Re: Multiple monitor control
Ultramon is awesome, I've also used SplitView with good results On 7 November 2010 13:44, Tony Patton apco...@gmail.com wrote: That's the way I have mine configured. I also use Ultramon, its very handy for multi monitor setups. T typed slowly on HTC Desire On 6 Nov 2010 13:13, Jeff Steward jstew...@gmail.com wrote: Look for the setting called Dual-View, not Span. -Jeff Steward On Sat, Nov 6, 2010 at 3:29 AM, Jim McAtee j...@zolx.com wrote: (I'd normally post this to the XP list, but it's pretty dead...) I'm running XP Pro and have two native 1280x1024 monitors, and an NVIDIA GeForce 6600 GT video card. When I enable two monitors the NVIDIA driver stretches the desktop across both monitors, which means that the taskbar stretches from one end to the other and the system tray ends up at the far right of the right-hand monitor. What I'd prefer is to have the left/primary monitor behave as it always has: - the taskbar should only appear on the left-hand monitor, with the system tray at the right hand side of this monitor - anything that appears in the -center- of the screen, such as dialogue boxes, should appear in the center of the left-hand monitor - the right-hand monitor should only be used for windows dragged into this space - and (would be nice) if a window is maximized, it maximizes on the monitor in which it resides, not across the entire desktop Does anyone know how I can accomplish this? I have a feeling that the NVIDIA driver may be purposely trying to do things that I don't want, but isn't as configurable as I'd like. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: PC Memory
I have a couple of customers who use these types of devices: http://www.memorytesters.com/ Webster From: Bob Hartung [mailto:bhart...@wiscoind.com] Subject: PC Memory The subject of Dell vs Kingston memory reminded me of something that's always frustrated me about computer memory and that's figuring out how to identify what a memory chip is and what it would work in. Some memory suppliers are good about putting ID stickers on the memory so you have some idea of what you have but more often than not, they don't. I'd like to be able to take a memory module and have some way of identifying the amount of RAM, speed, compatibility. Is there a reference or website that has information like that? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
non-APC batteries?
Needing to replace battery on a 3-yr-old APC SmartUPS 1000xl ... any reason not to go with a less expensive non-APC alternative (like http://www.thenerds.net/AMERICAN_BATTERY.ABC_Replacement_Battery_Cartrige7.RBC7.html)? Thanks, Adam ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: non-APC batteries?
APC batteries aren't even manufactured by APC...many times there is an APC label over top of the case where the original manufacturer's logo is actually printed directly on the case. I go with what is available at Batteries Plus; as long as the connector sizes are the same, the Ah ratings are the same, and the case is physically the same (this is important! Many times the cases need to be the EXACT size of the original) you're good to go. Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA jra...@eaglemds.com www.eaglemds.com -Original Message- From: Adam Greene [mailto:maill...@webjogger.net] Sent: Monday, November 08, 2010 10:17 AM To: NT System Admin Issues Subject: non-APC batteries? Needing to replace battery on a 3-yr-old APC SmartUPS 1000xl ... any reason not to go with a less expensive non-APC alternative (like http://www.thenerds.net/AMERICAN_BATTERY.ABC_Replacement_Battery_Cartrige7.RBC7.html)? Thanks, Adam ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin Any medical information contained in this electronic message is CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to view, copy, disclose, or disseminate CONFIDENTIAL information. This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and/or entity named as recipients in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete this material from your computer. Do not deliver, distribute or copy this message, and do not disclose its contents or take any action in reliance on the information that it contains. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: non-APC batteries?
I got my last replacement battery from RefurbUPS.com and it's performed great so far. Saved a ton of money compared to the pricing direct from APC, too. Jack Kramer Computer Systems Specialist University Relations, Michigan State University w: 517-884-1231 / c: 248-635-4955 On 11/8/10 10:17 AM, Adam Greene maill...@webjogger.net wrote: Needing to replace battery on a 3-yr-old APC SmartUPS 1000xl ... any reason not to go with a less expensive non-APC alternative (like http://www.thenerds.net/AMERICAN_BATTERY.ABC_Replacement_Battery_Cartrige7 .RBC7.html)? Thanks, Adam ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
KMS activation issue
Ok, so ordered Windows Data Center 2008 do I can use many servers on my Virtual Infrastructure, I now added an 2008R2 server using the MAK key, and getting an error code: 0xC004F038, after Googeling it i get that I need minimum 25 servers on that key! What's up with that? What am I doing wrong? -- Stefan Jafs ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: non-APC batteries?
Thanks, Jack and Jonathan. Exactly the feedback I needed. Much appreciated. Adam On 11/8/2010 10:35 AM, Kramer, Jack wrote: I got my last replacement battery from RefurbUPS.com and it's performed great so far. Saved a ton of money compared to the pricing direct from APC, too. Jack Kramer Computer Systems Specialist University Relations, Michigan State University w: 517-884-1231 / c: 248-635-4955 On 11/8/10 10:17 AM, Adam Greenemaill...@webjogger.net wrote: Needing to replace battery on a 3-yr-old APC SmartUPS 1000xl ... any reason not to go with a less expensive non-APC alternative (like http://www.thenerds.net/AMERICAN_BATTERY.ABC_Replacement_Battery_Cartrige7 .RBC7.html)? Thanks, Adam ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Home Folder Permissions reset
Hey list, I'm sure this is something that has been touched on before, but my quick search through the list archives didn't get anything concrete... I'm looking to lock down permissions on user home folders. I'm unsure on how, but one user was able to access the contents of another and that will have to be stopped ASAP. I'd like some help on what are the correct permissions, as I have a few questions. Let me explain what things are like currently. Right now, home folder permissions are as follows: There is a \\SERVER\Homes share. The _sharing_ permissions on this folder is set to Everyone has Change, Domain Admins has Full control. Each user has a home folder under this share (i.e.: \\SERVER\Homes\Username) with the following permissions: DOMAN\Username has Modify SERVER\Administrators has Full Control SERVER\Users has Read and Execute[1] SYSTEM has full control CREATOR OWNER has no permissions And now, several questions: A) What are the correct sharing permissions? Should Everyone be changed to Domain Users? Should Domain Admins not be in that list? B) What is the SYSTEM permissions for? Is it needed? C) SERVER\Administrators vs DOMAIN\Domain Admins... Which is more appropriate? I'm working on a script to reset these permissions, probably with xcacls. I need to find my old cacls script first, or write it from scratch. If somebody has a working script for this handy, I'd love a copy. [1] The SERVER\Users group appears to be part of my problem, as I didn't intend for other users to be able to read and/or execute files on another user's home folder, but this was an inherited permission I missed. --Matt Ross Ephrata School District ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Home Folder Permissions reset
Authenticated Users should have Read access to \\SERVER\Homes, each individual user should have Full Control to \\SERVER\Homes\username. Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com -Original Message- From: Matthew W. Ross [mailto:mr...@ephrataschools.org] Sent: Monday, November 08, 2010 11:48 AM To: NT System Admin Issues Subject: Home Folder Permissions reset Hey list, I'm sure this is something that has been touched on before, but my quick search through the list archives didn't get anything concrete... I'm looking to lock down permissions on user home folders. I'm unsure on how, but one user was able to access the contents of another and that will have to be stopped ASAP. I'd like some help on what are the correct permissions, as I have a few questions. Let me explain what things are like currently. Right now, home folder permissions are as follows: There is a \\SERVER\Homes share. The _sharing_ permissions on this folder is set to Everyone has Change, Domain Admins has Full control. Each user has a home folder under this share (i.e.: \\SERVER\Homes\Username) with the following permissions: DOMAN\Username has Modify SERVER\Administrators has Full Control SERVER\Users has Read and Execute[1] SYSTEM has full control CREATOR OWNER has no permissions And now, several questions: A) What are the correct sharing permissions? Should Everyone be changed to Domain Users? Should Domain Admins not be in that list? B) What is the SYSTEM permissions for? Is it needed? C) SERVER\Administrators vs DOMAIN\Domain Admins... Which is more appropriate? I'm working on a script to reset these permissions, probably with xcacls. I need to find my old cacls script first, or write it from scratch. If somebody has a working script for this handy, I'd love a copy. [1] The SERVER\Users group appears to be part of my problem, as I didn't intend for other users to be able to read and/or execute files on another user's home folder, but this was an inherited permission I missed. --Matt Ross Ephrata School District ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Home Folder Permissions reset
Read access to the Share allows users to write to their home folders? Also, doesn't full control allow a user to change his permissions? --Matt Ross Ephrata School District - Original Message - From: Don Guyer [mailto:don.gu...@prufoxroach.com] To: NT System Admin Issues [mailto:ntsysad...@lyris.sunbelt-software.com] Sent: Mon, 08 Nov 2010 08:56:43 -0800 Subject: RE: Home Folder Permissions reset Authenticated Users should have Read access to \\SERVER\Homes, each individual user should have Full Control to \\SERVER\Homes\username. Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com -Original Message- From: Matthew W. Ross [mailto:mr...@ephrataschools.org] Sent: Monday, November 08, 2010 11:48 AM To: NT System Admin Issues Subject: Home Folder Permissions reset Hey list, I'm sure this is something that has been touched on before, but my quick search through the list archives didn't get anything concrete... I'm looking to lock down permissions on user home folders. I'm unsure on how, but one user was able to access the contents of another and that will have to be stopped ASAP. I'd like some help on what are the correct permissions, as I have a few questions. Let me explain what things are like currently. Right now, home folder permissions are as follows: There is a \\SERVER\Homes share. The _sharing_ permissions on this folder is set to Everyone has Change, Domain Admins has Full control. Each user has a home folder under this share (i.e.: \\SERVER\Homes\Username) with the following permissions: DOMAN\Username has Modify SERVER\Administrators has Full Control SERVER\Users has Read and Execute[1] SYSTEM has full control CREATOR OWNER has no permissions And now, several questions: A) What are the correct sharing permissions? Should Everyone be changed to Domain Users? Should Domain Admins not be in that list? B) What is the SYSTEM permissions for? Is it needed? C) SERVER\Administrators vs DOMAIN\Domain Admins... Which is more appropriate? I'm working on a script to reset these permissions, probably with xcacls. I need to find my old cacls script first, or write it from scratch. If somebody has a working script for this handy, I'd love a copy. [1] The SERVER\Users group appears to be part of my problem, as I didn't intend for other users to be able to read and/or execute files on another user's home folder, but this was an inherited permission I missed. --Matt Ross Ephrata School District ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Home Folder Permissions reset
