
> Start | Run | Eventvwr | Return
>
> UAC off by GPO
>
> On 7 October 2010 15:34, Don Guyer  wrote:
>
> I don’t mind the interface changes. What I do hate is how
> long it takes to open items such as Roles, Event Logs, etc.
> Even on high-powered servers.
>
>
>
> Don Guyer
>
> Systems Engineer - Information Services
>
> Prudential, Fox & Roach/Trident Group
>
> 431 W. Lancaster Avenue
>
> Devon, PA 19333
>
> Direct: (610) 993-3299
>
> Fax: (610) 650-5306
>
> don.gu...@prufoxroach.com
>
>
>
> *From:* James Rankin [mailto:kz2...@googlemail.com]
> *Sent:* Thursday, October 07, 2010 9:59 AM
> *To:* NT System Admin Issues
> *Subject:* Re: Classic Shell on R2?
>
>
>
> I hated the new interface...as with all things MS, it grows on you. I can't
> stand the old-style 2003 servers now.
>
> As for 2000 - had to use that the other day. Eugh!
>
> On 7 October 2010 14:57, Christopher Bodnar 
> wrote:
>
> Anyone using this on production servers?
>
> http://classicshell.sourceforge.net/index.html
>
> I'm tempted, since none of us love the new interface.
>
> Chris Bodnar, MCSE
> Systems Engineer
>
> Distributed Systems Service Delivery - Intel Services
>
>
> Guardian Life Insurance Company of America
> Email: christopher_bod...@glic.com
> Phone: 610-807-6459
> Fax: 610-807-6003
>
> - This message, and any attachments
> to it, may contain information that is privileged, confidential, and exempt
> from disclosure under applicable law. If the reader of this message is not
> the intended recipient, you are notified that any use, dissemination,
> distribution, copying, or communication of this message is strictly
> prohibited. If you have received this message in error, please notify the
> sender immediately by return e-mail and delete the message and any
> attachments. Thank you.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>
>
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
>
>
> --
> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
> the machine wrong figures, will the right answers come out?' I am not able
> rightly to apprehend the kind of confusion of ideas that could provoke such
> a question."
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>
>
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@

RE: disk encryption

2010-10-07 Thread John Cook

We're evaluating Checkpoint as a whole disk encryption solution. We have a 
product called NxTop (Virtual Computer is the company) that is a combination of 
Imaging/encryption/USB management that works very well in most situations but 
we're looking at Checkpoint for another project. We have also used McAfee 
endpoint but don't get me started on that rant..

From: Steven M. Caesare [mailto:scaes...@caesare.com]
Sent: Thursday, October 07, 2010 11:27 AM
To: NT System Admin Issues
Subject: RE: disk encryption

We have an existing PointSec implementation, and are moving towards PGP and/or 
Bitlocker.

-sc

From: greg.swe...@actsconsulting.net [mailto:greg.swe...@actsconsulting.net]
Sent: Thursday, October 07, 2010 1:40 AM
To: NT System Admin Issues
Subject: RE: disk encryption

Ben,

We have done clients with whole disk encryption on the laptops.  Works great.  
Doesn't protect against anything when the system is actually running, only when 
the laptops are stolen.  PGP Desktop Whole disk is what we used then, but I 
would seriously look at Truecrypt now.  Nice thing about PGP was the 
centralized management we had for maintaining PGP passwords and accounts.
All of the data is stored on the server 2008 via RDP.  They use it both 
internally and externally.  No data is stored on desktops or servers.  Desktops 
are locked down via GP and basically have a single icon for RDP, or are running 
thin clients.
Takes care of most security issues, but if the servers have a problem you hear 
about it quick.  :)

Greg Sweers
CEO
ACTS360.com
P.O. Box 1193
Brandon, FL  33509
813-657-0849 Office
813-758-6850 Cell
813-341-1270 Fax

From: Lists - Level 5 [mailto:li...@levelfive.us]
Sent: Thursday, October 07, 2010 12:38 AM
To: NT System Admin Issues
Subject: RE: disk encryption

Well that's what we are considering, the issue is they do have several graphics 
and presentation people, they also have a bunch of little 'apps' that im 
concerned with bog the server down. For example accounting dept has 2 different 
apps, then there is 3 people in graphics/marketing, and 2 attorneys who have 
their own app, HR has its own sql app, and then half the company uses Yardi 
(property mgmt. sql based).

Then we get into cost, we already have 2 citrix servers, one is a vm, and one 
is a standalone and being phased out. Its running 2003 with citrix 3.x?? I 
would say its 5 years old from the last time they purchased anything.

From: Jon Harris [mailto:jk.har...@gmail.com]
Sent: Wednesday, October 06, 2010 11:39 PM
To: NT System Admin Issues
Subject: Re: disk encryption

Why not just put everything on Citrix and have done with it?  Not criticizing 
just asking?  I would avoid encrypting the servers and lock them down tight and 
lock them up tighter.

Jon
On Wed, Oct 6, 2010 at 10:46 PM, Lists - Level 5 
mailto:li...@levelfive.us>> wrote:
I have a small client, 15 laptops, 20 desktops , 8 servers on a 2008 domain. We 
were discussing full disk encryption and turning off cached mode for outlook 
etc etc. the client is pretty sensitive to protecting their data.

One of the items that came up was whether we should just move to citrix so 
nothing is on the laptops and then encrypt the desktops in the office as well. 
Are there are recommendations for encryption people can recommend? I have only 
used the built in certificates with Windows to encrypt user profiles and am 
wondering if people would consider that secure enough or does pgp or some of 
these two factor disk encryption devices.

Thanks

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the bod

Re: Classic Shell on R2?

2010-10-07 Thread James Rankin

I'll remove it when I leave, I'm not that stupid

On 7 October 2010 16:36, Brian Desmond  wrote:

> *And when you move on your profile will still be on all new VMs until they
> refresh the template (and someone happens to discover this and clean it up).
> I don’t mean to be negative but IMO this is pretty silly and frankly I’d be
> less than pleased if I was a manager here. *
>
> * *
>
> *Do your management tasks from your local workstation and you can have it
> however you want. :)*
>
> * *
>
> *Thanks,*
>
> *Brian Desmond*
>
> *br...@briandesmond.com*
>
> * *
>
> *c - 312.731.3132*
>
> * *
>
> * *
>
> *From:* James Rankin [mailto:kz2...@googlemail.com]
> *Sent:* Thursday, October 07, 2010 4:51 PM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Classic Shell on R2?
>
>
>
> What I cunningly did was logged my user account onto the template we use
> for all of our 2008 R2 servers and customised my local profile exactly how I
> wanted it. Whenever a new server is deployed through VMWare, it already has
> my profile loaded and working the way I like it :-) If you're not a VMWare
> shop, though, you may have to find another method to do this
>
> On 7 October 2010 15:39, Don Guyer  wrote:
>
> Thx James! We have only put up a handful of 2k8 so far and haven’t had time
> to look at things like that yet.
>
>
>
> Don Guyer
>
> Systems Engineer - Information Services
>
> Prudential, Fox & Roach/Trident Group
>
> 431 W. Lancaster Avenue
>
> Devon, PA 19333
>
> Direct: (610) 993-3299
>
> Fax: (610) 650-5306
>
> don.gu...@prufoxroach.com
>
>
>
> *From:* James Rankin [mailto:kz2...@googlemail.com]
> *Sent:* Thursday, October 07, 2010 10:38 AM
>
>
> *To:* NT System Admin Issues
> *Subject:* Re: Classic Shell on R2?
>
>
>
> Shortcut for Server Manager in the taskbar
>
>
>
> Start | Run | Eventvwr | Return
>
> UAC off by GPO
>
> On 7 October 2010 15:34, Don Guyer  wrote:
>
> I don’t mind the interface changes. What I do hate is how
> long it takes to open items such as Roles, Event Logs, etc.
> Even on high-powered servers.
>
>
>
> Don Guyer
>
> Systems Engineer - Information Services
>
> Prudential, Fox & Roach/Trident Group
>
> 431 W. Lancaster Avenue
>
> Devon, PA 19333
>
> Direct: (610) 993-3299
>
> Fax: (610) 650-5306
>
> don.gu...@prufoxroach.com
>
>
>
> *From:* James Rankin [mailto:kz2...@googlemail.com]
> *Sent:* Thursday, October 07, 2010 9:59 AM
> *To:* NT System Admin Issues
> *Subject:* Re: Classic Shell on R2?
>
>
>
> I hated the new interface...as with all things MS, it grows on you. I can't
> stand the old-style 2003 servers now.
>
> As for 2000 - had to use that the other day. Eugh!
>
> On 7 October 2010 14:57, Christopher Bodnar 
> wrote:
>
> Anyone using this on production servers?
>
> http://classicshell.sourceforge.net/index.html
>
> I'm tempted, since none of us love the new interface.
>
> Chris Bodnar, MCSE
> Systems Engineer
>
> Distributed Systems Service Delivery - Intel Services
>
>
> Guardian Life Insurance Company of America
> Email: christopher_bod...@glic.com
> Phone: 610-807-6459
> Fax: 610-807-6003
>
> - This message, and any attachments
> to it, may contain information that is privileged, confidential, and exempt
> from disclosure under applicable law. If the reader of this message is not
> the intended recipient, you are notified that any use, dissemination,
> distribution, copying, or communication of this message is strictly
> prohibited. If you have received this message in error, please notify the
> sender immediately by return e-mail and delete the message and any
> attachments. Thank you.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>
>
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
>
>
> --
> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
> the machine wrong figures, will the right answers come out?' I am not able
> rightly to apprehend the kind of confusion of ideas that could provoke such
> a question."
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>
>
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
>
>
> --
> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
>

RE: AV Opinions

2010-10-07 Thread greg.sweers

We have used virtually all of them.

We currently have Vipre installed everywhere.  Does a pretty good job, but 
there is always something that makes its way through.  Usually a new variant of 
Antivirus 2010, but its easily cleaned with MalwareBytes.  The only real issues 
we have are systems that require Admin rights, (not by our choice, and we have 
fought hard on this) but they learn and we eventually get our way.
Eset great product, horrible support, console was very convoluted to learn.
AVG, not a bad product but to many lockups and crashing systems for us to be 
comfortable with it.
Symancrap..nough said.
McCrapee, never again will you ever see me get close to it.  I will usually 
give Vipre away to a client to get them off Syman or McCrap so we don't have to 
deal with it.

Greg

Greg Sweers
CEO
ACTS360.com
P.O. Box 1193
Brandon, FL  33509
813-657-0849 Office
813-758-6850 Cell
813-341-1270 Fax

From: Alan Davies [mailto:adav...@cls-services.com]
Sent: Thursday, October 07, 2010 11:21 AM
To: NT System Admin Issues
Subject: RE: AV Opinions

It will find it easily, as, I hope, would any AV!  It cannot stop an infected 
computer continuously attempting to re-infect you though.  It will sort of 
succeed, for a millisecond, until the AV intercepts the payload.  You will 
therefore continue to get notified that it was detected and cleaned.  You need 
to patch Windows to protect against Conficker.



a


From: Ames Matthew B [mailto:mba...@qinetiq.com]
Sent: 07 October 2010 14:33
To: NT System Admin Issues
Subject: RE: AV Opinions
Well Sophos just found a copy of it in a RECYCLER directory which was a couple 
of levels off the root (so not the active recycler directory).


From: Ray [mailto:rz...@qwest.net]
Sent: 07 October 2010 12:39
To: NT System Admin Issues
Subject: RE: AV Opinions
Conflicker seems to be a tough one.  We got hit with it last year and McAfee 
was pretty ineffective against it.

We opted for Sophos over the others primarily for their console.  It seemed to 
be the most mature (for lack of a better term).  My biggest concern was their 
tech support, which seems to be mediocre at best.   If I was picking based on 
support alone, I'd probably be picking Kaspersky.

From: Ames Matthew B [mailto:mba...@qinetiq.com]
Sent: Thursday, October 07, 2010 12:12 AM
To: NT System Admin Issues
Subject: RE: AV Opinions

We run Sophos here, and it seems to do a reasonable job.  Corporate IS got 
caught last year with their pants down after a departmental server without any 
AV on it (or seriously out of date - guess someone got a good telling off for 
that) managed to get Conficker.  Given we don't have a direct net connection to 
our deskstops or services network, they had not bothered to install the 
hotfixes to prevent this

For what ever reason Sophos did not detected it, and quite a few machines got 
infected, and a couple of thousand user accounts got locked out.  Took them a 
few days to get things under control - I wrote a little ldap tool to monitor 
the number of locked out user accounts :-)

Sophos is a bit of a memory hog (not sure how it compares to other versions), 
taking around 150MB (savservice.exe alone is taking 108MB on my machine 
currently).  We are currently using 7.6.20

tht,
Matt


From: Jim Holmgren [mailto:jholmg...@xlhealth.com]
Sent: 07 October 2010 01:23
To: NT System Admin Issues
Subject: RE: AV Opinions
Give Sophos a long look.  I firmly believe they are the best of breed that 
nobody seems to talk about.  They don't market to the non-corporate crowd, so 
that probably has something to do with it.  I asked this list and a few other 
resources when I was evaluating solutions.  I did not hear from a single person 
using Sophos that did not like it.

We are replacing Symantec with Sophos right now and it is going very well so 
far.

Sophos will sync with AD (if you want) to automatically protect computers when 
you add them.  It will remove Symantec cleanly (so far on about 25 test/pilot 
users it has been perfect) when pushing it out.  It includes device control 
(want to block USB storage devices...2-3 clicks and you are done), a NAC 
component, and a firewall.

It also includes clients for Mac/Linux and with each corporate license, you get 
a free at-home license.   NFI - just a very satisfied customer so far.

Jim




From: Joseph L. Casale [mailto:jcas...@activenetwerx.com]
Sent: Wed 10/6/2010 7:09 PM
To: NT System Admin Issues
Subject: AV Opinions
At one of the shops that I look after, I have been asked to change the AV to 
something new and current.
Vipre and Forefront excluded (I know enough about those already), what else are 
you guys using that's good?

It's been a while since I looked at all the other vendors, I have such little 
time to eval for this need, I can't just download all vendors packages and 
trial each

RE: AV Opinions

2010-10-07 Thread David Lum

Sadly, after finally mastering McAfee's ePO console after 10,000 hours of 
working with it I do like the granularity it offers, the fact I can sync it 
with AD and various OU levels (I have McAfee groups that roughly align with my 
OU structure), my login is LDAP pass-through, etc. I have it so it auto-deploys 
AV to workstations and some servers but not all (by design) etc. I managed to 
avoid the 5958 DAT fiasco, and I've had Vipre eat more legit .EXE's than any 
other AV.

How can you tell if you're getting better coverage from one product vs. 
another? Unless you run both in parallel in the same environment (50% have one, 
50% have the other) I don't know how you could really know. As I've said before 
I run 3 different AV products in 3 different environments and I couldn't tell 
you with any certainly one is giving better coverage than another.

Perhaps after the change you are getting more notifications of infected 
machines? The might do it. Out of the box McAfee ePO isn't set up to let you 
know when machines are infected, it wasn't until I horsed around with it that I 
started getting alerts. Heck McAfee's product even helped troubleshoot a SNORT 
detection because I just had the agent log all port traffic for a time.

This isn't really a McAfee endorsement as much as it is just general commentary 
:-P
David Lum // SYSTEMS ENGINEER
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764
From: Maglinger, Paul [mailto:pmaglin...@scvl.com]
Sent: Thursday, October 07, 2010 5:27 AM
To: NT System Admin Issues
Subject: RE: AV Opinions

We will be moving away from McCrappy after our current agreement expires.  Not 
necessarily because of how their product performs (but that is part of it), but 
because of the way they handled the 5958 DAT fiasco.  They made promises to our 
company for compensation and then reneged on the deal.  I doubt they really 
care now that they're in bed with Intel.

-Paul

From: Ray [mailto:rz...@qwest.net]
Sent: Thursday, October 07, 2010 6:42 AM
To: NT System Admin Issues
Subject: RE: AV Opinions

That's interesting, because we absolutely hated McAfee and it's enterprise 
console, and couldn't wait to get rid of it.  We've ended up with significantly 
better coverage with Sophos than we ever did with McAfee.

From: Alan Davies [mailto:adav...@cls-services.com]
Sent: Thursday, October 07, 2010 2:42 AM
To: NT System Admin Issues
Subject: RE: AV Opinions

Sophos seem to be excellent detection wise.  As for not detecting Conficker 
below, that'll have been another issue as there is no AV product out there that 
can't detect it.  If I had to guess, perhaps one host was infected and locked 
out AD, but all the Sophos alerts were from machines missing MS08-067 that were 
"getting infected" because the OS could not protect against it, but immediately 
cleaned by Sophos.  Certainly behaviour I've seen before.  You must patch 
Windows, AV can do everything on its own.

