RE: DHCP reservations explained...

[N Parr]

Just ran in to that with Cisco last week when I migrated my DHCP from 03
to 08r2.  Only Vlan that could see the server was the one the server was
on.
Int vlan xx

Ip helper-address 192.168.1.x




From: Brian Desmond [mailto:br...@briandesmond.com] 
Sent: Sunday, January 23, 2011 4:36 PM
To: NT System Admin Issues
Subject: RE: DHCP reservations explained...



There is a feature on Cisco switches at least that will inspect and
block DHCP server packets on switch ports not trusted for DHCP. My
higher education customers who run residential networks tend to deploy
this given the propensity for students to plug their Best Buy special
Linksys in "backwards" (e.g. LAN port into the resnet). 

 

Thanks,

Brian Desmond

br...@briandesmond.com

 

w - 312.625.1438 | c   - 312.731.3132

 

From: Erik Goldoff [mailto:egold...@gmail.com] 
Sent: Wednesday, January 19, 2011 8:29 AM
To: NT System Admin Issues
Subject: RE: DHCP reservations explained...

 

"I've seen more things go wrong (particularly in smaller networks) with
DHCP than with DNS.   (Admin deploys new networking device with DHCP
server functionality turned out, etc)"

 

Granted, I've seen that too, once or twice.  Rogue DHCP can be a threat
regardless, because if name resolution is working, and servers are
statically assigned, but workstations get rogue assignments,
productivity is still impacted ( although less systemically )

 

Kind of a pick your poison issue... choose based on your own comfort
level with the associated risks and then deal with it.

Erik Goldoff

IT  Consultant

Systems, Networks, & Security 

'  Security is an ongoing process, not a one time event ! '

From: Andrew S. Baker [mailto:asbz...@gmail.com] 
Sent: Tuesday, January 18, 2011 4:50 PM
To: NT System Admin Issues
Subject: Re: DHCP reservations explained...

 

I am not fond of DHCP for server management, even though I will admit
that it is a viable possibility.

 

I prefer the flexibility of configuration that is possible when you have
statically mapped IPs, and I've done this with hundreds of servers in
various environments.

 

In my experience, I've seen more things go wrong (particularly in
smaller networks) with DHCP than with DNS.   (Admin deploys new
networking device with DHCP server functionality turned out, etc)

 

Sure, DHCP maintenance of IP addresses means that you can change them
quickly, etc, but I can script that if necessary, and I've probably
performed major IP address changes a half dozen times in the past decade
and a half (including consulting clients and my home network).

 

But, it's just me.   I'm not going to get too religious about it either
way. 


 

ASB (My Bio via About.Me  ) 
Exploiting Technology for Business Advantage...

 

 

On Tue, Jan 18, 2011 at 2:16 PM, Erik Goldoff 
wrote:

I've always liked DHCP reservations over static IP addresses for servers
where possible for ease of management

   Single view of most servers from DHCP client list

   simple to change parameters globally ( default gateway, primary DNS,
secondary DNS, etc ) without having to visit each server

   less likely to experience IP in use conflict from out of date
tracking spreadsheets when adding new devices to the network 

etc, etc, etc 

but if your clients/applications use hostnames, then that's what I'd
monitor for most checks, keeping a single/simple check using the IP
address to cross verify against name resolution.

On Tue, Jan 18, 2011 at 2:06 PM, David Lum  wrote:

The other day someone commented that it seemed like a bit much that 50%
of my 100-ish servers have DHCP reservations - driving home yesterday I
realized another reason why I have it that way (because yes, I chew on
these questions and constantly evaluate why I do some process or
another) - because my fellow SE's have their server monitoring set up to
look at specific IP's instead of hostnames and I am unable to convince
them otherwise. If the server IP changes it hoses their tests and the
dependencies.

 

It's not how I set *MY* monitoring up for servers I maintain, but I have
posted that question here in fact and have seen differing opinions on
weather hostname or IP is preferred. 

David Lum // SYSTEMS ENGINEER 
NORTHWEST EVALUATION ASSOCIATION
(Desk) 503.548.5229 // (Cell) 503.267.9764

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally,

RE: DHCP reservations explained...

[Mayo, Bill]

I believe what Brian was referring to was the "dhcp snooping" command,
which is designed to prevent undesired DHCP servers.  What you ran into
is related to the fact that DHCP stops at the network boundary
(router/VLAN) because it is a broadcast.  The helper-address command is
used to listen and forward requests on a VLAN to a designated DHCP
server, thereby preventing you from having to have a DHCP server on
every VLAN.  That command will not stop any rogue DHCP servers.
 
Bill Mayo
 


From: N Parr [mailto:npar...@mortonind.com] 
Sent: Monday, January 24, 2011 8:24 AM
To: NT System Admin Issues
Subject: RE: DHCP reservations explained...


Just ran in to that with Cisco last week when I migrated my DHCP from 03
to 08r2.  Only Vlan that could see the server was the one the server was
on.
Int vlan xx

Ip helper-address 192.168.1.x




From: Brian Desmond [mailto:br...@briandesmond.com] 
Sent: Sunday, January 23, 2011 4:36 PM
To: NT System Admin Issues
Subject: RE: DHCP reservations explained...



There is a feature on Cisco switches at least that will inspect and
block DHCP server packets on switch ports not trusted for DHCP. My
higher education customers who run residential networks tend to deploy
this given the propensity for students to plug their Best Buy special
Linksys in "backwards" (e.g. LAN port into the resnet). 

 

Thanks,

Brian Desmond

br...@briandesmond.com

 

w - 312.625.1438 | c   - 312.731.3132

 

From: Erik Goldoff [mailto:egold...@gmail.com] 
Sent: Wednesday, January 19, 2011 8:29 AM
To: NT System Admin Issues
Subject: RE: DHCP reservations explained...

 

"I've seen more things go wrong (particularly in smaller networks) with
DHCP than with DNS.   (Admin deploys new networking device with DHCP
server functionality turned out, etc)"

 

Granted, I've seen that too, once or twice.  Rogue DHCP can be a threat
regardless, because if name resolution is working, and servers are
statically assigned, but workstations get rogue assignments,
productivity is still impacted ( although less systemically )

 

Kind of a pick your poison issue... choose based on your own comfort
level with the associated risks and then deal with it.

Erik Goldoff

IT  Consultant

Systems, Networks, & Security 

'  Security is an ongoing process, not a one time event ! '

From: Andrew S. Baker [mailto:asbz...@gmail.com] 
Sent: Tuesday, January 18, 2011 4:50 PM
To: NT System Admin Issues
Subject: Re: DHCP reservations explained...

 

I am not fond of DHCP for server management, even though I will admit
that it is a viable possibility.

 

I prefer the flexibility of configuration that is possible when you have
statically mapped IPs, and I've done this with hundreds of servers in
various environments.

 

In my experience, I've seen more things go wrong (particularly in
smaller networks) with DHCP than with DNS.   (Admin deploys new
networking device with DHCP server functionality turned out, etc)

 

Sure, DHCP maintenance of IP addresses means that you can change them
quickly, etc, but I can script that if necessary, and I've probably
performed major IP address changes a half dozen times in the past decade
and a half (including consulting clients and my home network).

 

But, it's just me.   I'm not going to get too religious about it either
way. 


 

ASB (My Bio via About.Me  ) 
Exploiting Technology for Business Advantage...

 

 

On Tue, Jan 18, 2011 at 2:16 PM, Erik Goldoff 
wrote:

I've always liked DHCP reservations over static IP addresses for servers
where possible for ease of management

   Single view of most servers from DHCP client list

   simple to change parameters globally ( default gateway, primary DNS,
secondary DNS, etc ) without having to visit each server

   less likely to experience IP in use conflict from out of date
tracking spreadsheets when adding new devices to the network 

etc, etc, etc 

but if your clients/applications use hostnames, then that's what I'd
monitor for most checks, keeping a single/simple check using the IP
address to cross verify against name resolution.

On Tue, Jan 18, 2011 at 2:06 PM, David Lum  wrote:

The other day someone commented that it seemed like a bit much that 50%
of my 100-ish servers have DHCP reservations - driving home yesterday I
realized another reason why I have it that way (because yes, I chew on
these questions and constantly evaluate why I do some process or
another) - because my fellow SE's have their server monitoring set up to
look at specific IP's instead of hostnames and I am unable to convince
them otherwise. If the server IP changes it hoses their tests and the
dependencies.

 

It's not how I set *MY* monitoring up for servers I maintain, but I have
posted that question here in fact and have seen differing opinions on
weather hostname or IP is preferred. 

David Lum // SYSTEMS ENGINEER 
NORTHWEST EVALUATION ASSOCIATION
(Desk) 503.548.

Re: RE: DHCP reservations explained...

[Jonathan]

+1, Bill is correct.
On Jan 24, 2011 8:46 AM, "Mayo, Bill"  wrote:
> I believe what Brian was referring to was the "dhcp snooping" command,
> which is designed to prevent undesired DHCP servers. What you ran into
> is related to the fact that DHCP stops at the network boundary
> (router/VLAN) because it is a broadcast. The helper-address command is
> used to listen and forward requests on a VLAN to a designated DHCP
> server, thereby preventing you from having to have a DHCP server on
> every VLAN. That command will not stop any rogue DHCP servers.
>
> Bill Mayo
>
> 
>
> From: N Parr [mailto:npar...@mortonind.com]
> Sent: Monday, January 24, 2011 8:24 AM
> To: NT System Admin Issues
> Subject: RE: DHCP reservations explained...
>
>
> Just ran in to that with Cisco last week when I migrated my DHCP from 03
> to 08r2. Only Vlan that could see the server was the one the server was
> on.
> Int vlan xx
>
> Ip helper-address 192.168.1.x
>
>
> 
>
> From: Brian Desmond [mailto:br...@briandesmond.com]
> Sent: Sunday, January 23, 2011 4:36 PM
> To: NT System Admin Issues
> Subject: RE: DHCP reservations explained...
>
>
>
> There is a feature on Cisco switches at least that will inspect and
> block DHCP server packets on switch ports not trusted for DHCP. My
> higher education customers who run residential networks tend to deploy
> this given the propensity for students to plug their Best Buy special
> Linksys in "backwards" (e.g. LAN port into the resnet).
>
>
>
> Thanks,
>
> Brian Desmond
>
> br...@briandesmond.com
>
>
>
> w - 312.625.1438 | c - 312.731.3132
>
>
>
> From: Erik Goldoff [mailto:egold...@gmail.com]
> Sent: Wednesday, January 19, 2011 8:29 AM
> To: NT System Admin Issues
> Subject: RE: DHCP reservations explained...
>
>
>
> "I've seen more things go wrong (particularly in smaller networks) with
> DHCP than with DNS. (Admin deploys new networking device with DHCP
> server functionality turned out, etc)"
>
>
>
> Granted, I've seen that too, once or twice. Rogue DHCP can be a threat
> regardless, because if name resolution is working, and servers are
> statically assigned, but workstations get rogue assignments,
> productivity is still impacted ( although less systemically )
>
>
>
> Kind of a pick your poison issue... choose based on your own comfort
> level with the associated risks and then deal with it.
>
> Erik Goldoff
>
> IT Consultant
>
> Systems, Networks, & Security
>
> ' Security is an ongoing process, not a one time event ! '
>
> From: Andrew S. Baker [mailto:asbz...@gmail.com]
> Sent: Tuesday, January 18, 2011 4:50 PM
> To: NT System Admin Issues
> Subject: Re: DHCP reservations explained...
>
>
>
> I am not fond of DHCP for server management, even though I will admit
> that it is a viable possibility.
>
>
>
> I prefer the flexibility of configuration that is possible when you have
> statically mapped IPs, and I've done this with hundreds of servers in
> various environments.
>
>
>
> In my experience, I've seen more things go wrong (particularly in
> smaller networks) with DHCP than with DNS. (Admin deploys new
> networking device with DHCP server functionality turned out, etc)
>
>
>
> Sure, DHCP maintenance of IP addresses means that you can change them
> quickly, etc, but I can script that if necessary, and I've probably
> performed major IP address changes a half dozen times in the past decade
> and a half (including consulting clients and my home network).
>
>
>
> But, it's just me. I'm not going to get too religious about it either
> way.
>
>
>
>
> ASB (My Bio via About.Me  )
> Exploiting Technology for Business Advantage...
>
>
>
>
>
> On Tue, Jan 18, 2011 at 2:16 PM, Erik Goldoff 
> wrote:
>
> I've always liked DHCP reservations over static IP addresses for servers
> where possible for ease of management
>
> Single view of most servers from DHCP client list
>
> simple to change parameters globally ( default gateway, primary DNS,
> secondary DNS, etc ) without having to visit each server
>
> less likely to experience IP in use conflict from out of date
> tracking spreadsheets when adding new devices to the network
>
> etc, etc, etc
>
> but if your clients/applications use hostnames, then that's what I'd
> monitor for most checks, keeping a single/simple check using the IP
> address to cross verify against name resolution.
>
> On Tue, Jan 18, 2011 at 2:06 PM, David Lum  wrote:
>
> The other day someone commented that it seemed like a bit much that 50%
> of my 100-ish servers have DHCP reservations - driving home yesterday I
> realized another reason why I have it that way (because yes, I chew on
> these questions and constantly evaluate why I do some process or
> another) - because my fellow SE's have their server monitoring set up to
> look at specific IP's instead of hostnames and I am unable to convince
> them otherwise. If the server IP changes it hoses their tests and the
> dependencie

Re: USB to Serial interface

[Kramer, Jack]

+1 – used the RadioShack one for a serial-only vinyl cutter and it worked 
great. It's insanely long – 5 feet on the minimum.


Jack Kramer
Computer Systems Specialist
University Relations, Michigan State University
w: 517-884-1231 / c: 248-635-4955

From: Richard Stovall mailto:rich...@gmail.com>>
Reply-To: NT System Admin Issues 
mailto:ntsysadmin@lyris.sunbelt-software.com>>
Date: Fri, 21 Jan 2011 19:54:32 -0500
To: NT System Admin Issues 
mailto:ntsysadmin@lyris.sunbelt-software.com>>
Subject: Re: USB to Serial interface

I was in a pinch about a year ago.  I live in Richmond, VA, which does not have 
any Fry's-like stores where you can pick and choose non-mainstream stuff like 
you're looking for.

I needed something immediately (either a different, older laptop, or whatever 
USB <--> serial cable I could find) so I went to Radio Shack and paid a 
ridiculous sum for the single cable they had available.

The good news is that it has worked flawlessly on Win7 x64 without a hitch, and 
it's now a constant companion in my laptop bag.  It is also pretty long at 
something like 4 or 5 feet, which has helped in a few space-constrained 
situations.



On Fri, Jan 21, 2011 at 5:46 PM, Kurt Buff 
mailto:kurt.b...@gmail.com>> wrote:
All,

Just search my archives, and don't see a definitive answer, so thought
I'd ask here.

Does anyone have a brand recommendation for a usb to serial interface
for a Win7 laptop?

I've just got a brand new Dell E6510 with Win7 Pro on it, and need to
config some network equipment.

I know that under XP some of our folks had mixed results, and
definitely had some brand preferences, but I don't know the situation
under Win7 at all.

Thanks,

Kurt

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: DHCP reservations explained...

[Phil Brutsche]

I have one addition to this:

The helper-address command tells the L3 device to forward ALL UDP
broadcasts - DHCP, TFTP, NetBIOS, etc. You would also need to execute
these commands to exclude everything that's not DHCP:

no ip forward-protocol udp domain
no ip forward-protocol udp time
no ip forward-protocol udp netbios-ns
no ip forward-protocol udp netbios-dgm
no ip forward-protocol udp tacacs

That is not an exhaustive list.

PC-based routers (Windows, Linux, *BSD, etc) include what's called a
DHCP relay agent that will truly listen for DHCP requests and forward
them on.

On 1/24/2011 7:45 AM, Mayo, Bill wrote:
> I believe what Brian was referring to was the "dhcp snooping" command,
> which is designed to prevent undesired DHCP servers.  What you ran into
> is related to the fact that DHCP stops at the network boundary
> (router/VLAN) because it is a broadcast.  The helper-address command is
> used to listen and forward requests on a VLAN to a designated DHCP
> server, thereby preventing you from having to have a DHCP server on
> every VLAN.  That command will not stop any rogue DHCP servers.

-- 

Phil Brutsche
p...@optimumdata.com

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: DHCP reservations explained...

[N Parr]

Yes I understand, not relevant to this thread I guess.  But good
information to have when you change servers and your DHCP dies.



From: Mayo, Bill [mailto:bem...@pittcountync.gov] 
Sent: Monday, January 24, 2011 7:45 AM
To: NT System Admin Issues
Subject: RE: DHCP reservations explained...


I believe what Brian was referring to was the "dhcp snooping" command,
which is designed to prevent undesired DHCP servers.  What you ran into
is related to the fact that DHCP stops at the network boundary
(router/VLAN) because it is a broadcast.  The helper-address command is
used to listen and forward requests on a VLAN to a designated DHCP
server, thereby preventing you from having to have a DHCP server on
every VLAN.  That command will not stop any rogue DHCP servers.
 
Bill Mayo
 


From: N Parr [mailto:npar...@mortonind.com] 
Sent: Monday, January 24, 2011 8:24 AM
To: NT System Admin Issues
Subject: RE: DHCP reservations explained...