Authenticated Users should have LIST access to \\SERVER\Homes, each individual user should have Modify to \\SERVER\Homes\username. Derek A Johnson Sr. Systems Administrator National Association of Realtors 430 N. Michigan Ave. Chicago, IL 60611 Email: djohn...@realtors.org Cell: 262.496.9201 Desk: 312.329.8618 -Original Message- From: Don Guyer [mailto:don.gu...@prufoxroach.com] Sent: Monday, November 08, 2010 10:57 AM To: NT System Admin Issues Subject: RE: Home Folder Permissions reset Authenticated Users should have Read access to \\SERVER\Homesfile:///\\SERVER\Homes, each individual user should have Full Control to \\SERVER\Homes\usernamefile:///\\SERVER\Homes\username. Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.commailto:don.gu...@prufoxroach.com -Original Message- From: Matthew W. Ross [mailto:mr...@ephrataschools.org] Sent: Monday, November 08, 2010 11:48 AM To: NT System Admin Issues Subject: Home Folder Permissions reset Hey list, I'm sure this is something that has been touched on before, but my quick search through the list archives didn't get anything concrete... I'm looking to lock down permissions on user home folders. I'm unsure on how, but one user was able to access the contents of another and that will have to be stopped ASAP. I'd like some help on what are the correct permissions, as I have a few questions. Let me explain what things are like currently. Right now, home folder permissions are as follows: There is a \\SERVER\Homesfile:///\\SERVER\Homes share. The _sharing_ permissions on this folder is set to Everyone has Change, Domain Admins has Full control. Each user has a home folder under this share (i.e.: \\SERVER\Homes\Usernamefile:///\\SERVER\Homes\Username) with the following permissions: DOMAN\Username has Modify SERVER\Administrators has Full Control SERVER\Users has Read and Execute[1] SYSTEM has full control CREATOR OWNER has no permissions And now, several questions: A) What are the correct sharing permissions? Should Everyone be changed to Domain Users? Should Domain Admins not be in that list? B) What is the SYSTEM permissions for? Is it needed? C) SERVER\Administrators vs DOMAIN\Domain Admins... Which is more appropriate? I'm working on a script to reset these permissions, probably with xcacls. I need to find my old cacls script first, or write it from scratch. If somebody has a working script for this handy, I'd love a copy. [1] The SERVER\Users group appears to be part of my problem, as I didn't intend for other users to be able to read and/or execute files on another user's home folder, but this was an inherited permission I missed. --Matt Ross Ephrata School District ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: KMS activation issue
Ok, so I had to add Volume Activation Managment tools add the MAK key and then do the Activation, it's all good took a little while to figure out. On Mon, Nov 8, 2010 at 11:40 AM, Stefan Jafs stefan.j...@gmail.com wrote: Ok, so ordered Windows Data Center 2008 do I can use many servers on my Virtual Infrastructure, I now added an 2008R2 server using the MAK key, and getting an error code: 0xC004F038, after Googeling it i get that I need minimum 25 servers on that key! What's up with that? What am I doing wrong? -- Stefan Jafs ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- Stefan Jafs ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Home Folder Permissions reset
I think Don was referring to the NTFS permissions, not the Share permissions. Each admin has to decide whether they want their users to have full control to their individual user folders (business may also dictate). Yes, full control would allow them to change the permissions on his/her folder, including removing the local admin group. From my experience, I usually do the following for the NTFS permissions: -For the top-level Homes folder (we call it Users), we usually just do domain users - read/list folder contents plus administrators - full control -for the individual user folders, I do administrators - full control and the individual user - modify. I also remove any inherited permissions when the folder is originally created, including Creator/Owner. Regarding share permissions, everyone has a different opinion on this. Some go the route of just leaving the share permissions at Everyone - Full Control and restricting permissions using the NTFS permissions. Some go a step further and restrict both Share and NTFS permissions. The thing to keep in mind is that when combining Share and NTFS permissions, the most restrictive always wins. So if Share permissions are set to Everyone - Full Control, and NTFS permissions for a certain group are set to read only, members of that group (assuming they don't have explicit permissions or are not members of another group that has more permissions) would have read only access. As for SYSTEM, I did some researching on this a while back, and found that for a volume containing only files/folders, it does not appear to be necessary. We have removed it from our data volumes without noticing any issues at all. HTH, James -Original Message- From: Matthew W. Ross Sent: Monday, November 08, 2010 10:04 AM To: NT System Admin Issues Subject: RE: Home Folder Permissions reset Read access to the Share allows users to write to their home folders? Also, doesn't full control allow a user to change his permissions? --Matt Ross Ephrata School District - Original Message - From: Don Guyer [mailto:don.gu...@prufoxroach.com] To: NT System Admin Issues [mailto:ntsysad...@lyris.sunbelt-software.com] Sent: Mon, 08 Nov 2010 08:56:43 -0800 Subject: RE: Home Folder Permissions reset Authenticated Users should have Read access to \\SERVER\Homes, each individual user should have Full Control to \\SERVER\Homes\username. Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com -Original Message- From: Matthew W. Ross [mailto:mr...@ephrataschools.org] Sent: Monday, November 08, 2010 11:48 AM To: NT System Admin Issues Subject: Home Folder Permissions reset Hey list, I'm sure this is something that has been touched on before, but my quick search through the list archives didn't get anything concrete... I'm looking to lock down permissions on user home folders. I'm unsure on how, but one user was able to access the contents of another and that will have to be stopped ASAP. I'd like some help on what are the correct permissions, as I have a few questions. Let me explain what things are like currently. Right now, home folder permissions are as follows: There is a \\SERVER\Homes share. The _sharing_ permissions on this folder is set to Everyone has Change, Domain Admins has Full control. Each user has a home folder under this share (i.e.: \\SERVER\Homes\Username) with the following permissions: DOMAN\Username has Modify SERVER\Administrators has Full Control SERVER\Users has Read and Execute[1] SYSTEM has full control CREATOR OWNER has no permissions And now, several questions: A) What are the correct sharing permissions? Should Everyone be changed to Domain Users? Should Domain Admins not be in that list? B) What is the SYSTEM permissions for? Is it needed? C) SERVER\Administrators vs DOMAIN\Domain Admins... Which is more appropriate? I'm working on a script to reset these permissions, probably with xcacls. I need to find my old cacls script first, or write it from scratch. If somebody has a working script for this handy, I'd love a copy. [1] The SERVER\Users group appears to be part of my problem, as I didn't intend for other users to be able to read and/or execute files on another user's home folder, but this was an inherited permission I missed. --Matt Ross Ephrata School District ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here:
Re: Home Folder Permissions reset
Matt, The SYSTEM permissions will allow the local computer to do things like DEFRAG those folders. Here are some scripts that might help: - * http://kb.ultratech-llc.com/Scripts/?File=Perms.BAThttp://kb.ultratech-llc.com/Scripts/?File=HomePerms.BAT* - *http://KB.UltraTech-llc.com/Scripts/?File=Perms.BAT http://kb.ultratech-llc.com/Scripts/?File=Perms.BAT* *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Mon, Nov 8, 2010 at 11:47 AM, Matthew W. Ross mr...@ephrataschools.orgwrote: Hey list, I'm sure this is something that has been touched on before, but my quick search through the list archives didn't get anything concrete... I'm looking to lock down permissions on user home folders. I'm unsure on how, but one user was able to access the contents of another and that will have to be stopped ASAP. I'd like some help on what are the correct permissions, as I have a few questions. Let me explain what things are like currently. Right now, home folder permissions are as follows: There is a \\SERVER\Homes share. The _sharing_ permissions on this folder is set to Everyone has Change, Domain Admins has Full control. Each user has a home folder under this share (i.e.: \\SERVER\Homes\Username) with the following permissions: DOMAN\Username has Modify SERVER\Administrators has Full Control SERVER\Users has Read and Execute[1] SYSTEM has full control CREATOR OWNER has no permissions And now, several questions: A) What are the correct sharing permissions? Should Everyone be changed to Domain Users? Should Domain Admins not be in that list? B) What is the SYSTEM permissions for? Is it needed? C) SERVER\Administrators vs DOMAIN\Domain Admins... Which is more appropriate? I'm working on a script to reset these permissions, probably with xcacls. I need to find my old cacls script first, or write it from scratch. If somebody has a working script for this handy, I'd love a copy. [1] The SERVER\Users group appears to be part of my problem, as I didn't intend for other users to be able to read and/or execute files on another user's home folder, but this was an inherited permission I missed. --Matt Ross Ephrata School District ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Excel Issue
One of our more proficient users has been saving excel data as .shs somehow. They have been doing this since 2006? Now that we are on Office 2010 it doesn't:) I don't have any old version of excel installed anywhere, is there any way for me to recover this in 2010? Thanks! jlc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Excel Issue
Google excell .shs convert gives lots of free converters. From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Monday, November 08, 2010 12:32 PM To: NT System Admin Issues Subject: Excel Issue One of our more proficient users has been saving excel data as .shs somehow. They have been doing this since 2006? Now that we are on Office 2010 it doesn'tJ I don't have any old version of excel installed anywhere, is there any way for me to recover this in 2010? Thanks! jlc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: KMS activation issue
You need five servers hitting KMS to get it started. 25 is for desktops. However you say you used a MAK key on the 2008R2 server? That is the problem...if you want that server to be your KMS sever you need to put the KMS license in it. Remove the MAK key and add the KMS key with slmgr.vbs. From: Stefan Jafs [mailto:stefan.j...@gmail.com] Sent: Monday, November 08, 2010 11:41 AM To: NT System Admin Issues Subject: KMS activation issue Ok, so ordered Windows Data Center 2008 do I can use many servers on my Virtual Infrastructure, I now added an 2008R2 server using the MAK key, and getting an error code: 0xC004F038, after Googeling it i get that I need minimum 25 servers on that key! What's up with that? What am I doing wrong? -- Stefan Jafs ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Home Folder Permissions reset
http://blogs.technet.com/b/askds/archive/2008/06/30/automatic-creation-of-user-folders-for-home-roaming-profile-and-redirected-folders.aspx Give that a read... I have used setacl and a script to interpret folder name into account name to tidy this up. jlc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: KMS activation issue
Thank I just realized that my Data server Licence is an KMS key not MAK! So do I need to run the utility on 5 of my server to change from MAK to KMS to get it to work? SJ On Mon, Nov 8, 2010 at 12:36 PM, Kennedy, Jim kennedy...@elyriaschools.orgwrote: You need five servers hitting KMS to get it started. 25 is for desktops. However you say you used a MAK key on the 2008R2 server? That is the problem…if you want that server to be your KMS sever you need to put the KMS license in it. Remove the MAK key and add the KMS key with slmgr.vbs. *From:* Stefan Jafs [mailto:stefan.j...@gmail.com] *Sent:* Monday, November 08, 2010 11:41 AM *To:* NT System Admin Issues *Subject:* KMS activation issue Ok, so ordered Windows Data Center 2008 do I can use many servers on my Virtual Infrastructure, I now added an 2008R2 server using the MAK key, and getting an error code: 0xC004F038, after Googeling it i get that I need minimum 25 servers on that key! What's up with that? What am I doing wrong? -- Stefan Jafs ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- Stefan Jafs ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: KMS activation issue