One negative comment about Sophos - they are still, in my opinion, very low 
down the pecking order in Enterprise Management.  They have a long, long way to 
catch up on McAfee and the like for agent management, alerting, mandatory 
policies, etc.  You can work around these things and it's a great AV product, 
but if you're a large, sensitive environment, it may frustrate you a little.  
Going from 7 to 9 didn't improve these grumbles much ...



a


From: Ames Matthew B [mailto:mba...@qinetiq.com]
Sent: 07 October 2010 08:12
To: NT System Admin Issues
Subject: RE: AV Opinions
We run Sophos here, and it seems to do a reasonable job.  Corporate IS got 
caught last year with their pants down after a departmental server without any 
AV on it (or seriously out of date - guess someone got a good telling off for 
that) managed to get Conficker.  Given we don't have a direct net connection to 
our deskstops or services network, they had not bothered to install the 
hotfixes to prevent this

For what ever reason Sophos did not detected it, and quite a few machines got 
infected, and a couple of thousand user accounts got locked out.  Took them a 
few days to get things under control - I wrote a little ldap tool to monitor 
the number of locked out user accounts :-)

Sophos is a bit of a memory hog (not sure how it compares to other versions), 
taking around 150MB (savservice.exe alone is taking 108MB on my machine 
currently).  We are currently using 7.6.20

tht,
Matt


From: Jim Holmgren [mailto:jholmg...@xlhealth.com]
Sent: 07 October 2010 01:23
To: NT System Admin Issues
Subject: RE: AV Opinions
Give Sophos a long look.  I firmly believe they are the best of breed that 
nobody seems to talk about.  They don't market to the non-corporate crowd, so 
that probably has something to do with it.  I asked this list and a few other 
resources when I was evaluating solutions.  I did not hear from a single person 
using Sophos that did not like it.

We are

RE: Classic Shell on R2?

2010-10-07 Thread Brian Desmond

Looks cute but why are you making it even more encouraging to do your 
management work on the boxes themselves? I'd put a large brick on this if I had 
a management say in it FWIW.

Thanks,
Brian Desmond
br...@briandesmond.com

c - 312.731.3132


From: Christopher Bodnar [mailto:christopher_bod...@glic.com]
Sent: Thursday, October 07, 2010 3:58 PM
To: NT System Admin Issues
Subject: Classic Shell on R2?

Anyone using this on production servers?

http://classicshell.sourceforge.net/index.html

I'm tempted, since none of us love the new interface.


Chris Bodnar, MCSE
Systems Engineer
Distributed Systems Service Delivery - Intel Services
Guardian Life Insurance Company of America
Email: christopher_bod...@glic.com
Phone: 610-807-6459
Fax: 610-807-6003 - This message, and 
any attachments to it, may contain information that is privileged, 
confidential, and exempt from disclosure under applicable law. If the reader of 
this message is not the intended recipient, you are notified that any use, 
dissemination, distribution, copying, or communication of this message is 
strictly prohibited. If you have received this message in error, please notify 
the sender immediately by return e-mail and delete the message and any 
attachments. Thank you.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Classic Shell on R2?

2010-10-07 Thread Brian Desmond

And when you move on your profile will still be on all new VMs until they 
refresh the template (and someone happens to discover this and clean it up). I 
don't mean to be negative but IMO this is pretty silly and frankly I'd be less 
than pleased if I was a manager here.

Do your management tasks from your local workstation and you can have it 
however you want. :)

Thanks,
Brian Desmond
br...@briandesmond.com

c - 312.731.3132


From: James Rankin [mailto:kz2...@googlemail.com]
Sent: Thursday, October 07, 2010 4:51 PM
To: NT System Admin Issues
Subject: Re: Classic Shell on R2?

What I cunningly did was logged my user account onto the template we use for 
all of our 2008 R2 servers and customised my local profile exactly how I wanted 
it. Whenever a new server is deployed through VMWare, it already has my profile 
loaded and working the way I like it :-) If you're not a VMWare shop, though, 
you may have to find another method to do this
On 7 October 2010 15:39, Don Guyer 
mailto:don.gu...@prufoxroach.com>> wrote:
Thx James! We have only put up a handful of 2k8 so far and haven't had time to 
look at things like that yet.

Don Guyer
Systems Engineer - Information Services
Prudential, Fox & Roach/Trident Group
431 W. Lancaster Avenue
Devon, PA 19333
Direct: (610) 993-3299
Fax: (610) 650-5306
don.gu...@prufoxroach.com

From: James Rankin [mailto:kz2...@googlemail.com]
Sent: Thursday, October 07, 2010 10:38 AM

To: NT System Admin Issues
Subject: Re: Classic Shell on R2?

Shortcut for Server Manager in the taskbar


Start | Run | Eventvwr | Return

UAC off by GPO
On 7 October 2010 15:34, Don Guyer 
mailto:don.gu...@prufoxroach.com>> wrote:
I don't mind the interface changes. What I do hate is how long 
it takes to open items such as Roles, Event Logs, etc. Even on high-powered 
servers.

Don Guyer
Systems Engineer - Information Services
Prudential, Fox & Roach/Trident Group
431 W. Lancaster Avenue
Devon, PA 19333
Direct: (610) 993-3299
Fax: (610) 650-5306
don.gu...@prufoxroach.com

From: James Rankin [mailto:kz2...@googlemail.com]
Sent: Thursday, October 07, 2010 9:59 AM
To: NT System Admin Issues
Subject: Re: Classic Shell on R2?

I hated the new interface...as with all things MS, it grows on you. I can't 
stand the old-style 2003 servers now.

As for 2000 - had to use that the other day. Eugh!
On 7 October 2010 14:57, Christopher Bodnar 
mailto:christopher_bod...@glic.com>> wrote:
Anyone using this on production servers?

http://classicshell.sourceforge.net/index.html

I'm tempted, since none of us love the new interface.
Chris Bodnar, MCSE
Systems Engineer
Distributed Systems Service Delivery - Intel Services

Guardian Life Insurance Company of America
Email: christopher_bod...@glic.com
Phone: 610-807-6459
Fax: 610-807-6003
- This message, and any attachments to 
it, may contain information that is privileged, confidential, and exempt from 
disclosure under applicable law. If the reader of this message is not the 
intended recipient, you are notified that any use, dissemination, distribution, 
copying, or communication of this message is strictly prohibited. If you have 
received this message in error, please notify the sender immediately by return 
e-mail and delete the message and any attachments. Thank you.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~

~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



--
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the 
machine wrong figures, will the right answers come out?' I am not able rightly 
to apprehend the kind of confusion of ideas that could provoke such a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~

~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



--
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the 
machine wrong figures, will the right answers come out?' I am not able

RE: Server Core Updates

2010-10-07 Thread Carl Houseman

I'm not familiar with Server Core 2008 R2 per se, but I know Hyper-V R2
which is pretty much managed the same as Core, and there the sconfig.cmd
menu has this option:

 

6) Download and Install Updates

 

If you have that option, choose it and have it search for and install
updates.

 

If that doesn't work, check the \windows\windowsupdate.log after using that
option.

 

Carl

 

From: Bob Anderson [mailto:bander...@kentwatersports.com] 
Sent: Thursday, October 07, 2010 8:49 AM
To: NT System Admin Issues
Subject: Server Core Updates

 

Hello,

I have a 2008 R2 Server core server virtualized with Hyper-V
on a 2008 server.  It is set to Automatic updates and WSUS says they are all
downloaded but it has never applied any updates when I use sconfig it says
updates have never been applied.  I am at a loss to figure out why it won't
apply the updates. This is my first Server Core server so I am learning as I
go.

 

Thanks in advance

 

Bob Anderson

 

IT Manager

Kent Sporting Goods Inc.

433 Park Ave. S

New London OH 44851

419-929-7021 x315

P Please consider the environment before printing this e-mail.

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: EMC CX4 and FAST 2.0

2010-10-07 Thread Sean Martin

Thanks for the feedback Jim. That feature of the EQL is one of the reasons
we're giving them serious thought for our VMWare environment.

It sounds like the latest version of FAST has some of the same capabilities.
The previous versions required entire LUNs to be moved between storage
tiers. I guess now it will move 1GB chunks at the block level, automagically
of course. I'll post back if we end up getting to play with the features.

- Sean

On Wed, Oct 6, 2010 at 4:35 PM, Jim Holmgren  wrote:

>  We aren't using FAST on any of our CXs, but we'll soon be implementing
> the equivalent on some of our Equallogic gear.   We have a couple of their
> new 'hybrid' shelves on order (some SSD and some spindle) and we'll be using
> it for that.  Equallogic does analyze I/O and "automagically" move the data
> to the 'sweet spots'.
>
> We did just implement a shelf of EFDs on one of our CX4's.  We split it
> between our 2 biggest SQL servers.  We've seen some pretty significant
> performance gains, but yeah - they were not cheap for sure.
>
> Jim
>
> --
> *From:* Sean Martin [mailto:seanmarti...@gmail.com]
> *Sent:* Tue 10/5/2010 6:33 PM
> *To:* NT System Admin Issues
> *Subject:* EMC CX4 and FAST 2.0
>
>   Anyone out there with a CX4 using FAST 2.0? I'm looking for some real
> world feedback on how it functions. I remember reading a little bit into
> FAST (Fully Automated Storage Tiering) when EMC first announced it and from
> what I read, it didn't seem as "automated" as the acronym made it sound. It
> seemed like you had to manually review NaviAnalyzer results and manually
> move data based on the recommendation from the performance analysis.
>
> Anyway, we're looking into EMC's EFDs for our CX4 but I certainly can't
> justify the expense if the drives are going to be implemented on a per
> system basis, or requires that I manually identify hot spots and move LUNs
> accordingly. If the new version will actually move blocks of data based on
> IO rates I'd be willing to give it more serious thought.
>
> Also, I've love to hear any feedback from those of you that have
> implemented Fast Cache.
>
> - Sean
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole
> use of the intended recipient(s) and may contain confidential and/or
> protected health information. Under the Federal Law (HIPAA), the intended
> recipient is obligated to keep this information secure and confidential. Any
> disclosure to third parties without authorization from the member of as
> permitted by law is prohibited and punishable under Federal Law. If you are
> not the intended recipient, please contact the sender by reply e-mail and
> destroy all copies of the original message.
>
> NOTA DE CONFIDENCIALIDAD: Este mensaje incluyendo cualquier anejo es para
> uso exclusivo del (los) destinatario (s) y puede incluir información
> confidencial y/o información de salud protegida. La Ley Federal (HIPAA)
> establece que el destinatario está obligado a mantener la información
> confidencial y sequra. HIPAA prohíbe y castiga cualquier divulgación a
> terceras personas sin autorización del afiliado o permitido por ley. Si
> usted no es el destinatario, redirija esta mensaje al remitente, y destruye
> cualquier copia existente del mensaje original.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: disk encryption

2010-10-07 Thread Jonathan Link

I'll be staying with PGP until it's been fully Symantecized, or perhaps
later.
If Truecrypt ever comes out with centralized management...  That's really a
huge big deal.



On Thu, Oct 7, 2010 at 11:26 AM, Steven M. Caesare wrote:

>  We have an existing PointSec implementation, and are moving towards PGP
> and/or Bitlocker.
>
>
>
> -sc
>
>
>
> *From:* greg.swe...@actsconsulting.net [mailto:
> greg.swe...@actsconsulting.net]
> *Sent:* Thursday, October 07, 2010 1:40 AM
>
> *To:* NT System Admin Issues
> *Subject:* RE: disk encryption
>
>
>
> Ben,
>
>
>
> We have done clients with whole disk encryption on the laptops.  Works
> great.  Doesn’t protect against anything when the system is actually
> running, only when the laptops are stolen.  PGP Desktop Whole disk is what
> we used then, but I would seriously look at Truecrypt now.  Nice thing about
> PGP was the centralized management we had for maintaining PGP passwords and
> accounts.
>
> All of the data is stored on the server 2008 via RDP.  They use it both
> internally and externally.  No data is stored on desktops or servers.
> Desktops are locked down via GP and basically have a single icon for RDP, or
> are running thin clients.
>
> Takes care of most security issues, but if the servers have a problem you
> hear about it quick.  J
>
>
>
> *Greg Sweers*
>
> CEO
>
> *ACTS360.com ***
>
> *P.O. Box 1193*
>
> *Brandon, FL  33509*
>
> *813-657-0849 Office*
>
> *813-758-6850 Cell*
>
> *813-341-1270 Fax*
>
>
>
> *From:* Lists - Level 5 [mailto:li...@levelfive.us]
> *Sent:* Thursday, October 07, 2010 12:38 AM
> *To:* NT System Admin Issues
> *Subject:* RE: disk encryption
>
>
>
> Well that’s what we are considering, the issue is they do have several
> graphics and presentation people, they also have a bunch of little ‘apps’
> that im concerned with bog the server down. For example accounting dept has
> 2 different apps, then there is 3 people in graphics/marketing, and 2
> attorneys who have their own app, HR has its own sql app, and then half the
> company uses Yardi (property mgmt. sql based).
>
>
>
> Then we get into cost, we already have 2 citrix servers, one is a vm, and
> one is a standalone and being phased out. Its running 2003 with citrix 3.x??
> I would say its 5 years old from the last time they purchased anything.
>
>
>
>
>
> *From:* Jon Harris [mailto:jk.har...@gmail.com]
> *Sent:* Wednesday, October 06, 2010 11:39 PM
> *To:* NT System Admin Issues
> *Subject:* Re: disk encryption
>
>
>
> Why not just put everything on Citrix and have done with it?  Not
> criticizing just asking?  I would avoid encrypting the servers and lock them
> down tight and lock them up tighter.
>
>
>
> Jon
>
> On Wed, Oct 6, 2010 at 10:46 PM, Lists - Level 5 
> wrote:
>
> I have a small client, 15 laptops, 20 desktops , 8 servers on a 2008
> domain. We were discussing full disk encryption and turning off cached mode
> for outlook etc etc. the client is pretty sensitive to protecting their
> data.
>
>
>
> One of the items that came up was whether we should just move to citrix so
> nothing is on the laptops and then encrypt the desktops in the office as
> well. Are there are recommendations for encryption people can recommend? I
> have only used the built in certificates with Windows to encrypt user
> profiles and am wondering if people would consider that secure enough or
> does pgp or some of these two factor disk encryption devices.
>
>
>
> Thanks
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions clic

RE: disk encryption

2010-10-07 Thread Steven M. Caesare

We have an existing PointSec implementation, and are moving towards PGP
and/or Bitlocker.

 

-sc

 

From: greg.swe...@actsconsulting.net
[mailto:greg.swe...@actsconsulting.net] 
Sent: Thursday, October 07, 2010 1:40 AM
To: NT System Admin Issues
Subject: RE: disk encryption

 

Ben,

 

We have done clients with whole disk encryption on the laptops.  Works
great.  Doesn't protect against anything when the system is actually
running, only when the laptops are stolen.  PGP Desktop Whole disk is
what we used then, but I would seriously look at Truecrypt now.  Nice
thing about PGP was the centralized management we had for maintaining
PGP passwords and accounts.

All of the data is stored on the server 2008 via RDP.  They use it both
internally and externally.  No data is stored on desktops or servers.
Desktops are locked down via GP and basically have a single icon for
RDP, or are running thin clients.

Takes care of most security issues, but if the servers have a problem
you hear about it quick.  :-)  

 

Greg Sweers

CEO

ACTS360.com  

P.O. Box 1193

Brandon, FL  33509

813-657-0849 Office

813-758-6850 Cell

813-341-1270 Fax

 

From: Lists - Level 5 [mailto:li...@levelfive.us] 
Sent: Thursday, October 07, 2010 12:38 AM
To: NT System Admin Issues
Subject: RE: disk encryption

 

Well that's what we are considering, the issue is they do have several
graphics and presentation people, they also have a bunch of little
'apps' that im concerned with bog the server down. For example
accounting dept has 2 different apps, then there is 3 people in
graphics/marketing, and 2 attorneys who have their own app, HR has its
own sql app, and then half the company uses Yardi (property mgmt. sql
based).

 

Then we get into cost, we already have 2 citrix servers, one is a vm,
and one is a standalone and being phased out. Its running 2003 with
citrix 3.x?? I would say its 5 years old from the last time they
purchased anything. 

 

 

From: Jon Harris [mailto:jk.har...@gmail.com] 
Sent: Wednesday, October 06, 2010 11:39 PM
To: NT System Admin Issues
Subject: Re: disk encryption

 

Why not just put everything on Citrix and have done with it?  Not
criticizing just asking?  I would avoid encrypting the servers and lock
them down tight and lock them up tighter.

 

Jon

On Wed, Oct 6, 2010 at 10:46 PM, Lists - Level 5 
wrote:

I have a small client, 15 laptops, 20 desktops , 8 servers on a 2008
domain. We were discussing full disk encryption and turning off cached
mode for outlook etc etc. the client is pretty sensitive to protecting
their data. 

 

One of the items that came up was whether we should just move to citrix
so nothing is on the laptops and then encrypt the desktops in the office
as well. Are there are recommendations for encryption people can
recommend? I have only used the built in certificates with Windows to
encrypt user profiles and am wondering if people would consider that
secure enough or does pgp or some of these two factor disk encryption
devices. 