Just ran in to that with Cisco last week when I migrated my DHCP from 03
to 08r2.  Only Vlan that could see the server was the one the server was
on.
Int vlan xx

Ip helper-address 192.168.1.x




From: Brian Desmond [mailto:br...@briandesmond.com] 
Sent: Sunday, January 23, 2011 4:36 PM
To: NT System Admin Issues
Subject: RE: DHCP reservations explained...



There is a feature on Cisco switches at least that will inspect and
block DHCP server packets on switch ports not trusted for DHCP. My
higher education customers who run residential networks tend to deploy
this given the propensity for students to plug their Best Buy special
Linksys in "backwards" (e.g. LAN port into the resnet). 

 

Thanks,

Brian Desmond

br...@briandesmond.com

 

w - 312.625.1438 | c   - 312.731.3132

 

From: Erik Goldoff [mailto:egold...@gmail.com] 
Sent: Wednesday, January 19, 2011 8:29 AM
To: NT System Admin Issues
Subject: RE: DHCP reservations explained...

 

"I've seen more things go wrong (particularly in smaller networks) with
DHCP than with DNS.   (Admin deploys new networking device with DHCP
server functionality turned out, etc)"

 

Granted, I've seen that too, once or twice.  Rogue DHCP can be a threat
regardless, because if name resolution is working, and servers are
statically assigned, but workstations get rogue assignments,
productivity is still impacted ( although less systemically )

 

Kind of a pick your poison issue... choose based on your own comfort
level with the associated risks and then deal with it.

Erik Goldoff

IT  Consultant

Systems, Networks, & Security 

'  Security is an ongoing process, not a one time event ! '

From: Andrew S. Baker [mailto:asbz...@gmail.com] 
Sent: Tuesday, January 18, 2011 4:50 PM
To: NT System Admin Issues
Subject: Re: DHCP reservations explained...

 

I am not fond of DHCP for server management, even though I will admit
that it is a viable possibility.

 

I prefer the flexibility of configuration that is possible when you have
statically mapped IPs, and I've done this with hundreds of servers in
various environments.

 

In my experience, I've seen more things go wrong (particularly in
smaller networks) with DHCP than with DNS.   (Admin deploys new
networking device with DHCP server functionality turned out, etc)

 

Sure, DHCP maintenance of IP addresses means that you can change them
quickly, etc, but I can script that if necessary, and I've probably
performed major IP address changes a half dozen times in the past decade
and a half (including consulting clients and my home network).

 

But, it's just me.   I'm not going to get too religious about it either
way. 


 

ASB (My Bio via About.Me  ) 
Exploiting Technology for Business Advantage...

 

 

On Tue, Jan 18, 2011 at 2:16 PM, Erik Goldoff 
wrote:

I've always liked DHCP reservations over static IP addresses for servers
where possible for ease of management

   Single view of most servers from DHCP client list

   simple to change parameters globally ( default gateway, primary DNS,
secondary DNS, etc ) without having to visit each server

   less likely to experience IP in use conflict from out of date
tracking spreadsheets when adding new devices to the network 

etc, etc, etc 

but if your clients/applications use hostnames, then that's what I'd
monitor for most checks, keeping a single/simple check using the IP
address to cross verify against name resolution.

On Tue, Jan 18, 2011 at 2:06 PM, David Lum  wrote:

The other day someone commented that it seemed like a bit much that 50%
of my 100-ish servers have DHCP reservations - driving home yesterday I
realized another reason why I have it that way (because yes, I chew on
these questions and constantly evaluate why I do some process or
another) - because my fellow SE's have their server monitoring set up to
look at specific IP's instead of hostnames and I am unable to convince
them otherwise. If the

RE: DHCP reservations explained...

[David Lum]

If your clients are Windows clients can't you set the firewall to only listed 
to DHCP requests from a given IP?

David Lum // SYSTEMS ENGINEER 
NORTHWEST EVALUATION ASSOCIATION
(Desk) 503.548.5229 // (Cell) 503.267.9764



-Original Message-
From: Phil Brutsche [mailto:p...@optimumdata.com] 
Sent: Monday, January 24, 2011 7:00 AM
To: NT System Admin Issues
Subject: Re: DHCP reservations explained...

I have one addition to this:

The helper-address command tells the L3 device to forward ALL UDP
broadcasts - DHCP, TFTP, NetBIOS, etc. You would also need to execute
these commands to exclude everything that's not DHCP:

no ip forward-protocol udp domain
no ip forward-protocol udp time
no ip forward-protocol udp netbios-ns
no ip forward-protocol udp netbios-dgm
no ip forward-protocol udp tacacs

That is not an exhaustive list.

PC-based routers (Windows, Linux, *BSD, etc) include what's called a
DHCP relay agent that will truly listen for DHCP requests and forward
them on.

On 1/24/2011 7:45 AM, Mayo, Bill wrote:
> I believe what Brian was referring to was the "dhcp snooping" command,
> which is designed to prevent undesired DHCP servers.  What you ran into
> is related to the fact that DHCP stops at the network boundary
> (router/VLAN) because it is a broadcast.  The helper-address command is
> used to listen and forward requests on a VLAN to a designated DHCP
> server, thereby preventing you from having to have a DHCP server on
> every VLAN.  That command will not stop any rogue DHCP servers.

-- 

Phil Brutsche
p...@optimumdata.com

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: RE: DHCP reservations explained...

[Jonathan]

Don't you mean broadcasts, rather than requests?

Jonathan
On Jan 24, 2011 10:05 AM, "David Lum"  wrote:
> If your clients are Windows clients can't you set the firewall to only
listed to DHCP requests from a given IP?
>
> David Lum // SYSTEMS ENGINEER
> NORTHWEST EVALUATION ASSOCIATION
> (Desk) 503.548.5229 // (Cell) 503.267.9764
>
>
>
> -Original Message-
> From: Phil Brutsche [mailto:p...@optimumdata.com]
> Sent: Monday, January 24, 2011 7:00 AM
> To: NT System Admin Issues
> Subject: Re: DHCP reservations explained...
>
> I have one addition to this:
>
> The helper-address command tells the L3 device to forward ALL UDP
> broadcasts - DHCP, TFTP, NetBIOS, etc. You would also need to execute
> these commands to exclude everything that's not DHCP:
>
> no ip forward-protocol udp domain
> no ip forward-protocol udp time
> no ip forward-protocol udp netbios-ns
> no ip forward-protocol udp netbios-dgm
> no ip forward-protocol udp tacacs
>
> That is not an exhaustive list.
>
> PC-based routers (Windows, Linux, *BSD, etc) include what's called a
> DHCP relay agent that will truly listen for DHCP requests and forward
> them on.
>
> On 1/24/2011 7:45 AM, Mayo, Bill wrote:
>> I believe what Brian was referring to was the "dhcp snooping" command,
>> which is designed to prevent undesired DHCP servers. What you ran into
>> is related to the fact that DHCP stops at the network boundary
>> (router/VLAN) because it is a broadcast. The helper-address command is
>> used to listen and forward requests on a VLAN to a designated DHCP
>> server, thereby preventing you from having to have a DHCP server on
>> every VLAN. That command will not stop any rogue DHCP servers.
>
> --
>
> Phil Brutsche
> p...@optimumdata.com
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~  ~
>
> ---
> To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~  ~
>
> ---
> To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: RE: DHCP reservations explained...

[David Lum]

Probably :)

From: Jonathan [mailto:ncm...@gmail.com]
Sent: Monday, January 24, 2011 7:08 AM
To: NT System Admin Issues
Subject: Re: RE: DHCP reservations explained...


Don't you mean broadcasts, rather than requests?

Jonathan
On Jan 24, 2011 10:05 AM, "David Lum" 
mailto:david@nwea.org>> wrote:
> If your clients are Windows clients can't you set the firewall to only listed 
> to DHCP requests from a given IP?
>
> David Lum // SYSTEMS ENGINEER
> NORTHWEST EVALUATION ASSOCIATION
> (Desk) 503.548.5229 // (Cell) 503.267.9764
>
>
>
> -Original Message-
> From: Phil Brutsche [mailto:p...@optimumdata.com]
> Sent: Monday, January 24, 2011 7:00 AM
> To: NT System Admin Issues
> Subject: Re: DHCP reservations explained...
>
> I have one addition to this:
>
> The helper-address command tells the L3 device to forward ALL UDP
> broadcasts - DHCP, TFTP, NetBIOS, etc. You would also need to execute
> these commands to exclude everything that's not DHCP:
>
> no ip forward-protocol udp domain
> no ip forward-protocol udp time
> no ip forward-protocol udp netbios-ns
> no ip forward-protocol udp netbios-dgm
> no ip forward-protocol udp tacacs
>
> That is not an exhaustive list.
>
> PC-based routers (Windows, Linux, *BSD, etc) include what's called a
> DHCP relay agent that will truly listen for DHCP requests and forward
> them on.
>
> On 1/24/2011 7:45 AM, Mayo, Bill wrote:
>> I believe what Brian was referring to was the "dhcp snooping" command,
>> which is designed to prevent undesired DHCP servers. What you ran into
>> is related to the fact that DHCP stops at the network boundary
>> (router/VLAN) because it is a broadcast. The helper-address command is
>> used to listen and forward requests on a VLAN to a designated DHCP
>> server, thereby preventing you from having to have a DHCP server on
>> every VLAN. That command will not stop any rogue DHCP servers.
>
> --
>
> Phil Brutsche
> p...@optimumdata.com
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~  ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to 
> listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~  ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to 
> listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Web filter?

[Eric Brouwer]

Greetings,

We're looking to deploy PCs at several locations that are to be used
strictly for access to a couple of our websites.  We're looking for a
simple, cheap solution to block internet access to all websites, and then
add in the handful of sites we'd like them to access.

Any one doing ahtyhing like this?  A recommendations?

Thank you!

Eric

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Web filter?

[Joseph L. Casale]

Sure, and it depends on strict the blocking must be enforced.
I use squid proxy, and if it was ultimately required that the rules not be 
circumventable, you could place these machines on a subnet without external 
access and allow internet access via a proxy or simply some acls on a router as 
your requirements don't look large and hard to maintain...

From: Eric Brouwer [mailto:ithelp.e...@gmail.com]
Sent: Monday, January 24, 2011 9:24 AM
To: NT System Admin Issues
Subject: Web filter?

Greetings,

We're looking to deploy PCs at several locations that are to be used strictly 
for access to a couple of our websites.  We're looking for a simple, cheap 
solution to block internet access to all websites, and then add in the handful 
of sites we'd like them to access.

Any one doing ahtyhing like this?  A recommendations?

Thank you!

Eric

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Web filter?

[Jonathan Link]

Simplest?  Don't enter DNS Server information, or if it gets it via DHCP,
enter an invalid one manually.  Then enter the valid hosts into the
hostfile.
I'm presuming that the users of this won't have admin access to the machine.

On Mon, Jan 24, 2011 at 11:28 AM, Joseph L. Casale <
jcas...@activenetwerx.com> wrote:

>  Sure, and it depends on strict the blocking must be enforced.
> I use squid proxy, and if it was ultimately required that the rules not be
> circumventable, you could place these machines on a subnet without external
> access and allow internet access via a proxy or simply some acls on a router
> as your requirements don’t look large and hard to maintain…
>
>
>
> *From:* Eric Brouwer [mailto:ithelp.e...@gmail.com]
> *Sent:* Monday, January 24, 2011 9:24 AM
> *To:* NT System Admin Issues
> *Subject:* Web filter?
>
>
>
> Greetings,
>
>
>
> We're looking to deploy PCs at several locations that are to be used
> strictly for access to a couple of our websites.  We're looking for a
> simple, cheap solution to block internet access to all websites, and then
> add in the handful of sites we'd like them to access.
>
>
>
> Any one doing ahtyhing like this?  A recommendations?
>
>
>
> Thank you!
>
>
>
> Eric
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Web filter?

[Richard Stovall]

I don't know if it's appropriate for the situation, but I've used Windows
Live Family Safety at home with good success.

http://explore.live.com/windows-live-family-safety




On Mon, Jan 24, 2011 at 11:33 AM, Jonathan Link wrote:

> Simplest?  Don't enter DNS Server information, or if it gets it via DHCP,
> enter an invalid one manually.  Then enter the valid hosts into the
> hostfile.
> I'm presuming that the users of this won't have admin access to the
> machine.
>
>   On Mon, Jan 24, 2011 at 11:28 AM, Joseph L. Casale <
> jcas...@activenetwerx.com> wrote:
>
>>  Sure, and it depends on strict the blocking must be enforced.
>> I use squid proxy, and if it was ultimately required that the rules not be
>> circumventable, you could place these machines on a subnet without external
>> access and allow internet access via a proxy or simply some acls on a router
>> as your requirements don’t look large and hard to maintain…
>>
>>
>>
>> *From:* Eric Brouwer [mailto:ithelp.e...@gmail.com]
>> *Sent:* Monday, January 24, 2011 9:24 AM
>> *To:* NT System Admin Issues
>> *Subject:* Web filter?
>>
>>
>>
>> Greetings,
>>
>>
>>
>> We're looking to deploy PCs at several locations that are to be used
>> strictly for access to a couple of our websites.  We're looking for a
>> simple, cheap solution to block internet access to all websites, and then
>> add in the handful of sites we'd like them to access.
>>
>>
>>
>> Any one doing ahtyhing like this?  A recommendations?
>>
>>
>>
>> Thank you!
>>
>>
>>
>> Eric
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: DHCP reservations explained...

[Candee]

I use static addresses for my servers.
I also have my pool start at say x.x.x.100, so I know the address won't be
assigned elsewhere.

On Tue, Jan 18, 2011 at 2:14 PM, Jonathan  wrote:

> Hmmm... interesting concept. I personally prefer static addressing assigned
> on each individual server. Though I could see the appeal of using DHCP, I
> don't have enough confidence in DHCP to use it for server addressing. Just
> my $0.02
>   On Jan 18, 2011 2:06 PM, "David Lum"  wrote:
> > The other day someone commented that it seemed like a bit much that 50%
> of my 100-ish servers have DHCP reservations - driving home yesterday I
> realized another reason why I have it that way (because yes, I chew on these
> questions and constantly evaluate why I do some process or another) -
> because my fellow SE's have their server monitoring set up to look at
> specific IP's instead of hostnames and I am unable to convince them
> otherwise. If the server IP changes it hoses their tests and the
> dependencies.
> >
> > It's not how I set *MY* monitoring up for servers I maintain, but I have
> posted that question here in fact and have seen differing opinions on
> weather hostname or IP is preferred.
> >
> > David Lum // SYSTEMS ENGINEER
> > NORTHWEST EVALUATION ASSOCIATION
> > (Desk) 503.548.5229 // (Cell) 503.267.9764
> >
> >
> >
> >
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> > ~  ~
> >
> > ---
> > To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> > or send an email to listmana...@lyris.sunbeltsoftware.com
> > with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Simple routing

[Steve Ens]

I've not much experience with Cisco gear, but is it possible to route two
different subnets on a Cisco 2950 switch?  I want to keep my two networks
separate (mostly), but need specific port access between the two.  I've been
trying to use a Dlink router, and it mostly works, but there is something
that is not being allowed through for some reason.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Web filter?

[Erik Goldoff]

+1

 

Erik Goldoff

IT  Consultant

Systems, Networks, & Security 

'  Security is an ongoing process, not a one time event ! '

From: Jonathan Link [mailto:jonathan.l...@gmail.com] 
Sent: Monday, January 24, 2011 11:33 AM
To: NT System Admin Issues
Subject: Re: Web filter?

 

Simplest?  Don't enter DNS Server information, or if it gets it via DHCP,
enter an invalid one manually.  Then enter the valid hosts into the
hostfile.

I'm presuming that the users of this won't have admin access to the machine.

On Mon, Jan 24, 2011 at 11:28 AM, Joseph L. Casale
 wrote:

Sure, and it depends on strict the blocking must be enforced.
I use squid proxy, and if it was ultimately required that the rules not be
circumventable, you could place these machines on a subnet without external
access and allow internet access via a proxy or simply some acls on a router
as your requirements don’t look large and hard to maintain…

 

From: Eric Brouwer [mailto:ithelp.e...@gmail.com] 
Sent: Monday, January 24, 2011 9:24 AM
To: NT System Admin Issues
Subject: Web filter?

 

Greetings,

 

We're looking to deploy PCs at several locations that are to be used
strictly for access to a couple of our websites.  We're looking for a
simple, cheap solution to block internet access to all websites, and then
add in the handful of sites we'd like them to access.

 

Any one doing ahtyhing like this?  A recommendations?

 

Thank you!

 

Eric

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Web filter?

[Kramer, Jack]

Doesn't stop someone from entering an ip address manually…


Jack Kramer
Computer Systems Specialist
University Relations, Michigan State University
w: 517-884-1231 / c: 248-635-4955

From: Erik Goldoff mailto:egold...@gmail.com>>
Reply-To: NT System Admin Issues 
mailto:ntsysadmin@lyris.sunbelt-software.com>>
Date: Mon, 24 Jan 2011 11:43:20 -0500
To: NT System Admin Issues 
mailto:ntsysadmin@lyris.sunbelt-software.com>>
Subject: RE: Web filter?