Ok, you only install the KMS key on the one server you want to be your KMS server. You install no key on any of the other servers, so remove the MAK and add in nothing on the other servers with slmgr.vbs. Check your DNS to make sure the KMS server registered itself as the kms server for your domain. If your KMS server is 2008 and you need to service R2 or windows 7 clients you need this update: http://support.microsoft.com/kb/968912 From: Stefan Jafs [mailto:stefan.j...@gmail.com] Sent: Monday, November 08, 2010 1:39 PM To: NT System Admin Issues Subject: Re: KMS activation issue Thank I just realized that my Data server Licence is an KMS key not MAK! So do I need to run the utility on 5 of my server to change from MAK to KMS to get it to work? SJ On Mon, Nov 8, 2010 at 12:36 PM, Kennedy, Jim kennedy...@elyriaschools.orgmailto:kennedy...@elyriaschools.org wrote: You need five servers hitting KMS to get it started. 25 is for desktops. However you say you used a MAK key on the 2008R2 server? That is the problem...if you want that server to be your KMS sever you need to put the KMS license in it. Remove the MAK key and add the KMS key with slmgr.vbs. From: Stefan Jafs [mailto:stefan.j...@gmail.commailto:stefan.j...@gmail.com] Sent: Monday, November 08, 2010 11:41 AM To: NT System Admin Issues Subject: KMS activation issue Ok, so ordered Windows Data Center 2008 do I can use many servers on my Virtual Infrastructure, I now added an 2008R2 server using the MAK key, and getting an error code: 0xC004F038, after Googeling it i get that I need minimum 25 servers on that key! What's up with that? What am I doing wrong? -- Stefan Jafs ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- Stefan Jafs ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Home Folder Permissions reset
Yes, I was talking NTFS perms. For new users here, we map their home drives using AD, which automagically gives them Full Perms to this folder. We've never ran into any issues doing it this way and don't see a need to change it up, for fear of the user messing with their folder. Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com -Original Message- From: James Winzenz [mailto:james.winz...@hotmail.com] Sent: Monday, November 08, 2010 12:26 PM To: NT System Admin Issues Subject: Re: Home Folder Permissions reset I think Don was referring to the NTFS permissions, not the Share permissions. Each admin has to decide whether they want their users to have full control to their individual user folders (business may also dictate). Yes, full control would allow them to change the permissions on his/her folder, including removing the local admin group. From my experience, I usually do the following for the NTFS permissions: -For the top-level Homes folder (we call it Users), we usually just do domain users - read/list folder contents plus administrators - full control -for the individual user folders, I do administrators - full control and the individual user - modify. I also remove any inherited permissions when the folder is originally created, including Creator/Owner. Regarding share permissions, everyone has a different opinion on this. Some go the route of just leaving the share permissions at Everyone - Full Control and restricting permissions using the NTFS permissions. Some go a step further and restrict both Share and NTFS permissions. The thing to keep in mind is that when combining Share and NTFS permissions, the most restrictive always wins. So if Share permissions are set to Everyone - Full Control, and NTFS permissions for a certain group are set to read only, members of that group (assuming they don't have explicit permissions or are not members of another group that has more permissions) would have read only access. As for SYSTEM, I did some researching on this a while back, and found that for a volume containing only files/folders, it does not appear to be necessary. We have removed it from our data volumes without noticing any issues at all. HTH, James -Original Message- From: Matthew W. Ross Sent: Monday, November 08, 2010 10:04 AM To: NT System Admin Issues Subject: RE: Home Folder Permissions reset Read access to the Share allows users to write to their home folders? Also, doesn't full control allow a user to change his permissions? --Matt Ross Ephrata School District - Original Message - From: Don Guyer [mailto:don.gu...@prufoxroach.com] To: NT System Admin Issues [mailto:ntsysad...@lyris.sunbelt-software.com] Sent: Mon, 08 Nov 2010 08:56:43 -0800 Subject: RE: Home Folder Permissions reset Authenticated Users should have Read access to \\SERVER\Homes, each individual user should have Full Control to \\SERVER\Homes\username. Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com -Original Message- From: Matthew W. Ross [mailto:mr...@ephrataschools.org] Sent: Monday, November 08, 2010 11:48 AM To: NT System Admin Issues Subject: Home Folder Permissions reset Hey list, I'm sure this is something that has been touched on before, but my quick search through the list archives didn't get anything concrete... I'm looking to lock down permissions on user home folders. I'm unsure on how, but one user was able to access the contents of another and that will have to be stopped ASAP. I'd like some help on what are the correct permissions, as I have a few questions. Let me explain what things are like currently. Right now, home folder permissions are as follows: There is a \\SERVER\Homes share. The _sharing_ permissions on this folder is set to Everyone has Change, Domain Admins has Full control. Each user has a home folder under this share (i.e.: \\SERVER\Homes\Username) with the following permissions: DOMAN\Username has Modify SERVER\Administrators has Full Control SERVER\Users has Read and Execute[1] SYSTEM has full control CREATOR OWNER has no permissions And now, several questions: A) What are the correct sharing permissions? Should Everyone be changed to Domain Users? Should Domain Admins not be in that list? B) What is the SYSTEM permissions for? Is it needed? C) SERVER\Administrators vs DOMAIN\Domain Admins... Which is more appropriate? I'm working on a script to reset these permissions, probably with xcacls. I need to find my old cacls script first, or write it from scratch. If somebody has a working script for this handy, I'd love a copy. [1] The SERVER\Users group appears to be
PSEXEC and %homedrive%
Wondering if anyone else has run into this before. I've got a VBS script that we use pretty frequently, and I was trying to run it remotely using PSEXEC against a bunch of systems. Finally narrowed the problem down to the fact that for some reason, the %HOMEDRIVE% variable and PSEXEC didn't mix well on some systems. Not all. And if run locally, it worked perfectly. I also enumerated the variable through PSEXEC remotely without any issues, which surprised me. I was able to change the variable to %SYSTEMROOT%. which solved the issue, but was wondering what the underlying problem was. Very odd. Thanks Chris Bodnar, MCSE Systems Engineer Distributed Systems Service Delivery - Intel Services Guardian Life Insurance Company of America Email: christopher_bod...@glic.com Phone: 610-807-6459 Fax: 610-807-6003 - This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: PSEXEC and %homedrive%
If you are using PSEXEC remotely, then it is running on the remote system in a local system context, unless you specified the credentials it was to use. That can be a problem if you're not limiting your actions on the remote end to generic system activities. *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Mon, Nov 8, 2010 at 1:45 PM, Christopher Bodnar christopher_bod...@glic.com wrote: Wondering if anyone else has run into this before. I've got a VBS script that we use pretty frequently, and I was trying to run it remotely using PSEXEC against a bunch of systems. Finally narrowed the problem down to the fact that for some reason, the %HOMEDRIVE% variable and PSEXEC didn't mix well on some systems. Not all. And if run locally, it worked perfectly. I also enumerated the variable through PSEXEC remotely without any issues, which surprised me. I was able to change the variable to %SYSTEMROOT%. which solved the issue, but was wondering what the underlying problem was. Very odd. Thanks Chris Bodnar, MCSE Systems Engineer ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Deploy 2008 R2 Domain Controllers
Good morning all, We recently acquired new servers to replace our existing Domain Controllers as part of our hardware refresh strategy. Obviously we want to get the hardware into production as soon as possible, but we're not quite ready to take on the project of upgrading the forest to 2008. Would their be any issues with replacing all of our existing Windows 2003 DCs with Windows 2008 R2, but leaving the Forest/Domain functional levels at 2003 until we have validated all of the applications in our environment? Are there any major changes to DNS, WINs or DHCP that would need to be considered? - Sean ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Deploy 2008 R2 Domain Controllers
Forgot to mention we're running Exhcange 2003 SP2. From what I've read that should be supported. - Sean On Mon, Nov 8, 2010 at 10:25 AM, Sean Martin seanmarti...@gmail.com wrote: Good morning all, We recently acquired new servers to replace our existing Domain Controllers as part of our hardware refresh strategy. Obviously we want to get the hardware into production as soon as possible, but we're not quite ready to take on the project of upgrading the forest to 2008. Would their be any issues with replacing all of our existing Windows 2003 DCs with Windows 2008 R2, but leaving the Forest/Domain functional levels at 2003 until we have validated all of the applications in our environment? Are there any major changes to DNS, WINs or DHCP that would need to be considered? - Sean ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Deploy 2008 R2 Domain Controllers
I don't see any issues. You will have to bump the schema, but as long as you don't change the DFL or FFL, you'll continue to operate as you always have. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Sean Martin [mailto:seanmarti...@gmail.com] Sent: Monday, November 08, 2010 2:27 PM To: NT System Admin Issues Subject: Re: Deploy 2008 R2 Domain Controllers Forgot to mention we're running Exhcange 2003 SP2. From what I've read that should be supported. - Sean On Mon, Nov 8, 2010 at 10:25 AM, Sean Martin seanmarti...@gmail.commailto:seanmarti...@gmail.com wrote: Good morning all, We recently acquired new servers to replace our existing Domain Controllers as part of our hardware refresh strategy. Obviously we want to get the hardware into production as soon as possible, but we're not quite ready to take on the project of upgrading the forest to 2008. Would their be any issues with replacing all of our existing Windows 2003 DCs with Windows 2008 R2, but leaving the Forest/Domain functional levels at 2003 until we have validated all of the applications in our environment? Are there any major changes to DNS, WINs or DHCP that would need to be considered? - Sean ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Deploy 2008 R2 Domain Controllers
Sean- You'll be fine leaving the functional level as-is, however any app compat issue you're going to have is about 99% likely to be a result of the OS upgrade not the DFL/FFL bump. Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Sean Martin [mailto:seanmarti...@gmail.com] Sent: Monday, November 08, 2010 11:27 AM To: NT System Admin Issues Subject: Re: Deploy 2008 R2 Domain Controllers Forgot to mention we're running Exhcange 2003 SP2. From what I've read that should be supported. - Sean On Mon, Nov 8, 2010 at 10:25 AM, Sean Martin seanmarti...@gmail.commailto:seanmarti...@gmail.com wrote: Good morning all, We recently acquired new servers to replace our existing Domain Controllers as part of our hardware refresh strategy. Obviously we want to get the hardware into production as soon as possible, but we're not quite ready to take on the project of upgrading the forest to 2008. Would their be any issues with replacing all of our existing Windows 2003 DCs with Windows 2008 R2, but leaving the Forest/Domain functional levels at 2003 until we have validated all of the applications in our environment? Are there any major changes to DNS, WINs or DHCP that would need to be considered? - Sean ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Deploy 2008 R2 Domain Controllers
There's no problem doing that. In fact, you can't move the forest to a higher functional level until you've gotten rid of all the 2003 DCs. :) WINS and DHCP are about the same, but DNS is a little bit cooler. In particular, conditional forwarders are more visible and managed centrally. *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Mon, Nov 8, 2010 at 2:25 PM, Sean Martin seanmarti...@gmail.com wrote: Good morning all, We recently acquired new servers to replace our existing Domain Controllers as part of our hardware refresh strategy. Obviously we want to get the hardware into production as soon as possible, but we're not quite ready to take on the project of upgrading the forest to 2008. Would their be any issues with replacing all of our existing Windows 2003 DCs with Windows 2008 R2, but leaving the Forest/Domain functional levels at 2003 until we have validated all of the applications in our environment? Are there any major changes to DNS, WINs or DHCP that would need to be considered? - Sean ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Need Volume License Reseller