 

Thanks

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: OT: weather.com

2010-10-07 Thread Jonathan Link

Rugby, ND.  At least the monument is there.  Technically, it's a bit further
off than that.
http://www.roadsideamerica.com/story/11486



On Thu, Oct 7, 2010 at 11:16 AM, Steven M. Caesare wrote:

>  I wasn’t aware… that is…?
>
>
>
> -sc
>
>
>
> *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com]
> *Sent:* Wednesday, October 06, 2010 4:35 PM
> *To:* NT System Admin Issues
> *Subject:* Re: OT: weather.com
>
>
>
> So no doubt you've also been to the geographical center of North
> America...   or did you blink?
>
> --
> ME2
>
>  On Wed, Oct 6, 2010 at 11:51 AM, Steven M. Caesare 
> wrote:
>
> Bismarck. I’ve been there. On my way to Minot.
>
>
>
> -sc
>
>
>
> *From:* Jonathan Link [mailto:jonathan.l...@gmail.com]
> *Sent:* Wednesday, October 06, 2010 2:19 PM
>
>
> *To:* NT System Admin Issues
> *Subject:* Re: OT: weather.com
>
>
>
> Bismarck, my mom's family is from Belfield, straight south of you on 85.
>
> I believe my father is from the Watford City or New Town area, but he's a
> deadbeat so I never really investigated too much.
>
> On Wed, Oct 6, 2010 at 2:13 PM, Crawford, Scott 
> wrote:
>
> What part of ND?  Williston here.
>
>
>
> *From:* Jonathan Link [mailto:jonathan.l...@gmail.com]
> *Sent:* Tuesday, October 05, 2010 12:34 PM
>
>
> *To:* NT System Admin Issues
> *Subject:* Re: OT: weather.com
>
>
>
> Humanity.
>
> Make fun of "them" because they aren't "us."
>
> Growing up in ND, made fun of Montanans (common joke was where men are men
> and sheep are scared).  I know people from western MN made fun of ND.  I'd
> say northern SD made fun of ND, too, but there aren't a lot of people there.
> :-)
>
> On Tue, Oct 5, 2010 at 1:29 PM, Raper, Jonathan - Eagle <
> jra...@eaglemds.com> wrote:
>
> Why? (I always wondered what started that…)
>
>
> Jonathan L. Raper, A+, MCSA, MCSE
> Technology Coordinator
> Eagle Physicians & Associates, PA
> jra...@eaglemds.com
> www.eaglemds.com
> 
>
> From: Don Guyer [mailto:don.gu...@prufoxroach.com]
> Sent: Tuesday, October 05, 2010 1:27 PM
>
> To: NT System Admin Issues
> Subject: RE: OT: weather.com
>
> Tri-state (DE, PA, NJ). Everyone that doesn’t live in NJ makes fun of those
> who do.
>
> But, where do “most” of the people go for Summer vacations around
> here?.NJ shore of course!
>
> Don Guyer
> Systems Engineer - Information Services
> Prudential, Fox & Roach/Trident Group
> 431 W. Lancaster Avenue
> Devon, PA 19333
> Direct: (610) 993-3299
> Fax: (610) 650-5306
> don.gu...@prufoxroach.com
>
> From: Jonathan Link [mailto:jonathan.l...@gmail.com]
> Sent: Tuesday, October 05, 2010 1:23 PM
> To: NT System Admin Issues
> Subject: Re: OT: weather.com
>
> Interstate rivalry?
> On Tue, Oct 5, 2010 at 1:20 PM, Don Guyer 
> wrote:
> It’s a (regional) joke here.
>
> ☺
>
> Yeah he prolly was.
>
> Don Guyer
> Systems Engineer - Information Services
> Prudential, Fox & Roach/Trident Group
> 431 W. Lancaster Avenue
> Devon, PA 19333
> Direct: (610) 993-3299
> Fax: (610) 650-5306
> don.gu...@prufoxroach.com
>
> From: Jonathan Link [mailto:jonathan.l...@gmail.com]
> Sent: Tuesday, October 05, 2010 1:19 PM
>
> To: NT System Admin Issues
> Subject: Re: OT: weather.com
>
> He was probably a really nice guy.  The nice guy love those characters
> where they get to be richard craniums...
> On Tue, Oct 5, 2010 at 1:15 PM, Don Guyer 
> wrote:
> No wonder I didn’t like him (RIP), he was from Jersey!!!
>
> ☺
>
> Don Guyer
> Systems Engineer - Information Services
> Prudential, Fox & Roach/Trident Group
> 431 W. Lancaster Avenue
> Devon, PA 19333
> Direct: (610) 993-3299
> Fax: (610) 650-5306
> don.gu...@prufoxroach.com
>
> From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com]
> Sent: Tuesday, October 05, 2010 1:13 PM
>
> To: NT System Admin Issues
> Subject: RE: OT: weather.com
>
> Paul Gleason
>
> http://en.wikipedia.org/wiki/Paul_Gleason
>
>
> Jonathan L. Raper, A+, MCSA, MCSE
> Technology Coordinator
> Eagle Physicians & Associates, PA
> jra...@eaglemds.com
> www.eaglemds.com
> 
> From: Jonathan Link [mailto:jonathan.l...@gmail.com]
> Sent: Tuesday, October 05, 2010 12:59 PM
> To: NT System Admin Issues
> Subject: Re: OT: weather.com
>
> He was the fixer for the rich brothers.
> On Tue, Oct 5, 2010 at 12:45 PM, Daniel Rodriguez 
> wrote:
> I think that actor appeared in Trading Places as the 'agent'.
>
> He died some years ago, though. Sad. He had cancer. That is what he died
> of. Can't remember when but it was a few years ago.
>
> On Tue, Oct 5, 2010 at 11:11 AM, Jonathan Link 
> wrote:
> Do you mean the principal?
> On Tue, Oct 5, 2010 at 11:07 AM, Don Guyer 
> wrote:
> I got so pissed off at the moderator character in that movie every time I
> watched it! I don’t know his actual name, but he always played a$$hole
> roles.
>
> Don Guyer
> Systems Engineer - Information Services
> Prudential, Fox & Roach/Trident Group
> 431 W. Lancaster Avenue
> Devon, PA 19333
> Direct: (610) 993-32

RE: AV Opinions

2010-10-07 Thread Alan Davies

It will find it easily, as, I hope, would any AV!  It cannot stop an infected 
computer continuously attempting to re-infect you though.  It will sort of 
succeed, for a millisecond, until the AV intercepts the payload.  You will 
therefore continue to get notified that it was detected and cleaned.  You need 
to patch Windows to protect against Conficker.
 
 
 
a



From: Ames Matthew B [mailto:mba...@qinetiq.com] 
Sent: 07 October 2010 14:33
To: NT System Admin Issues
Subject: RE: AV Opinions


Well Sophos just found a copy of it in a RECYCLER directory which was a couple 
of levels off the root (so not the active recycler directory).



From: Ray [mailto:rz...@qwest.net] 
Sent: 07 October 2010 12:39
To: NT System Admin Issues
Subject: RE: AV Opinions



Conflicker seems to be a tough one.  We got hit with it last year and McAfee 
was pretty ineffective against it.  

 

We opted for Sophos over the others primarily for their console.  It seemed to 
be the most mature (for lack of a better term).  My biggest concern was their 
tech support, which seems to be mediocre at best.   If I was picking based on 
support alone, I'd probably be picking Kaspersky.  

 

From: Ames Matthew B [mailto:mba...@qinetiq.com] 
Sent: Thursday, October 07, 2010 12:12 AM
To: NT System Admin Issues
Subject: RE: AV Opinions

 

We run Sophos here, and it seems to do a reasonable job.  Corporate IS got 
caught last year with their pants down after a departmental server without any 
AV on it (or seriously out of date - guess someone got a good telling off for 
that) managed to get Conficker.  Given we don't have a direct net connection to 
our deskstops or services network, they had not bothered to install the 
hotfixes to prevent this

 

For what ever reason Sophos did not detected it, and quite a few machines got 
infected, and a couple of thousand user accounts got locked out.  Took them a 
few days to get things under control - I wrote a little ldap tool to monitor 
the number of locked out user accounts :-)

 

Sophos is a bit of a memory hog (not sure how it compares to other versions), 
taking around 150MB (savservice.exe alone is taking 108MB on my machine 
currently).  We are currently using 7.6.20

 

tht,

Matt

 



From: Jim Holmgren [mailto:jholmg...@xlhealth.com] 
Sent: 07 October 2010 01:23
To: NT System Admin Issues
Subject: RE: AV Opinions

Give Sophos a long look.  I firmly believe they are the best of breed that 
nobody seems to talk about.  They don't market to the non-corporate crowd, so 
that probably has something to do with it.  I asked this list and a few other 
resources when I was evaluating solutions.  I did not hear from a single person 
using Sophos that did not like it.

 

We are replacing Symantec with Sophos right now and it is going very well so 
far.   

 

Sophos will sync with AD (if you want) to automatically protect computers when 
you add them.  It will remove Symantec cleanly (so far on about 25 test/pilot 
users it has been perfect) when pushing it out.  It includes device control 
(want to block USB storage devices...2-3 clicks and you are done), a NAC 
component, and a firewall. 

 

It also includes clients for Mac/Linux and with each corporate license, you get 
a free at-home license.   NFI - just a very satisfied customer so far.

 

Jim

 

 

 



From: Joseph L. Casale [mailto:jcas...@activenetwerx.com]
Sent: Wed 10/6/2010 7:09 PM
To: NT System Admin Issues
Subject: AV Opinions

At one of the shops that I look after, I have been asked to change the AV to 
something new and current.

Vipre and Forefront excluded (I know enough about those already), what else are 
you guys using that's good?

 

It's been a while since I looked at all the other vendors, I have such little 
time to eval for this need, I can't just download all vendors packages and 
trial each one for 30 days, I need to look at one and hopefully get it rightL

 

Thanks for any opinions,

jlc

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use 
of the intended recipient(s) and may contain confidential and/or protected 
health information. Under the Federal Law (HIPAA), the intended recipient is 
obligated to keep this information

RE: OT: weather.com

2010-10-07 Thread Steven M. Caesare

I wasn’t aware… that is…?

 

-sc

 

From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] 
Sent: Wednesday, October 06, 2010 4:35 PM
To: NT System Admin Issues
Subject: Re: OT: weather.com

 

So no doubt you've also been to the geographical center of North America...   
or did you blink?

--
ME2



On Wed, Oct 6, 2010 at 11:51 AM, Steven M. Caesare  wrote:

Bismarck. I’ve been there. On my way to Minot.

 

-sc

 

From: Jonathan Link [mailto:jonathan.l...@gmail.com] 
Sent: Wednesday, October 06, 2010 2:19 PM


To: NT System Admin Issues
Subject: Re: OT: weather.com

 

Bismarck, my mom's family is from Belfield, straight south of you on 85.

I believe my father is from the Watford City or New Town area, but he's a 
deadbeat so I never really investigated too much.

On Wed, Oct 6, 2010 at 2:13 PM, Crawford, Scott  wrote:

What part of ND?  Williston here.

 

From: Jonathan Link [mailto:jonathan.l...@gmail.com] 
Sent: Tuesday, October 05, 2010 12:34 PM 


To: NT System Admin Issues
Subject: Re: OT: weather.com  

 

Humanity.

Make fun of "them" because they aren't "us."

Growing up in ND, made fun of Montanans (common joke was where men are men and 
sheep are scared).  I know people from western MN made fun of ND.  I'd say 
northern SD made fun of ND, too, but there aren't a lot of people there. :-)

On Tue, Oct 5, 2010 at 1:29 PM, Raper, Jonathan - Eagle  
wrote:

Why? (I always wondered what started that…)


Jonathan L. Raper, A+, MCSA, MCSE
Technology Coordinator
Eagle Physicians & Associates, PA
jra...@eaglemds.com
www.eaglemds.com  


From: Don Guyer [mailto:don.gu...@prufoxroach.com]
Sent: Tuesday, October 05, 2010 1:27 PM

To: NT System Admin Issues
Subject: RE: OT: weather.com  

Tri-state (DE, PA, NJ). Everyone that doesn’t live in NJ makes fun of those who 
do.

But, where do “most” of the people go for Summer vacations around 
here?.NJ shore of course!

Don Guyer
Systems Engineer - Information Services
Prudential, Fox & Roach/Trident Group
431 W. Lancaster Avenue
Devon, PA 19333
Direct: (610) 993-3299
Fax: (610) 650-5306
don.gu...@prufoxroach.com

From: Jonathan Link [mailto:jonathan.l...@gmail.com]
Sent: Tuesday, October 05, 2010 1:23 PM
To: NT System Admin Issues
Subject: Re: OT: weather.com  

Interstate rivalry?
On Tue, Oct 5, 2010 at 1:20 PM, Don Guyer  wrote:
It’s a (regional) joke here.
 
☺
 
Yeah he prolly was.
 
Don Guyer
Systems Engineer - Information Services
Prudential, Fox & Roach/Trident Group
431 W. Lancaster Avenue
Devon, PA 19333
Direct: (610) 993-3299
Fax: (610) 650-5306
don.gu...@prufoxroach.com
 
From: Jonathan Link [mailto:jonathan.l...@gmail.com]
Sent: Tuesday, October 05, 2010 1:19 PM

To: NT System Admin Issues
Subject: Re: OT: weather.com  
 
He was probably a really nice guy.  The nice guy love those characters where 
they get to be richard craniums...
On Tue, Oct 5, 2010 at 1:15 PM, Don Guyer  wrote:
No wonder I didn’t like him (RIP), he was from Jersey!!!
 
☺
 
Don Guyer
Systems Engineer - Information Services
Prudential, Fox & Roach/Trident Group
431 W. Lancaster Avenue
Devon, PA 19333
Direct: (610) 993-3299
Fax: (610) 650-5306
don.gu...@prufoxroach.com
 
From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com]
Sent: Tuesday, October 05, 2010 1:13 PM

To: NT System Admin Issues
Subject: RE: OT: weather.com  
 
Paul Gleason
 
http://en.wikipedia.org/wiki/Paul_Gleason
 
 
Jonathan L. Raper, A+, MCSA, MCSE
Technology Coordinator
Eagle Physicians & Associates, PA
jra...@eaglemds.com
www.eaglemds.com  

From: Jonathan Link [mailto:jonathan.l...@gmail.com]
Sent: Tuesday, October 05, 2010 12:59 PM
To: NT System Admin Issues
Subject: Re: OT: weather.com  
 
He was the fixer for the rich brothers.
On Tue, Oct 5, 2010 at 12:45 PM, Daniel Rodriguez  wrote:
I think that actor appeared in Trading Places as the 'agent'.

He died some years ago, though. Sad. He had cancer. That is what he died of. 
Can't remember when but it was a few years ago.
 
On Tue, Oct 5, 2010 at 11:11 AM, Jonathan Link  wrote:
Do you mean the principal?
On Tue, Oct 5, 2010 at 11:07 AM, Don Guyer  wrote:
I got so pissed off at the moderator character in that movie every time I 
watched it! I don’t know his actual name, but he always played a$$hole roles.
 
Don Guyer
Systems Engineer - Information Services
Prudential, Fox & Roach/Trident Group
431 W. Lancaster Avenue
Devon, PA 19333
Direct: (610) 993-3299
Fax: (610) 650-5306
don.gu...@prufoxroach.com
 
From: Jonathan Link [mailto:jonathan.l...@gmail.com]
Sent: Tuesday, October 05, 2010 11:03 AM
To: NT System Admin Issues
Subject: Re: OT: weather.com  
 
I think I threw up in my mouth a little.

On Tue, Oct 5, 2010 at 10:51 AM, Andy Shook  wrote:
For my fellow list

RE: HP Project and Portfolio Management

2010-10-07 Thread Brian Desmond

Agreed. I'd also infer based on other posts from the OP that it isn't remotely 
in his price range. 

Thanks,
Brian Desmond
br...@briandesmond.com

c - 312.731.3132



-Original Message-
From: Free, Bob [mailto:r...@pge.com] 
Sent: Thursday, October 07, 2010 5:05 PM
To: NT System Admin Issues
Subject: RE: HP Project and Portfolio Management

>From what I have seen of your posts, your environment isn't of the scale PPMC 
>is usually attracted to. It is by no means a trivial exercise to implement.

-Original Message-
From: John Aldrich [mailto:jaldr...@blueridgecarpet.com]
Sent: Thursday, October 07, 2010 5:41 AM
To: NT System Admin Issues
Subject: HP Project and Portfolio Management

Anyone here used this? One of our senior managers got an email about it from a 
reseller and wants me to take a look. Before I do, I'd like to know more about 
it so I can at least ask some intelligent questions. Please email me off-list.

Thanks,
John Aldrich
IT Manager,
Blueridge Carpet
706-276-2001, Ext. 2233



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: HP Project and Portfolio Management

2010-10-07 Thread Free, Bob

>From what I have seen of your posts, your environment isn't of the scale
PPMC is usually attracted to. It is by no means a trivial exercise to
implement.