+1

Erik Goldoff
IT  Consultant
Systems, Networks, & Security
'  Security is an ongoing process, not a one time event ! '
From: Jonathan Link [mailto:jonathan.l...@gmail.com]
Sent: Monday, January 24, 2011 11:33 AM
To: NT System Admin Issues
Subject: Re: Web filter?

Simplest?  Don't enter DNS Server information, or if it gets it via DHCP, enter 
an invalid one manually.  Then enter the validhosts into the hostfile.
I'm presuming that the users of this won't have admin access to the machine.
On Mon, Jan 24, 2011 at 11:28 AM, Joseph L. Casale 
mailto:jcas...@activenetwerx.com>> wrote:
Sure, and it depends on strict the blocking must be enforced.
I use squid proxy, and if it was ultimately required that the rules not be 
circumventable, you could place these machines on a subnet without 
externalaccess and allow internet access via a proxy or simply some acls on a 
router as your requirements don’t look large and hard to maintain…

From: Eric Brouwer [mailto:ithelp.e...@gmail.com]
Sent: Monday, January 24, 2011 9:24 AM
To: NT System Admin Issues
Subject: Web filter?

Greetings,

We're looking to deploy PCs at several locations that are to be used strictly 
foraccess to a couple of our websites.  We're looking for a simple, 
cheapsolution to block internet access to all websites, and then add in the 
handful of sites we'd like them to access.

Any one doing ahtyhing like this?  A recommendations?

Thank you!

Eric

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Simple routing

[Erik Goldoff]

In general your Cisco switch  is a layer 2 device, and routing takes place
at layer 3.  I’m not up on the current lines, but unless you have an RSM
(route switch module) for a 2900 switch you cannot use the switch to route
between layer three networks.

 

Erik Goldoff

IT  Consultant

Systems, Networks, & Security 

'  Security is an ongoing process, not a one time event ! '

From: Steve Ens [mailto:stevey...@gmail.com] 
Sent: Monday, January 24, 2011 11:42 AM
To: NT System Admin Issues
Subject: Simple routing

 

I've not much experience with Cisco gear, but is it possible to route two
different subnets on a Cisco 2950 switch?  I want to keep my two networks
separate (mostly), but need specific port access between the two.  I've been
trying to use a Dlink router, and it mostly works, but there is something
that is not being allowed through for some reason.  

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Web filter?

[Erik Goldoff]

No, it is not the most secure since it’s not 100%, but it *is* the simplest
method.  

And not too many people have the IP addresses memorized for their favorite
malicious surfing.

 

Erik Goldoff

IT  Consultant

Systems, Networks, & Security 

'  Security is an ongoing process, not a one time event ! '

From: Kramer, Jack [mailto:jack.kra...@ur.msu.edu] 
Sent: Monday, January 24, 2011 11:49 AM
To: NT System Admin Issues
Subject: Re: Web filter?

 

Doesn't stop someone from entering an ip address manually…

 


Jack Kramer
Computer Systems Specialist
University Relations, Michigan State University
w: 517-884-1231 / c: 248-635-4955

 

From: Erik Goldoff 
Reply-To: NT System Admin Issues 
Date: Mon, 24 Jan 2011 11:43:20 -0500
To: NT System Admin Issues 
Subject: RE: Web filter?

 

+1

 

Erik Goldoff

IT  Consultant

Systems, Networks, & Security 

'  Security is an ongoing process, not a one time event ! '

From: Jonathan Link [mailto:jonathan.l...@gmail.com] 
Sent: Monday, January 24, 2011 11:33 AM
To: NT System Admin Issues
Subject: Re: Web filter?

 

Simplest?  Don't enter DNS Server information, or if it gets it via DHCP,
enter an invalid one manually.  Then enter the validhosts into the hostfile.

I'm presuming that the users of this won't have admin access to the machine.

On Mon, Jan 24, 2011 at 11:28 AM, Joseph L. Casale
 wrote:

Sure, and it depends on strict the blocking must be enforced.
I use squid proxy, and if it was ultimately required that the rules not be
circumventable, you could place these machines on a subnet without
externalaccess and allow internet access via a proxy or simply some acls on
a router as your requirements don’t look large and hard to maintain…

 

From: Eric Brouwer [mailto:ithelp.e...@gmail.com] 
Sent: Monday, January 24, 2011 9:24 AM
To: NT System Admin Issues
Subject: Web filter?

 

Greetings,

 

We're looking to deploy PCs at several locations that are to be used
strictly foraccess to a couple of our websites.  We're looking for a simple,
cheapsolution to block internet access to all websites, and then add in the
handful of sites we'd like them to access.

 

Any one doing ahtyhing like this?  A recommendations?

 

Thank you!

 

Eric

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Simple routing

[Steve Ens]

Yah, I thought so much, I will check the exact model, but I thought layer 3
is what we needed.  I have a Procurve 2910, which is layer three, and I
couldn't find anything in the webgui that would allow this.
On a side note, I have an old Sonicwall Pro which needs a config file, the
existing one is corrupt.  This device may work as well.

On Mon, Jan 24, 2011 at 10:49 AM, Erik Goldoff  wrote:

>  In general your Cisco switch  is a layer 2 device, and routing takes
> place at layer 3.  I’m not up on the current lines, but unless you have an
> RSM (route switch module) for a 2900 switch you cannot use the switch to
> route between layer three networks.
>
>
>
> *Erik Goldoff***
>
> *IT  Consultant*
>
> *Systems, Networks, & Security *
>
> '  Security is an ongoing process, not a one time event ! '
>
> *From:* Steve Ens [mailto:stevey...@gmail.com]
> *Sent:* Monday, January 24, 2011 11:42 AM
> *To:* NT System Admin Issues
> *Subject:* Simple routing
>
>
>
> I've not much experience with Cisco gear, but is it possible to route two
> different subnets on a Cisco 2950 switch?  I want to keep my two networks
> separate (mostly), but need specific port access between the two.  I've been
> trying to use a Dlink router, and it mostly works, but there is something
> that is not being allowed through for some reason.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Simple routing

[Mayo, Bill]

Like Erik, I am not sure about the 2950 switch, but layer 3
functionality is also limited to the type of IOS you have
licensed/running.  I think layer 3 has filtered down to a lot of their
switch offerings, but you have to buy a higher version of the IOS.  In
short, it depends on the switch AND the IOS.
 
Bill Mayo



From: Steve Ens [mailto:stevey...@gmail.com] 
Sent: Monday, January 24, 2011 11:59 AM
To: NT System Admin Issues
Subject: Re: Simple routing


Yah, I thought so much, I will check the exact model, but I thought
layer 3 is what we needed.  I have a Procurve 2910, which is layer
three, and I couldn't find anything in the webgui that would allow this.

On a side note, I have an old Sonicwall Pro which needs a config file,
the existing one is corrupt.  This device may work as well.


On Mon, Jan 24, 2011 at 10:49 AM, Erik Goldoff 
wrote:


In general your Cisco switch  is a layer 2 device, and routing
takes place at layer 3.  I'm not up on the current lines, but unless you
have an RSM (route switch module) for a 2900 switch you cannot use the
switch to route between layer three networks.

 

Erik Goldoff

IT  Consultant

Systems, Networks, & Security 

'  Security is an ongoing process, not a one time event ! '

From: Steve Ens [mailto:stevey...@gmail.com] 
Sent: Monday, January 24, 2011 11:42 AM
To: NT System Admin Issues
Subject: Simple routing

 

I've not much experience with Cisco gear, but is it possible to
route two different subnets on a Cisco 2950 switch?  I want to keep my
two networks separate (mostly), but need specific port access between
the two.  I've been trying to use a Dlink router, and it mostly works,
but there is something that is not being allowed through for some
reason.  

~ Finally, powerful endpoint security that ISN'T a resource hog!
~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog!
~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Web filter?

[Andrew S. Baker]

OpenDNS.com


*ASB *(My Bio via About.Me )
 *Exploiting Technology for Business Advantage...*

*
*



On Mon, Jan 24, 2011 at 11:24 AM, Eric Brouwer wrote:

> Greetings,
>
> We're looking to deploy PCs at several locations that are to be used
> strictly for access to a couple of our websites.  We're looking for a
> simple, cheap solution to block internet access to all websites, and then
> add in the handful of sites we'd like them to access.
>
> Any one doing ahtyhing like this?  A recommendations?
>
> Thank you!
>
> Eric
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Basic Site Analysis of Workstations, Servers, and Network

[Don Kuhlman]

Hi folks. I was pretty sure this has been discussed on the list before but 
didn't find the information searching on the old threads.

We need to do a base analysis of a client who has 3 sites, 3 servers, and about 
20 workstations.
The goal would be to check the workstations (sync up the local admin passwords, 
verify the nics are all the same - eg AUTO or 100/Full), verify backups and 
then 
just a general health check.

I thought there were some posts with the best steps to go about this as well as 
some of the best tools to use - as though you were walking into a new client 
and 
needed to figure out what all they need done on their network and 
servers/workstations.

If anyone knows the thread topic or has this "checklist", I would really 
appreciate it.

Thanks

Don K


  
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Web filter?

[Malcolm Reitz]

We've used Microsoft's Windows SteadyState tool to lock down an XP desktop
in "kiosk" mode. This has worked well to control what users can do and what
web sites they can access through these kiosk machines.

 

In looking up a link for this, though, I notice that Microsoft has pulled
the tool as of 31 December. They do claim that there are native Windows 7
tools for the same purpose; I haven't tried them.

 

 

-Malcolm

 

 

 

From: Eric Brouwer [mailto:ithelp.e...@gmail.com] 
Sent: Monday, January 24, 2011 10:24
To: NT System Admin Issues
Subject: Web filter?

 

Greetings,

 

We're looking to deploy PCs at several locations that are to be used
strictly for access to a couple of our websites.  We're looking for a
simple, cheap solution to block internet access to all websites, and then
add in the handful of sites we'd like them to access.

 

Any one doing ahtyhing like this?  A recommendations?

 

Thank you!

 

Eric

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Simple routing

[Phil Brutsche]

Catalyst 2950s are layer 2 only.

For a 1U layer 3 switch you are looking at a 3550, 3560 or 3750.

If you run the absolute latest a 2960 will route IPv4 between VLANs -
static only, no RIP OSPF BGP etc.

On 1/24/2011 10:42 AM, Steve Ens wrote:
> I've not much experience with Cisco gear, but is it possible to route
> two different subnets on a Cisco 2950 switch?  I want to keep my two
> networks separate (mostly), but need specific port access between the
> two.  I've been trying to use a Dlink router, and it mostly works, but
> there is something that is not being allowed through for some reason. 

-- 

Phil Brutsche
p...@optimumdata.com

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Web filter?

[Jonathan Link]

Very true.  However, it is cheap, as in free, and it is simple to do.

On Mon, Jan 24, 2011 at 11:49 AM, Kramer, Jack wrote:

>   Doesn't stop someone from entering an ip address manually…
>
> 
> Jack Kramer
> Computer Systems Specialist
> University Relations, Michigan State University
> w: 517-884-1231 / c: 248-635-4955
>
> From: Erik Goldoff 
> Reply-To: NT System Admin Issues 
> Date: Mon, 24 Jan 2011 11:43:20 -0500
> To: NT System Admin Issues 
> Subject: RE: Web filter?
>
>+1
>
>
>
> *Erik Goldoff***
>
> *IT  Consultant*
>
> *Systems, Networks, & Security *
>
> '  Security is an ongoing process, not a one time event ! '
>
> *From:* Jonathan Link 
> [mailto:jonathan.l...@gmail.com]
>
> *Sent:* Monday, January 24, 2011 11:33 AM
> *To:* NT System Admin Issues
> *Subject:* Re: Web filter?
>
>
>
> Simplest?  Don't enter DNS Server information, or if it gets it via DHCP,
> enter an invalid one manually.  Then enter the validhosts into the hostfile.
>
> I'm presuming that the users of this won't have admin access to the
> machine.
>
> On Mon, Jan 24, 2011 at 11:28 AM, Joseph L. Casale <
> jcas...@activenetwerx.com> wrote:
>
> Sure, and it depends on strict the blocking must be enforced.
> I use squid proxy, and if it was ultimately required that the rules not be
> circumventable, you could place these machines on a subnet without
> externalaccess and allow internet access via a proxy or simply some acls on
> a router as your requirements don’t look large and hard to maintain…
>
>
>
> *From:* Eric Brouwer [mailto:ithelp.e...@gmail.com]
> *Sent:* Monday, January 24, 2011 9:24 AM
> *To:* NT System Admin Issues
> *Subject:* Web filter?
>
>
>
> Greetings,
>
>
>
> We're looking to deploy PCs at several locations that are to be used
> strictly foraccess to a couple of our websites.  We're looking for a simple,
> cheapsolution to block internet access to all websites, and then add in the
> handful of sites we'd like them to access.
>
>
>
> Any one doing ahtyhing like this?  A recommendations?
>
>
>
> Thank you!
>
>
>
> Eric
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>   ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Simple routing

[Ben Scott]

On Mon, Jan 24, 2011 at 11:58 AM, Steve Ens  wrote:
> I have a Procurve 2910, which is layer three, and I
> couldn't find anything in the webgui that would allow this.

  The web GUI in ProCurve stuff usually doesn't cover everything.  You
have to go to the CLI for more advanced stuff.

  I've never used a 2910, but the docs say it's a full layer 3 switch,
so it should certainly be able to forward IP datagrams between
broadcast domains/VLANs.  I believe it uses one big router for all
ports and VLANs, so it's just a matter of configuring IP addresses on
the appropriate VLANs, and then adding any additional routes as
needed.

  As others have said, layer 3 features can vary by brand, model,
firmware version, license, etc.

  Going back to your OP:

On Mon, Jan 24, 2011 at 11:42 AM, Steve Ens  wrote:
> I've not much experience with Cisco gear, but is it possible to route two
> different subnets on a Cisco 2950 switch?  I want to keep my two networks
> separate (mostly), but need specific port access between the two.

  Please explain "subnet" and "port" in the above.  By subnet, do you
also mean broadcast domain/VLAN, or is this two IP subnets in the same
broadcast domain/VLAN?  By "port", do you mean switch port or TCP port
or UDP port or ...?

  It will prolly help if you explain what you're trying to do.  :)
Ideally, explain the VLAN and IP topologies involved, what you want
forwarded, and what you don't want forwarded.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Web filter?

[Eric Brouwer]

Thanks to all for the recommendations!  It's not "critical" that they can't
get out to other sites, but we want to discourage the most basic users.  We
were originally thinking of going the HOSTS route, but were worried about
websites changing IP addresses and blocking our access.  It's a solid backup
option.  I'm looking at the free OpenDNS account right now.  it might suit
our needs.

Thanks again!

On Mon, Jan 24, 2011 at 12:54 PM, Jonathan Link wrote:

> Very true.  However, it is cheap, as in free, and it is simple to do.
>
>  On Mon, Jan 24, 2011 at 11:49 AM, Kramer, Jack wrote:
>
>>   Doesn't stop someone from entering an ip address manually…
>>
>> 
>> Jack Kramer
>> Computer Systems Specialist
>> University Relations, Michigan State University
>> w: 517-884-1231 / c: 248-635-4955
>>
>>  From: Erik Goldoff 
>> Reply-To: NT System Admin Issues 
>> Date: Mon, 24 Jan 2011 11:43:20 -0500
>> To: NT System Admin Issues 
>> Subject: RE: Web filter?
>>
>>+1
>>
>>
>>
>> *Erik Goldoff***
>>
>> *IT  Consultant*
>>
>> *Systems, Networks, & Security *
>>
>> '  Security is an ongoing process, not a one time event ! '
>>
>> *From:* Jonathan Link 
>> [mailto:jonathan.l...@gmail.com]
>>
>> *Sent:* Monday, January 24, 2011 11:33 AM
>>
>> *To:* NT System Admin Issues
>> *Subject:* Re: Web filter?
>>
>>
>>
>> Simplest?  Don't enter DNS Server information, or if it gets it via DHCP,
>> enter an invalid one manually.  Then enter the validhosts into the hostfile.
>>
>> I'm presuming that the users of this won't have admin access to the
>> machine.
>>
>> On Mon, Jan 24, 2011 at 11:28 AM, Joseph L. Casale <
>> jcas...@activenetwerx.com> wrote:
>>
>>  Sure, and it depends on strict the blocking must be enforced.
>> I use squid proxy, and if it was ultimately required that the rules not be
>> circumventable, you could place these machines on a subnet without
>> externalaccess and allow internet access via a proxy or simply some acls on
>> a router as your requirements don’t look large and hard to maintain…
>>
>>
>>
>> *From:* Eric Brouwer [mailto:ithelp.e...@gmail.com]
>> *Sent:* Monday, January 24, 2011 9:24 AM
>>
>> *To:* NT System Admin Issues
>> *Subject:* Web filter?
>>
>>
>>
>> Greetings,
>>
>>
>>
>> We're looking to deploy PCs at several locations that are to be used
>> strictly foraccess to a couple of our websites.  We're looking for a simple,
>> cheapsolution to block internet access to all websites, and then add in the
>> handful of sites we'd like them to access.
>>
>>
>>
>> Any one doing ahtyhing like this?  A recommendations?
>>
>>
>>
>> Thank you!
>>
>>
>>
>> Eric
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>>
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>>~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscr

Internet browsing reporting?