My current reseller isn't working out. I deal mainly with small shops under 50 as well as several churches so they need to be familiar with discounted non-profit licensing. Tech Soup is out as they don't service religious institutions. I would like someone who deals with more than just MS, like Adobe and Autodesk as well. That's not a requirement I just like to deal with one person if I can. Any recommendations based on excellent service? -- Mike Gill ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Need Volume License Reseller
CDW? PCMall is an option as well. DAMIEN SOLODOW Systems Engineer 317.447.6033 (office) 317.217.6851 (fax) HARRISON COLLEGE From: Mike Gill [mailto:lis...@canbyfoursquare.com] Sent: Monday, November 08, 2010 3:48 PM To: NT System Admin Issues Subject: Need Volume License Reseller My current reseller isn't working out. I deal mainly with small shops under 50 as well as several churches so they need to be familiar with discounted non-profit licensing. Tech Soup is out as they don't service religious institutions. I would like someone who deals with more than just MS, like Adobe and Autodesk as well. That's not a requirement I just like to deal with one person if I can. Any recommendations based on excellent service? -- Mike Gill ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Need Volume License Reseller
Consistent Computer Bargains John W. Cook System Administrator Partnership For Strong Families 315 SE 2nd Ave Gainesville, Fl 32601 Cell (352) 215-6944 MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4 From: Mike Gill [mailto:lis...@canbyfoursquare.com] Sent: Monday, November 08, 2010 3:48 PM To: NT System Admin Issues Subject: Need Volume License Reseller My current reseller isn't working out. I deal mainly with small shops under 50 as well as several churches so they need to be familiar with discounted non-profit licensing. Tech Soup is out as they don't service religious institutions. I would like someone who deals with more than just MS, like Adobe and Autodesk as well. That's not a requirement I just like to deal with one person if I can. Any recommendations based on excellent service? -- Mike Gill ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin CONFIDENTIALITY STATEMENT: The information transmitted, or contained or attached to or with this Notice is intended only for the person or entity to which it is addressed and may contain Protected Health Information (PHI), confidential and/or privileged material. Any review, transmission, dissemination, or other use of, and taking any action in reliance upon this information by persons or entities other than the intended recipient without the express written consent of the sender are prohibited. This information may be protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other Federal and Florida laws. Improper or unauthorized use or disclosure of this information could result in civil and/or criminal penalties. Consider the environment. Please don't print this e-mail unless you really need to. This email and any attached files are confidential and intended solely for the intended recipient(s). If you are not the named recipient you should not read, distribute, copy or alter this email. Any views or opinions expressed in this email are those of the author and do not represent those of the company. Warning: Although precautions have been taken to make sure no viruses are present in this email, the company cannot accept responsibility for any loss or damage that arise from the use of this email or attachments. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Need Volume License Reseller
CDW has worked out very well for us. Been very good with MS licensing and our site licenses with Adobe...Symantec licensing. The account rep can fire up a conference call with a licensing specialist in a heartbeat on the particular product you need. That worked out for us very well as there were some major changes to the school agreements in Ohio with MS and we were very confused. From: Mike Gill [mailto:lis...@canbyfoursquare.com] Sent: Monday, November 08, 2010 3:48 PM To: NT System Admin Issues Subject: Need Volume License Reseller My current reseller isn't working out. I deal mainly with small shops under 50 as well as several churches so they need to be familiar with discounted non-profit licensing. Tech Soup is out as they don't service religious institutions. I would like someone who deals with more than just MS, like Adobe and Autodesk as well. That's not a requirement I just like to deal with one person if I can. Any recommendations based on excellent service? -- Mike Gill ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Need Volume License Reseller
CDW ask for Dave Chase Or Josh Luff daveandj...@cdw.commailto:daveandj...@cdw.com 866.429.8834 Derek A Johnson Sr. Systems Administrator National Association of Realtors 430 N. Michigan Ave. Chicago, IL 60611 Email: djohn...@realtors.orgmailto:djohn...@realtors.org Cell: 262.496.9201 Desk: 312.329.8618 From: John Cook [mailto:john.c...@pfsf.org] Sent: Monday, November 08, 2010 2:49 PM To: NT System Admin Issues Subject: RE: Need Volume License Reseller Consistent Computer Bargains John W. Cook System Administrator Partnership For Strong Families 315 SE 2nd Ave Gainesville, Fl 32601 Cell (352) 215-6944 MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4 From: Mike Gill [mailto:lis...@canbyfoursquare.com] Sent: Monday, November 08, 2010 3:48 PM To: NT System Admin Issues Subject: Need Volume License Reseller My current reseller isn't working out. I deal mainly with small shops under 50 as well as several churches so they need to be familiar with discounted non-profit licensing. Tech Soup is out as they don't service religious institutions. I would like someone who deals with more than just MS, like Adobe and Autodesk as well. That's not a requirement I just like to deal with one person if I can. Any recommendations based on excellent service? -- Mike Gill ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin CONFIDENTIALITY STATEMENT: The information transmitted, or contained or attached to or with this Notice is intended only for the person or entity to which it is addressed and may contain Protected Health Information (PHI), confidential and/or privileged material. Any review, transmission, dissemination, or other use of, and taking any action in reliance upon this information by persons or entities other than the intended recipient without the express written consent of the sender are prohibited. This information may be protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other Federal and Florida laws. Improper or unauthorized use or disclosure of this information could result in civil and/or criminal penalties. Consider the environment. Please don't print this e-mail unless you really need to. This email and any attached files are confidential and intended solely for the intended recipient(s). If you are not the named recipient you should not read, distribute, copy or alter this email. Any views or opinions expressed in this email are those of the author and do not represent those of the company. Warning: Although precautions have been taken to make sure no viruses are present in this email, the company cannot accept responsibility for any loss or damage that arise from the use of this email or attachments. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Need Volume License Reseller
I've had good success with CDW (Drew Klos) and TLIC (Matt Biben). Roger Wright ___ Life isn't like a box of chocolates. It's more like a jar of jalapenos: what you do today might burn your butt tomorrow. On Mon, Nov 8, 2010 at 3:48 PM, Mike Gill lis...@canbyfoursquare.comwrote: My current reseller isn’t working out. I deal mainly with small shops under 50 as well as several churches so they need to be familiar with discounted non-profit licensing. Tech Soup is out as they don’t service religious institutions. I would like someone who deals with more than just MS, like Adobe and Autodesk as well. That’s not a requirement I just like to deal with one person if I can. Any recommendations based on excellent service? -- Mike Gill ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Need Volume License Reseller
+1 CDW NEGATIVE 1 million - PC Mall. From: Roger Wright [mailto:rhw...@gmail.com] Sent: Monday, November 08, 2010 4:05 PM To: NT System Admin Issues Subject: Re: Need Volume License Reseller I've had good success with CDW (Drew Klos) and TLIC (Matt Biben). Roger Wright ___ Life isn't like a box of chocolates. It's more like a jar of jalapenos: what you do today might burn your butt tomorrow. On Mon, Nov 8, 2010 at 3:48 PM, Mike Gill lis...@canbyfoursquare.commailto:lis...@canbyfoursquare.com wrote: My current reseller isn't working out. I deal mainly with small shops under 50 as well as several churches so they need to be familiar with discounted non-profit licensing. Tech Soup is out as they don't service religious institutions. I would like someone who deals with more than just MS, like Adobe and Autodesk as well. That's not a requirement I just like to deal with one person if I can. Any recommendations based on excellent service? -- Mike Gill ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: PSEXEC and %homedrive%
On Mon, Nov 8, 2010 at 1:45 PM, Christopher Bodnar christopher_bod...@glic.com wrote: I've got a VBS script that we use pretty frequently, and I was trying to run it remotely using PSEXEC against a bunch of systems. Finally narrowed the problem down to the fact that for some reason, the %HOMEDRIVE% variable and PSEXEC didn't mix well on some systems. %HOMEDRIVE% is set as part of the user logon process, which, in my experience, generally doesn't happen for anything except a typical GUI logon. (%HOMEDRIVE% and %HOMEPATH% both come from the setting on the Profile tab of an account's properties.) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Need Volume License Reseller
NEGATIVE 1 million - PC Mall. As a laid off former PCMall employee, u, I _must_ (legally) keep my mouth shut until February 9, 2011! But you can probably infer what I want to say. J Webster From: Bob Fronk [mailto:b...@btrfronk.com] Subject: RE: Need Volume License Reseller +1 CDW NEGATIVE 1 million - PC Mall. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Excel Issue
On Mon, Nov 8, 2010 at 12:32 PM, Joseph L. Casale jcas...@activenetwerx.com wrote: One of our more proficient “users” has been saving excel data as .shs somehow. FYI: That's a scrap object. The only time I've ever seen one created is someone selecting data and dragging it onto the desktop by mistake. It's only MS Office which does it. Other than your user, the only use I've ever heard of this feature is by attackers as part of a security exploit. Not one of Microsoft's better ideas, IMO. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Need Volume License Reseller
When I want to buy something they don't give me the time of day. When I don't want to buy something I get weekly calls from my account rep, who has also changed since my last account rep tried to talk to me. On Mon, Nov 8, 2010 at 4:17 PM, Webster carlwebs...@gmail.com wrote: “NEGATIVE 1 million – PC Mall. ” As a laid off former PCMall employee, u, I _*must*_ (legally) keep my mouth shut until February 9, 2011! But you can probably infer what I want to say. J Webster *From:* Bob Fronk [mailto:b...@btrfronk.com] *Subject:* RE: Need Volume License Reseller +1 CDW NEGATIVE 1 million – PC Mall. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Need Volume License Reseller
I'll put it out there. If you have a relationship with Dell already, talk to your rep. Account reps have a licensing specialist on their team. On Mon, Nov 8, 2010 at 4:20 PM, Jonathan Link jonathan.l...@gmail.comwrote: When I want to buy something they don't give me the time of day. When I don't want to buy something I get weekly calls from my account rep, who has also changed since my last account rep tried to talk to me. On Mon, Nov 8, 2010 at 4:17 PM, Webster carlwebs...@gmail.com wrote: “NEGATIVE 1 million – PC Mall. ” As a laid off former PCMall employee, u, I _*must*_ (legally) keep my mouth shut until February 9, 2011! But you can probably infer what I want to say. J Webster *From:* Bob Fronk [mailto:b...@btrfronk.com] *Subject:* RE: Need Volume License Reseller +1 CDW NEGATIVE 1 million – PC Mall. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Need Volume License Reseller