-Original Message-
From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] 
Sent: Thursday, October 07, 2010 5:41 AM
To: NT System Admin Issues
Subject: HP Project and Portfolio Management

Anyone here used this? One of our senior managers got an email about it
from
a reseller and wants me to take a look. Before I do, I'd like to know
more
about it so I can at least ask some intelligent questions. Please email
me
off-list.

Thanks,
John Aldrich
IT Manager, 
Blueridge Carpet
706-276-2001, Ext. 2233



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Classic Shell on R2?

2010-10-07 Thread Jim Mediger

I still prefer the address bar to "run" much faster for me.

Click Start and start typing (or use Windows key):

s | Return (Enter) - will bring up Server Manager
ev | Return (Enter) - will bring up Event Manager

Once you know the Window name for everything it is a huge time saver. Even if 
you don't recall the name you can guess and it will most likely show up in the 
list to choose from.

Jim

From: Don Guyer [mailto:don.gu...@prufoxroach.com]
Sent: Thursday, October 07, 2010 9:40 AM
To: NT System Admin Issues
Subject: RE: Classic Shell on R2?

Thx James! We have only put up a handful of 2k8 so far and haven't had time to 
look at things like that yet.

Don Guyer
Systems Engineer - Information Services
Prudential, Fox & Roach/Trident Group
431 W. Lancaster Avenue
Devon, PA 19333
Direct: (610) 993-3299
Fax: (610) 650-5306
don.gu...@prufoxroach.com

From: James Rankin [mailto:kz2...@googlemail.com]
Sent: Thursday, October 07, 2010 10:38 AM
To: NT System Admin Issues
Subject: Re: Classic Shell on R2?

Shortcut for Server Manager in the taskbar

Start | Run | Eventvwr | Return

UAC off by GPO
On 7 October 2010 15:34, Don Guyer 
mailto:don.gu...@prufoxroach.com>> wrote:
I don't mind the interface changes. What I do hate is how long 
it takes to open items such as Roles, Event Logs, etc. Even on high-powered 
servers.

Don Guyer
Systems Engineer - Information Services
Prudential, Fox & Roach/Trident Group
431 W. Lancaster Avenue
Devon, PA 19333
Direct: (610) 993-3299
Fax: (610) 650-5306
don.gu...@prufoxroach.com

From: James Rankin [mailto:kz2...@googlemail.com]
Sent: Thursday, October 07, 2010 9:59 AM
To: NT System Admin Issues
Subject: Re: Classic Shell on R2?

I hated the new interface...as with all things MS, it grows on you. I can't 
stand the old-style 2003 servers now.

As for 2000 - had to use that the other day. Eugh!
On 7 October 2010 14:57, Christopher Bodnar 
mailto:christopher_bod...@glic.com>> wrote:
Anyone using this on production servers?

http://classicshell.sourceforge.net/index.html

I'm tempted, since none of us love the new interface.
Chris Bodnar, MCSE
Systems Engineer
Distributed Systems Service Delivery - Intel Services
Guardian Life Insurance Company of America
Email: christopher_bod...@glic.com
Phone: 610-807-6459
Fax: 610-807-6003
- This message, and any attachments to 
it, may contain information that is privileged, confidential, and exempt from 
disclosure under applicable law. If the reader of this message is not the 
intended recipient, you are notified that any use, dissemination, distribution, 
copying, or communication of this message is strictly prohibited. If you have 
received this message in error, please notify the sender immediately by return 
e-mail and delete the message and any attachments. Thank you.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~

~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



--
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the 
machine wrong figures, will the right answers come out?' I am not able rightly 
to apprehend the kind of confusion of ideas that could provoke such a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~

~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



--
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the 
machine wrong figures, will the right answers come out?' I am not able rightly 
to apprehend the kind of confusion of ideas that could provoke such a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a

Re: Classic Shell on R2?

2010-10-07 Thread James Rankin

It's just the nag factor for servers like our Citrix pre-production boxes
where stuff is constantly being installed and tweaked. I don't turn it off
for anyone except the third-line support guys when they are logged in to the
server itself.

On 7 October 2010 15:53, Ziots, Edward  wrote:

>  Honestly, UAC (believe it or not) is your friend, I wouldn’t recommend
> turning it off unless you don’t have any other choice J
>
>
>
> Z
>
>
>
> Edward E. Ziots
>
> CISSP, Network +, Security +
>
> Network Engineer
>
> Lifespan Organization
>
> Email:ezi...@lifespan.org 
>
> Cell:401-639-3505
>
>
>
> *From:* James Rankin [mailto:kz2...@googlemail.com]
> *Sent:* Thursday, October 07, 2010 10:38 AM
> *To:* NT System Admin Issues
> *Subject:* Re: Classic Shell on R2?
>
>
>
> Shortcut for Server Manager in the taskbar
>
> Start | Run | Eventvwr | Return
>
> UAC off by GPO
>
>  On 7 October 2010 15:34, Don Guyer  wrote:
>
> I don’t mind the interface changes. What I do hate is how
> long it takes to open items such as Roles, Event Logs, etc.
> Even on high-powered servers.
>
>
>
> Don Guyer
>
> Systems Engineer - Information Services
>
> Prudential, Fox & Roach/Trident Group
>
> 431 W. Lancaster Avenue
>
> Devon, PA 19333
>
> Direct: (610) 993-3299
>
> Fax: (610) 650-5306
>
> don.gu...@prufoxroach.com
>
>
>
> *From:* James Rankin [mailto:kz2...@googlemail.com]
> *Sent:* Thursday, October 07, 2010 9:59 AM
> *To:* NT System Admin Issues
> *Subject:* Re: Classic Shell on R2?
>
>
>
> I hated the new interface...as with all things MS, it grows on you. I can't
> stand the old-style 2003 servers now.
>
> As for 2000 - had to use that the other day. Eugh!
>
> On 7 October 2010 14:57, Christopher Bodnar 
> wrote:
>
> Anyone using this on production servers?
>
> http://classicshell.sourceforge.net/index.html
>
> I'm tempted, since none of us love the new interface.
>
>   Chris Bodnar, MCSE
> Systems Engineer
>
> Distributed Systems Service Delivery - Intel Services
> Guardian Life Insurance Company of America
> Email: christopher_bod...@glic.com
> Phone: 610-807-6459
> Fax: 610-807-6003
>
> - This message, and any attachments
> to it, may contain information that is privileged, confidential, and exempt
> from disclosure under applicable law. If the reader of this message is not
> the intended recipient, you are notified that any use, dissemination,
> distribution, copying, or communication of this message is strictly
> prohibited. If you have received this message in error, please notify the
> sender immediately by return e-mail and delete the message and any
> attachments. Thank you.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>
>
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
>
>
> --
> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
> the machine wrong figures, will the right answers come out?' I am not able
> rightly to apprehend the kind of confusion of ideas that could provoke such
> a question."
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>
>
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
>
>
> --
> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
> the machine wrong figures, will the right answers come out?' I am not able
> rightly to apprehend the kind of confusion of ideas that could provoke such
> a question."
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>



-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answer

RE: Classic Shell on R2?

2010-10-07 Thread Ziots, Edward

Honestly, UAC (believe it or not) is your friend, I wouldn't recommend
turning it off unless you don't have any other choice J 

 

Z

 

Edward E. Ziots

CISSP, Network +, Security +

Network Engineer

Lifespan Organization

Email:ezi...@lifespan.org

Cell:401-639-3505

 

From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: Thursday, October 07, 2010 10:38 AM
To: NT System Admin Issues
Subject: Re: Classic Shell on R2?

 

Shortcut for Server Manager in the taskbar

Start | Run | Eventvwr | Return

UAC off by GPO



On 7 October 2010 15:34, Don Guyer  wrote:

I don't mind the interface changes. What I do hate is how
long it takes to open items such as Roles, Event Logs,
etc. Even on high-powered servers.

 

Don Guyer

Systems Engineer - Information Services

Prudential, Fox & Roach/Trident Group

431 W. Lancaster Avenue

Devon, PA 19333

Direct: (610) 993-3299

Fax: (610) 650-5306

don.gu...@prufoxroach.com

 

From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: Thursday, October 07, 2010 9:59 AM
To: NT System Admin Issues
Subject: Re: Classic Shell on R2?

 

I hated the new interface...as with all things MS, it grows on you. I
can't stand the old-style 2003 servers now.

As for 2000 - had to use that the other day. Eugh!

On 7 October 2010 14:57, Christopher Bodnar
 wrote:

Anyone using this on production servers? 

http://classicshell.sourceforge.net/index.html
  

I'm tempted, since none of us love the new interface. 



Chris Bodnar, MCSE
Systems Engineer

Distributed Systems Service Delivery - Intel Services
Guardian Life Insurance Company of America
Email: christopher_bod...@glic.com
Phone: 610-807-6459
Fax: 610-807-6003

- This message, and any
attachments to it, may contain information that is privileged,
confidential, and exempt from disclosure under applicable law. If the
reader of this message is not the intended recipient, you are notified
that any use, dissemination, distribution, copying, or communication of
this message is strictly prohibited. If you have received this message
in error, please notify the sender immediately by return e-mail and
delete the message and any attachments. Thank you. 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~


~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin






-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put
into the machine wrong figures, will the right answers come out?' I am
not able rightly to apprehend the kind of confusion of ideas that could
provoke such a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~


~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin




-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put
into the machine wrong figures, will the right answers come out?' I am
not able rightly to apprehend the kind of confusion of ideas that could
provoke such a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Classic Shell on R2?

2010-10-07 Thread Don Guyer

That's awesome, we are a vMware shop.

 

Don Guyer

Systems Engineer - Information Services

Prudential, Fox & Roach/Trident Group

431 W. Lancaster Avenue

Devon, PA 19333

Direct: (610) 993-3299

Fax: (610) 650-5306

don.gu...@prufoxroach.com  

 

From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: Thursday, October 07, 2010 10:51 AM
To: NT System Admin Issues
Subject: Re: Classic Shell on R2?

 

What I cunningly did was logged my user account onto the template we use
for all of our 2008 R2 servers and customised my local profile exactly
how I wanted it. Whenever a new server is deployed through VMWare, it
already has my profile loaded and working the way I like it :-) If
you're not a VMWare shop, though, you may have to find another method to
do this

On 7 October 2010 15:39, Don Guyer  wrote:

Thx James! We have only put up a handful of 2k8 so far and haven't had
time to look at things like that yet.

 

Don Guyer

Systems Engineer - Information Services

Prudential, Fox & Roach/Trident Group

431 W. Lancaster Avenue

Devon, PA 19333

Direct: (610) 993-3299

Fax: (610) 650-5306

don.gu...@prufoxroach.com

 

From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: Thursday, October 07, 2010 10:38 AM


To: NT System Admin Issues
Subject: Re: Classic Shell on R2?

 

Shortcut for Server Manager in the taskbar



Start | Run | Eventvwr | Return

UAC off by GPO

On 7 October 2010 15:34, Don Guyer  wrote:

I don't mind the interface changes. What I do hate is how
long it takes to open items such as Roles, Event Logs,
etc. Even on high-powered servers.

 

Don Guyer

Systems Engineer - Information Services

Prudential, Fox & Roach/Trident Group

431 W. Lancaster Avenue

Devon, PA 19333

Direct: (610) 993-3299

Fax: (610) 650-5306

don.gu...@prufoxroach.com

 

From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: Thursday, October 07, 2010 9:59 AM
To: NT System Admin Issues
Subject: Re: Classic Shell on R2?

 

I hated the new interface...as with all things MS, it grows on you. I
can't stand the old-style 2003 servers now.

As for 2000 - had to use that the other day. Eugh!

On 7 October 2010 14:57, Christopher Bodnar
 wrote:

Anyone using this on production servers? 

http://classicshell.sourceforge.net/index.html
  

I'm tempted, since none of us love the new interface. 

Chris Bodnar, MCSE
Systems Engineer

Distributed Systems Service Delivery - Intel Services


Guardian Life Insurance Company of America
Email: christopher_bod...@glic.com
Phone: 610-807-6459
Fax: 610-807-6003

- This message, and any
attachments to it, may contain information that is privileged,
confidential, and exempt from disclosure under applicable law. If the
reader of this message is not the intended recipient, you are notified
that any use, dissemination, distribution, copying, or communication of
this message is strictly prohibited. If you have received this message
in error, please notify the sender immediately by return e-mail and
delete the message and any attachments. Thank you. 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~


~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin






-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put
into the machine wrong figures, will the right answers come out?' I am
not able rightly to apprehend the kind of confusion of ideas that could
provoke such a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~


~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin






-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put
into the machine wrong figures, will the right answers come out?' I am
not able rightly to apprehend the kind of confusion of ideas that could
provoke such a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~


~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a re

RE: Classic Shell on R2?

2010-10-07 Thread Ziots, Edward

Use Pshell for the roles or servermgrcmd, 

 

Its amazing what I am re-learning from Miansi's Win2k8 R2 book. 

 

Z

 

Edward E. Ziots

CISSP, Network +, Security +

Network Engineer

Lifespan Organization

Email:ezi...@lifespan.org

Cell:401-639-3505

 

From: Don Guyer [mailto:don.gu...@prufoxroach.com] 
Sent: Thursday, October 07, 2010 10:35 AM
To: NT System Admin Issues
Subject: RE: Classic Shell on R2?

 

I don't mind the interface changes. What I do hate is how
long it takes to open items such as Roles, Event Logs,
etc. Even on high-powered servers.

 

Don Guyer

Systems Engineer - Information Services

Prudential, Fox & Roach/Trident Group

431 W. Lancaster Avenue

Devon, PA 19333

Direct: (610) 993-3299

Fax: (610) 650-5306

don.gu...@prufoxroach.com

 

From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: Thursday, October 07, 2010 9:59 AM
To: NT System Admin Issues
Subject: Re: Classic Shell on R2?

 

I hated the new interface...as with all things MS, it grows on you. I
can't stand the old-style 2003 servers now.

As for 2000 - had to use that the other day. Eugh!

On 7 October 2010 14:57, Christopher Bodnar
 wrote:

Anyone using this on production servers? 

http://classicshell.sourceforge.net/index.html
  

I'm tempted, since none of us love the new interface. 


Chris Bodnar, MCSE
Systems Engineer
Distributed Systems Service Delivery - Intel Services
Guardian Life Insurance Company of America
Email: christopher_bod...@glic.com
Phone: 610-807-6459
Fax: 610-807-6003 - This
message, and any attachments to it, may contain information that is
privileged, confidential, and exempt from disclosure under applicable
law. If the reader of this message is not the intended recipient, you
are notified that any use, dissemination, distribution, copying, or
communication of this message is strictly prohibited. If you have
received this message in error, please notify the sender immediately by
return e-mail and delete the message and any attachments. Thank you. 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin




-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put
into the machine wrong figures, will the right answers come out?' I am
not able rightly to apprehend the kind of confusion of ideas that could
provoke such a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Classic Shell on R2?

2010-10-07 Thread James Rankin

What I cunningly did was logged my user account onto the template we use for
all of our 2008 R2 servers and customised my local profile exactly how I
wanted it. Whenever a new server is deployed through VMWare, it already has
my profile loaded and working the way I like it :-) If you're not a VMWare
shop, though, you may have to find another method to do this

On 7 October 2010 15:39, Don Guyer  wrote:

>  Thx James! We have only put up a handful of 2k8 so far and haven’t had
> time to look at things like that yet.
>
>
>
> Don Guyer
>
> Systems Engineer - Information Services
>
> Prudential, Fox & Roach/Trident Group
>
> 431 W. Lancaster Avenue
>
> Devon, PA 19333
>
> Direct: (610) 993-3299
>
> Fax: (610) 650-5306
>
> don.gu...@prufoxroach.com
>
>
>
> *From:* James Rankin [mailto:kz2...@googlemail.com]
> *Sent:* Thursday, October 07, 2010 10:38 AM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Classic Shell on R2?
>
>
>
> Shortcut for Server Manager in the taskbar
>
>
> Start | Run | Eventvwr | Return
>
> UAC off by GPO
>
>  On 7 October 2010 15:34, Don Guyer  wrote:
>
> I don’t mind the interface changes. What I do hate is how
> long it takes to open items such as Roles, Event Logs, etc.
> Even on high-powered servers.
>
>
>
> Don Guyer
>
> Systems Engineer - Information Services
>
> Prudential, Fox & Roach/Trident Group
>
> 431 W. Lancaster Avenue
>
> Devon, PA 19333
>
> Direct: (610) 993-3299
>
> Fax: (610) 650-5306
>
> don.gu...@prufoxroach.com
>
>
>
> *From:* James Rankin [mailto:kz2...@googlemail.com]
> *Sent:* Thursday, October 07, 2010 9:59 AM
> *To:* NT System Admin Issues
> *Subject:* Re: Classic Shell on R2?
>
>
>
> I hated the new interface...as with all things MS, it grows on you. I can't
> stand the old-style 2003 servers now.
>
> As for 2000 - had to use that the other day. Eugh!
>
> On 7 October 2010 14:57, Christopher Bodnar 
> wrote:
>
> Anyone using this on production servers?
>
> http://classicshell.sourceforge.net/index.html
>
> I'm tempted, since none of us love the new interface.
>
>   Chris Bodnar, MCSE
> Systems Engineer
>
> Distributed Systems Service Delivery - Intel Services
>
> Guardian Life Insurance Company of America
> Email: christopher_bod...@glic.com
> Phone: 610-807-6459
> Fax: 610-807-6003
>
> - This message, and any attachments
> to it, may contain information that is privileged, confidential, and exempt
> from disclosure under applicable law. If the reader of this message is not
> the intended recipient, you are notified that any use, dissemination,
> distribution, copying, or communication of this message is strictly
> prohibited. If you have received this message in error, please notify the
> sender immediately by return e-mail and delete the message and any
> attachments. Thank you.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>
>
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
>
>
> --
> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
> the machine wrong figures, will the right answers come out?' I am not able
> rightly to apprehend the kind of confusion of ideas that could provoke such
> a question."
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>
>
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
>
>
> --
> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
> the machine wrong figures, will the right answers come out?' I am not able
> rightly to apprehend the kind of confusion of ideas that could provoke such
> a question."
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.co

Re: Classic Shell on R2?