[Eric Brouwer]

Greetings,

I'm looking for another solution, and this list has never steered me wrong.
I need to be able to monitor the Internet traffic for specific people for
specific times, and report their usage.  Basically, I need to be able to say
person X was on the web for 15 hours last week.  If the solution also gave
me the ability to block gambling, pr0n, etc. sites, that would be great.
I'm looking at Websense now, but it seems more for blocking access, not
reporting on who did what.

Thanks!

Eric

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Web filter?

[Kennedy, Jim]

Anything you can do to go the free route might be a prudent choice. I don't 
know your environment but a revolt from the masses and management caving in to 
their demands could be a possibility. Also the list of 'allowed' sites could 
grow really fastso a roll your own DNS or hostsfile solution doen't scale 
in my mind.

From: Eric Brouwer [mailto:ithelp.e...@gmail.com]
Sent: Monday, January 24, 2011 1:33 PM
To: NT System Admin Issues
Subject: Re: Web filter?

Thanks to all for the recommendations!  It's not "critical" that they can't get 
out to other sites, but we want to discourage the most basic users.  We were 
originally thinking of going the HOSTS route, but were worried about websites 
changing IP addresses and blocking our access.  It's a solid backup option.  
I'm looking at the free OpenDNS account right now.  it might suit our needs.

Thanks again!
On Mon, Jan 24, 2011 at 12:54 PM, Jonathan Link 
mailto:jonathan.l...@gmail.com>> wrote:
Very true.  However, it is cheap, as in free, and it is simple to do.
On Mon, Jan 24, 2011 at 11:49 AM, Kramer, Jack 
mailto:jack.kra...@ur.msu.edu>> wrote:
Doesn't stop someone from entering an ip address manually...


Jack Kramer
Computer Systems Specialist
University Relations, Michigan State University
w: 517-884-1231 / c: 248-635-4955

From: Erik Goldoff mailto:egold...@gmail.com>>
Reply-To: NT System Admin Issues 
mailto:ntsysadmin@lyris.sunbelt-software.com>>
Date: Mon, 24 Jan 2011 11:43:20 -0500
To: NT System Admin Issues 
mailto:ntsysadmin@lyris.sunbelt-software.com>>
Subject: RE: Web filter?

+1

Erik Goldoff
IT  Consultant
Systems, Networks, & Security
'  Security is an ongoing process, not a one time event ! '
From: Jonathan Link [mailto:jonathan.l...@gmail.com]
Sent: Monday, January 24, 2011 11:33 AM

To: NT System Admin Issues
Subject: Re: Web filter?

Simplest?  Don't enter DNS Server information, or if it gets it via DHCP, enter 
an invalid one manually.  Then enter the validhosts into the hostfile.
I'm presuming that the users of this won't have admin access to the machine.
On Mon, Jan 24, 2011 at 11:28 AM, Joseph L. Casale 
mailto:jcas...@activenetwerx.com>> wrote:
Sure, and it depends on strict the blocking must be enforced.
I use squid proxy, and if it was ultimately required that the rules not be 
circumventable, you could place these machines on a subnet without 
externalaccess and allow internet access via a proxy or simply some acls on a 
router as your requirements don't look large and hard to maintain...

From: Eric Brouwer [mailto:ithelp.e...@gmail.com]
Sent: Monday, January 24, 2011 9:24 AM

To: NT System Admin Issues
Subject: Web filter?

Greetings,

We're looking to deploy PCs at several locations that are to be used strictly 
foraccess to a couple of our websites.  We're looking for a simple, 
cheapsolution to block internet access to all websites, and then add in the 
handful of sites we'd like them to access.

Any one doing ahtyhing like this?  A recommendations?

Thank you!

Eric

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ 

RE: Internet browsing reporting?

[Martin Blackstone]

You might take a look at these guys:

http://www.paloaltonetworks.com/

 

 

From: Eric Brouwer [mailto:ithelp.e...@gmail.com] 
Sent: Monday, January 24, 2011 10:43 AM
To: NT System Admin Issues
Subject: Internet browsing reporting?

 

Greetings,

 

I'm looking for another solution, and this list has never steered me wrong.
I need to be able to monitor the Internet traffic for specific people for
specific times, and report their usage.  Basically, I need to be able to say
person X was on the web for 15 hours last week.  If the solution also gave
me the ability to block gambling, pr0n, etc. sites, that would be great.
I'm looking at Websense now, but it seems more for blocking access, not
reporting on who did what.

 

Thanks!

 

Eric

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Simple routing

[Steve Ens]

I usually use the CLI for initial config, setting up an IP address, name it,
etc.  But then I turn to the java gui if I need anything else.  I'll dig
into the CLI a little to see what is possible.  I have a 10.0.0.x/24 network
that needs to have access to certain ports on a server that is on a
192.168.1.x/24 network.  Corporate Lan -> broadcast network.  Should be
easy, and should work with a simple router, BUT the application involved
apparently needs to see the IP address directly, so I'm not even sure that
port forwarding will work.  I may need to pull the machines off the
corporate LAN and stick them on the "other side", and then give them access
to the corporate LAN.

On Mon, Jan 24, 2011 at 12:06 PM, Ben Scott  wrote:

> On Mon, Jan 24, 2011 at 11:58 AM, Steve Ens  wrote:
> > I have a Procurve 2910, which is layer three, and I
> > couldn't find anything in the webgui that would allow this.
>
>  The web GUI in ProCurve stuff usually doesn't cover everything.  You
> have to go to the CLI for more advanced stuff.
>
>  I've never used a 2910, but the docs say it's a full layer 3 switch,
> so it should certainly be able to forward IP datagrams between
> broadcast domains/VLANs.  I believe it uses one big router for all
> ports and VLANs, so it's just a matter of configuring IP addresses on
> the appropriate VLANs, and then adding any additional routes as
> needed.
>
>  As others have said, layer 3 features can vary by brand, model,
> firmware version, license, etc.
>
>  Going back to your OP:
>
> On Mon, Jan 24, 2011 at 11:42 AM, Steve Ens  wrote:
> > I've not much experience with Cisco gear, but is it possible to route two
> > different subnets on a Cisco 2950 switch?  I want to keep my two networks
> > separate (mostly), but need specific port access between the two.
>
>  Please explain "subnet" and "port" in the above.  By subnet, do you
> also mean broadcast domain/VLAN, or is this two IP subnets in the same
> broadcast domain/VLAN?  By "port", do you mean switch port or TCP port
> or UDP port or ...?
>
>  It will prolly help if you explain what you're trying to do.  :)
> Ideally, explain the VLAN and IP topologies involved, what you want
> forwarded, and what you don't want forwarded.
>
> -- Ben
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Internet browsing reporting?

[Kennedy, Jim]

You are not going to be able to report that with any real accuracy. Web filters 
have reports that estimate the time spent on a website, but they are only 
estimates based upon the 'norm'.  You don't know if I spent 5 minutes on the 
front page of CNN or I spent 2 hours there. As long as I don't click it is a 
static display.

But now that you have upped the ante here, to specific people at specific times 
you are going to be looking at a full web filter that has authentication tied 
to Active Directory so you know who is on what computer and all that. We have 
an M86 Web Filter and Reporter that will do all you ask. Cisco's Ironport will 
do it, we evaluated that one also.

Seldom are there technological solutions for behavioral issues.
  ---Ed Crowley

From: Eric Brouwer [mailto:ithelp.e...@gmail.com]
Sent: Monday, January 24, 2011 1:43 PM
To: NT System Admin Issues
Subject: Internet browsing reporting?

Greetings,

I'm looking for another solution, and this list has never steered me wrong.  I 
need to be able to monitor the Internet traffic for specific people for 
specific times, and report their usage.  Basically, I need to be able to say 
person X was on the web for 15 hours last week.  If the solution also gave me 
the ability to block gambling, pr0n, etc. sites, that would be great.  I'm 
looking at Websense now, but it seems more for blocking access, not reporting 
on who did what.

Thanks!

Eric

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Internet browsing reporting?

[N Parr]

Barracuda Web Filter does a good job at this.



From: Eric Brouwer [mailto:ithelp.e...@gmail.com] 
Sent: Monday, January 24, 2011 12:43 PM
To: NT System Admin Issues
Subject: Internet browsing reporting?


Greetings,
 
I'm looking for another solution, and this list has never steered me
wrong.  I need to be able to monitor the Internet traffic for specific
people for specific times, and report their usage.  Basically, I need to
be able to say person X was on the web for 15 hours last week.  If the
solution also gave me the ability to block gambling, pr0n, etc. sites,
that would be great.  I'm looking at Websense now, but it seems more for
blocking access, not reporting on who did what.
 
Thanks!
 
Eric

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Internet browsing reporting?

[Eric Brouwer]

Thanks.  Totally agree this is a people issue, not technology, but I'm not
going to win that battle.

On Mon, Jan 24, 2011 at 1:49 PM, Kennedy, Jim
wrote:

>  You are not going to be able to report that with any real accuracy. Web
> filters have reports that estimate the time spent on a website, but they are
> only estimates based upon the ‘norm’.  You don’t know if I spent 5 minutes
> on the front page of CNN or I spent 2 hours there. As long as I don’t click
> it is a static display.
>
>
>
> But now that you have upped the ante here, to specific people at specific
> times you are going to be looking at a full web filter that has
> authentication tied to Active Directory so you know who is on what computer
> and all that. We have an M86 Web Filter and Reporter that will do all you
> ask. Cisco’s Ironport will do it, we evaluated that one also.
>
>
>
> Seldom are there technological solutions for behavioral issues.
>
>   ---Ed Crowley
>
>
>
> *From:* Eric Brouwer [mailto:ithelp.e...@gmail.com]
> *Sent:* Monday, January 24, 2011 1:43 PM
> *To:* NT System Admin Issues
> *Subject:* Internet browsing reporting?
>
>
>
> Greetings,
>
>
>
> I'm looking for another solution, and this list has never steered me
> wrong.  I need to be able to monitor the Internet traffic for specific
> people for specific times, and report their usage.  Basically, I need to be
> able to say person X was on the web for 15 hours last week.  If the solution
> also gave me the ability to block gambling, pr0n, etc. sites, that would be
> great.  I'm looking at Websense now, but it seems more for blocking access,
> not reporting on who did what.
>
>
>
> Thanks!
>
>
>
> Eric
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Internet browsing reporting?

[Jeff Steward]

http://www.burstek.com/

Worked well on our ISA Server and ties into AD so
you can report/restrict as needed.  You can create custom categories or use
the pre-canned ones that are updated frequently.

-Jeff Steward

On Mon, Jan 24, 2011 at 2:09 PM, Eric Brouwer  wrote:

> Thanks.  Totally agree this is a people issue, not technology, but I'm not
> going to win that battle.
>
> On Mon, Jan 24, 2011 at 1:49 PM, Kennedy, Jim <
> kennedy...@elyriaschools.org> wrote:
>
>>  You are not going to be able to report that with any real accuracy. Web
>> filters have reports that estimate the time spent on a website, but they are
>> only estimates based upon the ‘norm’.  You don’t know if I spent 5 minutes
>> on the front page of CNN or I spent 2 hours there. As long as I don’t click
>> it is a static display.
>>
>>
>>
>> But now that you have upped the ante here, to specific people at specific
>> times you are going to be looking at a full web filter that has
>> authentication tied to Active Directory so you know who is on what computer
>> and all that. We have an M86 Web Filter and Reporter that will do all you
>> ask. Cisco’s Ironport will do it, we evaluated that one also.
>>
>>
>>
>> Seldom are there technological solutions for behavioral issues.
>>
>>   ---Ed Crowley
>>
>>
>>
>> *From:* Eric Brouwer [mailto:ithelp.e...@gmail.com]
>> *Sent:* Monday, January 24, 2011 1:43 PM
>>
>> *To:* NT System Admin Issues
>> *Subject:* Internet browsing reporting?
>>
>>
>>
>> Greetings,
>>
>>
>>
>> I'm looking for another solution, and this list has never steered me
>> wrong.  I need to be able to monitor the Internet traffic for specific
>> people for specific times, and report their usage.  Basically, I need to be
>> able to say person X was on the web for 15 hours last week.  If the solution
>> also gave me the ability to block gambling, pr0n, etc. sites, that would be
>> great.  I'm looking at Websense now, but it seems more for blocking access,
>> not reporting on who did what.
>>
>>
>>
>> Thanks!
>>
>>
>>
>> Eric
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Internet browsing reporting?

[Kennedy, Jim]

I think all of us have lost that battle a few million times.

From: Eric Brouwer [mailto:ithelp.e...@gmail.com]
Sent: Monday, January 24, 2011 2:10 PM
To: NT System Admin Issues
Subject: Re: Internet browsing reporting?

Thanks.  Totally agree this is a people issue, not technology, but I'm not 
going to win that battle.
On Mon, Jan 24, 2011 at 1:49 PM, Kennedy, Jim 
mailto:kennedy...@elyriaschools.org>> wrote:
You are not going to be able to report that with any real accuracy. Web filters 
have reports that estimate the time spent on a website, but they are only 
estimates based upon the 'norm'.  You don't know if I spent 5 minutes on the 
front page of CNN or I spent 2 hours there. As long as I don't click it is a 
static display.

But now that you have upped the ante here, to specific people at specific times 
you are going to be looking at a full web filter that has authentication tied 
to Active Directory so you know who is on what computer and all that. We have 
an M86 Web Filter and Reporter that will do all you ask. Cisco's Ironport will 
do it, we evaluated that one also.

Seldom are there technological solutions for behavioral issues.
  ---Ed Crowley

From: Eric Brouwer [mailto:ithelp.e...@gmail.com]
Sent: Monday, January 24, 2011 1:43 PM
To: NT System Admin Issues
Subject: Internet browsing reporting?

Greetings,

I'm looking for another solution, and this list has never steered me wrong.  I 
need to be able to monitor the Internet traffic for specific people for 
specific times, and report their usage.  Basically, I need to be able to say 
person X was on the web for 15 hours last week.  If the solution also gave me 
the ability to block gambling, pr0n, etc. sites, that would be great.  I'm 
looking at Websense now, but it seems more for blocking access, not reporting 
on who did what.

Thanks!

Eric

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Internet browsing reporting?

[David Mazzaccaro]

St Bernard iPrism works really well, and is an easy setup.

 

From: Eric Brouwer [mailto:ithelp.e...@gmail.com] 
Sent: Monday, January 24, 2011 1:43 PM
To: NT System Admin Issues
Subject: Internet browsing reporting?

 

Greetings,

 

I'm looking for another solution, and this list has never steered me
wrong.  I need to be able to monitor the Internet traffic for specific
people for specific times, and report their usage.  Basically, I need to
be able to say person X was on the web for 15 hours last week.  If the
solution also gave me the ability to block gambling, pr0n, etc. sites,
that would be great.  I'm looking at Websense now, but it seems more for
blocking access, not reporting on who did what.

 

Thanks!

 

Eric

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Internet browsing reporting?

[Bob Fronk]

+! iPrism

It also has a new mobile client that reports and blocks without proxy.  It is 
working really well for us.

BF


From: David Mazzaccaro [mailto:david.mazzacc...@hudsonmobility.com]
Sent: Monday, January 24, 2011 2:47 PM
To: NT System Admin Issues
Subject: RE: Internet browsing reporting?

St Bernard iPrism works really well, and is an easy setup.

From: Eric Brouwer [mailto:ithelp.e...@gmail.com]
Sent: Monday, January 24, 2011 1:43 PM
To: NT System Admin Issues
Subject: Internet browsing reporting?

Greetings,

I'm looking for another solution, and this list has never steered me wrong.  I 
need to be able to monitor the Internet traffic for specific people for 
specific times, and report their usage.  Basically, I need to be able to say 
person X was on the web for 15 hours last week.  If the solution also gave me 
the ability to block gambling, pr0n, etc. sites, that would be great.  I'm 
looking at Websense now, but it seems more for blocking access, not reporting 
on who did what.

Thanks!

Eric

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Web filter?

[Bob Fronk]

iPrism with mobile client.

BF

From: Eric Brouwer [mailto:ithelp.e...@gmail.com]
Sent: Monday, January 24, 2011 11:24 AM
To: NT System Admin Issues
Subject: Web filter?

Greetings,

We're looking to deploy PCs at several locations that are to be used strictly 
for access to a couple of our websites.  We're looking for a simple, cheap 
solution to block internet access to all websites, and then add in the handful 
of sites we'd like them to access.

Any one doing ahtyhing like this?  A recommendations?

Thank you!

Eric

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Internet browsing reporting?

[David Mazzaccaro]

Yup, the remote filtering works very well for us too.

 

 

 

From: Bob Fronk [mailto:b...@btrfronk.com] 
Sent: Monday, January 24, 2011 2:59 PM
To: NT System Admin Issues
Subject: RE: Internet browsing reporting?

 

+! iPrism

 

It also has a new mobile client that reports and blocks without proxy.
It is working really well for us.

 

BF

 

 

From: David Mazzaccaro [mailto:david.mazzacc...@hudsonmobility.com] 
Sent: Monday, January 24, 2011 2:47 PM
To: NT System Admin Issues
Subject: RE: Internet browsing reporting?

 

St Bernard iPrism works really well, and is an easy setup.

 

From: Eric Brouwer [mailto:ithelp.e...@gmail.com] 
Sent: Monday, January 24, 2011 1:43 PM
To: NT System Admin Issues
Subject: Internet browsing reporting?