+1 Consistent Computer Bargains. They know non-profit software for sure, and they don't bother me. On Mon, Nov 8, 2010 at 3:20 PM, Jonathan Link jonathan.l...@gmail.comwrote: When I want to buy something they don't give me the time of day. When I don't want to buy something I get weekly calls from my account rep, who has also changed since my last account rep tried to talk to me. On Mon, Nov 8, 2010 at 4:17 PM, Webster carlwebs...@gmail.com wrote: “NEGATIVE 1 million – PC Mall. ” As a laid off former PCMall employee, u, I _*must*_ (legally) keep my mouth shut until February 9, 2011! But you can probably infer what I want to say. J Webster *From:* Bob Fronk [mailto:b...@btrfronk.com] *Subject:* RE: Need Volume License Reseller +1 CDW NEGATIVE 1 million – PC Mall. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Home Folder Permissions reset
On Mon, Nov 8, 2010 at 11:47 AM, Matthew W. Ross mr...@ephrataschools.org wrote: There is a \\SERVER\Homes share. The _sharing_ permissions on this folder is set to Everyone has Change, Domain Admins has Full control. I tend to lean towards Users=Full, and doing everything in NTFS permissions. Sometimes I'll get slightly fancier, and so something like Administrators=Full, Users=Modify. I never get fine grained in share permissions. Share permissions are a vestige from back when Microsoft still thought FAT was a good idea and many computers thus didn't *have* the capability of doing permissions at the filesystem level. SERVER\Administrators vs DOMAIN\Domain Admins... Which is more appropriate? That's entirely up to you and your organization and your needs. Perhaps not all server admins are domain admins, or perhaps not all domain admins are server admins. I'm working on a script to reset these permissions, probably with xcacls. I need to find my old cacls script first, or write it from scratch. If somebody has a working script for this handy, I'd love a copy. I find FILEACL (free third-party tool) is the least-bad for working with DACLs (permissions) on files and folders.All of Microsoft's tools suck. CACLS, XCACLS.EXE, and XCACLS.VBS suck *a lot*. In particular, IIRC, none of them are aware of NTFS inheritance, which can cause them to actively break things. ICACLS at least does inheritance right, but is very limited in what it can do. SUBINACL can do a lot but has rather cumbersome syntax. SETACL (another third-party tool) can do everything but its syntax makes SUBINACL look good. FILEACL seems to suck the least. I find the following FILEACL idioms to be highly useful. Report all directly applied ACEs, one object per line: FILEACL.EXE d:\foo /SUB /FILES /LINE /NOINHERITED Clear all direct ACEs and propigate inheritable ACEs from parent: FILEACL d:\foo /REPLACE /INHERIT /SUB /FILES An ACE is an Access Control Entry, i.e., a given subject+permissions+flags combination in an ACL. A direct ACE is an ACE set on an object, rather than inherited from a parent. In my book, ideally, most ACEs should be inherited; direct ACEs should be the exceptions. For example, you would want direct ACEs on your username folders, and everything within those folders inherited. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Need Volume License Reseller
+1 CCB Off list me and I'll give you my reps contact info. Paul From: Jeff Brown [mailto:2jbr...@gmail.com] Sent: Monday, November 08, 2010 4:23 PM To: NT System Admin Issues Subject: Re: Need Volume License Reseller +1 Consistent Computer Bargains. They know non-profit software for sure, and they don't bother me. On Mon, Nov 8, 2010 at 3:20 PM, Jonathan Link jonathan.l...@gmail.com wrote: When I want to buy something they don't give me the time of day. When I don't want to buy something I get weekly calls from my account rep, who has also changed since my last account rep tried to talk to me. On Mon, Nov 8, 2010 at 4:17 PM, Webster carlwebs...@gmail.com wrote: NEGATIVE 1 million - PC Mall. As a laid off former PCMall employee, u, I _must_ (legally) keep my mouth shut until February 9, 2011! But you can probably infer what I want to say. J Webster From: Bob Fronk [mailto:b...@btrfronk.com] Subject: RE: Need Volume License Reseller +1 CDW NEGATIVE 1 million - PC Mall. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: PSEXEC and %homedrive%
I would agree with this, except that when I enumerate that using PSEXEC, I get the correct value, so it does seem to be setting it: *** H:\Utilitiespsexec \\SERVERNAME cmd.exe /c echo %homedrive% PsExec v1.94 - Execute processes remotely Copyright (C) 2001-2008 Mark Russinovich Sysinternals - www.sysinternals.com C: cmd.exe exited on gbtinvsql2x with error code 0. *** Chris Bodnar, MCSE Systems Engineer Distributed Systems Service Delivery - Intel Services Guardian Life Insurance Company of America Email: christopher_bod...@glic.com Phone: 610-807-6459 Fax: 610-807-6003 From: Ben Scott mailvor...@gmail.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Date: 11/08/2010 04:15 PM Subject:Re: PSEXEC and %homedrive% On Mon, Nov 8, 2010 at 1:45 PM, Christopher Bodnar christopher_bod...@glic.com wrote: I've got a VBS script that we use pretty frequently, and I was trying to run it remotely using PSEXEC against a bunch of systems. Finally narrowed the problem down to the fact that for some reason, the %HOMEDRIVE% variable and PSEXEC didn't mix well on some systems. %HOMEDRIVE% is set as part of the user logon process, which, in my experience, generally doesn't happen for anything except a typical GUI logon. (%HOMEDRIVE% and %HOMEPATH% both come from the setting on the Profile tab of an account's properties.) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin - This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Home Folder Permissions reset
Thanks Ben, I'll see if I can't find FILEACL and make use of it. In the mean time, I have fixed my problem... for now. I was able to use the existing commands available from MS, but with a few problems. My biggest problem was that icacls.exe seems to be able to set permissions on folders, but not files when I pass the recursive command. (Anybody know how to make icacls do this?) So I had to resort to using the old cacls.exe for the actual permissions. Here's the little script I had to use to make it work, which I ran from the root of the home share: @echo off REM --- Make a list of folders. dir /A:D /B /-C /D CurrentFolders.txt REM --- Make the Administrator's group Owner, so we can redo permissions. for /f %%i in (CurrentFolders.txt) do takeown /f %%i /R /A REM --- Remove the inheritance for each folder. for /f %%i in (CurrentFolders.txt) do icacls %%i /inheritance:R /T /C /L /Q REM --- Apply the permissions I want on each folder. for /f %%i in (CurrentFolders.txt) do cacls %%i /t /e /c /g DOMAIN\%%i:C for /f %%i in (CurrentFolders.txt) do cacls %%i /t /e /c /g ADMINISTRATORS:C for /f %%i in (CurrentFolders.txt) do cacls %%i /t /e /c /g DOMAIN\Domain Admins:F Now, off to find and try FILEACL. --Matt Ross Ephrata School District - Original Message - From: Ben Scott [mailto:mailvor...@gmail.com] To: NT System Admin Issues [mailto:ntsysad...@lyris.sunbelt-software.com] Sent: Mon, 08 Nov 2010 13:40:37 -0800 Subject: Re: Home Folder Permissions reset On Mon, Nov 8, 2010 at 11:47 AM, Matthew W. Ross mr...@ephrataschools.org wrote: There is a \\SERVER\Homes share. The _sharing_ permissions on this folder is set to Everyone has Change, Domain Admins has Full control. I tend to lean towards Users=Full, and doing everything in NTFS permissions. Sometimes I'll get slightly fancier, and so something like Administrators=Full, Users=Modify. I never get fine grained in share permissions. Share permissions are a vestige from back when Microsoft still thought FAT was a good idea and many computers thus didn't *have* the capability of doing permissions at the filesystem level. SERVER\Administrators vs DOMAIN\Domain Admins... Which is more appropriate? That's entirely up to you and your organization and your needs. Perhaps not all server admins are domain admins, or perhaps not all domain admins are server admins. I'm working on a script to reset these permissions, probably with xcacls. I need to find my old cacls script first, or write it from scratch. If somebody has a working script for this handy, I'd love a copy. I find FILEACL (free third-party tool) is the least-bad for working with DACLs (permissions) on files and folders.All of Microsoft's tools suck. CACLS, XCACLS.EXE, and XCACLS.VBS suck *a lot*. In particular, IIRC, none of them are aware of NTFS inheritance, which can cause them to actively break things. ICACLS at least does inheritance right, but is very limited in what it can do. SUBINACL can do a lot but has rather cumbersome syntax. SETACL (another third-party tool) can do everything but its syntax makes SUBINACL look good. FILEACL seems to suck the least. I find the following FILEACL idioms to be highly useful. Report all directly applied ACEs, one object per line: FILEACL.EXE d:\foo /SUB /FILES /LINE /NOINHERITED Clear all direct ACEs and propigate inheritable ACEs from parent: FILEACL d:\foo /REPLACE /INHERIT /SUB /FILES An ACE is an Access Control Entry, i.e., a given subject+permissions+flags combination in an ACL. A direct ACE is an ACE set on an object, rather than inherited from a parent. In my book, ideally, most ACEs should be inherited; direct ACEs should be the exceptions. For example, you would want direct ACEs on your username folders, and everything within those folders inherited. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Deploy 2008 R2 Domain Controllers
Thanks for the feedback guys. Brian, that little caveat you mentioned makes me think investigating all of our applications prior to moving forward would be warranted. Are there any specific issues that may be documented, or that you've experienced personally? I'm thinking I should probably look into some of our main apps that have reliance on AD. Symantec Enterprise Vault 8.0 SP5 Cisco Unity 7.x Sharepoint 2010 - Still in development CRM 4.0 - Sean On Mon, Nov 8, 2010 at 10:44 AM, Andrew S. Baker asbz...@gmail.com wrote: There's no problem doing that. In fact, you can't move the forest to a higher functional level until you've gotten rid of all the 2003 DCs. :) WINS and DHCP are about the same, but DNS is a little bit cooler. In particular, conditional forwarders are more visible and managed centrally. *ASB *(My XeeSM Profile) http://xeesm.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Mon, Nov 8, 2010 at 2:25 PM, Sean Martin seanmarti...@gmail.comwrote: Good morning all, We recently acquired new servers to replace our existing Domain Controllers as part of our hardware refresh strategy. Obviously we want to get the hardware into production as soon as possible, but we're not quite ready to take on the project of upgrading the forest to 2008. Would their be any issues with replacing all of our existing Windows 2003 DCs with Windows 2008 R2, but leaving the Forest/Domain functional levels at 2003 until we have validated all of the applications in our environment? Are there any major changes to DNS, WINs or DHCP that would need to be considered? - Sean ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: PSEXEC and %homedrive%
Do this psexec \\SERVERNAME file:///\\SERVERNAME cmd /c set So what's the difference. Look again at this very carefully... psexec \\SERVERNAME cmd.exe /c echo %homedrive% Hint: On what computer is %homedrive% expanded ? Carl From: Christopher Bodnar [mailto:christopher_bod...@glic.com] Sent: Monday, November 08, 2010 5:16 PM To: NT System Admin Issues Subject: Re: PSEXEC and %homedrive% I would agree with this, except that when I enumerate that using PSEXEC, I get the correct value, so it does seem to be setting it: * ** H:\Utilitiespsexec \\SERVERNAME cmd.exe /c echo %homedrive% PsExec v1.94 - Execute processes remotely Copyright (C) 2001-2008 Mark Russinovich Sysinternals - www.sysinternals.com C: cmd.exe exited on gbtinvsql2x with error code 0. * ** Chris Bodnar, MCSE Systems Engineer Distributed Systems Service Delivery - Intel Services Guardian Life Insurance Company of America Email: christopher_bod...@glic.com Phone: 610-807-6459 Fax: 610-807-6003 From:Ben Scott mailvor...@gmail.com To:NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Date:11/08/2010 04:15 PM Subject:Re: PSEXEC and %homedrive% _ On Mon, Nov 8, 2010 at 1:45 PM, Christopher Bodnar christopher_bod...@glic.com wrote: I've got a VBS script that we use pretty frequently, and I was trying to run it remotely using PSEXEC against a bunch of systems. Finally narrowed the problem down to the fact that for some reason, the %HOMEDRIVE% variable and PSEXEC didn't mix well on some systems. %HOMEDRIVE% is set as part of the user logon process, which, in my experience, generally doesn't happen for anything except a typical GUI logon. (%HOMEDRIVE% and %HOMEPATH% both come from the setting on the Profile tab of an account's properties.) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Deploy 2008 R2 Domain Controllers