2010-10-07 Thread Andrew S. Baker

BTW, I wouldn't want to be managing software of that caliber on my
production anything (servers or workstations)


*ASB*


On Thu, Oct 7, 2010 at 9:57 AM, Christopher Bodnar <
christopher_bod...@glic.com> wrote:

> Anyone using this on production servers?
>
> http://classicshell.sourceforge.net/index.html
>
> I'm tempted, since none of us love the new interface.
>
>
> Chris Bodnar, MCSE
> Systems Engineer
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Classic Shell on R2?

2010-10-07 Thread Don Guyer

Thx James! We have only put up a handful of 2k8 so far and haven't had
time to look at things like that yet.

 

Don Guyer

Systems Engineer - Information Services

Prudential, Fox & Roach/Trident Group

431 W. Lancaster Avenue

Devon, PA 19333

Direct: (610) 993-3299

Fax: (610) 650-5306

don.gu...@prufoxroach.com  

 

From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: Thursday, October 07, 2010 10:38 AM
To: NT System Admin Issues
Subject: Re: Classic Shell on R2?

 

Shortcut for Server Manager in the taskbar

Start | Run | Eventvwr | Return

UAC off by GPO



On 7 October 2010 15:34, Don Guyer  wrote:

I don't mind the interface changes. What I do hate is how
long it takes to open items such as Roles, Event Logs,
etc. Even on high-powered servers.

 

Don Guyer

Systems Engineer - Information Services

Prudential, Fox & Roach/Trident Group

431 W. Lancaster Avenue

Devon, PA 19333

Direct: (610) 993-3299

Fax: (610) 650-5306

don.gu...@prufoxroach.com

 

From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: Thursday, October 07, 2010 9:59 AM
To: NT System Admin Issues
Subject: Re: Classic Shell on R2?

 

I hated the new interface...as with all things MS, it grows on you. I
can't stand the old-style 2003 servers now.

As for 2000 - had to use that the other day. Eugh!

On 7 October 2010 14:57, Christopher Bodnar
 wrote:

Anyone using this on production servers? 

http://classicshell.sourceforge.net/index.html
  

I'm tempted, since none of us love the new interface. 



Chris Bodnar, MCSE
Systems Engineer

Distributed Systems Service Delivery - Intel Services
Guardian Life Insurance Company of America
Email: christopher_bod...@glic.com
Phone: 610-807-6459
Fax: 610-807-6003

- This message, and any
attachments to it, may contain information that is privileged,
confidential, and exempt from disclosure under applicable law. If the
reader of this message is not the intended recipient, you are notified
that any use, dissemination, distribution, copying, or communication of
this message is strictly prohibited. If you have received this message
in error, please notify the sender immediately by return e-mail and
delete the message and any attachments. Thank you. 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~


~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin






-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put
into the machine wrong figures, will the right answers come out?' I am
not able rightly to apprehend the kind of confusion of ideas that could
provoke such a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~


~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin




-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put
into the machine wrong figures, will the right answers come out?' I am
not able rightly to apprehend the kind of confusion of ideas that could
provoke such a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Classic Shell on R2?

2010-10-07 Thread Andrew S. Baker

Now *that* I'll grant you is annoying.

Things appear to open faster from Server Manager than if you open them
individually.


*ASB *(My XeeSM Profile) 
*Exploiting Technology for Business Advantage...*
* *



On Thu, Oct 7, 2010 at 10:34 AM, Don Guyer wrote:

>  I don’t mind the interface changes. What I do hate is how
> long it takes to open items such as Roles, Event Logs, etc.
> Even on high-powered servers.
>
>
>
> Don Guyer
>
> Systems Engineer - Information Services
>
> Prudential, Fox & Roach/Trident Group
>
> 431 W. Lancaster Avenue
>
> Devon, PA 19333
>
> Direct: (610) 993-3299
>
> Fax: (610) 650-5306
>
> don.gu...@prufoxroach.com
>
>
>
> *From:* James Rankin [mailto:kz2...@googlemail.com]
> *Sent:* Thursday, October 07, 2010 9:59 AM
> *To:* NT System Admin Issues
> *Subject:* Re: Classic Shell on R2?
>
>
>
> I hated the new interface...as with all things MS, it grows on you. I can't
> stand the old-style 2003 servers now.
>
> As for 2000 - had to use that the other day. Eugh!
>
> On 7 October 2010 14:57, Christopher Bodnar 
> wrote:
>
> Anyone using this on production servers?
>
> http://classicshell.sourceforge.net/index.html
>
> I'm tempted, since none of us love the new interface.
>
>
> Chris Bodnar, MCSE
> Systems Engineer
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Classic Shell on R2?

2010-10-07 Thread James Rankin

Shortcut for Server Manager in the taskbar

Start | Run | Eventvwr | Return

UAC off by GPO


On 7 October 2010 15:34, Don Guyer  wrote:

>  I don’t mind the interface changes. What I do hate is how
> long it takes to open items such as Roles, Event Logs, etc.
> Even on high-powered servers.
>
>
>
> Don Guyer
>
> Systems Engineer - Information Services
>
> Prudential, Fox & Roach/Trident Group
>
> 431 W. Lancaster Avenue
>
> Devon, PA 19333
>
> Direct: (610) 993-3299
>
> Fax: (610) 650-5306
>
> don.gu...@prufoxroach.com
>
>
>
> *From:* James Rankin [mailto:kz2...@googlemail.com]
> *Sent:* Thursday, October 07, 2010 9:59 AM
> *To:* NT System Admin Issues
> *Subject:* Re: Classic Shell on R2?
>
>
>
> I hated the new interface...as with all things MS, it grows on you. I can't
> stand the old-style 2003 servers now.
>
> As for 2000 - had to use that the other day. Eugh!
>
> On 7 October 2010 14:57, Christopher Bodnar 
> wrote:
>
> Anyone using this on production servers?
>
> http://classicshell.sourceforge.net/index.html
>
> I'm tempted, since none of us love the new interface.
>
>
> Chris Bodnar, MCSE
> Systems Engineer
> Distributed Systems Service Delivery - Intel Services
> Guardian Life Insurance Company of America
> Email: christopher_bod...@glic.com
> Phone: 610-807-6459
> Fax: 610-807-6003
> - This message, and any attachments
> to it, may contain information that is privileged, confidential, and exempt
> from disclosure under applicable law. If the reader of this message is not
> the intended recipient, you are notified that any use, dissemination,
> distribution, copying, or communication of this message is strictly
> prohibited. If you have received this message in error, please notify the
> sender immediately by return e-mail and delete the message and any
> attachments. Thank you.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
>
>
> --
> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
> the machine wrong figures, will the right answers come out?' I am not able
> rightly to apprehend the kind of confusion of ideas that could provoke such
> a question."
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>



-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Classic Shell on R2?

2010-10-07 Thread Don Guyer

I don't mind the interface changes. What I do hate is how
long it takes to open items such as Roles, Event Logs,
etc. Even on high-powered servers.

 

Don Guyer

Systems Engineer - Information Services

Prudential, Fox & Roach/Trident Group

431 W. Lancaster Avenue

Devon, PA 19333

Direct: (610) 993-3299

Fax: (610) 650-5306

don.gu...@prufoxroach.com  

 

From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: Thursday, October 07, 2010 9:59 AM
To: NT System Admin Issues
Subject: Re: Classic Shell on R2?

 

I hated the new interface...as with all things MS, it grows on you. I
can't stand the old-style 2003 servers now.

As for 2000 - had to use that the other day. Eugh!

On 7 October 2010 14:57, Christopher Bodnar
 wrote:

Anyone using this on production servers? 

http://classicshell.sourceforge.net/index.html
  

I'm tempted, since none of us love the new interface. 


Chris Bodnar, MCSE
Systems Engineer
Distributed Systems Service Delivery - Intel Services
Guardian Life Insurance Company of America
Email: christopher_bod...@glic.com
Phone: 610-807-6459
Fax: 610-807-6003 - This
message, and any attachments to it, may contain information that is
privileged, confidential, and exempt from disclosure under applicable
law. If the reader of this message is not the intended recipient, you
are notified that any use, dissemination, distribution, copying, or
communication of this message is strictly prohibited. If you have
received this message in error, please notify the sender immediately by
return e-mail and delete the message and any attachments. Thank you. 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin




-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put
into the machine wrong figures, will the right answers come out?' I am
not able rightly to apprehend the kind of confusion of ideas that could
provoke such a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Classic Shell on R2?

2010-10-07 Thread Andrew S. Baker

I love the new interface.  Liked it from the very beginning.

I try to avoid going back whenever possible.

What do you dislike in particular?


*ASB *(My XeeSM Profile) 
*Exploiting Technology for Business Advantage...*
* *



On Thu, Oct 7, 2010 at 9:57 AM, Christopher Bodnar <
christopher_bod...@glic.com> wrote:

> Anyone using this on production servers?
>
> http://classicshell.sourceforge.net/index.html
>
> I'm tempted, since none of us love the new interface.
>
>
> Chris Bodnar, MCSE
> Systems Engineer
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Way to funny

2010-10-07 Thread Jonathan Link

Yes.  To get you to give up your credit card number so they can "fix" your
computer.
Last I saw, it was like $80, but I'm sure the number varies.  And of course,
they now have your CC # and 3 digit security code.

On Thu, Oct 7, 2010 at 10:01 AM, James Rankin  wrote:

> True, I guess malware authors aren't bothered about faulty versions or
> updates, and generally try to avoid providing support wherever possible.
> However (although I may be hallucinating through overwork and four hours' of
> driving per day) didn't I see an article recently where one of the fake
> antivirus programs had actually provided a support number for "users" to
> call?
>
>
> On 7 October 2010 14:49, Andrew S. Baker  wrote:
>
>> Those writers are less concerned about backwards compatibility, and more
>> motivated by profit from functionality.
>>
>> The incumbents are more concerned about existing profit margins and
>> dealing with ongoing support.
>>
>>
>>  *ASB *(My XeeSM Profile) 
>> *Exploiting Technology for Business Advantage...*
>> * *
>>
>>
>>
>> On Thu, Oct 7, 2010 at 8:03 AM, James Rankin wrote:
>>
>>> Malware never seems to have problems running on new versions of the OS.
>>> Unlike all of the *proper* software we use.
>>>
>>>
>>> On 7 October 2010 12:54,  wrote:
>>>

 My favorite goes something like, "My XP system says it's running
 Antivirus 2000.  Will this work with Vista?  If not, is there a free
 upgrade?"

 "Joseph L. Casale"  wrote on 10/06/2010
 07:33:50 PM:


 > http://forums13.itrc.hp.com/service/forums/questionanswer.do?
 > admit=109447627+1286411476658+28353475&threadId=1450597

  >
 > A Telus user, I shudder…
 >
 > Lets all callJ
 > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 > ~   ~
 >
 > ---
 > To manage subscriptions click here: http://lyris.sunbelt-software.
 > com/read/my_forums/
 > or send an email to listmana...@lyris.sunbeltsoftware.com
 > with the body: unsubscribe ntsysadmin

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~   ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin

>>>
>>>
>>>
>>> --
>>> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
>>> the machine wrong figures, will the right answers come out?' I am not able
>>> rightly to apprehend the kind of confusion of ideas that could provoke such
>>> a question."
>>>
>>>
>>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>>> ~   ~
>>>
>>> ---
>>> To manage subscriptions click here:
>>> http://lyris.sunbelt-software.com/read/my_forums/
>>> or send an email to listmana...@lyris.sunbeltsoftware.com
>>> with the body: unsubscribe ntsysadmin
>>>
>>
>>   ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>
>
>
> --
> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
> the machine wrong figures, will the right answers come out?' I am not able
> rightly to apprehend the kind of confusion of ideas that could provoke such
> a question."
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Way to funny

2010-10-07 Thread James Rankin

True, I guess malware authors aren't bothered about faulty versions or
updates, and generally try to avoid providing support wherever possible.
However (although I may be hallucinating through overwork and four hours' of
driving per day) didn't I see an article recently where one of the fake
antivirus programs had actually provided a support number for "users" to
call?

On 7 October 2010 14:49, Andrew S. Baker  wrote:

> Those writers are less concerned about backwards compatibility, and more
> motivated by profit from functionality.
>
> The incumbents are more concerned about existing profit margins and dealing
> with ongoing support.
>
>
> *ASB *(My XeeSM Profile) 
> *Exploiting Technology for Business Advantage...*
> * *
>
>
>
> On Thu, Oct 7, 2010 at 8:03 AM, James Rankin wrote:
>
>> Malware never seems to have problems running on new versions of the OS.
>> Unlike all of the *proper* software we use.
>>
>>
>> On 7 October 2010 12:54,  wrote:
>>
>>>
>>> My favorite goes something like, "My XP system says it's running
>>> Antivirus 2000.  Will this work with Vista?  If not, is there a free
>>> upgrade?"
>>>
>>> "Joseph L. Casale"  wrote on 10/06/2010
>>> 07:33:50 PM:
>>>
>>>
>>> > http://forums13.itrc.hp.com/service/forums/questionanswer.do?
>>> > admit=109447627+1286411476658+28353475&threadId=1450597
>>>
>>> >
>>> > A Telus user, I shudder…
>>> >
>>> > Lets all callJ
>>> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>>> > ~   ~
>>> >
>>> > ---
>>> > To manage subscriptions click here: http://lyris.sunbelt-software.
>>> > com/read/my_forums/
>>> > or send an email to listmana...@lyris.sunbeltsoftware.com
>>> > with the body: unsubscribe ntsysadmin
>>>
>>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>>> ~   ~
>>>
>>> ---
>>> To manage subscriptions click here:
>>> http://lyris.sunbelt-software.com/read/my_forums/
>>> or send an email to listmana...@lyris.sunbeltsoftware.com
>>> with the body: unsubscribe ntsysadmin
>>>
>>
>>
>>
>> --
>> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
>> the machine wrong figures, will the right answers come out?' I am not able
>> rightly to apprehend the kind of confusion of ideas that could provoke such
>> a question."
>>
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>



-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Classic Shell on R2?

2010-10-07 Thread James Rankin

I hated the new interface...as with all things MS, it grows on you. I can't
stand the old-style 2003 servers now.

As for 2000 - had to use that the other day. Eugh!

On 7 October 2010 14:57, Christopher Bodnar wrote:

> Anyone using this on production servers?
>
> http://classicshell.sourceforge.net/index.html
>
> I'm tempted, since none of us love the new interface.
>
>
> Chris Bodnar, MCSE
> Systems Engineer
> Distributed Systems Service Delivery - Intel Services
> Guardian Life Insurance Company of America
> Email: christopher_bod...@glic.com
> Phone: 610-807-6459
> Fax: 610-807-6003 - This message,
> and any attachments to it, may contain information that is privileged,
> confidential, and exempt from disclosure under applicable law. If the reader
> of this message is not the intended recipient, you are notified that any
> use, dissemination, distribution, copying, or communication of this message
> is strictly prohibited. If you have received this message in error, please
> notify the sender immediately by return e-mail and delete the message and
> any attachments. Thank you.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>



-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Classic Shell on R2?

2010-10-07 Thread Christopher Bodnar

Anyone using this on production servers? 

http://classicshell.sourceforge.net/index.html

I'm tempted, since none of us love the new interface.


Chris Bodnar, MCSE
Systems Engineer
Distributed Systems Service Delivery - Intel Services
Guardian Life Insurance Company of America
Email: christopher_bod...@glic.com
Phone: 610-807-6459
Fax: 610-807-6003

-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Way to funny

2010-10-07 Thread Andrew S. Baker

Those writers are less concerned about backwards compatibility, and more
motivated by profit from functionality.

The incumbents are more concerned about existing profit margins and dealing
with ongoing support.