 

Greetings,

 

I'm looking for another solution, and this list has never steered me
wrong.  I need to be able to monitor the Internet traffic for specific
people for specific times, and report their usage.  Basically, I need to
be able to say person X was on the web for 15 hours last week.  If the
solution also gave me the ability to block gambling, pr0n, etc. sites,
that would be great.  I'm looking at Websense now, but it seems more for
blocking access, not reporting on who did what.

 

Thanks!

 

Eric

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Simple routing

[Phil Brutsche]

If the CLI on your HP 2910 is anything like the other HP products I've
used it's pretty straightforward.

If you want it to route between VLANs 10 and 11:

ip routing
vlan 10 ip address 172.30.10.1/24
vlan 11 ip address 172.30.11.1/24

In this case 172.30.10.1 and 172.30.11.1 would be the default gateways
for the respective subnets.

"Port forwarding" is only relevant if you are also doing NAT.

On 1/24/2011 12:49 PM, Steve Ens wrote:
> I usually use the CLI for initial config, setting up an IP address, name
> it, etc.  But then I turn to the java gui if I need anything else.  I'll
> dig into the CLI a little to see what is possible.  I have a 10.0.0.x/24
> network that needs to have access to certain ports on a server that is
> on a 192.168.1.x/24 network.  Corporate Lan -> broadcast network. 
> Should be easy, and should work with a simple router, BUT the
> application involved apparently needs to see the IP address directly, so
> I'm not even sure that port forwarding will work.  I may need to pull
> the machines off the corporate LAN and stick them on the "other side",
> and then give them access to the corporate LAN. 

-- 

Phil Brutsche
p...@optimumdata.com

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Way OT - Anyone here had Lasik? How has it impacted your daily work (looking at screens, keyboards, etc)

[Raper, Jonathan - Eagle]

I'm considering Lasik for my left eye (my right eye is 20/12 uncorrected - I 
have an astigmatism in my left eye). I've heard great stories, and I've read 
about not so great experiences.

One of my co-workers had Lasik (by the same surgeon who would do my procedure) 
8 years ago and claims zero regrets and no long term ill effects. I probably 
wouldn't do it, because for me it would be a luxury, but I'm positioned to lose 
up to $2,600 that I have siting in a Flexible Spending Account if it isn't used 
by March 31 of this year (I checked, and even though the plan was for last 
2010, my plan has a grace period that allows for Date of Service until March 
31, 2011). The surgeon I'm considering is Karl Stonecipher, who claims having 
done well over 50,000 procedures.

So, any stories, good, bad, or otherwise are welcome. I'm particularly 
interested in any stories for anyone who is athletically active.

Jonathan L. Raper, A+, MCSA, MCSE
Technology Coordinator
Eagle Physicians & Associates, PA
www.eaglemds.com
jra...@eaglemds.com

Any medical information contained in this electronic message is CONFIDENTIAL 
and privileged. It is unlawful for unauthorized persons to view, copy, 
disclose, or disseminate CONFIDENTIAL information. This electronic message may 
contain information that is confidential and/or legally privileged. It is 
intended only for the use of the individual(s) and/or entity named as 
recipients in the message. If you are not an intended recipient of this 
message, please notify the sender immediately and delete this material from 
your computer. Do not deliver, distribute or copy this message, and do not 
disclose its contents or take any action in reliance on the information that it 
contains.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Way OT - Anyone here had Lasik? How has it impacted your daily work (looking at screens, keyboards, etc)

[Jim Holmgren]

I had the full-laser Lasik 2 years ago for the same reason
(miscalculated my FSA).  Have not regretted it one bit.  

I play soccer on a regular basis (goal keeper) so I had to sit out for a
few weeks to be sure I didn't do any damage while healing, but otherwise
I could not be happier.  

Your Dr. will advise you on the proper amount of time to sit out
depending on your sport of choice.  All I can say is - follow his/her
advice.

I went from 20/200 to 20/20 in my right eye and 20/80 to 20/10 in my
left.

Jim

Jim Holmgren
Senior Manager, Infrastructure Services
XLHealth Corporation
The Warehouse at Camden Yards
351 West Camden Street, Suite 100
Baltimore, MD 21201 
410.625.2200 (main)
443.524.8573 (direct)
443-506.2400 (cell)
www.xlhealth.com





-Original Message-
From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com] 
Sent: Monday, January 24, 2011 3:35 PM
To: NT System Admin Issues
Subject: Way OT - Anyone here had Lasik? How has it impacted your daily
work (looking at screens, keyboards, etc)

I'm considering Lasik for my left eye (my right eye is 20/12 uncorrected
- I have an astigmatism in my left eye). I've heard great stories, and
I've read about not so great experiences.

One of my co-workers had Lasik (by the same surgeon who would do my
procedure) 8 years ago and claims zero regrets and no long term ill
effects. I probably wouldn't do it, because for me it would be a luxury,
but I'm positioned to lose up to $2,600 that I have siting in a Flexible
Spending Account if it isn't used by March 31 of this year (I checked,
and even though the plan was for last 2010, my plan has a grace period
that allows for Date of Service until March 31, 2011). The surgeon I'm
considering is Karl Stonecipher, who claims having done well over 50,000
procedures.

So, any stories, good, bad, or otherwise are welcome. I'm particularly
interested in any stories for anyone who is athletically active.

Jonathan L. Raper, A+, MCSA, MCSE
Technology Coordinator
Eagle Physicians & Associates, PA
www.eaglemds.com
jra...@eaglemds.com

Any medical information contained in this electronic message is
CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to
view, copy, disclose, or disseminate CONFIDENTIAL information. This
electronic message may contain information that is confidential and/or
legally privileged. It is intended only for the use of the individual(s)
and/or entity named as recipients in the message. If you are not an
intended recipient of this message, please notify the sender immediately
and delete this material from your computer. Do not deliver, distribute
or copy this message, and do not disclose its contents or take any
action in reliance on the information that it contains.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use 
of the intended recipient(s) and may contain confidential and/or protected 
health information. Under the Federal Law (HIPAA), the intended recipient is 
obligated to keep this information secure and confidential. Any disclosure to 
third parties without authorization from the member of as permitted by law is 
prohibited and punishable under Federal Law. If you are not the intended 
recipient, please contact the sender by reply e-mail and destroy all copies of 
the original message.

NOTA DE CONFIDENCIALIDAD: Este facsímile, incluyendo lo adjunto, es para el uso 
exclusivo del destinatario(s) y puede contener información confidencial y/o 
información protegida de salud. En virtud de la Ley Federal (HIPAA), el 
destinatario tiene la obligación de mantener esta información segura y 
confidencial. Cualquier divulgación a terceros sin la autorización de los 
miembros de lo permitido por la ley está prohibido y penado en virtud de la Ley 
Federal. Si usted no es el destinatario, por favor, póngase en contacto con el 
remitente por teléfono y destruir todas las copias del mensaje original

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Way OT - Anyone here had Lasik? How has it impacted your daily work (looking at screens, keyboards, etc)

[Guyer, Don]

I went for an initial consultation and the idea of having to go back
every so often for possible "adjustments" (along with the associated
cost) was a huge turn-off for me. That was a few years ago, so that may
have changed.

FYI, $2,600 can be blown through in a snap. Remember, you can still buy
all the over the counter crap under last year's FSA rules that you can't
this year. If you have a family, that will be easy. I went through the
same thing to the tune of around $1,500 end of 2009 like it was water.
Eyeglasses, contacts, contact supplies, first aid, cold/flu supplies, so
on and so forth.

Good luck either way!

:)

Don Guyer
Windows Systems Engineer
Datasafe Platform
Fiserv Enterprise Technology
Fiserv
don.gu...@fiserv.com
Office: 1-800-523-7282 x 1673
Fax: 610-293-4499
www.fiserv.com

-Original Message-
From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com] 
Sent: Monday, January 24, 2011 3:35 PM
To: NT System Admin Issues
Subject: Way OT - Anyone here had Lasik? How has it impacted your daily
work (looking at screens, keyboards, etc)

I'm considering Lasik for my left eye (my right eye is 20/12 uncorrected
- I have an astigmatism in my left eye). I've heard great stories, and
I've read about not so great experiences.

One of my co-workers had Lasik (by the same surgeon who would do my
procedure) 8 years ago and claims zero regrets and no long term ill
effects. I probably wouldn't do it, because for me it would be a luxury,
but I'm positioned to lose up to $2,600 that I have siting in a Flexible
Spending Account if it isn't used by March 31 of this year (I checked,
and even though the plan was for last 2010, my plan has a grace period
that allows for Date of Service until March 31, 2011). The surgeon I'm
considering is Karl Stonecipher, who claims having done well over 50,000
procedures.

So, any stories, good, bad, or otherwise are welcome. I'm particularly
interested in any stories for anyone who is athletically active.

Jonathan L. Raper, A+, MCSA, MCSE
Technology Coordinator
Eagle Physicians & Associates, PA
www.eaglemds.com
jra...@eaglemds.com

Any medical information contained in this electronic message is
CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to
view, copy, disclose, or disseminate CONFIDENTIAL information. This
electronic message may contain information that is confidential and/or
legally privileged. It is intended only for the use of the individual(s)
and/or entity named as recipients in the message. If you are not an
intended recipient of this message, please notify the sender immediately
and delete this material from your computer. Do not deliver, distribute
or copy this message, and do not disclose its contents or take any
action in reliance on the information that it contains.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Way OT - Anyone here had Lasik? How has it impacted your daily work (looking at screens, keyboards, etc)

[John Cook]

Had mine done 5 1/2 years ago, no regrets and it has made life so much 
easier. I did lose some of my really up close vision but still don't need 
reading glasses although they help with really close up work(fast approaching 
50 so that's par for the course). Best money I ever spent.

 John W. Cook
System Administrator
Partnership For Strong Families
5950 NW 1st Place
Gainesville, Fl 32607
Cell (352) 215-6944
MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4

-Original Message-
From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com]
Sent: Monday, January 24, 2011 3:35 PM
To: NT System Admin Issues
Subject: Way OT - Anyone here had Lasik? How has it impacted your daily work 
(looking at screens, keyboards, etc)

I'm considering Lasik for my left eye (my right eye is 20/12 uncorrected - I 
have an astigmatism in my left eye). I've heard great stories, and I've read 
about not so great experiences.

One of my co-workers had Lasik (by the same surgeon who would do my procedure) 
8 years ago and claims zero regrets and no long term ill effects. I probably 
wouldn't do it, because for me it would be a luxury, but I'm positioned to lose 
up to $2,600 that I have siting in a Flexible Spending Account if it isn't used 
by March 31 of this year (I checked, and even though the plan was for last 
2010, my plan has a grace period that allows for Date of Service until March 
31, 2011). The surgeon I'm considering is Karl Stonecipher, who claims having 
done well over 50,000 procedures.

So, any stories, good, bad, or otherwise are welcome. I'm particularly 
interested in any stories for anyone who is athletically active.

Jonathan L. Raper, A+, MCSA, MCSE
Technology Coordinator
Eagle Physicians & Associates, PA
www.eaglemds.com
jra...@eaglemds.com

Any medical information contained in this electronic message is CONFIDENTIAL 
and privileged. It is unlawful for unauthorized persons to view, copy, 
disclose, or disseminate CONFIDENTIAL information. This electronic message may 
contain information that is confidential and/or legally privileged. It is 
intended only for the use of the individual(s) and/or entity named as 
recipients in the message. If you are not an intended recipient of this 
message, please notify the sender immediately and delete this material from 
your computer. Do not deliver, distribute or copy this message, and do not 
disclose its contents or take any action in reliance on the information that it 
contains.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


CONFIDENTIALITY STATEMENT: The information transmitted, or contained or 
attached to or with this Notice is intended only for the person or entity to 
which it is addressed and may contain Protected Health Information (PHI), 
confidential and/or privileged material. Any review, transmission, 
dissemination, or other use of, and taking any action in reliance upon this 
information by persons or entities other than the intended recipient without 
the express written consent of the sender are prohibited. This information may 
be protected by the Health Insurance Portability and Accountability Act of 1996 
(HIPAA), and other Federal and Florida laws. Improper or unauthorized use or 
disclosure of this information could result in civil and/or criminal penalties.
 Consider the environment. Please don't print this e-mail unless you really 
need to.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Way OT - Anyone here had Lasik? How has it impacted your daily work (looking at screens, keyboards, etc)

[N Parr]

Had it done 3-4 years ago, absolutely wonderful.  Was -4 or worse in
both eyes with astigmatism and as of last month was still seeing 20/15. 

-Original Message-
From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com] 
Sent: Monday, January 24, 2011 2:35 PM
To: NT System Admin Issues
Subject: Way OT - Anyone here had Lasik? How has it impacted your daily
work (looking at screens, keyboards, etc)

I'm considering Lasik for my left eye (my right eye is 20/12 uncorrected
- I have an astigmatism in my left eye). I've heard great stories, and
I've read about not so great experiences.

One of my co-workers had Lasik (by the same surgeon who would do my
procedure) 8 years ago and claims zero regrets and no long term ill
effects. I probably wouldn't do it, because for me it would be a luxury,
but I'm positioned to lose up to $2,600 that I have siting in a Flexible
Spending Account if it isn't used by March 31 of this year (I checked,
and even though the plan was for last 2010, my plan has a grace period
that allows for Date of Service until March 31, 2011). The surgeon I'm
considering is Karl Stonecipher, who claims having done well over 50,000
procedures.

So, any stories, good, bad, or otherwise are welcome. I'm particularly
interested in any stories for anyone who is athletically active.

Jonathan L. Raper, A+, MCSA, MCSE
Technology Coordinator
Eagle Physicians & Associates, PA
www.eaglemds.com
jra...@eaglemds.com

Any medical information contained in this electronic message is
CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to
view, copy, disclose, or disseminate CONFIDENTIAL information. This
electronic message may contain information that is confidential and/or
legally privileged. It is intended only for the use of the individual(s)
and/or entity named as recipients in the message. If you are not an
intended recipient of this message, please notify the sender immediately
and delete this material from your computer. Do not deliver, distribute
or copy this message, and do not disclose its contents or take any
action in reliance on the information that it contains.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Way OT - Anyone here had Lasik? How has it impacted your daily work (looking at screens, keyboards, etc)

[John Aldrich]

Nope, not here. However, my wife's grandmother had it done and she loves it.





-Original Message-
From: Jim Holmgren [mailto:jholmg...@xlhealth.com] 
Sent: Monday, January 24, 2011 3:40 PM
To: NT System Admin Issues
Subject: RE: Way OT - Anyone here had Lasik? How has it impacted your daily
work (looking at screens, keyboards, etc)

I had the full-laser Lasik 2 years ago for the same reason
(miscalculated my FSA).  Have not regretted it one bit.  

I play soccer on a regular basis (goal keeper) so I had to sit out for a
few weeks to be sure I didn't do any damage while healing, but otherwise
I could not be happier.  

Your Dr. will advise you on the proper amount of time to sit out
depending on your sport of choice.  All I can say is - follow his/her
advice.

I went from 20/200 to 20/20 in my right eye and 20/80 to 20/10 in my
left.

Jim

Jim Holmgren
Senior Manager, Infrastructure Services
XLHealth Corporation
The Warehouse at Camden Yards
351 West Camden Street, Suite 100
Baltimore, MD 21201 
410.625.2200 (main)
443.524.8573 (direct)
443-506.2400 (cell)
www.xlhealth.com





-Original Message-
From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com] 
Sent: Monday, January 24, 2011 3:35 PM
To: NT System Admin Issues
Subject: Way OT - Anyone here had Lasik? How has it impacted your daily
work (looking at screens, keyboards, etc)

I'm considering Lasik for my left eye (my right eye is 20/12 uncorrected
- I have an astigmatism in my left eye). I've heard great stories, and
I've read about not so great experiences.

One of my co-workers had Lasik (by the same surgeon who would do my
procedure) 8 years ago and claims zero regrets and no long term ill
effects. I probably wouldn't do it, because for me it would be a luxury,
but I'm positioned to lose up to $2,600 that I have siting in a Flexible
Spending Account if it isn't used by March 31 of this year (I checked,
and even though the plan was for last 2010, my plan has a grace period
that allows for Date of Service until March 31, 2011). The surgeon I'm
considering is Karl Stonecipher, who claims having done well over 50,000
procedures.

So, any stories, good, bad, or otherwise are welcome. I'm particularly
interested in any stories for anyone who is athletically active.

Jonathan L. Raper, A+, MCSA, MCSE
Technology Coordinator
Eagle Physicians & Associates, PA
www.eaglemds.com
jra...@eaglemds.com

Any medical information contained in this electronic message is
CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to
view, copy, disclose, or disseminate CONFIDENTIAL information. This
electronic message may contain information that is confidential and/or
legally privileged. It is intended only for the use of the individual(s)
and/or entity named as recipients in the message. If you are not an
intended recipient of this message, please notify the sender immediately
and delete this material from your computer. Do not deliver, distribute
or copy this message, and do not disclose its contents or take any
action in reliance on the information that it contains.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole
use of the intended recipient(s) and may contain confidential and/or
protected health information. Under the Federal Law (HIPAA), the intended
recipient is obligated to keep this information secure and confidential. Any
disclosure to third parties without authorization from the member of as
permitted by law is prohibited and punishable under Federal Law. If you are
not the intended recipient, please contact the sender by reply e-mail and
destroy all copies of the original message.