Unity and SP are fine. Not sure on the other 2... On Mon, Nov 8, 2010 at 3:03 PM, Sean Martin seanmarti...@gmail.com wrote: Thanks for the feedback guys. Brian, that little caveat you mentioned makes me think investigating all of our applications prior to moving forward would be warranted. Are there any specific issues that may be documented, or that you've experienced personally? I'm thinking I should probably look into some of our main apps that have reliance on AD. Symantec Enterprise Vault 8.0 SP5 Cisco Unity 7.x Sharepoint 2010 - Still in development CRM 4.0 - Sean On Mon, Nov 8, 2010 at 10:44 AM, Andrew S. Baker asbz...@gmail.comwrote: There's no problem doing that. In fact, you can't move the forest to a higher functional level until you've gotten rid of all the 2003 DCs. :) WINS and DHCP are about the same, but DNS is a little bit cooler. In particular, conditional forwarders are more visible and managed centrally. *ASB *(My XeeSM Profile) http://xeesm.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Mon, Nov 8, 2010 at 2:25 PM, Sean Martin seanmarti...@gmail.comwrote: Good morning all, We recently acquired new servers to replace our existing Domain Controllers as part of our hardware refresh strategy. Obviously we want to get the hardware into production as soon as possible, but we're not quite ready to take on the project of upgrading the forest to 2008. Would their be any issues with replacing all of our existing Windows 2003 DCs with Windows 2008 R2, but leaving the Forest/Domain functional levels at 2003 until we have validated all of the applications in our environment? Are there any major changes to DNS, WINs or DHCP that would need to be considered? - Sean ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Deploy 2008 R2 Domain Controllers
Any considerations for schema modifications? (will existing mods port to AD2k8 automatically, or will you have to manually mod the 2k8 domain?) Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA jra...@eaglemds.comBLOCKED::mailto:%20jra...@eaglemds.com www.eaglemds.comBLOCKED::http://www.eaglemds.com/ From: Sean Martin [mailto:seanmarti...@gmail.com] Sent: Monday, November 08, 2010 6:04 PM To: NT System Admin Issues Subject: Re: Deploy 2008 R2 Domain Controllers Thanks for the feedback guys. Brian, that little caveat you mentioned makes me think investigating all of our applications prior to moving forward would be warranted. Are there any specific issues that may be documented, or that you've experienced personally? I'm thinking I should probably look into some of our main apps that have reliance on AD. Symantec Enterprise Vault 8.0 SP5 Cisco Unity 7.x Sharepoint 2010 - Still in development CRM 4.0 - Sean On Mon, Nov 8, 2010 at 10:44 AM, Andrew S. Baker asbz...@gmail.commailto:asbz...@gmail.com wrote: There's no problem doing that. In fact, you can't move the forest to a higher functional level until you've gotten rid of all the 2003 DCs. :) WINS and DHCP are about the same, but DNS is a little bit cooler. In particular, conditional forwarders are more visible and managed centrally. ASB (My XeeSM Profile)http://xeesm.com/AndrewBaker Exploiting Technology for Business Advantage... On Mon, Nov 8, 2010 at 2:25 PM, Sean Martin seanmarti...@gmail.commailto:seanmarti...@gmail.com wrote: Good morning all, We recently acquired new servers to replace our existing Domain Controllers as part of our hardware refresh strategy. Obviously we want to get the hardware into production as soon as possible, but we're not quite ready to take on the project of upgrading the forest to 2008. Would their be any issues with replacing all of our existing Windows 2003 DCs with Windows 2008 R2, but leaving the Forest/Domain functional levels at 2003 until we have validated all of the applications in our environment? Are there any major changes to DNS, WINs or DHCP that would need to be considered? - Sean ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin Any medical information contained in this electronic message is CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to view, copy, disclose, or disseminate CONFIDENTIAL information. This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and/or entity named as recipients in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete this material from your computer. Do not deliver, distribute or copy this message, and do not disclose its contents or take any action in reliance on the information that it contains. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: PSEXEC and %homedrive%
Thanks Carl, I see what you are saying now. I just don't understand the behavior. I would think anything after the SERVERNAME would be evaluated on the remote machine, but that doesn't' seem to be the case when specifying a variable. thanks Chris Bodnar, MCSE Systems Engineer Distributed Systems Service Delivery - Intel Services Guardian Life Insurance Company of America Email: christopher_bod...@glic.com Phone: 610-807-6459 Fax: 610-807-6003 From: Carl Houseman c.house...@gmail.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Date: 11/08/2010 06:10 PM Subject:RE: PSEXEC and %homedrive% Do this psexec \\SERVERNAME cmd /c set So what's the difference. Look again at this very carefully... psexec \\SERVERNAME cmd.exe /c echo %homedrive% Hint: On what computer is %homedrive% expanded ? Carl From: Christopher Bodnar [mailto:christopher_bod...@glic.com] Sent: Monday, November 08, 2010 5:16 PM To: NT System Admin Issues Subject: Re: PSEXEC and %homedrive% I would agree with this, except that when I enumerate that using PSEXEC, I get the correct value, so it does seem to be setting it: *** H:\Utilitiespsexec \\SERVERNAME cmd.exe /c echo %homedrive% PsExec v1.94 - Execute processes remotely Copyright (C) 2001-2008 Mark Russinovich Sysinternals - www.sysinternals.com C: cmd.exe exited on gbtinvsql2x with error code 0. *** Chris Bodnar, MCSE Systems Engineer Distributed Systems Service Delivery - Intel Services Guardian Life Insurance Company of America Email: christopher_bod...@glic.com Phone: 610-807-6459 Fax: 610-807-6003 From:Ben Scott mailvor...@gmail.com To:NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Date:11/08/2010 04:15 PM Subject:Re: PSEXEC and %homedrive% On Mon, Nov 8, 2010 at 1:45 PM, Christopher Bodnar christopher_bod...@glic.com wrote: I've got a VBS script that we use pretty frequently, and I was trying to run it remotely using PSEXEC against a bunch of systems. Finally narrowed the problem down to the fact that for some reason, the %HOMEDRIVE% variable and PSEXEC didn't mix well on some systems. %HOMEDRIVE% is set as part of the user logon process, which, in my experience, generally doesn't happen for anything except a typical GUI logon. (%HOMEDRIVE% and %HOMEPATH% both come from the setting on the Profile tab of an account's properties.) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin - This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Excel Issue
FYI: That's a scrap object. The only time I've ever seen one created is someone selecting data and dragging it onto the desktop by mistake. It's only MS Office which does it. Other than your user, the only use I've ever heard of this feature is by attackers as part of a security exploit. Not one of Microsoft's better ideas, IMO. Yeah, I know what it is, and if you met this user, it would surprise you in the least, sigh... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: PSEXEC and %homedrive%
Your entire command line gets parsed on your computer first and then it performs the operation. Assume you're running from a PC named Workstation against a server named Server. Psexec \\serverfile:///\\server cmd /c echo %computername% Gets parsed to Psexec \\serverfile:///\\server cmd /c echo Workstation Which is exactly what the server does. What you want is Psexec \\serverfile:///\\server cmd /c echo ^%computername^% The carets escape the percents to pass the command echo %computername% to the server. From: Christopher Bodnar [mailto:christopher_bod...@glic.com] Sent: Monday, November 08, 2010 5:26 PM To: NT System Admin Issues Subject: RE: PSEXEC and %homedrive% Thanks Carl, I see what you are saying now. I just don't understand the behavior. I would think anything after the SERVERNAME would be evaluated on the remote machine, but that doesn't' seem to be the case when specifying a variable. thanks Chris Bodnar, MCSE Systems Engineer Distributed Systems Service Delivery - Intel Services Guardian Life Insurance Company of America Email: christopher_bod...@glic.com Phone: 610-807-6459 Fax: 610-807-6003 From:Carl Houseman c.house...@gmail.com To:NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Date:11/08/2010 06:10 PM Subject:RE: PSEXEC and %homedrive% Do this psexec \\SERVERNAMEfile:///\\SERVERNAME\ cmd /c set So what's the difference. Look again at this very carefully... psexec \\SERVERNAME cmd.exe /c echo %homedrive% Hint: On what computer is %homedrive% expanded ? Carl From: Christopher Bodnar [mailto:christopher_bod...@glic.com] Sent: Monday, November 08, 2010 5:16 PM To: NT System Admin Issues Subject: Re: PSEXEC and %homedrive% I would agree with this, except that when I enumerate that using PSEXEC, I get the correct value, so it does seem to be setting it: *** H:\Utilitiespsexec \\SERVERNAME cmd.exe /c echo %homedrive% PsExec v1.94 - Execute processes remotely Copyright (C) 2001-2008 Mark Russinovich Sysinternals - www.sysinternals.com C: cmd.exe exited on gbtinvsql2x with error code 0. *** Chris Bodnar, MCSE Systems Engineer Distributed Systems Service Delivery - Intel Services Guardian Life Insurance Company of America Email: christopher_bod...@glic.com Phone: 610-807-6459 Fax: 610-807-6003 From:Ben Scott mailvor...@gmail.com To:NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Date:11/08/2010 04:15 PM Subject:Re: PSEXEC and %homedrive% On Mon, Nov 8, 2010 at 1:45 PM, Christopher Bodnar christopher_bod...@glic.com wrote: I've got a VBS script that we use pretty frequently, and I was trying to run it remotely using PSEXEC against a bunch of systems. Finally narrowed the problem down to the fact that for some reason, the %HOMEDRIVE% variable and PSEXEC didn't mix well on some systems. %HOMEDRIVE% is set as part of the user logon process, which, in my experience, generally doesn't happen for anything except a typical GUI logon. (%HOMEDRIVE% and %HOMEPATH% both come from the setting on the Profile tab of an account's properties.) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: PSEXEC and %homedrive%
...and by %computername%, I of course mean whatever variable you'd like to expand. From: Crawford, Scott [mailto:crawfo...@evangel.edu] Sent: Monday, November 08, 2010 5:34 PM To: NT System Admin Issues Subject: RE: PSEXEC and %homedrive% Your entire command line gets parsed on your computer first and then it performs the operation. Assume you're running from a PC named Workstation against a server named Server. Psexec \\serverfile:///\\server cmd /c echo %computername% Gets parsed to Psexec \\serverfile:///\\server cmd /c echo Workstation Which is exactly what the server does. What you want is Psexec \\serverfile:///\\server cmd /c echo ^%computername^% The carets escape the percents to pass the command echo %computername% to the server. From: Christopher Bodnar [mailto:christopher_bod...@glic.com] Sent: Monday, November 08, 2010 5:26 PM To: NT System Admin Issues Subject: RE: PSEXEC and %homedrive% Thanks Carl, I see what you are saying now. I just don't understand the behavior. I would think anything after the SERVERNAME would be evaluated on the remote machine, but that doesn't' seem to be the case when specifying a variable. thanks Chris Bodnar, MCSE Systems Engineer Distributed Systems Service Delivery - Intel Services Guardian Life Insurance Company of America Email: christopher_bod...@glic.com Phone: 610-807-6459 Fax: 610-807-6003 From:Carl Houseman c.house...@gmail.com To:NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Date:11/08/2010 06:10 PM Subject:RE: PSEXEC and %homedrive% Do this psexec \\SERVERNAMEfile:///\\SERVERNAME\ cmd /c set So what's the difference. Look again at this very carefully... psexec \\SERVERNAME cmd.exe /c echo %homedrive% Hint: On what computer is %homedrive% expanded ? Carl From: Christopher Bodnar [mailto:christopher_bod...@glic.com] Sent: Monday, November 08, 2010 5:16 PM To: NT System Admin Issues Subject: Re: PSEXEC and %homedrive% I would agree with this, except that when I enumerate that using PSEXEC, I get the correct value, so it does seem to be setting it: *** H:\Utilitiespsexec \\SERVERNAME cmd.exe /c echo %homedrive% PsExec v1.94 - Execute processes remotely Copyright (C) 2001-2008 Mark Russinovich Sysinternals - www.sysinternals.com C: cmd.exe exited on gbtinvsql2x with error code 0. *** Chris Bodnar, MCSE Systems Engineer Distributed Systems Service Delivery - Intel Services Guardian Life Insurance Company of America Email: christopher_bod...@glic.com Phone: 610-807-6459 Fax: 610-807-6003 From:Ben Scott mailvor...@gmail.com To:NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Date:11/08/2010 04:15 PM Subject:Re: PSEXEC and %homedrive% On Mon, Nov 8, 2010 at 1:45 PM, Christopher Bodnar christopher_bod...@glic.com wrote: I've got a VBS script that we use pretty frequently, and I was trying to run it remotely using PSEXEC against a bunch of systems. Finally narrowed the problem down to the fact that for some reason, the %HOMEDRIVE% variable and PSEXEC didn't mix well on some systems. %HOMEDRIVE% is set as part of the user logon process, which, in my experience, generally doesn't happen for anything except a typical GUI logon. (%HOMEDRIVE% and %HOMEPATH% both come from the setting on the Profile tab of an account's properties.) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with