*ASB *(My XeeSM Profile) 
*Exploiting Technology for Business Advantage...*
* *



On Thu, Oct 7, 2010 at 8:03 AM, James Rankin  wrote:

> Malware never seems to have problems running on new versions of the OS.
> Unlike all of the *proper* software we use.
>
>
> On 7 October 2010 12:54,  wrote:
>
>>
>> My favorite goes something like, "My XP system says it's running Antivirus
>> 2000.  Will this work with Vista?  If not, is there a free upgrade?"
>>
>> "Joseph L. Casale"  wrote on 10/06/2010
>> 07:33:50 PM:
>>
>>
>> > http://forums13.itrc.hp.com/service/forums/questionanswer.do?
>> > admit=109447627+1286411476658+28353475&threadId=1450597
>>
>> >
>> > A Telus user, I shudder…
>> >
>> > Lets all callJ
>> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> > ~   ~
>> >
>> > ---
>> > To manage subscriptions click here: http://lyris.sunbelt-software.
>> > com/read/my_forums/
>> > or send an email to listmana...@lyris.sunbeltsoftware.com
>> > with the body: unsubscribe ntsysadmin
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>
>
>
> --
> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
> the machine wrong figures, will the right answers come out?' I am not able
> rightly to apprehend the kind of confusion of ideas that could provoke such
> a question."
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: AV Opinions

2010-10-07 Thread Ames Matthew B

Well Sophos just found a copy of it in a RECYCLER directory which was a couple 
of levels off the root (so not the active recycler directory).

From: Ray [mailto:rz...@qwest.net] 
Sent: 07 October 2010 12:39
To: NT System Admin Issues
Subject: RE: AV Opinions

Conflicker seems to be a tough one.  We got hit with it last year and McAfee 
was pretty ineffective against it.  

We opted for Sophos over the others primarily for their console.  It seemed to 
be the most mature (for lack of a better term).  My biggest concern was their 
tech support, which seems to be mediocre at best.   If I was picking based on 
support alone, I'd probably be picking Kaspersky.  

From: Ames Matthew B [mailto:mba...@qinetiq.com] 
Sent: Thursday, October 07, 2010 12:12 AM
To: NT System Admin Issues
Subject: RE: AV Opinions

We run Sophos here, and it seems to do a reasonable job.  Corporate IS got 
caught last year with their pants down after a departmental server without any 
AV on it (or seriously out of date - guess someone got a good telling off for 
that) managed to get Conficker.  Given we don't have a direct net connection to 
our deskstops or services network, they had not bothered to install the 
hotfixes to prevent this

For what ever reason Sophos did not detected it, and quite a few machines got 
infected, and a couple of thousand user accounts got locked out.  Took them a 
few days to get things under control - I wrote a little ldap tool to monitor 
the number of locked out user accounts :-)

Sophos is a bit of a memory hog (not sure how it compares to other versions), 
taking around 150MB (savservice.exe alone is taking 108MB on my machine 
currently).  We are currently using 7.6.20

tht,

Matt

From: Jim Holmgren [mailto:jholmg...@xlhealth.com] 
Sent: 07 October 2010 01:23
To: NT System Admin Issues
Subject: RE: AV Opinions

Give Sophos a long look.  I firmly believe they are the best of breed that 
nobody seems to talk about.  They don't market to the non-corporate crowd, so 
that probably has something to do with it.  I asked this list and a few other 
resources when I was evaluating solutions.  I did not hear from a single person 
using Sophos that did not like it.

We are replacing Symantec with Sophos right now and it is going very well so 
far.   

Sophos will sync with AD (if you want) to automatically protect computers when 
you add them.  It will remove Symantec cleanly (so far on about 25 test/pilot 
users it has been perfect) when pushing it out.  It includes device control 
(want to block USB storage devices...2-3 clicks and you are done), a NAC 
component, and a firewall. 

It also includes clients for Mac/Linux and with each corporate license, you get 
a free at-home license.   NFI - just a very satisfied customer so far.

Jim

From: Joseph L. Casale [mailto:jcas...@activenetwerx.com]
Sent: Wed 10/6/2010 7:09 PM
To: NT System Admin Issues
Subject: AV Opinions

At one of the shops that I look after, I have been asked to change the AV to 
something new and current.

Vipre and Forefront excluded (I know enough about those already), what else are 
you guys using that's good?

It's been a while since I looked at all the other vendors, I have such little 
time to eval for this need, I can't just download all vendors packages and 
trial each one for 30 days, I need to look at one and hopefully get it rightL

Thanks for any opinions,

jlc

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use 
of the intended recipient(s) and may contain confidential and/or protected 
health information. Under the Federal Law (HIPAA), the intended recipient is 
obligated to keep this information secure and confidential. Any disclosure to 
third parties without authorization from the member of as permitted by law is 
prohibited and punishable under Federal Law. If you are not the intended 
recipient, please contact the sender by reply e-mail and destroy all copies of 
the original message. 

NOTA DE CONFIDENCIALIDAD: Este mensaje incluyendo cualquier anejo es para uso 
exclusivo del (los) destinatario (s) y puede incluir información confidencial 
y/o información de salud protegida. La Ley Federal (HIPAA) establece que

SORBS.NET - email RBL issues

2010-10-07 Thread Andrew S. Baker

https://isc.sans.edu/diary.html?storyid=9685

If you're using SORBS.NET for email, be advised:  they're having issues this
morning...  :)


*ASB *(My XeeSM Profile) 
*Exploiting Technology for Business Advantage...*
* *

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Server Core Updates

2010-10-07 Thread Bob Anderson

Hello,
I have a 2008 R2 Server core server virtualized with Hyper-V on 
a 2008 server.  It is set to Automatic updates and WSUS says they are all 
downloaded but it has never applied any updates when I use sconfig it says 
updates have never been applied.  I am at a loss to figure out why it won't 
apply the updates. This is my first Server Core server so I am learning as I go.

Thanks in advance

Bob Anderson

IT Manager
Kent Sporting Goods Inc.
433 Park Ave. S
New London OH 44851
419-929-7021 x315
P Please consider the environment before printing this e-mail.



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: AV Opinions

2010-10-07 Thread Alan Davies

Hmmm ... my comments were more around the ability to manage/control agents than 
how nice the console was to use.  Also, on the additional functionality side, 
their local FW and software NAC components were very immature feature wise.  
Support varied - UK support a million times better than the out of hours US 
support!
 
 
 
a



From: Ray [mailto:rz...@qwest.net] 
Sent: 07 October 2010 12:42
To: NT System Admin Issues
Subject: RE: AV Opinions



That's interesting, because we absolutely hated McAfee and it's enterprise 
console, and couldn't wait to get rid of it.  We've ended up with significantly 
better coverage with Sophos than we ever did with McAfee. 

 

From: Alan Davies [mailto:adav...@cls-services.com] 
Sent: Thursday, October 07, 2010 2:42 AM
To: NT System Admin Issues
Subject: RE: AV Opinions

 

Sophos seem to be excellent detection wise.  As for not detecting Conficker 
below, that'll have been another issue as there is no AV product out there that 
can't detect it.  If I had to guess, perhaps one host was infected and locked 
out AD, but all the Sophos alerts were from machines missing MS08-067 that were 
"getting infected" because the OS could not protect against it, but immediately 
cleaned by Sophos.  Certainly behaviour I've seen before.  You must patch 
Windows, AV can do everything on its own.

 

One negative comment about Sophos - they are still, in my opinion, very low 
down the pecking order in Enterprise Management.  They have a long, long way to 
catch up on McAfee and the like for agent management, alerting, mandatory 
policies, etc.  You can work around these things and it's a great AV product, 
but if you're a large, sensitive environment, it may frustrate you a little.  
Going from 7 to 9 didn't improve these grumbles much ...

 

 

 

a

 



From: Ames Matthew B [mailto:mba...@qinetiq.com] 
Sent: 07 October 2010 08:12
To: NT System Admin Issues
Subject: RE: AV Opinions

We run Sophos here, and it seems to do a reasonable job.  Corporate IS got 
caught last year with their pants down after a departmental server without any 
AV on it (or seriously out of date - guess someone got a good telling off for 
that) managed to get Conficker.  Given we don't have a direct net connection to 
our deskstops or services network, they had not bothered to install the 
hotfixes to prevent this

 

For what ever reason Sophos did not detected it, and quite a few machines got 
infected, and a couple of thousand user accounts got locked out.  Took them a 
few days to get things under control - I wrote a little ldap tool to monitor 
the number of locked out user accounts :-)

 

Sophos is a bit of a memory hog (not sure how it compares to other versions), 
taking around 150MB (savservice.exe alone is taking 108MB on my machine 
currently).  We are currently using 7.6.20

 

tht,

Matt

 



From: Jim Holmgren [mailto:jholmg...@xlhealth.com] 
Sent: 07 October 2010 01:23
To: NT System Admin Issues
Subject: RE: AV Opinions

Give Sophos a long look.  I firmly believe they are the best of breed that 
nobody seems to talk about.  They don't market to the non-corporate crowd, so 
that probably has something to do with it.  I asked this list and a few other 
resources when I was evaluating solutions.  I did not hear from a single person 
using Sophos that did not like it.

 

We are replacing Symantec with Sophos right now and it is going very well so 
far.   

 

Sophos will sync with AD (if you want) to automatically protect computers when 
you add them.  It will remove Symantec cleanly (so far on about 25 test/pilot 
users it has been perfect) when pushing it out.  It includes device control 
(want to block USB storage devices...2-3 clicks and you are done), a NAC 
component, and a firewall. 

 

It also includes clients for Mac/Linux and with each corporate license, you get 
a free at-home license.   NFI - just a very satisfied customer so far.

 

Jim

 

 

 



From: Joseph L. Casale [mailto:jcas...@activenetwerx.com]
Sent: Wed 10/6/2010 7:09 PM
To: NT System Admin Issues
Subject: AV Opinions

At one of the shops that I look after, I have been asked to change the AV to 
something new and current.

Vipre and Forefront excluded (I know enough about those already), what else are 
you guys using that's good?

 

It's been a while since I looked at all the other vendors, I have such little 
time to eval for this need, I can't just download all vendors packages and 
trial each one for 30 days, I need to look at one and hopefully get it rightL

 

Thanks for any opinions,

jlc

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body:

HP Project and Portfolio Management

2010-10-07 Thread John Aldrich

Anyone here used this? One of our senior managers got an email about it from
a reseller and wants me to take a look. Before I do, I'd like to know more
about it so I can at least ask some intelligent questions. Please email me
off-list.

Thanks,
John Aldrich
IT Manager, 
Blueridge Carpet
706-276-2001, Ext. 2233



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: AV Opinions

2010-10-07 Thread Ziots, Edward

Yeah lets just say you get what you Negotiate, not what you pay for, and with 
downtime like we suffered ( along with others) that was just the bargaining 
chip someone had to basically strong arm Mcafee accordingly.  Whether it turns 
out to be a good move or not, only time will tell J 

 

Z

 

Edward E. Ziots

CISSP, Network +, Security +

Network Engineer

Lifespan Organization

Email:ezi...@lifespan.org

Cell:401-639-3505

 

From: Maglinger, Paul [mailto:pmaglin...@scvl.com] 
Sent: Thursday, October 07, 2010 8:36 AM
To: NT System Admin Issues
Subject: RE: AV Opinions

 

I guess we should have had your sales rep.  *sigh*

 

From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Thursday, October 07, 2010 7:32 AM
To: NT System Admin Issues
Subject: RE: AV Opinions

 

Wish I could say the same here, basically they gave us everything and the boat 
for like 3+ yrs, but that doesn't make up for the downtime of the 5958 dat 
fiasco either. I can't say for certain that it will get any better with Intel 
owning them now, but I guess that is Intel's problem to deal with now. 

 

Z

 

Edward E. Ziots

CISSP, Network +, Security +

Network Engineer

Lifespan Organization

Email:ezi...@lifespan.org

Cell:401-639-3505

 

From: Maglinger, Paul [mailto:pmaglin...@scvl.com] 
Sent: Thursday, October 07, 2010 8:27 AM
To: NT System Admin Issues
Subject: RE: AV Opinions

 

We will be moving away from McCrappy after our current agreement expires.  Not 
necessarily because of how their product performs (but that is part of it), but 
because of the way they handled the 5958 DAT fiasco.  They made promises to our 
company for compensation and then reneged on the deal.  I doubt they really 
care now that they're in bed with Intel.

 

-Paul

 

From: Ray [mailto:rz...@qwest.net] 
Sent: Thursday, October 07, 2010 6:42 AM
To: NT System Admin Issues
Subject: RE: AV Opinions

 

That's interesting, because we absolutely hated McAfee and it's enterprise 
console, and couldn't wait to get rid of it.  We've ended up with significantly 
better coverage with Sophos than we ever did with McAfee. 

 

From: Alan Davies [mailto:adav...@cls-services.com] 
Sent: Thursday, October 07, 2010 2:42 AM
To: NT System Admin Issues
Subject: RE: AV Opinions

 

Sophos seem to be excellent detection wise.  As for not detecting Conficker 
below, that'll have been another issue as there is no AV product out there that 
can't detect it.  If I had to guess, perhaps one host was infected and locked 
out AD, but all the Sophos alerts were from machines missing MS08-067 that were 
"getting infected" because the OS could not protect against it, but immediately 
cleaned by Sophos.  Certainly behaviour I've seen before.  You must patch 
Windows, AV can do everything on its own.

 

One negative comment about Sophos - they are still, in my opinion, very low 
down the pecking order in Enterprise Management.  They have a long, long way to 
catch up on McAfee and the like for agent management, alerting, mandatory 
policies, etc.  You can work around these things and it's a great AV product, 
but if you're a large, sensitive environment, it may frustrate you a little.  
Going from 7 to 9 didn't improve these grumbles much ...

 

 

 

a

 



From: Ames Matthew B [mailto:mba...@qinetiq.com] 
Sent: 07 October 2010 08:12
To: NT System Admin Issues
Subject: RE: AV Opinions

We run Sophos here, and it seems to do a reasonable job.  Corporate IS got 
caught last year with their pants down after a departmental server without any 
AV on it (or seriously out of date - guess someone got a good telling off for 
that) managed to get Conficker.  Given we don't have a direct net connection to 
our deskstops or services network, they had not bothered to install the 
hotfixes to prevent this

 

For what ever reason Sophos did not detected it, and quite a few machines got 
infected, and a couple of thousand user accounts got locked out.  Took them a 
few days to get things under control - I wrote a little ldap tool to monitor 
the number of locked out user accounts :-)

 

Sophos is a bit of a memory hog (not sure how it compares to other versions), 
taking around 150MB (savservice.exe alone is taking 108MB on my machine 
currently).  We are currently using 7.6.20

 

tht,

Matt

 



From: Jim Holmgren [mailto:jholmg...@xlhealth.com] 
Sent: 07 October 2010 01:23
To: NT System Admin Issues
Subject: RE: AV Opinions

Give Sophos a long look.  I firmly believe they are the best of breed that 
nobody seems to talk about.  They don't market to the non-corporate crowd, so 
that probably has something to do with it.  I asked this list and a few other 
resources when I was evaluating solutions.  I did not hear from a single person 
using Sophos that did not like it.

 

We are replacing Symantec with Sophos right now and it is going very well so 
far.   

 

Sophos will sync with AD (if you want) to automatically p

RE: AV Opinions

2010-10-07 Thread Maglinger, Paul

I guess we should have had your sales rep.  *sigh*

From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Thursday, October 07, 2010 7:32 AM
To: NT System Admin Issues
Subject: RE: AV Opinions

Wish I could say the same here, basically they gave us everything and the boat 
for like 3+ yrs, but that doesn't make up for the downtime of the 5958 dat 
fiasco either. I can't say for certain that it will get any better with Intel 
owning them now, but I guess that is Intel's problem to deal with now. 

Z

Edward E. Ziots

CISSP, Network +, Security +

Network Engineer

Lifespan Organization

Email:ezi...@lifespan.org

Cell:401-639-3505

From: Maglinger, Paul [mailto:pmaglin...@scvl.com] 
Sent: Thursday, October 07, 2010 8:27 AM
To: NT System Admin Issues
Subject: RE: AV Opinions

We will be moving away from McCrappy after our current agreement expires.  Not 
necessarily because of how their product performs (but that is part of it), but 
because of the way they handled the 5958 DAT fiasco.  They made promises to our 
company for compensation and then reneged on the deal.  I doubt they really 
care now that they're in bed with Intel.

-Paul

From: Ray [mailto:rz...@qwest.net] 
Sent: Thursday, October 07, 2010 6:42 AM
To: NT System Admin Issues
Subject: RE: AV Opinions

That's interesting, because we absolutely hated McAfee and it's enterprise 
console, and couldn't wait to get rid of it.  We've ended up with significantly 
better coverage with Sophos than we ever did with McAfee. 

From: Alan Davies [mailto:adav...@cls-services.com] 
Sent: Thursday, October 07, 2010 2:42 AM
To: NT System Admin Issues
Subject: RE: AV Opinions

Sophos seem to be excellent detection wise.  As for not detecting Conficker 
below, that'll have been another issue as there is no AV product out there that 
can't detect it.  If I had to guess, perhaps one host was infected and locked 
out AD, but all the Sophos alerts were from machines missing MS08-067 that were 
"getting infected" because the OS could not protect against it, but immediately 
cleaned by Sophos.  Certainly behaviour I've seen before.  You must patch 
Windows, AV can do everything on its own.