NOTA DE CONFIDENCIALIDAD: Este facsmmile, incluyendo lo adjunto, es para el
uso exclusivo del destinatario(s) y puede contener informacisn confidencial
y/o informacisn protegida de salud. En virtud de la Ley Federal (HIPAA), el
destinatario tiene la obligacisn de mantener esta informacisn segura y
confidencial. Cualquier divulgacisn a terceros sin la autorizacisn de los
miembros de lo permitido por la ley esta prohibido y penado en virtud de la
Ley Federal. Si usted no es el destinatario, por favor, psngase en contacto
con el remitente por telifono y destruir todas las copias del mensaje
original

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ 

RE: Way OT - Anyone here had Lasik? How has it impacted your daily work (looking at screens, keyboards, etc)

[Steve Kelsay]

I had Lasik, Note, there is a difference between Lasik and Lasek. You
should check your surgeon for an explanation. One heals faster than the
other and one is more involved than the other. Do not get both eyes done
at once! In spite of the propaganda. My results were mixed. The left eye
was perfect the first time from day one. My right eye had 4 (four)
retreatments and still is worse than it was when they started. Not by
much, but still worse. That being said, I would do it again in a
heartbeat. My right eye is an exception, and even then, it is not bad. 

My experience was tempered as well by getting a deal. Doing it at a
teaching hospital saved me all except 300 dollars total, not per eye.
The is a savings of about $5600.00 at today's cost of $4000 per eye. The
doctors just do the exam and make the calculations. The laser technician
actually does the surgery. There is a bit of surgery done at the
beginning and at the end to roll the top skin layer off the cornea and
back on, but it is (as I understand it) minor. They put a soda straw
(OK, maybe not) with a rubber tip on the eye and drop Alcohol into it
for 30 seconds to separate the flap of skin. Then they cut around that
flap and roll it back. This exposes the cornea for the laser to do its'
work. Then the laser program that has been entered into the machine
shapes the cornea, the flap is rolled back and a clear contact lens is
put on to protect the flap while it attaches. I 1-6 days (lasek vs
lasik) the thing is pretty much done. With the easier of the two (forgot
which is which) you can see immediately. With the other, you will have a
blurred vision for a while, perhaps up to 2 weeks. And a gradual
improvement over the next 6 months. All is painless. Remember though
that you WILL need glasses. Not the big coke bottle ones like before,
but you will either get both eyes for distance, in which case you will
need reading glasses, or monovision (one distance, one near) in which
case you will want a pair to drive with at night, to even out the near
vision eye so you can see distance at night with lights glaring at you. 

I am sure there has been Improvement in the last three years, which is
when I had mine done. Go for it. Can't miss, even when it does not fully
work. 

-Original Message-
From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com] 
Sent: Monday, January 24, 2011 3:35 PM
To: NT System Admin Issues
Subject: Way OT - Anyone here had Lasik? How has it impacted your daily
work (looking at screens, keyboards, etc)

I'm considering Lasik for my left eye (my right eye is 20/12 uncorrected
- I have an astigmatism in my left eye). I've heard great stories, and
I've read about not so great experiences.

One of my co-workers had Lasik (by the same surgeon who would do my
procedure) 8 years ago and claims zero regrets and no long term ill
effects. I probably wouldn't do it, because for me it would be a luxury,
but I'm positioned to lose up to $2,600 that I have siting in a Flexible
Spending Account if it isn't used by March 31 of this year (I checked,
and even though the plan was for last 2010, my plan has a grace period
that allows for Date of Service until March 31, 2011). The surgeon I'm
considering is Karl Stonecipher, who claims having done well over 50,000
procedures.

So, any stories, good, bad, or otherwise are welcome. I'm particularly
interested in any stories for anyone who is athletically active.

Jonathan L. Raper, A+, MCSA, MCSE
Technology Coordinator
Eagle Physicians & Associates, PA
www.eaglemds.com
jra...@eaglemds.com

Any medical information contained in this electronic message is
CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to
view, copy, disclose, or disseminate CONFIDENTIAL information. This
electronic message may contain information that is confidential and/or
legally privileged. It is intended only for the use of the individual(s)
and/or entity named as recipients in the message. If you are not an
intended recipient of this message, please notify the sender immediately
and delete this material from your computer. Do not deliver, distribute
or copy this message, and do not disclose its contents or take any
action in reliance on the information that it contains.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Way OT - Anyone here had Lasik? How has it impacted your daily work (looking at screens, keyboards, etc)

[David Lum]

+1  Just over 5 years here.

The only downside is I am apparently one of the rare "nighttime starburst" 
sufferers. Doesn't make nighttime driving unbearable, but low-light conditions 
aren't as nice as they used to be. Spending endless hours in front of monitors 
- rock solid.

Sure is awesome to go swimming and see across the pool!

Went from 20-200+ to 20/20 and 20/30.  Knocked out 90% of my astigmatism, I 
wear glasses on rare occasion (couple times/mo maybe) to get the last piece of 
crispness.

Dave

-Original Message-
From: N Parr [mailto:npar...@mortonind.com] 
Sent: Monday, January 24, 2011 12:50 PM
To: NT System Admin Issues
Subject: RE: Way OT - Anyone here had Lasik? How has it impacted your daily 
work (looking at screens, keyboards, etc)

Had it done 3-4 years ago, absolutely wonderful.  Was -4 or worse in
both eyes with astigmatism and as of last month was still seeing 20/15. 

-Original Message-
From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com] 
Sent: Monday, January 24, 2011 2:35 PM
To: NT System Admin Issues
Subject: Way OT - Anyone here had Lasik? How has it impacted your daily
work (looking at screens, keyboards, etc)

I'm considering Lasik for my left eye (my right eye is 20/12 uncorrected
- I have an astigmatism in my left eye). I've heard great stories, and
I've read about not so great experiences.

One of my co-workers had Lasik (by the same surgeon who would do my
procedure) 8 years ago and claims zero regrets and no long term ill
effects. I probably wouldn't do it, because for me it would be a luxury,
but I'm positioned to lose up to $2,600 that I have siting in a Flexible
Spending Account if it isn't used by March 31 of this year (I checked,
and even though the plan was for last 2010, my plan has a grace period
that allows for Date of Service until March 31, 2011). The surgeon I'm
considering is Karl Stonecipher, who claims having done well over 50,000
procedures.

So, any stories, good, bad, or otherwise are welcome. I'm particularly
interested in any stories for anyone who is athletically active.

Jonathan L. Raper, A+, MCSA, MCSE
Technology Coordinator
Eagle Physicians & Associates, PA
www.eaglemds.com
jra...@eaglemds.com

Any medical information contained in this electronic message is
CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to
view, copy, disclose, or disseminate CONFIDENTIAL information. This
electronic message may contain information that is confidential and/or
legally privileged. It is intended only for the use of the individual(s)
and/or entity named as recipients in the message. If you are not an
intended recipient of this message, please notify the sender immediately
and delete this material from your computer. Do not deliver, distribute
or copy this message, and do not disclose its contents or take any
action in reliance on the information that it contains.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Way OT - Anyone here had Lasik? How has it impacted your daily work (looking at screens, keyboards, etc)

[William Robbins]

+1  Have had mine done now for 11 years.  Best thing I've ever done for
myself!

 - WJR


On Mon, Jan 24, 2011 at 14:45, John Cook  wrote:

> Had mine done 5 1/2 years ago, no regrets and it has made life so much
> easier. I did lose some of my really up close vision but still don't need
> reading glasses although they help with really close up work(fast
> approaching 50 so that's par for the course). Best money I ever spent.
>
>  John W. Cook
> System Administrator
> Partnership For Strong Families
> 5950 NW 1st Place
> Gainesville, Fl 32607
> Cell (352) 215-6944
> MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4
>
> -Original Message-
> From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com]
> Sent: Monday, January 24, 2011 3:35 PM
> To: NT System Admin Issues
> Subject: Way OT - Anyone here had Lasik? How has it impacted your daily
> work (looking at screens, keyboards, etc)
>
> I'm considering Lasik for my left eye (my right eye is 20/12 uncorrected -
> I have an astigmatism in my left eye). I've heard great stories, and I've
> read about not so great experiences.
>
> One of my co-workers had Lasik (by the same surgeon who would do my
> procedure) 8 years ago and claims zero regrets and no long term ill effects.
> I probably wouldn't do it, because for me it would be a luxury, but I'm
> positioned to lose up to $2,600 that I have siting in a Flexible Spending
> Account if it isn't used by March 31 of this year (I checked, and even
> though the plan was for last 2010, my plan has a grace period that allows
> for Date of Service until March 31, 2011). The surgeon I'm considering is
> Karl Stonecipher, who claims having done well over 50,000 procedures.
>
> So, any stories, good, bad, or otherwise are welcome. I'm particularly
> interested in any stories for anyone who is athletically active.
>
> Jonathan L. Raper, A+, MCSA, MCSE
> Technology Coordinator
> Eagle Physicians & Associates, PA
> www.eaglemds.com
> jra...@eaglemds.com
>
> Any medical information contained in this electronic message is
> CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to
> view, copy, disclose, or disseminate CONFIDENTIAL information. This
> electronic message may contain information that is confidential and/or
> legally privileged. It is intended only for the use of the individual(s)
> and/or entity named as recipients in the message. If you are not an intended
> recipient of this message, please notify the sender immediately and delete
> this material from your computer. Do not deliver, distribute or copy this
> message, and do not disclose its contents or take any action in reliance on
> the information that it contains.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
> CONFIDENTIALITY STATEMENT: The information transmitted, or contained or
> attached to or with this Notice is intended only for the person or entity to
> which it is addressed and may contain Protected Health Information (PHI),
> confidential and/or privileged material. Any review, transmission,
> dissemination, or other use of, and taking any action in reliance upon this
> information by persons or entities other than the intended recipient without
> the express written consent of the sender are prohibited. This information
> may be protected by the Health Insurance Portability and Accountability Act
> of 1996 (HIPAA), and other Federal and Florida laws. Improper or
> unauthorized use or disclosure of this information could result in civil
> and/or criminal penalties.
>  Consider the environment. Please don't print this e-mail unless you really
> need to.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Way OT - Anyone here had Lasik? How has it impacted your daily work (looking at screens, keyboards, etc)

[Cameron]

I can't speak for myself, but a buddy of mine had it done about 10 years ago
and had to have an adjustment about 2 years ago. He swears by it.



On Mon, Jan 24, 2011 at 4:00 PM, William Robbins wrote:

> +1  Have had mine done now for 11 years.  Best thing I've ever done for
> myself!
>
>  - WJR
>
>
>  On Mon, Jan 24, 2011 at 14:45, John Cook  wrote:
>
>> Had mine done 5 1/2 years ago, no regrets and it has made life so much
>> easier. I did lose some of my really up close vision but still don't need
>> reading glasses although they help with really close up work(fast
>> approaching 50 so that's par for the course). Best money I ever spent.
>>
>>  John W. Cook
>> System Administrator
>> Partnership For Strong Families
>> 5950 NW 1st Place
>> Gainesville, Fl 32607
>> Cell (352) 215-6944
>> MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4
>>
>> -Original Message-
>> From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com]
>> Sent: Monday, January 24, 2011 3:35 PM
>> To: NT System Admin Issues
>> Subject: Way OT - Anyone here had Lasik? How has it impacted your daily
>> work (looking at screens, keyboards, etc)
>>
>> I'm considering Lasik for my left eye (my right eye is 20/12 uncorrected -
>> I have an astigmatism in my left eye). I've heard great stories, and I've
>> read about not so great experiences.
>>
>> One of my co-workers had Lasik (by the same surgeon who would do my
>> procedure) 8 years ago and claims zero regrets and no long term ill effects.
>> I probably wouldn't do it, because for me it would be a luxury, but I'm
>> positioned to lose up to $2,600 that I have siting in a Flexible Spending
>> Account if it isn't used by March 31 of this year (I checked, and even
>> though the plan was for last 2010, my plan has a grace period that allows
>> for Date of Service until March 31, 2011). The surgeon I'm considering is
>> Karl Stonecipher, who claims having done well over 50,000 procedures.
>>
>> So, any stories, good, bad, or otherwise are welcome. I'm particularly
>> interested in any stories for anyone who is athletically active.
>>
>> Jonathan L. Raper, A+, MCSA, MCSE
>> Technology Coordinator
>> Eagle Physicians & Associates, PA
>> www.eaglemds.com
>> jra...@eaglemds.com
>>
>> Any medical information contained in this electronic message is
>> CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to
>> view, copy, disclose, or disseminate CONFIDENTIAL information. This
>> electronic message may contain information that is confidential and/or
>> legally privileged. It is intended only for the use of the individual(s)
>> and/or entity named as recipients in the message. If you are not an intended
>> recipient of this message, please notify the sender immediately and delete
>> this material from your computer. Do not deliver, distribute or copy this
>> message, and do not disclose its contents or take any action in reliance on
>> the information that it contains.
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>>
>> CONFIDENTIALITY STATEMENT: The information transmitted, or contained or
>> attached to or with this Notice is intended only for the person or entity to
>> which it is addressed and may contain Protected Health Information (PHI),
>> confidential and/or privileged material. Any review, transmission,
>> dissemination, or other use of, and taking any action in reliance upon this
>> information by persons or entities other than the intended recipient without
>> the express written consent of the sender are prohibited. This information
>> may be protected by the Health Insurance Portability and Accountability Act
>> of 1996 (HIPAA), and other Federal and Florida laws. Improper or
>> unauthorized use or disclosure of this information could result in civil
>> and/or criminal penalties.
>>  Consider the environment. Please don't print this e-mail unless you
>> really need to.
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ 

Re: DHCP reservations explained...

[Rene de Haas]

+1

We had different groups depending on the device. Server, switch, router,
sniffer etc.

On Mon, Jan 24, 2011 at 5:40 PM, Candee  wrote:

> I use static addresses for my servers.
> I also have my pool start at say x.x.x.100, so I know the address won't be
> assigned elsewhere.
>
> On Tue, Jan 18, 2011 at 2:14 PM, Jonathan  wrote:
>
>> Hmmm... interesting concept. I personally prefer static addressing
>> assigned on each individual server. Though I could see the appeal of using
>> DHCP, I don't have enough confidence in DHCP to use it for server
>> addressing. Just my $0.02
>>   On Jan 18, 2011 2:06 PM, "David Lum"  wrote:
>> > The other day someone commented that it seemed like a bit much that 50%
>> of my 100-ish servers have DHCP reservations - driving home yesterday I
>> realized another reason why I have it that way (because yes, I chew on these
>> questions and constantly evaluate why I do some process or another) -
>> because my fellow SE's have their server monitoring set up to look at
>> specific IP's instead of hostnames and I am unable to convince them
>> otherwise. If the server IP changes it hoses their tests and the
>> dependencies.
>> >
>> > It's not how I set *MY* monitoring up for servers I maintain, but I have
>> posted that question here in fact and have seen differing opinions on
>> weather hostname or IP is preferred.
>> >
>> > David Lum // SYSTEMS ENGINEER
>> > NORTHWEST EVALUATION ASSOCIATION
>> > (Desk) 503.548.5229 // (Cell) 503.267.9764
>> >
>> >
>> >
>> >
>> >
>> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> > ~  ~
>> >
>> > ---
>> > To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> > or send an email to listmana...@lyris.sunbeltsoftware.com
>> > with the body: unsubscribe ntsysadmin
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Simple routing

[Carl Houseman]

What model of DLink router?  If it's your typical Internet router, it's
doing NAT and firewall things in addition to routing.  Logging will likely
reveal what's going on.

 

Carl

 

From: Steve Ens [mailto:stevey...@gmail.com] 
Sent: Monday, January 24, 2011 11:42 AM
To: NT System Admin Issues
Subject: Simple routing

 

I've not much experience with Cisco gear, but is it possible to route two
different subnets on a Cisco 2950 switch?  I want to keep my two networks
separate (mostly), but need specific port access between the two.  I've been
trying to use a Dlink router, and it mostly works, but there is something
that is not being allowed through for some reason.  

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Way OT - Anyone here had Lasik? How has it impacted your daily work (looking at screens, keyboards, etc)

[John Cook]

My Lasik cost $1500 per eye and I did both with no issue. No direct water in 
the eye for a week but otherwise nothing special. I drove myself home from the 
Drs office.

 John W. Cook
System Administrator
Partnership For Strong Families
5950 NW 1st Place
Gainesville, Fl 32607
Cell (352) 215-6944
MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4


-Original Message-
From: Steve Kelsay [mailto:kels...@sctax.org]
Sent: Monday, January 24, 2011 3:57 PM
To: NT System Admin Issues
Subject: RE: Way OT - Anyone here had Lasik? How has it impacted your daily 
work (looking at screens, keyboards, etc)

I had Lasik, Note, there is a difference between Lasik and Lasek. You
should check your surgeon for an explanation. One heals faster than the
other and one is more involved than the other. Do not get both eyes done
at once! In spite of the propaganda. My results were mixed. The left eye
was perfect the first time from day one. My right eye had 4 (four)
retreatments and still is worse than it was when they started. Not by
much, but still worse. That being said, I would do it again in a
heartbeat. My right eye is an exception, and even then, it is not bad.