RE: PSEXEC and %homedrive%
Just to underline Scott's point, the entire line is evaluated for the existence of environment variables which are expanded locally, then the result is passed to the remote system for execution. How to do what you were attempting to do - specify the variable so it isn't expanded locally but on the remote system instead. psexec \\SERVERNAME cmd /v:on /c echo !computername! Carl From: Christopher Bodnar [mailto:christopher_bod...@glic.com] Sent: Monday, November 08, 2010 6:26 PM To: NT System Admin Issues Subject: RE: PSEXEC and %homedrive% Thanks Carl, I see what you are saying now. I just don't understand the behavior. I would think anything after the SERVERNAME would be evaluated on the remote machine, but that doesn't' seem to be the case when specifying a variable. thanks Chris Bodnar, MCSE Systems Engineer Distributed Systems Service Delivery - Intel Services Guardian Life Insurance Company of America Email: christopher_bod...@glic.com Phone: 610-807-6459 Fax: 610-807-6003 From:Carl Houseman c.house...@gmail.com To:NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Date:11/08/2010 06:10 PM Subject:RE: PSEXEC and %homedrive% _ Do this psexec file:///\\SERVERNAME\ \\SERVERNAME cmd /c set So what's the difference. Look again at this very carefully... psexec \\SERVERNAME cmd.exe /c echo %homedrive% Hint: On what computer is %homedrive% expanded ? Carl From: Christopher Bodnar [ mailto:christopher_bod...@glic.com mailto:christopher_bod...@glic.com] Sent: Monday, November 08, 2010 5:16 PM To: NT System Admin Issues Subject: Re: PSEXEC and %homedrive% I would agree with this, except that when I enumerate that using PSEXEC, I get the correct value, so it does seem to be setting it: * ** H:\Utilitiespsexec \\SERVERNAME cmd.exe /c echo %homedrive% PsExec v1.94 - Execute processes remotely Copyright (C) 2001-2008 Mark Russinovich Sysinternals - www.sysinternals.com C: cmd.exe exited on gbtinvsql2x with error code 0. * ** Chris Bodnar, MCSE Systems Engineer Distributed Systems Service Delivery - Intel Services Guardian Life Insurance Company of America Email: christopher_bod...@glic.com Phone: 610-807-6459 Fax: 610-807-6003 From:Ben Scott mailvor...@gmail.com To:NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Date:11/08/2010 04:15 PM Subject:Re: PSEXEC and %homedrive% _ On Mon, Nov 8, 2010 at 1:45 PM, Christopher Bodnar christopher_bod...@glic.com wrote: I've got a VBS script that we use pretty frequently, and I was trying to run it remotely using PSEXEC against a bunch of systems. Finally narrowed the problem down to the fact that for some reason, the %HOMEDRIVE% variable and PSEXEC didn't mix well on some systems. %HOMEDRIVE% is set as part of the user logon process, which, in my experience, generally doesn't happen for anything except a typical GUI logon. (%HOMEDRIVE% and %HOMEPATH% both come from the setting on the Profile tab of an account's properties.) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Deploy 2008 R2 Domain Controllers
The schema is stored in the directory itself so it's going to be fine. I haven't heard anything negative about any of the apps listed below so I wouldn't worry about them. Usually issues come up around legacy stuff or things running on *nix. Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com] Sent: Monday, November 08, 2010 3:25 PM To: NT System Admin Issues Subject: RE: Deploy 2008 R2 Domain Controllers Any considerations for schema modifications? (will existing mods port to AD2k8 automatically, or will you have to manually mod the 2k8 domain?) Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA jra...@eaglemds.comBLOCKED::mailto:%20jra...@eaglemds.com www.eaglemds.comBLOCKED::http://www.eaglemds.com/ From: Sean Martin [mailto:seanmarti...@gmail.com] Sent: Monday, November 08, 2010 6:04 PM To: NT System Admin Issues Subject: Re: Deploy 2008 R2 Domain Controllers Thanks for the feedback guys. Brian, that little caveat you mentioned makes me think investigating all of our applications prior to moving forward would be warranted. Are there any specific issues that may be documented, or that you've experienced personally? I'm thinking I should probably look into some of our main apps that have reliance on AD. Symantec Enterprise Vault 8.0 SP5 Cisco Unity 7.x Sharepoint 2010 - Still in development CRM 4.0 - Sean On Mon, Nov 8, 2010 at 10:44 AM, Andrew S. Baker asbz...@gmail.commailto:asbz...@gmail.com wrote: There's no problem doing that. In fact, you can't move the forest to a higher functional level until you've gotten rid of all the 2003 DCs. :) WINS and DHCP are about the same, but DNS is a little bit cooler. In particular, conditional forwarders are more visible and managed centrally. ASB (My XeeSM Profile)http://xeesm.com/AndrewBaker Exploiting Technology for Business Advantage... On Mon, Nov 8, 2010 at 2:25 PM, Sean Martin seanmarti...@gmail.commailto:seanmarti...@gmail.com wrote: Good morning all, We recently acquired new servers to replace our existing Domain Controllers as part of our hardware refresh strategy. Obviously we want to get the hardware into production as soon as possible, but we're not quite ready to take on the project of upgrading the forest to 2008. Would their be any issues with replacing all of our existing Windows 2003 DCs with Windows 2008 R2, but leaving the Forest/Domain functional levels at 2003 until we have validated all of the applications in our environment? Are there any major changes to DNS, WINs or DHCP that would need to be considered? - Sean ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin Any medical information contained in this electronic message is CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to view, copy, disclose, or disseminate CONFIDENTIAL information. This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and/or entity named as recipients in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete this material from your computer. Do not deliver, distribute or copy this message, and do not disclose its contents or take any action in reliance on the information that it contains. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: non-APC batteries?
Hello Adam, hope it's not too late to reply... At my dayjob we use the services of Costal Business Machines. They ship an empty box for the UPS with a return label. We ship it and in a week or so it's returned with a new battery. Additionally they test the rest of the components and replace whatever else is necessary. It's then under warranty for a year. The cost is fractional compared to a new device and it's nice to know the entire UPS is under warranty, not just the battery. The rep I go through is Bowman Hood 800-944-9320 x111 bh...@cbmi.com -- -Rick AG Needing to replace battery on a 3-yr-old APC SmartUPS 1000xl ... any AG reason not to go with a less expensive non-APC alternative (like AG http://www.thenerds.net/AMERICAN_BATTERY.ABC_Replacement_Battery_Cartrige7.RBC7.html)? AG Thanks, AG Adam AG ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ AG ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ AG --- AG To manage subscriptions click here: AG http://lyris.sunbelt-software.com/read/my_forums/ AG or send an email to listmana...@lyris.sunbeltsoftware.com AG with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: PSEXEC and %homedrive%
On Mon, Nov 8, 2010 at 7:23 PM, Carl Houseman c.house...@gmail.com wrote: psexec \\SERVERNAME cmd /v:on /c echo !computername! FYI, if delayed expansion is enabled on the local host, I think you'll still get the unwanted behavior, i.e., expands locally, not remotely. I think Scott Crawford's method, using the caret to escape the percent, is slightly better. (CMD's quoting and escaping is incredibly idiosyncratic, so I'm not really sure.) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Home Folder Permissions reset
Backups are also key. Built in tools use that account to do a whole list of things. System should have full access pretty much everywhere. Greg Sweers CEO ACTS360.comhttp://www.acts360.com/ P.O. Box 1193 Brandon, FL 33509 813-657-0849 Office 813-758-6850 Cell 813-341-1270 Fax From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Monday, November 08, 2010 12:27 PM To: NT System Admin Issues Subject: Re: Home Folder Permissions reset Matt, The SYSTEM permissions will allow the local computer to do things like DEFRAG those folders. Here are some scripts that might help: * http://kb.ultratech-llc.com/Scripts/?File=HomePerms.BAT * http://KB.UltraTech-llc.com/Scripts/?File=Perms.BAThttp://kb.ultratech-llc.com/Scripts/?File=Perms.BAT ASB (My XeeSM Profile)http://XeeSM.com/AndrewBaker Exploiting Technology for Business Advantage... On Mon, Nov 8, 2010 at 11:47 AM, Matthew W. Ross mr...@ephrataschools.orgmailto:mr...@ephrataschools.org wrote: Hey list, I'm sure this is something that has been touched on before, but my quick search through the list archives didn't get anything concrete... I'm looking to lock down permissions on user home folders. I'm unsure on how, but one user was able to access the contents of another and that will have to be stopped ASAP. I'd like some help on what are the correct permissions, as I have a few questions. Let me explain what things are like currently. Right now, home folder permissions are as follows: There is a \\SERVER\Homes share. The _sharing_ permissions on this folder is set to Everyone has Change, Domain Admins has Full control. Each user has a home folder under this share (i.e.: \\SERVER\Homes\Username) with the following permissions: DOMAN\Username has Modify SERVER\Administrators has Full Control SERVER\Users has Read and Execute[1] SYSTEM has full control CREATOR OWNER has no permissions And now, several questions: A) What are the correct sharing permissions? Should Everyone be changed to Domain Users? Should Domain Admins not be in that list? B) What is the SYSTEM permissions for? Is it needed? C) SERVER\Administrators vs DOMAIN\Domain Admins... Which is more appropriate? I'm working on a script to reset these permissions, probably with xcacls. I need to find my old cacls script first, or write it from scratch. If somebody has a working script for this handy, I'd love a copy. [1] The SERVER\Users group appears to be part of my problem, as I didn't intend for other users to be able to read and/or execute files on another user's home folder, but this was an inherited permission I missed. --Matt Ross Ephrata School District ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: PSEXEC and %homedrive%
Anecdote: believe it or not, MSFT really wanted to clean it up and make a modern shell (the standard PowerShell host is still based on cmd.exe, in case you hadn't noticed) - but doing so broke too many things. Sodeal with the behavior that's 25 years old, install a ported UNIX shell, or use PowerShell where quoting and escaping is very well defined in 99.5% of the cases. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Monday, November 08, 2010 9:02 PM To: NT System Admin Issues Subject: Re: PSEXEC and %homedrive% On Mon, Nov 8, 2010 at 7:23 PM, Carl Houseman c.house...@gmail.com wrote: psexec \\SERVERNAME cmd /v:on /c echo !computername! FYI, if delayed expansion is enabled on the local host, I think you'll still get the unwanted behavior, i.e., expands locally, not remotely. I think Scott Crawford's method, using the caret to escape the percent, is slightly better. (CMD's quoting and escaping is incredibly idiosyncratic, so I'm not really sure.) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: PSEXEC and %homedrive%