One negative comment about Sophos - they are still, in my opinion, very low 
down the pecking order in Enterprise Management.  They have a long, long way to 
catch up on McAfee and the like for agent management, alerting, mandatory 
policies, etc.  You can work around these things and it's a great AV product, 
but if you're a large, sensitive environment, it may frustrate you a little.  
Going from 7 to 9 didn't improve these grumbles much ...

a

From: Ames Matthew B [mailto:mba...@qinetiq.com] 
Sent: 07 October 2010 08:12
To: NT System Admin Issues
Subject: RE: AV Opinions

We run Sophos here, and it seems to do a reasonable job.  Corporate IS got 
caught last year with their pants down after a departmental server without any 
AV on it (or seriously out of date - guess someone got a good telling off for 
that) managed to get Conficker.  Given we don't have a direct net connection to 
our deskstops or services network, they had not bothered to install the 
hotfixes to prevent this

For what ever reason Sophos did not detected it, and quite a few machines got 
infected, and a couple of thousand user accounts got locked out.  Took them a 
few days to get things under control - I wrote a little ldap tool to monitor 
the number of locked out user accounts :-)

Sophos is a bit of a memory hog (not sure how it compares to other versions), 
taking around 150MB (savservice.exe alone is taking 108MB on my machine 
currently).  We are currently using 7.6.20

tht,

Matt

From: Jim Holmgren [mailto:jholmg...@xlhealth.com] 
Sent: 07 October 2010 01:23
To: NT System Admin Issues
Subject: RE: AV Opinions

Give Sophos a long look.  I firmly believe they are the best of breed that 
nobody seems to talk about.  They don't market to the non-corporate crowd, so 
that probably has something to do with it.  I asked this list and a few other 
resources when I was evaluating solutions.  I did not hear from a single person 
using Sophos that did not like it.

We are replacing Symantec with Sophos right now and it is going very well so 
far.   

Sophos will sync with AD (if you want) to automatically protect computers when 
you add them.  It will remove Symantec cleanly (so far on about 25 test/pilot 
users it has been perfect) when pushing it out.  It includes device control 
(want to block USB storage devices...2-3 clicks and you are done), a NAC 
component, and a firewall. 

It also includes clients for Mac/Linux and with each corporate license, you get 
a free at-home license.   NFI - just a very satisfied customer so far.

Jim

From: Joseph L. Casale [mailto:jcas...@activenetwerx.com]
Sent: Wed 10/6/2010 7:09 PM
To: NT Sys

RE: AV Opinions

2010-10-07 Thread Ziots, Edward

Wish I could say the same here, basically they gave us everything and the boat 
for like 3+ yrs, but that doesn't make up for the downtime of the 5958 dat 
fiasco either. I can't say for certain that it will get any better with Intel 
owning them now, but I guess that is Intel's problem to deal with now. 

 

Z

 

Edward E. Ziots

CISSP, Network +, Security +

Network Engineer

Lifespan Organization

Email:ezi...@lifespan.org

Cell:401-639-3505

 

From: Maglinger, Paul [mailto:pmaglin...@scvl.com] 
Sent: Thursday, October 07, 2010 8:27 AM
To: NT System Admin Issues
Subject: RE: AV Opinions

 

We will be moving away from McCrappy after our current agreement expires.  Not 
necessarily because of how their product performs (but that is part of it), but 
because of the way they handled the 5958 DAT fiasco.  They made promises to our 
company for compensation and then reneged on the deal.  I doubt they really 
care now that they're in bed with Intel.

 

-Paul

 

From: Ray [mailto:rz...@qwest.net] 
Sent: Thursday, October 07, 2010 6:42 AM
To: NT System Admin Issues
Subject: RE: AV Opinions

 

That's interesting, because we absolutely hated McAfee and it's enterprise 
console, and couldn't wait to get rid of it.  We've ended up with significantly 
better coverage with Sophos than we ever did with McAfee. 

 

From: Alan Davies [mailto:adav...@cls-services.com] 
Sent: Thursday, October 07, 2010 2:42 AM
To: NT System Admin Issues
Subject: RE: AV Opinions

 

Sophos seem to be excellent detection wise.  As for not detecting Conficker 
below, that'll have been another issue as there is no AV product out there that 
can't detect it.  If I had to guess, perhaps one host was infected and locked 
out AD, but all the Sophos alerts were from machines missing MS08-067 that were 
"getting infected" because the OS could not protect against it, but immediately 
cleaned by Sophos.  Certainly behaviour I've seen before.  You must patch 
Windows, AV can do everything on its own.

 

One negative comment about Sophos - they are still, in my opinion, very low 
down the pecking order in Enterprise Management.  They have a long, long way to 
catch up on McAfee and the like for agent management, alerting, mandatory 
policies, etc.  You can work around these things and it's a great AV product, 
but if you're a large, sensitive environment, it may frustrate you a little.  
Going from 7 to 9 didn't improve these grumbles much ...

 

 

 

a

 



From: Ames Matthew B [mailto:mba...@qinetiq.com] 
Sent: 07 October 2010 08:12
To: NT System Admin Issues
Subject: RE: AV Opinions

We run Sophos here, and it seems to do a reasonable job.  Corporate IS got 
caught last year with their pants down after a departmental server without any 
AV on it (or seriously out of date - guess someone got a good telling off for 
that) managed to get Conficker.  Given we don't have a direct net connection to 
our deskstops or services network, they had not bothered to install the 
hotfixes to prevent this

 

For what ever reason Sophos did not detected it, and quite a few machines got 
infected, and a couple of thousand user accounts got locked out.  Took them a 
few days to get things under control - I wrote a little ldap tool to monitor 
the number of locked out user accounts :-)

 

Sophos is a bit of a memory hog (not sure how it compares to other versions), 
taking around 150MB (savservice.exe alone is taking 108MB on my machine 
currently).  We are currently using 7.6.20

 

tht,

Matt

 



From: Jim Holmgren [mailto:jholmg...@xlhealth.com] 
Sent: 07 October 2010 01:23
To: NT System Admin Issues
Subject: RE: AV Opinions

Give Sophos a long look.  I firmly believe they are the best of breed that 
nobody seems to talk about.  They don't market to the non-corporate crowd, so 
that probably has something to do with it.  I asked this list and a few other 
resources when I was evaluating solutions.  I did not hear from a single person 
using Sophos that did not like it.

 

We are replacing Symantec with Sophos right now and it is going very well so 
far.   

 

Sophos will sync with AD (if you want) to automatically protect computers when 
you add them.  It will remove Symantec cleanly (so far on about 25 test/pilot 
users it has been perfect) when pushing it out.  It includes device control 
(want to block USB storage devices...2-3 clicks and you are done), a NAC 
component, and a firewall. 

 

It also includes clients for Mac/Linux and with each corporate license, you get 
a free at-home license.   NFI - just a very satisfied customer so far.

 

Jim

 

 

 



From: Joseph L. Casale [mailto:jcas...@activenetwerx.com]
Sent: Wed 10/6/2010 7:09 PM
To: NT System Admin Issues
Subject: AV Opinions

At one of the shops that I look after, I have been asked to change the AV to 
something new and current.

Vipre and Forefront excluded (I know enough about those a

RE: AV Opinions

2010-10-07 Thread Maglinger, Paul

We will be moving away from McCrappy after our current agreement expires.  Not 
necessarily because of how their product performs (but that is part of it), but 
because of the way they handled the 5958 DAT fiasco.  They made promises to our 
company for compensation and then reneged on the deal.  I doubt they really 
care now that they're in bed with Intel.

 

-Paul

 

From: Ray [mailto:rz...@qwest.net] 
Sent: Thursday, October 07, 2010 6:42 AM
To: NT System Admin Issues
Subject: RE: AV Opinions

 

That's interesting, because we absolutely hated McAfee and it's enterprise 
console, and couldn't wait to get rid of it.  We've ended up with significantly 
better coverage with Sophos than we ever did with McAfee. 

 

From: Alan Davies [mailto:adav...@cls-services.com] 
Sent: Thursday, October 07, 2010 2:42 AM
To: NT System Admin Issues
Subject: RE: AV Opinions

 

Sophos seem to be excellent detection wise.  As for not detecting Conficker 
below, that'll have been another issue as there is no AV product out there that 
can't detect it.  If I had to guess, perhaps one host was infected and locked 
out AD, but all the Sophos alerts were from machines missing MS08-067 that were 
"getting infected" because the OS could not protect against it, but immediately 
cleaned by Sophos.  Certainly behaviour I've seen before.  You must patch 
Windows, AV can do everything on its own.

 

One negative comment about Sophos - they are still, in my opinion, very low 
down the pecking order in Enterprise Management.  They have a long, long way to 
catch up on McAfee and the like for agent management, alerting, mandatory 
policies, etc.  You can work around these things and it's a great AV product, 
but if you're a large, sensitive environment, it may frustrate you a little.  
Going from 7 to 9 didn't improve these grumbles much ...

 

 

 

a

 



From: Ames Matthew B [mailto:mba...@qinetiq.com] 
Sent: 07 October 2010 08:12
To: NT System Admin Issues
Subject: RE: AV Opinions

We run Sophos here, and it seems to do a reasonable job.  Corporate IS got 
caught last year with their pants down after a departmental server without any 
AV on it (or seriously out of date - guess someone got a good telling off for 
that) managed to get Conficker.  Given we don't have a direct net connection to 
our deskstops or services network, they had not bothered to install the 
hotfixes to prevent this

 

For what ever reason Sophos did not detected it, and quite a few machines got 
infected, and a couple of thousand user accounts got locked out.  Took them a 
few days to get things under control - I wrote a little ldap tool to monitor 
the number of locked out user accounts :-)

 

Sophos is a bit of a memory hog (not sure how it compares to other versions), 
taking around 150MB (savservice.exe alone is taking 108MB on my machine 
currently).  We are currently using 7.6.20

 

tht,

Matt

 



From: Jim Holmgren [mailto:jholmg...@xlhealth.com] 
Sent: 07 October 2010 01:23
To: NT System Admin Issues
Subject: RE: AV Opinions

Give Sophos a long look.  I firmly believe they are the best of breed that 
nobody seems to talk about.  They don't market to the non-corporate crowd, so 
that probably has something to do with it.  I asked this list and a few other 
resources when I was evaluating solutions.  I did not hear from a single person 
using Sophos that did not like it.

 

We are replacing Symantec with Sophos right now and it is going very well so 
far.   

 

Sophos will sync with AD (if you want) to automatically protect computers when 
you add them.  It will remove Symantec cleanly (so far on about 25 test/pilot 
users it has been perfect) when pushing it out.  It includes device control 
(want to block USB storage devices...2-3 clicks and you are done), a NAC 
component, and a firewall. 

 

It also includes clients for Mac/Linux and with each corporate license, you get 
a free at-home license.   NFI - just a very satisfied customer so far.

 

Jim

 

 

 



From: Joseph L. Casale [mailto:jcas...@activenetwerx.com]
Sent: Wed 10/6/2010 7:09 PM
To: NT System Admin Issues
Subject: AV Opinions

At one of the shops that I look after, I have been asked to change the AV to 
something new and current.

Vipre and Forefront excluded (I know enough about those already), what else are 
you guys using that's good?

 

It's been a while since I looked at all the other vendors, I have such little 
time to eval for this need, I can't just download all vendors packages and 
trial each one for 30 days, I need to look at one and hopefully get it rightL

 

Thanks for any opinions,

jlc

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftwar

Re: Way to funny

2010-10-07 Thread James Rankin

Malware never seems to have problems running on new versions of the OS.
Unlike all of the *proper* software we use.

On 7 October 2010 12:54,  wrote:

>
> My favorite goes something like, "My XP system says it's running Antivirus
> 2000.  Will this work with Vista?  If not, is there a free upgrade?"
>
> "Joseph L. Casale"  wrote on 10/06/2010
> 07:33:50 PM:
>
>
> > http://forums13.itrc.hp.com/service/forums/questionanswer.do?
> > admit=109447627+1286411476658+28353475&threadId=1450597
>
> >
> > A Telus user, I shudder…
> >
> > Lets all callJ
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> > ~   ~
> >
> > ---
> > To manage subscriptions click here: http://lyris.sunbelt-software.
> > com/read/my_forums/
> > or send an email to listmana...@lyris.sunbeltsoftware.com
> > with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>



-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question."

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Way to funny

2010-10-07 Thread RichardMcClary

My favorite goes something like, "My XP system says it's running Antivirus 
2000.  Will this work with Vista?  If not, is there a free upgrade?"

"Joseph L. Casale"  wrote on 10/06/2010 
07:33:50 PM:

> http://forums13.itrc.hp.com/service/forums/questionanswer.do?
> admit=109447627+1286411476658+28353475&threadId=1450597
> 
> A Telus user, I shudder?
> 
> Lets all callJ
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
> 
> ---
> To manage subscriptions click here: http://lyris.sunbelt-software.
> com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: AV Opinions

2010-10-07 Thread Ray

Thats interesting, because we absolutely hated McAfee and its enterprise
console, and couldnt wait to get rid of it.  Weve ended up with
significantly better coverage with Sophos than we ever did with McAfee. 

From: Alan Davies [mailto:adav...@cls-services.com] 
Sent: Thursday, October 07, 2010 2:42 AM
To: NT System Admin Issues
Subject: RE: AV Opinions

Sophos seem to be excellent detection wise.  As for not detecting Conficker
below, that'll have been another issue as there is no AV product out there
that can't detect it.  If I had to guess, perhaps one host was infected and
locked out AD, but all the Sophos alerts were from machines missing MS08-067
that were "getting infected" because the OS could not protect against it,
but immediately cleaned by Sophos.  Certainly behaviour I've seen before.
You must patch Windows, AV can do everything on its own.

One negative comment about Sophos - they are still, in my opinion, very low
down the pecking order in Enterprise Management.  They have a long, long way
to catch up on McAfee and the like for agent management, alerting, mandatory
policies, etc.  You can work around these things and it's a great AV
product, but if you're a large, sensitive environment, it may frustrate you
a little.  Going from 7 to 9 didn't improve these grumbles much ...

a

  _  

From: Ames Matthew B [mailto:mba...@qinetiq.com] 
Sent: 07 October 2010 08:12
To: NT System Admin Issues
Subject: RE: AV Opinions

We run Sophos here, and it seems to do a reasonable job.  Corporate IS got
caught last year with their pants down after a departmental server without
any AV on it (or seriously out of date - guess someone got a good telling
off for that) managed to get Conficker.  Given we don't have a direct net
connection to our deskstops or services network, they had not bothered to
install the hotfixes to prevent this

For what ever reason Sophos did not detected it, and quite a few machines
got infected, and a couple of thousand user accounts got locked out.  Took
them a few days to get things under control - I wrote a little ldap tool to
monitor the number of locked out user accounts :-)

Sophos is a bit of a memory hog (not sure how it compares to other
versions), taking around 150MB (savservice.exe alone is taking 108MB on my
machine currently).  We are currently using 7.6.20

tht,

Matt

  _  

From: Jim Holmgren [mailto:jholmg...@xlhealth.com] 
Sent: 07 October 2010 01:23
To: NT System Admin Issues
Subject: RE: AV Opinions

Give Sophos a long look.  I firmly believe they are the best of breed that
nobody seems to talk about.  They don't market to the non-corporate crowd,
so that probably has something to do with it.  I asked this list and a few
other resources when I was evaluating solutions.  I did not hear from a
single person using Sophos that did not like it.

We are replacing Symantec with Sophos right now and it is going very well so
far.   

Sophos will sync with AD (if you want) to automatically protect computers
when you add them.  It will remove Symantec cleanly (so far on about 25
test/pilot users it has been perfect) when pushing it out.  It includes
device control (want to block USB storage devices...2-3 clicks and you are
done), a NAC component, and a firewall. 

It also includes clients for Mac/Linux and with each corporate license, you
get a free at-home license.   NFI - just a very satisfied customer so far.

Jim

  _  

From: Joseph L. Casale [mailto:jcas...@activenetwerx.com]
Sent: Wed 10/6/2010 7:09 PM
To: NT System Admin Issues
Subject: AV Opinions

At one of the shops that I look after, I have been asked to change the AV to
something new and current.

Vipre and Forefront excluded (I know enough about those already), what else
are you guys using thats good?

Its been a while since I looked at all the other vendors, I have such
little time to eval for this need, I cant just download all vendors
packages and trial each one for 30 days, I need to look at one and hopefully
get it rightL

Thanks for any opinions,

jlc

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole
use of the intended recipient(s) and may contain confidential and/or
protected health information. Under the Federal Law (HIPAA), the intended
recipient is obligated to keep

RE: AV Opinions

2010-10-07 Thread Ray

Conflicker seems to be a tough one.  We got hit with it last year and McAfee
was pretty ineffective against it.  

 

We opted for Sophos over the others primarily for their console.  It seemed
to be the most mature (for lack of a better term).  My biggest concern was
their tech support, which seems to be mediocre at best.   If I was picking
based on support alone, Id probably be picking Kaspersky.  

 

From: Ames Matthew B [mailto:mba...@qinetiq.com] 
Sent: Thursday, October 07, 2010 12:12 AM
To: NT System Admin Issues
Subject: RE: AV Opinions

 

We run Sophos here, and it seems to do a reasonable job.  Corporate IS got
caught last year with their pants down after a departmental server without
any AV on it (or seriously out of date - guess someone got a good telling
off for that) managed to get Conficker.  Given we don't have a direct net
connection to our deskstops or services network, they had not bothered to
install the hotfixes to prevent this

 

For what ever reason Sophos did not detected it, and quite a few machines
got infected, and a couple of thousand user accounts got locked out.  Took
them a few days to get things under control - I wrote a little ldap tool to
monitor the number of locked out user accounts :-)

 

Sophos is a bit of a memory hog (not sure how it compares to other
versions), taking around 150MB (savservice.exe alone is taking 108MB on my
machine currently).  We are currently using 7.6.20

 

tht,

Matt

 

  _  

From: Jim Holmgren [mailto:jholmg...@xlhealth.com] 
Sent: 07 October 2010 01:23
To: NT System Admin Issues
Subject: RE: AV Opinions

Give Sophos a long look.  I firmly believe they are the best of breed that
nobody seems to talk about.  They don't market to the non-corporate crowd,
so that probably has something to do with it.  I asked this list and a few
other resources when I was evaluating solutions.  I did not hear from a
single person using Sophos that did not like it.

 

We are replacing Symantec with Sophos right now and it is going very well so
far.   

 

Sophos will sync with AD (if you want) to automatically protect computers
when you add them.  It will remove Symantec cleanly (so far on about 25
test/pilot users it has been perfect) when pushing it out.  It includes
device control (want to block USB storage devices...2-3 clicks and you are
done), a NAC component, and a firewall. 

 

It also includes clients for Mac/Linux and with each corporate license, you
get a free at-home license.   NFI - just a very satisfied customer so far.

 

Jim

 

 

 

  _  

From: Joseph L. Casale [mailto:jcas...@activenetwerx.com]
Sent: Wed 10/6/2010 7:09 PM
To: NT System Admin Issues
Subject: AV Opinions

At one of the shops that I look after, I have been asked to change the AV to
something new and current.

Vipre and Forefront excluded (I know enough about those already), what else
are you guys using thats good?

 

Its been a while since I looked at all the other vendors, I have such
little time to eval for this need, I cant just download all vendors
packages and trial each one for 30 days, I need to look at one and hopefully
get it rightL

 

Thanks for any opinions,

jlc

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole
use of the intended recipient(s) and may contain confidential and/or
protected health information. Under the Federal Law (HIPAA), the intended
recipient is obligated to keep this information secure and confidential. Any
disclosure to third parties without authorization from the member of as
permitted by law is prohibited and punishable under Federal Law. If you are
not the intended recipient, please contact the sender by reply e-mail and
destroy all copies of the original message. 

NOTA DE CONFIDENCIALIDAD: Este mensaje incluyendo cualquier anejo es para
uso exclusivo del (los) destinatario (s) y puede incluir información
confidencial y/o información de salud protegida. La Ley Federal (HIPAA)
establece que el destinatario está obligado a mantener la información
confidencial y sequra. HIPAA prohíbe y castiga cualquier divulgación a
terceras personas sin autorización del afiliado o permitido por ley. Si
usted no es el destinatario, redirija esta mensaje al remitente, y destruye
cualquier copia existente del mensaje original. 

This email and any attachments to it may be confidential

RE: AV Opinions

2010-10-07 Thread Paul Hutchings

I know it can, but it's not something I've done.

 

Their console is a little quirky if I'm honest, it's not something
you'll look at and think "my that's pretty", but it is functional and
over around 500 machines it works just fine.

 

My best suggestion is try it, but persevere don't go off a quick glance
as other products look better on that basis IMO.

 

From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] 
Sent: 07 October 2010 12:14
To: NT System Admin Issues
Subject: RE: AV Opinions

 

What's their console like, how does it integrate if at all with AD?
Thanks!
jlc

 

From: Paul Hutchings [mailto:paul.hutchi...@mira.co.uk] 
Sent: Thursday, October 07, 2010 1:28 AM
To: NT System Admin Issues
Subject: RE: AV Opinions

 

Avira Antivir is very good.

 

I tend to take the view of layers so I rely a lot on having very good
URL filtering in place so that hopefully the A/V doesn't need to do
much, but I still rate the product very highly.

 

From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] 
Sent: 07 October 2010 00:09
To: NT System Admin Issues
Subject: AV Opinions

 

At one of the shops that I look after, I have been asked to change the
AV to something new and current.

Vipre and Forefront excluded (I know enough about those already), what
else are you guys using that's good?

 

It's been a while since I looked at all the other vendors, I have such
little time to eval for this need, I can't just download all vendors
packages and trial each one for 30 days, I need to look at one and
hopefully get it rightL

 

Thanks for any opinions,

jlc

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



MIRA Ltd

 

Watling Street, Nuneaton, Warwickshire, CV10 0TU, England

Registered in England and Wales No. 402570

VAT Registration  GB 114 5409 96

 

The contents of this e-mail are confidential and are solely for the use
of the intended recipient.  If you receive this e-mail in error, please
delete it and notify us either by e-mail, telephone or fax.  You should
not copy, forward or otherwise disclose the content of the e-mail as
this is prohibited.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: AV Opinions

2010-10-07 Thread Joseph L. Casale

What's their console like, how does it integrate if at all with AD?
Thanks!
jlc

From: Paul Hutchings [mailto:paul.hutchi...@mira.co.uk]
Sent: Thursday, October 07, 2010 1:28 AM
To: NT System Admin Issues
Subject: RE: AV Opinions

Avira Antivir is very good.

I tend to take the view of layers so I rely a lot on having very good URL 
filtering in place so that hopefully the A/V doesn't need to do much, but I 
still rate the product very highly.

From: Joseph L. Casale [mailto:jcas...@activenetwerx.com]
Sent: 07 October 2010 00:09
To: NT System Admin Issues
Subject: AV Opinions

At one of the shops that I look after, I have been asked to change the AV to 
something new and current.
Vipre and Forefront excluded (I know enough about those already), what else are 
you guys using that's good?

It's been a while since I looked at all the other vendors, I have such little 
time to eval for this need, I can't just download all vendors packages and 
trial each one for 30 days, I need to look at one and hopefully get it right:(

Thanks for any opinions,
jlc

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

MIRA Ltd

Watling Street, Nuneaton, Warwickshire, CV10 0TU, England
Registered in England and Wales No. 402570
VAT Registration  GB 114 5409 96

The contents of this e-mail are confidential and are solely for the use of the 
intended recipient.  If you receive this e-mail in error, please delete it and 
notify us either by e-mail, telephone or fax.  You should not copy, forward or 
otherwise disclose the content of the e-mail as this is prohibited.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: AV Opinions

2010-10-07 Thread Joseph L. Casale

I used to Eset back when they started to have support issues, and I received 
many fp's with their software.
They also had known issues with their config generator that weren't addressed 
in the next version I waited for so I probably won't give them a second chance.

jlc
From: Micheal Espinola Jr [mailto:michealespin...@gmail.com]
Sent: Thursday, October 07, 2010 1:01 AM
To: NT System Admin Issues
Subject: Re: AV Opinions

I use and recommend NOD32+Malwarebytes.

   http://www.eset.com/press-center/awards

--
ME2

On Wed, Oct 6, 2010 at 4:09 PM, Joseph L. Casale 
mailto:jcas...@activenetwerx.com>> wrote:
At one of the shops that I look after, I have been asked to change the AV to 
something new and current.
Vipre and Forefront excluded (I know enough about those already), what else are 
you guys using that's good?

It's been a while since I looked at all the other vendors, I have such little 
time to eval for this need, I can't just download all vendors packages and 
trial each one for 30 days, I need to look at one and hopefully get it right:(

Thanks for any opinions,
jlc

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Video Playlist

2010-10-07 Thread Andrew S. Baker

Take a look at TVersity.org

You can manage the list of what is sent to the various screens very easily.


*ASB *(My XeeSM Profile) 
*Exploiting Technology for Business Advantage...*
* *



On Wed, Oct 6, 2010 at 4:36 PM, James Kerr  wrote:

> I think they are interested in more targeted videos that deal with issues
> particular to our patients and clients. Our business mostly resolves around
> HIV/AIDS. You know, I think I'm going to talk to the drug reps that stop by
> all the time.
>
>
> - Original Message - From: "Raper, Jonathan - Eagle" <
> jra...@eaglemds.com>
>
> To: "NT System Admin Issues" 
> Sent: Wednesday, October 06, 2010 4:21 PM
> Subject: RE: Video Playlist
>
>
> Hi James,
>
> I'll agree with Jonathan Link on this - verify the legality. I'm betting it
> isn't legal to do what you're looking to do.
>
> For medical facility waiting rooms there are services for this that are
> free...(because they are sponsored by drug companies or intersperse
> advertisements of some sort...
>
> They either require an internet connection or a phone line to be able to
> deliver content.
>
> http://www.accenthealth.com/
>
> http://www.healthyadvicenetworks.com/home/Landing.htm
>
> http://www.avtvnetworks.net/
>
> I'm sure there are others, but these we have used. We no longer use Accent
> Health, but the other two are still presently in use in 3 of our facilities.
>
>
> Jonathan L. Raper, A+, MCSA, MCSE
> Technology Coordinator
> Eagle Physicians & Associates, PA
> jra...@eaglemds.com
> www.eaglemds.com
>
> -Original Message-
> From: James Kerr [mailto:cluster...@gmail.com]
> Sent: Wednesday, October 06, 2010 4:04 PM
> To: NT System Admin Issues
> Subject: Video Playlist
>
> I'm inclined to say there isnt really a solution for this but I'll ask
> anyway because I've asked to set this up. I need to setup PCs in our
> waiting
> rooms connected to large displays. They are looking for some way to create
> a
> "playlist" that would play videos from different sources such as youtube,
> CBS, ABC, Bing and others. I dont know how one would go about this AND have
> the vids play maximized as it goes from vid to vid. Anyone have any ideas?
>
> James
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Macs in an enterprise (Windows AD) environment

2010-10-07 Thread Andrew S. Baker

I still say, get Centrify

http://www.centrify.com/directcontrol/mac_os_x.asp

Much better use of your
time. :)


*ASB *(My XeeSM Profile) 
*Exploiting Technology for Business Advantage...*
* *



On Wed, Oct 6, 2010 at 5:29 PM, Raper, Jonathan - Eagle  wrote:

>  I know we kicked this around a little while back…I don’t remember seeing
> this before, though it was released in April of last year. It may be helpful
> if you’re up against this for the first time and haven’t seen it before.
> Regardless, I’m sure there’s something left to be desired, and I’m not
> trying to stir up a debate – just trying to be helpful…
>
>
>
> http://seminars.apple.com/seminarsonline/activedir/dmr/
>
>
>
> http://www.seminars.apple.com/seminarsonline/clientmgmt/apple/index.html
>
>
>
> Jonathan L. Raper, A+, MCSA, MCSE
> Technology Coordinator
> Eagle Physicians & Associates, PA*
> *jra...@eaglemds.com*
> *www.eaglemds.com
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: AV Opinions

2010-10-07 Thread Andrew S. Baker

Look at ESET NOD32 and Avast.   Sophos is okay, too.


*ASB *(My XeeSM Profile) 
*Exploiting Technology for Business Advantage...*
* *



On Wed, Oct 6, 2010 at 7:09 PM, Joseph L. Casale
wrote:

>  At one of the shops that I look after, I have been asked to change the AV
> to something new and current.
>
> Vipre and Forefront excluded (I know enough about those already), what else
> are you guys using that’s good?
>
>
>
> It’s been a while since I looked at all the other vendors, I have such
> little time to eval for this need, I can’t just download all vendors
> packages and trial each one for 30 days, I need to look at one and hopefully
> get it rightL
>
>
>
> Thanks for any opinions,
>
> jlc
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: AV Opinions

2010-10-07 Thread Alan Davies

Sophos seem to be excellent detection wise.  As for not detecting Conficker 
below, that'll have been another issue as there is no AV product out there that 
can't detect it.  If I had to guess, perhaps one host was infected and locked 
out AD, but all the Sophos alerts were from machines missing MS08-067 that were 
"getting infected" because the OS could not protect against it, but immediately 
cleaned by Sophos.  Certainly behaviour I've seen before.  You must patch 
Windows, AV can do everything on its own.
 
One negative comment about Sophos - they are still, in my opinion, very low 
down the pecking order in Enterprise Management.  They have a long, long way to 
catch up on McAfee and the like for agent management, alerting, mandatory 
policies, etc.  You can work around these things and it's a great AV product, 
but if you're a large, sensitive environment, it may frustrate you a little.  
Going from 7 to 9 didn't improve these grumbles much ...
 
 
 
a



From: Ames Matthew B [mailto:mba...@qinetiq.com] 
Sent: 07 October 2010 08:12
To: NT System Admin Issues
Subject: RE: AV Opinions


We run Sophos here, and it seems to do a reasonable job.  Corporate IS got 
caught last year with their pants down after a departmental server without any 
AV on it (or seriously out of date - guess someone got a good telling off for 
that) managed to get Conficker.  Given we don't have a direct net connection to 
our deskstops or services network, they had not bothered to install the 
hotfixes to prevent this
 
For what ever reason Sophos did not detected it, and quite a few machines got 
infected, and a couple of thousand user accounts got locked out.  Took them a 
few days to get things under control - I wrote a little ldap tool to monitor 
the number of locked out user accounts :-)
 
Sophos is a bit of a memory hog (not sure how it compares to other versions), 
taking around 150MB (savservice.exe alone is taking 108MB on my machine 
currently).  We are currently using 7.6.20
 
tht,
Matt




From: Jim Holmgren [mailto:jholmg...@xlhealth.com] 
Sent: 07 October 2010 01:23
To: NT System Admin Issues
Subject: RE: AV Opinions


Give Sophos a long look.  I firmly believe they are the best of breed that 
nobody seems to talk about.  They don't market to the non-corporate crowd, so 
that probably has something to do with it.  I asked this list and a few other 
resources when I was evaluating solutions.  I did not hear from a single person 
using Sophos that did not like it.
 
We are replacing Symantec with Sophos right now and it is going very well so 
far.   
 
Sophos will sync with AD (if you want) to automatically protect computers when 
you add them.  It will remove Symantec cleanly (so far on about 25 test/pilot 
users it has been perfect) when pushing it out.  It includes device control 
(want to block USB storage devices...2-3 clicks and you are done), a NAC 
component, and a firewall. 
 
It also includes clients for Mac/Linux and with each corporate license, you get 
a free at-home license.   NFI - just a very satisfied customer so far.
 
Jim
 
 



From: Joseph L. Casale [mailto:jcas...@activenetwerx.com]
Sent: Wed 10/6/2010 7:09 PM
To: NT System Admin Issues
Subject: AV Opinions



At one of the shops that I look after, I have been asked to change the AV to 
something new and current.

Vipre and Forefront excluded (I know enough about those already), what else are 
you guys using that's good?

 

It's been a while since I looked at all the other vendors, I have such little 
time to eval for this need, I can't just download all vendors packages and 
trial each one for 30 days, I need to look at one and hopefully get it rightL

 

Thanks for any opinions,

jlc

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use 
of the intended recipient(s) and may contain confidential and/or protected 
health information. Under the Federal Law (HIPAA), the intended recipient is 
obligated to keep this information secure and confidential. Any disclosure to 
third parties without authorization from the member of as permitted by law is 
prohibited and punishable under Federal Law. If you are not the intended 
recipient, please contact the sender by reply e-mail and destroy all co

RE: AV Opinions

2010-10-07 Thread Paul Hutchings

Avira Antivir is very good.

 

I tend to take the view of layers so I rely a lot on having very good
URL filtering in place so that hopefully the A/V doesn't need to do
much, but I still rate the product very highly.

 

From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] 
Sent: 07 October 2010 00:09
To: NT System Admin Issues
Subject: AV Opinions

 

At one of the shops that I look after, I have been asked to change the
AV to something new and current.

Vipre and Forefront excluded (I know enough about those already), what
else are you guys using that's good?

 

It's been a while since I looked at all the other vendors, I have such
little time to eval for this need, I can't just download all vendors
packages and trial each one for 30 days, I need to look at one and
hopefully get it rightL

 

Thanks for any opinions,

jlc

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


--
MIRA Ltd

Watling Street, Nuneaton, Warwickshire, CV10 0TU, England
Registered in England and Wales No. 402570
VAT Registration  GB 114 5409 96

The contents of this e-mail are confidential and are solely for the use of the 
intended recipient.  If you receive this e-mail in error, please delete it and 
notify us either by e-mail, telephone or fax.  You should not copy, forward or 
otherwise disclose the content of the e-mail as this is prohibited.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

1 2 >

1 - 100 of 103 matches

Mail list logo