My experience was tempered as well by getting a deal. Doing it at a
teaching hospital saved me all except 300 dollars total, not per eye.
The is a savings of about $5600.00 at today's cost of $4000 per eye. The
doctors just do the exam and make the calculations. The laser technician
actually does the surgery. There is a bit of surgery done at the
beginning and at the end to roll the top skin layer off the cornea and
back on, but it is (as I understand it) minor. They put a soda straw
(OK, maybe not) with a rubber tip on the eye and drop Alcohol into it
for 30 seconds to separate the flap of skin. Then they cut around that
flap and roll it back. This exposes the cornea for the laser to do its'
work. Then the laser program that has been entered into the machine
shapes the cornea, the flap is rolled back and a clear contact lens is
put on to protect the flap while it attaches. I 1-6 days (lasek vs
lasik) the thing is pretty much done. With the easier of the two (forgot
which is which) you can see immediately. With the other, you will have a
blurred vision for a while, perhaps up to 2 weeks. And a gradual
improvement over the next 6 months. All is painless. Remember though
that you WILL need glasses. Not the big coke bottle ones like before,
but you will either get both eyes for distance, in which case you will
need reading glasses, or monovision (one distance, one near) in which
case you will want a pair to drive with at night, to even out the near
vision eye so you can see distance at night with lights glaring at you.

I am sure there has been Improvement in the last three years, which is
when I had mine done. Go for it. Can't miss, even when it does not fully
work.

-Original Message-
From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com]
Sent: Monday, January 24, 2011 3:35 PM
To: NT System Admin Issues
Subject: Way OT - Anyone here had Lasik? How has it impacted your daily
work (looking at screens, keyboards, etc)

I'm considering Lasik for my left eye (my right eye is 20/12 uncorrected
- I have an astigmatism in my left eye). I've heard great stories, and
I've read about not so great experiences.

One of my co-workers had Lasik (by the same surgeon who would do my
procedure) 8 years ago and claims zero regrets and no long term ill
effects. I probably wouldn't do it, because for me it would be a luxury,
but I'm positioned to lose up to $2,600 that I have siting in a Flexible
Spending Account if it isn't used by March 31 of this year (I checked,
and even though the plan was for last 2010, my plan has a grace period
that allows for Date of Service until March 31, 2011). The surgeon I'm
considering is Karl Stonecipher, who claims having done well over 50,000
procedures.

So, any stories, good, bad, or otherwise are welcome. I'm particularly
interested in any stories for anyone who is athletically active.

Jonathan L. Raper, A+, MCSA, MCSE
Technology Coordinator
Eagle Physicians & Associates, PA
www.eaglemds.com
jra...@eaglemds.com

Any medical information contained in this electronic message is
CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to
view, copy, disclose, or disseminate CONFIDENTIAL information. This
electronic message may contain information that is confidential and/or
legally privileged. It is intended only for the use of the individual(s)
and/or entity named as recipients in the message. If you are not an
intended recipient of this message, please notify the sender immediately
and delete this material from your computer. Do not deliver, distribute
or copy this message, and do not disclose its contents or take any
action in reliance on the information that it contains.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
  ~

---
To manage 

Re: Simple routing

[Steve Ens]

It's just a cheap DIR 604 or something...

On Mon, Jan 24, 2011 at 3:12 PM, Carl Houseman  wrote:

>  What model of DLink router?  If it's your typical Internet router, it's
> doing NAT and firewall things in addition to routing.  Logging will likely
> reveal what's going on.
>
>
>
> Carl
>
>
>
> *From:* Steve Ens [mailto:stevey...@gmail.com]
> *Sent:* Monday, January 24, 2011 11:42 AM
> *To:* NT System Admin Issues
> *Subject:* Simple routing
>
>
>
> I've not much experience with Cisco gear, but is it possible to route two
> different subnets on a Cisco 2950 switch?  I want to keep my two networks
> separate (mostly), but need specific port access between the two.  I've been
> trying to use a Dlink router, and it mostly works, but there is something
> that is not being allowed through for some reason.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: DHCP reservations explained...

[Ben Schorr]

We always prefer static addresses for servers.  One less variable when
we're troubleshooting later.

 

Ben M. Schorr
Chief Executive Officer
__
Roland Schorr & Tower
www.rolandschorr.com  
b...@rolandschorr.com  

 

From: Candee [mailto:can...@gmail.com] 
Sent: Monday, January 24, 2011 09:40
To: NT System Admin Issues
Subject: Re: DHCP reservations explained...

 

I use static addresses for my servers.

I also have my pool start at say x.x.x.100, so I know the address won't
be assigned elsewhere.

On Tue, Jan 18, 2011 at 2:14 PM, Jonathan  wrote:

Hmmm... interesting concept. I personally prefer static addressing
assigned on each individual server. Though I could see the appeal of
using DHCP, I don't have enough confidence in DHCP to use it for server
addressing. Just my $0.02

On Jan 18, 2011 2:06 PM, "David Lum"  wrote:
> The other day someone commented that it seemed like a bit much that
50% of my 100-ish servers have DHCP reservations - driving home
yesterday I realized another reason why I have it that way (because yes,
I chew on these questions and constantly evaluate why I do some process
or another) - because my fellow SE's have their server monitoring set up
to look at specific IP's instead of hostnames and I am unable to
convince them otherwise. If the server IP changes it hoses their tests
and the dependencies.
> 
> It's not how I set *MY* monitoring up for servers I maintain, but I
have posted that question here in fact and have seen differing opinions
on weather hostname or IP is preferred.
> 
> David Lum // SYSTEMS ENGINEER
> NORTHWEST EVALUATION ASSOCIATION
> (Desk) 503.548.5229 // (Cell) 503.267.9764
> 
> 
> 
> 
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~  ~
> 
> ---
> To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Way OT - Anyone here had Lasik? How has it impacted your daily work (looking at screens, keyboards, etc)

[MMF]

I've got a question as I too am considering the same procedure. My eye
doctor is head of the department at the hospital which is part of a group of
hospitals. She told me that there is a new procedure or implant that can
eliminate the need for any eyeglasses being needed after the surgery. Has
anyone heard of this?
 
Murray

  _  

From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com] 
Sent: Monday, January 24, 2011 2:35 PM
To: NT System Admin Issues
Subject: Way OT - Anyone here had Lasik? How has it impacted your daily work
(looking at screens, keyboards, etc)



I'm considering Lasik for my left eye (my right eye is 20/12 uncorrected - I
have an astigmatism in my left eye). I've heard great stories, and I've read
about not so great experiences.

One of my co-workers had Lasik (by the same surgeon who would do my
procedure) 8 years ago and claims zero regrets and no long term ill effects.
I probably wouldn't do it, because for me it would be a luxury, but I'm
positioned to lose up to $2,600 that I have siting in a Flexible Spending
Account if it isn't used by March 31 of this year (I checked, and even
though the plan was for last 2010, my plan has a grace period that allows
for Date of Service until March 31, 2011). The surgeon I'm considering is
Karl Stonecipher, who claims having done well over 50,000 procedures.

So, any stories, good, bad, or otherwise are welcome. I'm particularly
interested in any stories for anyone who is athletically active.

Jonathan L. Raper, A+, MCSA, MCSE
Technology Coordinator
Eagle Physicians & Associates, PA
www.eaglemds.com
jra...@eaglemds.com

Any medical information contained in this electronic message is CONFIDENTIAL
and privileged. It is unlawful for unauthorized persons to view, copy,
disclose, or disseminate CONFIDENTIAL information. This electronic message
may contain information that is confidential and/or legally privileged. It
is intended only for the use of the individual(s) and/or entity named as
recipients in the message. If you are not an intended recipient of this
message, please notify the sender immediately and delete this material from
your computer. Do not deliver, distribute or copy this message, and do not
disclose its contents or take any action in reliance on the information that
it contains.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


  _  

No virus found in this message.
Checked by AVG - www.avg.com
Version: 10.0.1202 / Virus Database: 1435/3400 - Release Date: 01/24/11


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Simple routing

[Carl Houseman]

If the specific ports allowed in the direction of WAN->LAN will only ever go
to a single host for each port, then you just set up NAT redirection and it
should work.

 

Carl

 

From: Steve Ens [mailto:stevey...@gmail.com] 
Sent: Monday, January 24, 2011 4:23 PM
To: NT System Admin Issues
Subject: Re: Simple routing

 

It's just a cheap DIR 604 or something...

On Mon, Jan 24, 2011 at 3:12 PM, Carl Houseman  wrote:

What model of DLink router?  If it's your typical Internet router, it's
doing NAT and firewall things in addition to routing.  Logging will likely
reveal what's going on.

 

Carl

 

From: Steve Ens [mailto:stevey...@gmail.com] 
Sent: Monday, January 24, 2011 11:42 AM
To: NT System Admin Issues
Subject: Simple routing

 

I've not much experience with Cisco gear, but is it possible to route two
different subnets on a Cisco 2950 switch?  I want to keep my two networks
separate (mostly), but need specific port access between the two.  I've been
trying to use a Dlink router, and it mostly works, but there is something
that is not being allowed through for some reason.  

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Simple routing

[Steve Ens]

I'll give it another look...I did put the machine in the DMZ (figuring that
should allow the most access, but it didn't work).

On Mon, Jan 24, 2011 at 3:46 PM, Carl Houseman  wrote:

>  If the specific ports allowed in the direction of WAN->LAN will only ever
> go to a single host for each port, then you just set up NAT redirection and
> it should work.
>
>
>
> Carl
>
>
>
> *From:* Steve Ens [mailto:stevey...@gmail.com]
> *Sent:* Monday, January 24, 2011 4:23 PM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Simple routing
>
>
>
> It's just a cheap DIR 604 or something...
>
> On Mon, Jan 24, 2011 at 3:12 PM, Carl Houseman 
> wrote:
>
> What model of DLink router?  If it's your typical Internet router, it's
> doing NAT and firewall things in addition to routing.  Logging will likely
> reveal what's going on.
>
>
>
> Carl
>
>
>
> *From:* Steve Ens [mailto:stevey...@gmail.com]
> *Sent:* Monday, January 24, 2011 11:42 AM
> *To:* NT System Admin Issues
> *Subject:* Simple routing
>
>
>
> I've not much experience with Cisco gear, but is it possible to route two
> different subnets on a Cisco 2950 switch?  I want to keep my two networks
> separate (mostly), but need specific port access between the two.  I've been
> trying to use a Dlink router, and it mostly works, but there is something
> that is not being allowed through for some reason.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Simple routing

[Steve Ens]

Sorry, it is an EBR-2310.

On Mon, Jan 24, 2011 at 3:49 PM, Steve Ens  wrote:

> I'll give it another look...I did put the machine in the DMZ (figuring that
> should allow the most access, but it didn't work).
>
>   On Mon, Jan 24, 2011 at 3:46 PM, Carl Houseman wrote:
>
>>  If the specific ports allowed in the direction of WAN->LAN will only
>> ever go to a single host for each port, then you just set up NAT redirection
>> and it should work.
>>
>>
>>
>> Carl
>>
>>
>>
>> *From:* Steve Ens [mailto:stevey...@gmail.com]
>> *Sent:* Monday, January 24, 2011 4:23 PM
>>
>> *To:* NT System Admin Issues
>> *Subject:* Re: Simple routing
>>
>>
>>
>> It's just a cheap DIR 604 or something...
>>
>> On Mon, Jan 24, 2011 at 3:12 PM, Carl Houseman 
>> wrote:
>>
>> What model of DLink router?  If it's your typical Internet router, it's
>> doing NAT and firewall things in addition to routing.  Logging will likely
>> reveal what's going on.
>>
>>
>>
>> Carl
>>
>>
>>
>> *From:* Steve Ens [mailto:stevey...@gmail.com]
>> *Sent:* Monday, January 24, 2011 11:42 AM
>> *To:* NT System Admin Issues
>> *Subject:* Simple routing
>>
>>
>>
>> I've not much experience with Cisco gear, but is it possible to route two
>> different subnets on a Cisco 2950 switch?  I want to keep my two networks
>> separate (mostly), but need specific port access between the two.  I've been
>> trying to use a Dlink router, and it mostly works, but there is something
>> that is not being allowed through for some reason.
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>>
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: DHCP reservations explained...

[Matthew W. Ross]

I've done both... Assigned a reservation via DHCP, and assigned the address on 
the server statically.

Several benefits to this approach:

1. If you have to reset the machine in some way, it can pick up its' address 
dynamically. Also allow the server to be PXE booted if you have WDS or some 
other network boot solution that depends on DHCP.

2. It stops you from reserving the address for something else accidentally. 
Windows DHCP will bark if the address is already reserved. If you only set the 
address statically, the DHCP server would be happy to "reserve" that IP for 
something else.

3. Performing a reservation and a static does not harm to the network.


--Matt Ross
Ephrata School District


- Original Message -
From: Ben Schorr
[mailto:b...@rolandschorr.com]
To: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com]
Sent: Mon, 24 Jan 2011
13:33:54 -0800
Subject: RE: DHCP reservations explained...


> We always prefer static addresses for servers.  One less variable when
> we're troubleshooting later.
> 
>  
> 
> Ben M. Schorr
> Chief Executive Officer
> __
> Roland Schorr & Tower
> www.rolandschorr.com  
> b...@rolandschorr.com  
> 
>  
> 
> From: Candee [mailto:can...@gmail.com] 
> Sent: Monday, January 24, 2011 09:40
> To: NT System Admin Issues
> Subject: Re: DHCP reservations explained...
> 
>  
> 
> I use static addresses for my servers.
> 
> I also have my pool start at say x.x.x.100, so I know the address won't
> be assigned elsewhere.
> 
> On Tue, Jan 18, 2011 at 2:14 PM, Jonathan  wrote:
> 
> Hmmm... interesting concept. I personally prefer static addressing
> assigned on each individual server. Though I could see the appeal of
> using DHCP, I don't have enough confidence in DHCP to use it for server
> addressing. Just my $0.02
> 
> On Jan 18, 2011 2:06 PM, "David Lum"  wrote:
> > The other day someone commented that it seemed like a bit much that
> 50% of my 100-ish servers have DHCP reservations - driving home
> yesterday I realized another reason why I have it that way (because yes,
> I chew on these questions and constantly evaluate why I do some process
> or another) - because my fellow SE's have their server monitoring set up
> to look at specific IP's instead of hostnames and I am unable to
> convince them otherwise. If the server IP changes it hoses their tests
> and the dependencies.
> > 
> > It's not how I set *MY* monitoring up for servers I maintain, but I
> have posted that question here in fact and have seen differing opinions
> on weather hostname or IP is preferred.
> > 
> > David Lum // SYSTEMS ENGINEER
> > NORTHWEST EVALUATION ASSOCIATION
> > (Desk) 503.548.5229 // (Cell) 503.267.9764
> > 
> > 
> > 
> > 
> > 
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> > ~  ~
> > 
> > ---
> > To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> > or send an email to listmana...@lyris.sunbeltsoftware.com
> > with the body: unsubscribe ntsysadmin
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
> 
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
> 
>  
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
> 
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
> 
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
> 
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Was Simple routing now is NEEDED - Sonicwall Pro firmware

[Steve Ens]

Corrupted firmware on eight year old Sonicwall...need to test NAT... it is
EOL so Sonicwall won't help me.  If anyone has an old one kicking around,
let me know.
Thanks
Steve

On Mon, Jan 24, 2011 at 3:54 PM, Steve Ens  wrote:

> Sorry, it is an EBR-2310.
>
>  On Mon, Jan 24, 2011 at 3:49 PM, Steve Ens  wrote:
>
>> I'll give it another look...I did put the machine in the DMZ (figuring
>> that should allow the most access, but it didn't work).
>>
>>   On Mon, Jan 24, 2011 at 3:46 PM, Carl Houseman wrote:
>>
>>>  If the specific ports allowed in the direction of WAN->LAN will only
>>> ever go to a single host for each port, then you just set up NAT redirection
>>> and it should work.
>>>
>>>
>>>
>>> Carl
>>>
>>>
>>>
>>> *From:* Steve Ens [mailto:stevey...@gmail.com]
>>> *Sent:* Monday, January 24, 2011 4:23 PM
>>>
>>> *To:* NT System Admin Issues
>>> *Subject:* Re: Simple routing
>>>
>>>
>>>
>>> It's just a cheap DIR 604 or something...
>>>
>>> On Mon, Jan 24, 2011 at 3:12 PM, Carl Houseman 
>>> wrote:
>>>
>>> What model of DLink router?  If it's your typical Internet router, it's
>>> doing NAT and firewall things in addition to routing.  Logging will likely
>>> reveal what's going on.
>>>
>>>
>>>
>>> Carl
>>>
>>>
>>>
>>> *From:* Steve Ens [mailto:stevey...@gmail.com]
>>> *Sent:* Monday, January 24, 2011 11:42 AM
>>> *To:* NT System Admin Issues
>>> *Subject:* Simple routing
>>>
>>>
>>>
>>> I've not much experience with Cisco gear, but is it possible to route two
>>> different subnets on a Cisco 2950 switch?  I want to keep my two networks
>>> separate (mostly), but need specific port access between the two.  I've been
>>> trying to use a Dlink router, and it mostly works, but there is something
>>> that is not being allowed through for some reason.
>>>
>>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>>> ~   ~
>>>
>>> ---
>>> To manage subscriptions click here:
>>> http://lyris.sunbelt-software.com/read/my_forums/
>>> or send an email to listmana...@lyris.sunbeltsoftware.com
>>> with the body: unsubscribe ntsysadmin
>>>
>>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>>> ~   ~
>>>
>>> ---
>>> To manage subscriptions click here:
>>> http://lyris.sunbelt-software.com/read/my_forums/
>>> or send an email to listmana...@lyris.sunbeltsoftware.com
>>> with the body: unsubscribe ntsysadmin
>>>
>>>
>>>
>>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>>> ~   ~
>>>
>>> ---
>>> To manage subscriptions click here:
>>> http://lyris.sunbelt-software.com/read/my_forums/
>>> or send an email to listmana...@lyris.sunbeltsoftware.com
>>> with the body: unsubscribe ntsysadmin
>>>
>>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>>> ~   ~
>>>
>>> ---
>>> To manage subscriptions click here:
>>> http://lyris.sunbelt-software.com/read/my_forums/
>>> or send an email to listmana...@lyris.sunbeltsoftware.com
>>> with the body: unsubscribe ntsysadmin
>>>
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Simple routing

[Ben Scott]

On Mon, Jan 24, 2011 at 1:49 PM, Steve Ens  wrote:
> I have a 10.0.0.x/24 network
> that needs to have access to certain ports on a server that is on a
> 192.168.1.x/24 network.