+1. Using carets to escape the characters works. -- ME2 On Mon, Nov 8, 2010 at 3:34 PM, Crawford, Scott crawfo...@evangel.eduwrote: Your entire command line gets parsed on your computer first and then it performs the operation. Assume you’re running from a PC named Workstation against a server named Server. Psexec \\server cmd /c echo %computername% Gets parsed to Psexec \\server cmd /c echo Workstation Which is exactly what the server does. What you want is Psexec \\server cmd /c echo ^%computername^% The carets escape the percents to pass the command echo %computername% to the server. *From:* Christopher Bodnar [mailto:christopher_bod...@glic.com] *Sent:* Monday, November 08, 2010 5:26 PM *To:* NT System Admin Issues *Subject:* RE: PSEXEC and %homedrive% Thanks Carl, I see what you are saying now. I just don't understand the behavior. I would think anything after the SERVERNAME would be evaluated on the remote machine, but that doesn't' seem to be the case when specifying a variable. thanks Chris Bodnar, MCSE Systems Engineer Distributed Systems Service Delivery - Intel Services Guardian Life Insurance Company of America Email: christopher_bod...@glic.com Phone: 610-807-6459 Fax: 610-807-6003 From:Carl Houseman c.house...@gmail.com To:NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Date:11/08/2010 06:10 PM Subject:RE: PSEXEC and %homedrive% -- Do this psexec \\SERVERNAME cmd /c set So what's the difference. Look again at this very carefully... psexec \\SERVERNAME cmd.exe /c echo %homedrive% Hint: On what computer is %homedrive% expanded ? Carl *From:* Christopher Bodnar [mailto:christopher_bod...@glic.comchristopher_bod...@glic.com] * Sent:* Monday, November 08, 2010 5:16 PM* To:* NT System Admin Issues* Subject:* Re: PSEXEC and %homedrive% I would agree with this, except that when I enumerate that using PSEXEC, I get the correct value, so it does seem to be setting it: *** H:\Utilitiespsexec \\SERVERNAME cmd.exe /c echo %homedrive% PsExec v1.94 - Execute processes remotely Copyright (C) 2001-2008 Mark Russinovich Sysinternals - www.sysinternals.com C: cmd.exe exited on gbtinvsql2x with error code 0. *** Chris Bodnar, MCSE Systems Engineer Distributed Systems Service Delivery - Intel Services Guardian Life Insurance Company of America Email: christopher_bod...@glic.com Phone: 610-807-6459 Fax: 610-807-6003 From:Ben Scott mailvor...@gmail.com To:NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Date:11/08/2010 04:15 PM Subject:Re: PSEXEC and %homedrive% -- On Mon, Nov 8, 2010 at 1:45 PM, Christopher Bodnar christopher_bod...@glic.com wrote: I've got a VBS script that we use pretty frequently, and I was trying to run it remotely using PSEXEC against a bunch of systems. Finally narrowed the problem down to the fact that for some reason, the %HOMEDRIVE% variable and PSEXEC didn't mix well on some systems. %HOMEDRIVE% is set as part of the user logon process, which, in my experience, generally doesn't happen for anything except a typical GUI logon. (%HOMEDRIVE% and %HOMEPATH% both come from the setting on the Profile tab of an account's properties.) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: PSEXEC and %homedrive%
On Mon, Nov 8, 20d10 at 9:36 PM, Michael B. Smith mich...@smithcons.com wrote: Anecdote: believe it or not, MSFT really wanted to clean it up and make a modern shell ... but doing so broke too many things. I'd buy that if Rex Conn hadn't already done it 20+ years ago in 4DOS. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Home Folder Permissions reset
iCACLS will work on files, but you need to use *.* rather than just list the folder names. FILEACL is also recommended, and I use it in a number of scripts. *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Mon, Nov 8, 2010 at 5:33 PM, Matthew W. Ross mr...@ephrataschools.orgwrote: Thanks Ben, I'll see if I can't find FILEACL and make use of it. In the mean time, I have fixed my problem... for now. I was able to use the existing commands available from MS, but with a few problems. My biggest problem was that icacls.exe seems to be able to set permissions on folders, but not files when I pass the recursive command. (Anybody know how to make icacls do this?) So I had to resort to using the old cacls.exe for the actual permissions. Here's the little script I had to use to make it work, which I ran from the root of the home share: @echo off REM --- Make a list of folders. dir /A:D /B /-C /D CurrentFolders.txt REM --- Make the Administrator's group Owner, so we can redo permissions. for /f %%i in (CurrentFolders.txt) do takeown /f %%i /R /A REM --- Remove the inheritance for each folder. for /f %%i in (CurrentFolders.txt) do icacls %%i /inheritance:R /T /C /L /Q REM --- Apply the permissions I want on each folder. for /f %%i in (CurrentFolders.txt) do cacls %%i /t /e /c /g DOMAIN\%%i:C for /f %%i in (CurrentFolders.txt) do cacls %%i /t /e /c /g ADMINISTRATORS:C for /f %%i in (CurrentFolders.txt) do cacls %%i /t /e /c /g DOMAIN\Domain Admins:F Now, off to find and try FILEACL. --Matt Ross Ephrata School District - Original Message - From: Ben Scott [mailto:mailvor...@gmail.com] To: NT System Admin Issues [mailto:ntsysad...@lyris.sunbelt-software.com] Sent: Mon, 08 Nov 2010 13:40:37 -0800 Subject: Re: Home Folder Permissions reset On Mon, Nov 8, 2010 at 11:47 AM, Matthew W. Ross mr...@ephrataschools.org wrote: There is a \\SERVER\Homes share. The _sharing_ permissions on this folder is set to Everyone has Change, Domain Admins has Full control. I tend to lean towards Users=Full, and doing everything in NTFS permissions. Sometimes I'll get slightly fancier, and so something like Administrators=Full, Users=Modify. I never get fine grained in share permissions. Share permissions are a vestige from back when Microsoft still thought FAT was a good idea and many computers thus didn't *have* the capability of doing permissions at the filesystem level. SERVER\Administrators vs DOMAIN\Domain Admins... Which is more appropriate? That's entirely up to you and your organization and your needs. Perhaps not all server admins are domain admins, or perhaps not all domain admins are server admins. I'm working on a script to reset these permissions, probably with xcacls. I need to find my old cacls script first, or write it from scratch. If somebody has a working script for this handy, I'd love a copy. I find FILEACL (free third-party tool) is the least-bad for working with DACLs (permissions) on files and folders.All of Microsoft's tools suck. CACLS, XCACLS.EXE, and XCACLS.VBS suck *a lot*. In particular, IIRC, none of them are aware of NTFS inheritance, which can cause them to actively break things. ICACLS at least does inheritance right, but is very limited in what it can do. SUBINACL can do a lot but has rather cumbersome syntax. SETACL (another third-party tool) can do everything but its syntax makes SUBINACL look good. FILEACL seems to suck the least. I find the following FILEACL idioms to be highly useful. Report all directly applied ACEs, one object per line: FILEACL.EXE d:\foo /SUB /FILES /LINE /NOINHERITED Clear all direct ACEs and propigate inheritable ACEs from parent: FILEACL d:\foo /REPLACE /INHERIT /SUB /FILES An ACE is an Access Control Entry, i.e., a given subject+permissions+flags combination in an ACL. A direct ACE is an ACE set on an object, rather than inherited from a parent. In my book, ideally, most ACEs should be inherited; direct ACEs should be the exceptions. For example, you would want direct ACEs on your username folders, and everything within those folders inherited. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: PSEXEC and %homedrive%
*(CMD's quoting and escaping is incredibly idiosyncratic, so I'm not really sure.)* Man, you're not joking. Just try to pass quotation marks to SCHTASKS.EXE Scott does have it right, though... That's the method I use. *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Mon, Nov 8, 2010 at 9:01 PM, Ben Scott mailvor...@gmail.com wrote: On Mon, Nov 8, 2010 at 7:23 PM, Carl Houseman c.house...@gmail.com wrote: psexec \\SERVERNAME cmd /v:on /c echo !computername! FYI, if delayed expansion is enabled on the local host, I think you'll still get the unwanted behavior, i.e., expands locally, not remotely. I think Scott Crawford's method, using the caret to escape the percent, is slightly better. (CMD's quoting and escaping is incredibly idiosyncratic, so I'm not really sure.) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Home Folder Permissions reset
I don't know why icacls wasn't working for the files, but it was setting permissions on the folders. I did try the *.* wildcard, but it didn't seem to work either. It was frustrating, and my users were without their home folders for a little bit today. Not exactly how I wanted things to go, but it worked out. --Matt Ross Ephrata School District - Original Message - From: Andrew S. Baker [mailto:asbz...@gmail.com] To: NT System Admin Issues [mailto:ntsysad...@lyris.sunbelt-software.com] Sent: Mon, 08 Nov 2010 19:26:30 -0800 Subject: Re: Home Folder Permissions reset iCACLS will work on files, but you need to use *.* rather than just list the folder names. FILEACL is also recommended, and I use it in a number of scripts. *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Mon, Nov 8, 2010 at 5:33 PM, Matthew W. Ross mr...@ephrataschools.orgwrote: Thanks Ben, I'll see if I can't find FILEACL and make use of it. In the mean time, I have fixed my problem... for now. I was able to use the existing commands available from MS, but with a few problems. My biggest problem was that icacls.exe seems to be able to set permissions on folders, but not files when I pass the recursive command. (Anybody know how to make icacls do this?) So I had to resort to using the old cacls.exe for the actual permissions. Here's the little script I had to use to make it work, which I ran from the root of the home share: @echo off REM --- Make a list of folders. dir /A:D /B /-C /D CurrentFolders.txt REM --- Make the Administrator's group Owner, so we can redo permissions. for /f %%i in (CurrentFolders.txt) do takeown /f %%i /R /A REM --- Remove the inheritance for each folder. for /f %%i in (CurrentFolders.txt) do icacls %%i /inheritance:R /T /C /L /Q REM --- Apply the permissions I want on each folder. for /f %%i in (CurrentFolders.txt) do cacls %%i /t /e /c /g DOMAIN\%%i:C for /f %%i in (CurrentFolders.txt) do cacls %%i /t /e /c /g ADMINISTRATORS:C for /f %%i in (CurrentFolders.txt) do cacls %%i /t /e /c /g DOMAIN\Domain Admins:F Now, off to find and try FILEACL. --Matt Ross Ephrata School District - Original Message - From: Ben Scott [mailto:mailvor...@gmail.com] To: NT System Admin Issues [mailto:ntsysad...@lyris.sunbelt-software.com] Sent: Mon, 08 Nov 2010 13:40:37 -0800 Subject: Re: Home Folder Permissions reset On Mon, Nov 8, 2010 at 11:47 AM, Matthew W. Ross mr...@ephrataschools.org wrote: There is a \\SERVER\Homes share. The _sharing_ permissions on this folder is set to Everyone has Change, Domain Admins has Full control. I tend to lean towards Users=Full, and doing everything in NTFS permissions. Sometimes I'll get slightly fancier, and so something like Administrators=Full, Users=Modify. I never get fine grained in share permissions. Share permissions are a vestige from back when Microsoft still thought FAT was a good idea and many computers thus didn't *have* the capability of doing permissions at the filesystem level. SERVER\Administrators vs DOMAIN\Domain Admins... Which is more appropriate? That's entirely up to you and your organization and your needs. Perhaps not all server admins are domain admins, or perhaps not all domain admins are server admins. I'm working on a script to reset these permissions, probably with xcacls. I need to find my old cacls script first, or write it from scratch. If somebody has a working script for this handy, I'd love a copy. I find FILEACL (free third-party tool) is the least-bad for working with DACLs (permissions) on files and folders.All of Microsoft's tools suck. CACLS, XCACLS.EXE, and XCACLS.VBS suck *a lot*. In particular, IIRC, none of them are aware of NTFS inheritance, which can cause them to actively break things. ICACLS at least does inheritance right, but is very limited in what it can do. SUBINACL can do a lot but has rather cumbersome syntax. SETACL (another third-party tool) can do everything but its syntax makes SUBINACL look good. FILEACL seems to suck the least. I find the following FILEACL idioms to be highly useful. Report all directly applied ACEs, one object per line: FILEACL.EXE d:\foo /SUB /FILES /LINE /NOINHERITED Clear all direct ACEs and propigate inheritable ACEs from parent: FILEACL d:\foo /REPLACE /INHERIT /SUB /FILES An ACE is an Access Control Entry, i.e., a given subject+permissions+flags combination in an ACL. A direct ACE is an ACE set on an object, rather than inherited from a parent. In my book, ideally, most ACEs should be inherited; direct ACEs should be the exceptions. For example, you would want direct ACEs on your username folders, and