  Again: Please describe the network topology.  In particular, we
still don't know if those two IP networks are in the same broadcast
domain or different VLANs or what, nor do we know if the ports on that
server are TCP, UDP, or what.

  Please help us help you.

> BUT the application involved apparently needs to see the
> IP address directly ...

  "need" is a strong word.  In my experience, truly *needing* that is rare.

  Can you tell us the application?  Perhaps someone here is familiar with it.

  Please describe the failure mode.  Do you get an error message, does
the program just hang, is it supposed to discover the server somehow
but says it cannot find it, ...?

  One common scenario is a discovery thing which uses UDP broadcast to
find like nodes on the same local IP network.  Sometimes, such things
allow you to manually enter an IP address or hostname; look for that.

  If not, UDP broadcast forwarding may work.  This has your router
forward select UDP broadcasts to another IP network.  The node on the
other network sees the broadcast, but sends the reply via the normal
IP mechanisms, and routing handles the rest.  The Procurve 2910 has
this feature, or so the docs claim.

  Failing that, proxy ARP will sometimes get you there.  Here, your
route answers ARP requests for an IP address on a non-local network.
Again, the docs say Procurve 2910 has this feature.

  If you're not familiar with these things, please check the docs; if
you still need help, please explain what with.  :)

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Simple routing

[Ben Scott]

On Mon, Jan 24, 2011 at 4:54 PM, Steve Ens  wrote:
> Sorry, it is an EBR-2310.

  As Carl Houseman suspected, that's a SOHO NAT router.  NAT breaks
all sorts of things, and it's likely your application is one of them.
Some of those boxes let you disable NAT and use it as a plain old
router.  Look for such an option.

  D-Link's web site says there are two different, mutually
incompatible products with that model designation.  (I really hate
SOHO gear, for this reason alone.)  Is yours a "REV B" EBR-2310, or
the other one?

http://www.dlink.com/products/default.aspx?pid=EBR-2310&tab=3

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Simple routing

[Steve Ens]

Hey Ben
Thanks for the info (and the questions).  The networks are separate.  I will
take a look tomorrow what rev that DLINK is, and I've also got a Sonicwall
that I can implement as a "real deal" router/firewall.  Home time now.
Steve

On Mon, Jan 24, 2011 at 4:56 PM, Ben Scott  wrote:

> On Mon, Jan 24, 2011 at 4:54 PM, Steve Ens  wrote:
> > Sorry, it is an EBR-2310.
>
>  As Carl Houseman suspected, that's a SOHO NAT router.  NAT breaks
> all sorts of things, and it's likely your application is one of them.
> Some of those boxes let you disable NAT and use it as a plain old
> router.  Look for such an option.
>
>  D-Link's web site says there are two different, mutually
> incompatible products with that model designation.  (I really hate
> SOHO gear, for this reason alone.)  Is yours a "REV B" EBR-2310, or
> the other one?
>
> http://www.dlink.com/products/default.aspx?pid=EBR-2310&tab=3
>
> -- Ben
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Internet browsing reporting?

[Ben Scott]

On Mon, Jan 24, 2011 at 1:43 PM, Eric Brouwer  wrote:
> I'm looking for another solution, and this list has never steered me wrong.
> I need to be able to monitor the Internet traffic for specific people for
> specific times, and report their usage.

  We use Squid proxy and Webalizer for this, both Free/Open Source.
They get the job done.  I can provide sample config files if you like.
 We run them on Linux, but Win32 builds exist.  If you're used to
*nix-style software (text config files), they're straight-forward.  If
you're a guy who prefers a GUI, prolly not for you.

> Basically, I need to be able to say person X was on the web for 15
> hours last week.

  As others have said, it's difficult to report on "time spent on
web".  Most filters/loggers only know about HTTP requests.  A single
"page" load can yield 10s or even 100s of HTTP requests.  SSL tends to
appear as one (relatively) long-lived CONNECT request.  Someone can
sit on one page playing the same Flash game for hours and never
generate any further network traffic.  Gmail uses asynchronous
JavaScript and will result in continuous log entries even if the
browser is minimized and the screen locked.  So this is an imperfect
science.

  The hard part is explaining the disconnect to PHBs.  They want to
see a pie chart for an employee, with two segments, "Doing work", and
"Goofing off on the web".  Instead they get a list of servers with
timestamps, maybe some bandwidth graphs.

  The only way to accurately report "time spent on web" would
probabbly be to instrument the web browser using client-side software.
 Such things may exist (for MSIE, at least), but I haven't looked for
any.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Was Simple routing now is NEEDED - Sonicwall Pro firmware

[Phil Brutsche]

I've got a firmware archive for some of those old boxes, do you know
exactly which model this is?

Steve Ens wrote:
> Corrupted firmware on eight year old Sonicwall...need to test NAT... it
> is EOL so Sonicwall won't help me.  If anyone has an old one kicking
> around, let me know.

-- 

Phil Brutsche
p...@optimumdata.com

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Forcing Adobe Reader and Java updates

[Mike Gill]

Since jre 1.6 r10, old versions are now automatically removed upon
installing the current version. Unfortunately, versions older than that are
still left.

 

-- 
Mike Gill

 

From: Terry Dickson [mailto:te...@treasurer.state.ks.us] 
Sent: Thursday, January 20, 2011 4:57 PM
To: NT System Admin Issues
Subject: RE: Forcing Adobe Reader and Java updates

 

I like your solution, however last year during a security audit we were
written up for Java.  Specifically before a certain level of Java the
installer would not remove the older versions.  They show up in add and
remove programs, and that is what I was written up for.  Then older versions
have security flaws and unless removed are still there to potentially cause
problems.  Now I am not sure if what I was being told was correct, and since
a certain level the older versions are removed so it is no longer a problem
for me as far as the security audit is concerned.  However we all know that
Java is not totally secure, and probably will never be, but that is like
everything else an ongoing process.

 

  _  

From: Mike Gill [lis...@canbyfoursquare.com]
Sent: Thursday, January 20, 2011 6:34 PM
To: NT System Admin Issues
Subject: RE: Forcing Adobe Reader and Java updates

For Adobe Flash/Reader, Java & Firefox, just remove the previous install
from the policy and then deploy the updated version. None of these are
upgrades in the sense of an upgrade. They are all full installs. The
"updates are ready" icons should be disabled if possible. You can do this
with Reader (customization wizard) and Java
(http://www.appdeploy.com/messageboards/tm.asp?m=33488

&mpage=1&key=苾). Users shouldn't be burdened with updating software on
their company computers. This is your job to stay on top of.

 

-- 
Mike Gill

 

From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] 
Sent: Wednesday, January 19, 2011 11:32 AM
To: NT System Admin Issues
Subject: Forcing Adobe Reader and Java updates

 


Greetings! 

One of the biggest issues regarding patching Adobe products and Java is, the
users tend to ignore the "Update" icons when they appear on their screen
"System tray".  Consequently, we are now looking for a way to force these
machines to update. 

First, a quick GPO question...  I know we can build a GPO to install a piece
of software from an .MSI files at its next reboot.  Is it possible to
recycle GPOs?  That is, we make one with the msi for AdobeReader9.4.5 and
reboot all the systems in the OUs to which it is applied.  Can we then
unlink that GPO from those OUs, and then when AdobeReader9.4.6 is relased,
edit the GPO to point to the newer .MSI file, link the OUs, then reboot
those machines?   -OR- Is it necessary to write a new GPO for each update of
a particular product? 

I think I'll start a new thread for my next question - thanks!
-- 
Richard D. McClary 
Systems Administrator, Information Technology Group 
ASPCAR 
1717 S. Philo Rd, Ste 36 
Urbana, IL  61802 
  
richardmccl...@aspca.org 
  
P: 217-337-9761 
C: 217-417-1182 
F: 217-337-9761 
  www.aspca.org 
  

The information contained in this e-mail, and any attachments hereto, is
from The American Society for the Prevention of Cruelty to AnimalsR (ASPCAR)
and is intended only for use by the addressee(s) named herein and may
contain legally privileged and/or confidential information. If you are not
the intended recipient of this e-mail, you are hereby notified that any
dissemination, distribution, copying or use of the contents of this e-mail,
and any attachments hereto, is strictly prohibited. If you have received
this e-mail in error, please immediately notify me by reply email and
permanently delete the original and any copy of this e-mail and any printout
thereof. 
  

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

  _  

CONFIDENTIALITY NOTICE: This e-mail and any attachments are confidential. If
you are not the intended recipient, you do not have permission to disclose,
copy, distribute, or open any attachments. If you have received this e-mail
in error, please notify us immediately by returning it to the sender and
delete this copy from your system. 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:

Re: Simple routing

[Ben Scott]

On Mon, Jan 24, 2011 at 5:59 PM, Steve Ens  wrote:
> Thanks for the info (and the questions).  The networks are separate.

  "The networks are separate."  That's remarkably opaque.

  For the 3rd time:  What does the network topology look like?  That
is, how do these two different IP networks exist?  Are they on one
switch (or set of switches) with two different VLANs?  Two completely
separate switches (or sets of switches)?  Something else?  Ideally,
tell us what make & model switch(es) are involved, and VLAN ID #s, and
which IP nets are on which switch.  I could prolly give you the
ProCurve CLI commands if I knew anything about your network.  Throw me
a bone here.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Verizon Data Services down

[Jeff Brown]

About 20% of my users have been without data services, a crippling problem
for a company that relies heavily on email for nearly all communications.
 How is it that after over 3 days there is virtually NO news coverage of
this issue???  We have been told by our cell consultant that this is in fact
a problem affecting accounts nationwide.  Anyone else but me here affected?
 We started having trouble just after 11:30 central last Friday, Jan. 221st.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Verizon Data Services down

[Daniel Rodriguez]

Define 'Data Services'.

Do you mean, like in, FiOS? DSL? Or do you mean Cell Phone? If Cell Phone, I
haven't had any issues. And I am in Southern Indiana.

On Mon, Jan 24, 2011 at 11:42 PM, Jeff Brown <2jbr...@gmail.com> wrote:

> About 20% of my users have been without data services, a crippling problem
> for a company that relies heavily on email for nearly all communications.
>  How is it that after over 3 days there is virtually NO news coverage of
> this issue???  We have been told by our cell consultant that this is in fact
> a problem affecting accounts nationwide.  Anyone else but me here affected?
>  We started having trouble just after 11:30 central last Friday, Jan. 221st.
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Verizon Data Services down

[Raper, Jonathan - Eagle]

Sorry to hear of your frustrations. No issue on the Verizon 3G network in 
Greensboro, NC. Been receiving emails on my phone all weekend without issue.

Jonathan L. Raper, MCSE

Thumb-typed from my HTC Incredible (and yes, it really is) Droid. Please excuse 
brevity & any misspellings.

- Reply message -
From: "Jeff Brown" <2jbr...@gmail.com>
Date: Mon, Jan 24, 2011 11:44 pm
Subject: Verizon Data Services down
To: "NT System Admin Issues" 

About 20% of my users have been without data services, a crippling problem for 
a company that relies heavily on email for nearly all communications.  How is 
it that after over 3 days there is virtually NO news coverage of this issue???  
We have been told by our cell consultant that this is in fact a problem 
affecting accounts nationwide.  Anyone else but me here affected?  We started 
having trouble just after 11:30 central last Friday, Jan. 221st.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


Any medical information contained in this electronic message is CONFIDENTIAL 
and privileged. It is unlawful for unauthorized persons to view, copy, 
disclose, or disseminate CONFIDENTIAL information. This electronic message may 
contain information that is confidential and/or legally privileged. It is 
intended only for the use of the individual(s) and/or entity named as 
recipients in the message. If you are not an intended recipient of this 
message, please notify the sender immediately and delete this material from 
your computer. Do not deliver, distribute or copy this message, and do not 
disclose its contents or take any action in reliance on the information that it 
contains.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Verizon Data Services down

[greg.sweers]

Same here in Tampa FL,  All good

Greg Sweers
CEO
ACTS360.com
P.O. Box 1193
Brandon, FL  33509
813-657-0849 Office
813-758-6850 Cell
813-341-1270 Fax


-Original Message-
From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com] 
Sent: Monday, January 24, 2011 11:49 PM
To: NT System Admin Issues
Subject: Re: Verizon Data Services down

Sorry to hear of your frustrations. No issue on the Verizon 3G network in 
Greensboro, NC. Been receiving emails on my phone all weekend without issue.

Jonathan L. Raper, MCSE

Thumb-typed from my HTC Incredible (and yes, it really is) Droid. Please excuse 
brevity & any misspellings.

- Reply message -
From: "Jeff Brown" <2jbr...@gmail.com>
Date: Mon, Jan 24, 2011 11:44 pm
Subject: Verizon Data Services down
To: "NT System Admin Issues" 

About 20% of my users have been without data services, a crippling problem for 
a company that relies heavily on email for nearly all communications.  How is 
it that after over 3 days there is virtually NO news coverage of this issue???  
We have been told by our cell consultant that this is in fact a problem 
affecting accounts nationwide.  Anyone else but me here affected?  We started 
having trouble just after 11:30 central last Friday, Jan. 221st.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


Any medical information contained in this electronic message is CONFIDENTIAL 
and privileged. It is unlawful for unauthorized persons to view, copy, 
disclose, or disseminate CONFIDENTIAL information. This electronic message may 
contain information that is confidential and/or legally privileged. It is 
intended only for the use of the individual(s) and/or entity named as 
recipients in the message. If you are not an intended recipient of this 
message, please notify the sender immediately and delete this material from 
your computer. Do not deliver, distribute or copy this message, and do not 
disclose its contents or take any action in reliance on the information that it 
contains.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Verizon Data Services down

[Mike Sullivan]

I think you are talking about the BlackBerry data on Verizon Wireless?

It's been flaky since Thursday. I have cases opened with both companies,
Verizon admits there is an issue and BlackBerry says nothing is wrong. The
latest info I have says it should be fixed by Wednesday.

On Mon, Jan 24, 2011 at 8:42 PM, Jeff Brown <2jbr...@gmail.com> wrote:

> About 20% of my users have been without data services, a crippling problem
> for a company that relies heavily on email for nearly all communications.
>  How is it that after over 3 days there is virtually NO news coverage of
> this issue???  We have been told by our cell consultant that this is in fact
> a problem affecting accounts nationwide.  Anyone else but me here affected?
>  We started having trouble just after 11:30 central last Friday, Jan. 221st.
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>



-- 
Mike Sullivan
neog...@gmail.com

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Verizon Data Services down

[Jeff Brown]

That's more info than I got.  Thanks.  Seems like an LONG time for a
provider like Verizon to have limited services for an unknown number of
users.

On Mon, Jan 24, 2011 at 10:50 PM, Mike Sullivan  wrote:

> I think you are talking about the BlackBerry data on Verizon Wireless?
>
> It's been flaky since Thursday. I have cases opened with both companies,
> Verizon admits there is an issue and BlackBerry says nothing is wrong. The
> latest info I have says it should be fixed by Wednesday.
>
> On Mon, Jan 24, 2011 at 8:42 PM, Jeff Brown <2jbr...@gmail.com> wrote:
>
>> About 20% of my users have been without data services, a crippling problem
>> for a company that relies heavily on email for nearly all communications.
>>  How is it that after over 3 days there is virtually NO news coverage of
>> this issue???  We have been told by our cell consultant that this is in fact
>> a problem affecting accounts nationwide.  Anyone else but me here affected?
>>  We started having trouble just after 11:30 central last Friday, Jan. 221st.
>>
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>>
>
>
> --
> Mike Sullivan
> neog...@gmail.com
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Verizon Data Services down

[Ben Scott]

On Mon, Jan 24, 2011 at 11:54 PM, Jeff Brown <2jbr...@gmail.com> wrote:
> That's more info than I got.  Thanks.  Seems like an LONG time for a
> provider like Verizon to have limited services for an unknown number of
> users.

  Verizon owns its customers, and they know it.

  "We don't care.  We don't have to.  We're The Phone Company."

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin