vpn issue
Hi team.Have a problem i can't figure outORIGIN Server Win2k3 configured as TSE server with 1 nic,dedicated to VPN between the main site and a near site : it is setup by the local ISP and impossible to modify without their assistance Local address 192.168.6.20/255.255.255.0/192.168.6.1EVOLUTIONTo be able to connect to the server from ANY place in the worldSo i've set up a nic (number2) dedicated to a DSL line (with a local modem router than i can manage)Local address 192.168.6.227/255.255.255.0/192.168.6.250PROBLEMWhen i configure the nic2 without a gateway, the VPN from distant site works fine.When i add the gateway 192.168.6.250 which is my local modem-router address ,the VPN clients on the distant site can't connect anymore they see an RDP error message Remote desktop can't connect Try to reconnect. When i disactivate nic1 and let my local modem-router address, i have Internet, ok, and i can connect through RDP from anywherebut no VPN.I'm confused.Is Windows able to deal with these 2 nics and this configuration ? Any help VERYY welcome. Bruno CANTIN ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Win7 upgrade question
$311.11 at your favorite store. http://www.provantage.com/microsoft-jsf-1~7MSTE00T.htm http://www.provantage.com/microsoft-jsf-1~7MSTE00T.htm On Wed, Mar 30, 2011 at 11:28 PM, Kurt Buff kurt.b...@gmail.com wrote: Last time I had a Technet subscription was in, ummm - 1997, IIRC. I'll have to look at that, and our budget, and see if we can fit it in. Thanks. On Wed, Mar 30, 2011 at 20:08, Mike Hoffman m...@drumbrae.net wrote: Win 7 Enterprise is not on the retail disks, when you get your agreement you will have access to download it. If you have TechNet access then you can start playing with the MDT and get the ISO from the same place. You can go straight to SP1 on the builds and deploy from USB or over the net depending on what else you put on the build. You can certainly get rid of any OEM junk. Mike -Original Message- From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: 31 March 2011 04:04 To: NT System Admin Issues Subject: RE: Win7 upgrade question I recommend you spend an hour or two looking at MDT 2010 Update 1 in detail (MDT - Microsoft Deployment Toolkit). Not only will it do everything you want (and then some) - it's free. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Wednesday, March 30, 2011 8:12 PM To: NT System Admin Issues Subject: Win7 upgrade question All, We're on the cusp of getting a MSFT EA in place (it looking like 90% sure, right now), and we've been ordering Dell laptops for lease with Win7 Pro on them. I want to get all of them up to Win7 Enterprise, and thought I had read somewhere that it was just a matter of a key update. I can't find any documentation on that, however, and our vendor rep pointed me at this article: http://technet.microsoft.com/en-us/library/dd772579%28WS.10%29.aspx So, for those of you who know about this kind of thing, what would you do? Right now I'm contemplating either something like this: http://laplink.com/pcmover or just doing an Anytime upgrade to Ultimate, and calling it good, because the lease will run out before the OS EOLs. Anyone have better thoughts on this? Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Are printer-related registry keys are safe to remove?
Indeed this appears to be the case. I created an AppSense logoff action to delete the keys, and then create them again blank. This has stopped the drastic over-population of these with printer entries, and has increased the logon time for this subset of users. Thanks! On 30 March 2011 18:57, Ken Cornetet ken.corne...@kimball.com wrote: Yes, they are safe to remove. I created a batch file with these two lines and call it from a group policy logoff script. reg DELETE HKCU\Software\Microsoft\Windows NT\CurrentVersion\Devices /va /f reg DELETE HKCU\Software\Microsoft\Windows NT\CurrentVersion\printerports /va /f I will have to say, though, that this seems to make some user’s Citrix session hang (they never logoff after closing their last app). I will probably move this to a logon script at some point. Ken Cornetet 812.482.8499 To err is human - to moo, bovine. *From:* James Rankin [mailto:kz2...@googlemail.com] *Sent:* Wednesday, March 30, 2011 4:01 AM *To:* NT System Admin Issues *Subject:* Are printer-related registry keys are safe to remove? There are two Registry keys - *HKCU\Software\Microsoft\Windows NT\CurrentVersion\Devices\* and *HKCU\Software\Microsoft\Windows NT\CurrentVersion\PrinterPorts - *that, in a terminal services environment, seem to fill up with vast amounts of printers, apparently enumerated from any user that has ever logged on. Now some older pieces of software seem to look here for their printer settings, to the extent that when there are approximately 500 entries in there, meaning that the printing from these apps is very, very slow. According to an MS article these keys are for *user preferences for print devices in Windows NT 4.0*, so, would I be right in assuming I could simply remove all entries from these keys at logoff without causing myself any problems? TIA, JR -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. *IMPORTANT: This email is intended for the use of the individual addressee(s) named above and may contain information that is confidential, privileged or unsuitable for overly sensitive persons with low self-esteem, no sense of humour or irrational religious beliefs. If you are not the intended recipient, any dissemination, distribution or copying of this email is not authorised (either explicitly or implicitly) and constitutes an irritating social faux pas. Unless the word absquatulation has been used in its correct context somewhere other than in this warning, it does not have any legal or no grammatical use and may be ignored. No animals were harmed in the transmission of this email, although the kelpie next door is living on borrowed time, let me tell you. Those of you with an overwhelming fear of the unknown will be gratified to learn that there is no hidden message revealed by reading this warning backwards, so just ignore that Alert Notice from Microsoft. However, by pouring a complete circle of salt around yourself and your computer you can ensure that no harm befalls you and your pets. If you have received this email in error, please add some nutmeg and egg whites, whisk and place in a warm oven for 40 minutes.* ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. *IMPORTANT: This email is intended for the use of the individual addressee(s) named above and may contain information that is confidential, privileged or unsuitable for overly sensitive persons with low self-esteem, no sense of humour or irrational religious beliefs. If you are not the intended recipient, any dissemination, distribution or copying of this email is not authorised (either explicitly or implicitly) and constitutes an irritating social faux pas. Unless the word absquatulation has been used in its correct context somewhere other than in this warning, it does not have any legal or no grammatical use and may be ignored. No animals were harmed in the transmission of this email, although the kelpie
Re: Deny roaming profile access at logon
Well that certainly seems to have resolved the issue. It was simply that the OS couldn't find the folder that it was trying to load the profile from. I will probably get some more issues down the line as multiple users try to write over this template profile at the same time, but I can probably think of a way around that. Thanks! On 30 March 2011 19:00, Rankin, James R kz2...@googlemail.com wrote: I have been getting an error stating could not load profile when running published apps from a 2003 server. I thought it was because the 2008 R2 profile was incompatible, hence I was not wanting to load the roaming profile. However, thinking about it, I have just realised the error may be to do with the .v2 that you need to append to the profile name for 2008. I will know for sure tomorrow, but I think creating a blank 2003 profile in a folder without the .v2 extension may get rid of the errors. If it is that, thanks for making me think it through properly! Typed frustratingly slowly on my BlackBerry® wireless device -- *From: * Tom Miller tmil...@hnncsb.org *Date: *Wed, 30 Mar 2011 11:53:41 -0400 *To: *NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com *ReplyTo: * NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com *Subject: *Re: Deny roaming profile access at logon That's right. It's been a while since I created those GPOs. My error. What's the need to prevent a profile from loading? Perhaps there is something else we could suggest. James Rankin kz2...@googlemail.com 3/30/2011 10:44 AM It's a computer-level GPO for only allow local profiles. It only applies to everyone, or not at all. Same goes for setting TS Profile via GPO. Unless you know different...I've been struggling to understand why TS Profile was a computer-level GPO for a while now. On 30 March 2011 15:40, Tom Miller tmil...@hnncsb.org wrote: Can't you change your current GPO to be more specific instead of authenticated users? I have several XenApp GPOs that have different settings for different groups, and I use TS Roaming profiles in them. Tom James Rankin kz2...@googlemail.com 3/30/2011 9:39 AM It's not the server with the printer issue, no (I have lots of issues lately, my wife tells me the same thing too) :-) Sorry, I should have been more specific - it's the TS roaming profile that I am trying to avoid loading for a certain subset of users. Not a standard roaming profile. I have not worked with fat clients for so long, I forget they exist :-) On 30 March 2011 14:37, Ben Scott mailvor...@gmail.com wrote: On Wed, Mar 30, 2011 at 9:14 AM, James Rankin kz2...@googlemail.com wrote: I think this is probably a non-starter, but does anyone have any idea how I might go about preventing a user's roaming profile from loading when they log on to a particular server? Is this for your Terminal Server with the printers problem? If so, isn't there a per-user Active Directory property to load a different profile for Terminal Servers? -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. *IMPORTANT: This email is intended for the use of the individual addressee(s) named above and may contain information that is confidential, privileged or unsuitable for overly sensitive persons with low self-esteem, no sense of humour or irrational religious beliefs. If you are not the intended recipient, any dissemination, distribution or copying of this email is not authorised (either explicitly or implicitly) and constitutes an irritating social faux pas. Unless the word absquatulation has been used in its correct context somewhere other than in this warning, it does not have any legal or no grammatical use and may be ignored. No animals were harmed in the transmission of this email, although the kelpie next door is living on borrowed time, let me tell you. Those of you with an overwhelming fear of the unknown will be gratified to learn that there is no hidden message revealed by reading this warning backwards, so just ignore that Alert Notice from Microsoft. However, by pouring a complete circle of salt around yourself and your computer you can ensure that no harm befalls you and your pets. If you have received this email in error, please add some nutmeg and egg whites, whisk and place in a warm oven for 40 minutes.* ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
RE: Win7 upgrade question
If you are getting an Enterprise Agreement then you can activate your TechNet Benefit, then spend $311.11 on beer!! Mike From: Richard Stovall [mailto:rich...@gmail.com] Sent: 31 March 2011 11:30 To: NT System Admin Issues Subject: Re: Win7 upgrade question $311.11 at your favorite store. http://www.provantage.com/microsoft-jsf-1~7MSTE00T.htm On Wed, Mar 30, 2011 at 11:28 PM, Kurt Buff kurt.b...@gmail.commailto:kurt.b...@gmail.com wrote: Last time I had a Technet subscription was in, ummm - 1997, IIRC. I'll have to look at that, and our budget, and see if we can fit it in. Thanks. On Wed, Mar 30, 2011 at 20:08, Mike Hoffman m...@drumbrae.netmailto:m...@drumbrae.net wrote: Win 7 Enterprise is not on the retail disks, when you get your agreement you will have access to download it. If you have TechNet access then you can start playing with the MDT and get the ISO from the same place. You can go straight to SP1 on the builds and deploy from USB or over the net depending on what else you put on the build. You can certainly get rid of any OEM junk. Mike -Original Message- From: Michael B. Smith [mailto:mich...@smithcons.commailto:mich...@smithcons.com] Sent: 31 March 2011 04:04 To: NT System Admin Issues Subject: RE: Win7 upgrade question I recommend you spend an hour or two looking at MDT 2010 Update 1 in detail (MDT - Microsoft Deployment Toolkit). Not only will it do everything you want (and then some) - it's free. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.commailto:kurt.b...@gmail.com] Sent: Wednesday, March 30, 2011 8:12 PM To: NT System Admin Issues Subject: Win7 upgrade question All, We're on the cusp of getting a MSFT EA in place (it looking like 90% sure, right now), and we've been ordering Dell laptops for lease with Win7 Pro on them. I want to get all of them up to Win7 Enterprise, and thought I had read somewhere that it was just a matter of a key update. I can't find any documentation on that, however, and our vendor rep pointed me at this article: http://technet.microsoft.com/en-us/library/dd772579%28WS.10%29.aspx So, for those of you who know about this kind of thing, what would you do? Right now I'm contemplating either something like this: http://laplink.com/pcmover or just doing an Anytime upgrade to Ultimate, and calling it good, because the lease will run out before the OS EOLs. Anyone have better thoughts on this? Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Samsung keylogger with Vipre mention
Nothing substantiated as yet, however. *ASB *(Professional Bio http://about.me/Andrew.S.Baker/bio) *Technology Services that Maximize Business Results... * On Thu, Mar 31, 2011 at 7:01 AM, chipsh...@comcast.net wrote: Interesting: http://news.cnet.com/8301-27080_3-20048896-245.html ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Samsung keylogger with Vipre mention
Samsung denies, according to their blog: http://www.samsungtomorrow.com/1071 Cheers Ken From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, 31 March 2011 7:10 PM To: NT System Admin Issues Subject: Re: Samsung keylogger with Vipre mention Nothing substantiated as yet, however. ASB (Professional Biohttp://about.me/Andrew.S.Baker/bio) Technology Services that Maximize Business Results... On Thu, Mar 31, 2011 at 7:01 AM, chipsh...@comcast.netmailto:chipsh...@comcast.net wrote: Interesting: http://news.cnet.com/8301-27080_3-20048896-245.html ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: OT - Parental Controls
Think I'll give this a try I'm not concerned about the sites... I just want to keep my wife off facebook 8 hours a day and am fed up with her asking me to take her laptop to work so she can't use it. -Original Message- From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] Sent: 28 March 2011 19:35 To: NT System Admin Issues Subject: Re: OT - Parental Controls I use K-9 at home on my daughter's computer. It's nice, because it lets out an audible bark if she hits a bad site... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: OT - Parental Controls
I stopped my wife from using FaceBookI deactivated her account :-) I also once used a hosts file redirect to send Facebook to kittenwar.cominstead On 31 March 2011 13:46, Adam Buckland adam.buckl...@eurohill.com wrote: Think I'll give this a try I'm not concerned about the sites... I just want to keep my wife off facebook 8 hours a day and am fed up with her asking me to take her laptop to work so she can't use it. -Original Message- From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] Sent: 28 March 2011 19:35 To: NT System Admin Issues Subject: Re: OT - Parental Controls I use K-9 at home on my daughter's computer. It's nice, because it lets out an audible bark if she hits a bad site... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. *IMPORTANT: This email is intended for the use of the individual addressee(s) named above and may contain information that is confidential, privileged or unsuitable for overly sensitive persons with low self-esteem, no sense of humour or irrational religious beliefs. If you are not the intended recipient, any dissemination, distribution or copying of this email is not authorised (either explicitly or implicitly) and constitutes an irritating social faux pas. Unless the word absquatulation has been used in its correct context somewhere other than in this warning, it does not have any legal or no grammatical use and may be ignored. No animals were harmed in the transmission of this email, although the kelpie next door is living on borrowed time, let me tell you. Those of you with an overwhelming fear of the unknown will be gratified to learn that there is no hidden message revealed by reading this warning backwards, so just ignore that Alert Notice from Microsoft. However, by pouring a complete circle of salt around yourself and your computer you can ensure that no harm befalls you and your pets. If you have received this email in error, please add some nutmeg and egg whites, whisk and place in a warm oven for 40 minutes.* ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Windows 7 Imaging
Folks, We are working towards deploying Windows 7 (along with Office 2010) on current and future shipments of new laptops/PCs. We use syprep and Ghost for our XP image, and it works well. I'm looking for your suggestions/warnings/gotchas as to imaging for Windows 7. Favorite imaging tools, methods, etc? I don't do the imaging here, but my PC guy who does the images seems to be having a bit of a struggle with it compared to XP images, so I thought I'd as you experts. We already have a Dell Kace system management system here, and I'll be viewing a demo today for the imaging component (additional purchase). I'm open to anything that makes the process as painless as possible. If it matters we use Lenovo ThinkPads for our laptops and Dell Optiplex business PCs. Your comments are appreciated. Tom Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Windows 7 Imaging
If you have Server 2008 R2, WDS is the bees knees. On Thu, Mar 31, 2011 at 8:50 AM, Tom Miller tmil...@hnncsb.org wrote: Folks, We are working towards deploying Windows 7 (along with Office 2010) on current and future shipments of new laptops/PCs. We use syprep and Ghost for our XP image, and it works well. I'm looking for your suggestions/warnings/gotchas as to imaging for Windows 7. Favorite imaging tools, methods, etc? I don't do the imaging here, but my PC guy who does the images seems to be having a bit of a struggle with it compared to XP images, so I thought I'd as you experts. We already have a Dell Kace system management system here, and I'll be viewing a demo today for the imaging component (additional purchase). I'm open to anything that makes the process as painless as possible. If it matters we use Lenovo ThinkPads for our laptops and Dell Optiplex business PCs. Your comments are appreciated. Tom Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Windows 7 Imaging
Make sure your ghost is up to date so that ghostwalker works properly. And it is even more important to use ghostwalker on Win 7 than it was in XP. What problems is he having? I am guessing it is with preparing the image...getting the default profile right? From: Tom Miller [mailto:tmil...@hnncsb.org] Sent: Thursday, March 31, 2011 8:50 AM To: NT System Admin Issues Subject: Windows 7 Imaging Folks, We are working towards deploying Windows 7 (along with Office 2010) on current and future shipments of new laptops/PCs. We use syprep and Ghost for our XP image, and it works well. I'm looking for your suggestions/warnings/gotchas as to imaging for Windows 7. Favorite imaging tools, methods, etc? I don't do the imaging here, but my PC guy who does the images seems to be having a bit of a struggle with it compared to XP images, so I thought I'd as you experts. We already have a Dell Kace system management system here, and I'll be viewing a demo today for the imaging component (additional purchase). I'm open to anything that makes the process as painless as possible. If it matters we use Lenovo ThinkPads for our laptops and Dell Optiplex business PCs. Your comments are appreciated. Tom Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Windows 7 Imaging
Cool. We do, so I'll check it out. Anyone else? Buehler? Jonathan Link jonathan.l...@gmail.com 3/31/2011 8:54 AM If you have Server 2008 R2, WDS is the bees knees. On Thu, Mar 31, 2011 at 8:50 AM, Tom Miller tmil...@hnncsb.org wrote: Folks, We are working towards deploying Windows 7 (along with Office 2010) on current and future shipments of new laptops/PCs. We use syprep and Ghost for our XP image, and it works well. I'm looking for your suggestions/warnings/gotchas as to imaging for Windows 7. Favorite imaging tools, methods, etc? I don't do the imaging here, but my PC guy who does the images seems to be having a bit of a struggle with it compared to XP images, so I thought I'd as you experts. We already have a Dell Kace system management system here, and I'll be viewing a demo today for the imaging component (additional purchase). I'm open to anything that makes the process as painless as possible. If it matters we use Lenovo ThinkPads for our laptops and Dell Optiplex business PCs. Your comments are appreciated. Tom Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Windows 7 Imaging
I'm a little biased (because I developed courseware for the product), but the Microsoft Deployment Toolkit 2010 Update 1 is easy to use, light-touch - and free. If you need zero touch, System Center Configuration Manager does the job very well and is infinitely configurable. It isn't, however, free. And it has a learning curve for that infinitely configurable part. The imaging process for Win7 is based on one of two options: VHD or WIM (Windows IMaging - and the VHD option is built on-top-of the WIM option, more-or-less). The preferred tool for creating images is ImageX, which is a Microsoft product (part of both MDT and SCCM). Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Tom Miller [mailto:tmil...@hnncsb.org] Sent: Thursday, March 31, 2011 8:50 AM To: NT System Admin Issues Subject: Windows 7 Imaging Folks, We are working towards deploying Windows 7 (along with Office 2010) on current and future shipments of new laptops/PCs. We use syprep and Ghost for our XP image, and it works well. I'm looking for your suggestions/warnings/gotchas as to imaging for Windows 7. Favorite imaging tools, methods, etc? I don't do the imaging here, but my PC guy who does the images seems to be having a bit of a struggle with it compared to XP images, so I thought I'd as you experts. We already have a Dell Kace system management system here, and I'll be viewing a demo today for the imaging component (additional purchase). I'm open to anything that makes the process as painless as possible. If it matters we use Lenovo ThinkPads for our laptops and Dell Optiplex business PCs. Your comments are appreciated. Tom Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Samsung keylogger with Vipre mention
And it's easily possible to reproduce with Vipre... It's a false alarm. http://www.theregister.co.uk/2011/03/31/samsung_keylogger_rumour_debunked/ Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Thursday, March 31, 2011 7:44 AM To: NT System Admin Issues Subject: RE: Samsung keylogger with Vipre mention Samsung denies, according to their blog: http://www.samsungtomorrow.com/1071 Cheers Ken From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, 31 March 2011 7:10 PM To: NT System Admin Issues Subject: Re: Samsung keylogger with Vipre mention Nothing substantiated as yet, however. ASB (Professional Biohttp://about.me/Andrew.S.Baker/bio) Technology Services that Maximize Business Results... On Thu, Mar 31, 2011 at 7:01 AM, chipsh...@comcast.netmailto:chipsh...@comcast.net wrote: Interesting: http://news.cnet.com/8301-27080_3-20048896-245.html ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Samsung keylogger with Vipre mention
This article claims a false positive by Vipre: http://www.digitaltrends.com/computing/samsung-keylogger-accusations-prove-false/ - Original Message - From: Ken Schaefer k...@adopenstatic.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Thursday, March 31, 2011 7:43:30 AM Subject: RE: Samsung keylogger with Vipre mention Samsung denies, according to their blog: http://www.samsungtomorrow.com/1071 Cheers Ken From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, 31 March 2011 7:10 PM To: NT System Admin Issues Subject: Re: Samsung keylogger with Vipre mention Nothing substantiated as yet, however. ASB ( Professional Bio ) Technology Services that Maximize Business Results... On Thu, Mar 31, 2011 at 7:01 AM, chipsh...@comcast.net wrote: Interesting: http://news.cnet.com/8301-27080_3-20048896-245.html ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Samsung keylogger with Vipre mention
Has someone had a career changing event? On Thu, Mar 31, 2011 at 9:01 AM, Michael B. Smith mich...@smithcons.comwrote: And it’s easily possible to reproduce with Vipre… It’s a false alarm. http://www.theregister.co.uk/2011/03/31/samsung_keylogger_rumour_debunked/ Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com http://theessentialexchange.com/ *From:* Ken Schaefer [mailto:k...@adopenstatic.com] *Sent:* Thursday, March 31, 2011 7:44 AM *To:* NT System Admin Issues *Subject:* RE: Samsung keylogger with Vipre mention Samsung denies, according to their blog: http://www.samsungtomorrow.com/1071 Cheers Ken *From:* Andrew S. Baker [mailto:asbz...@gmail.com] *Sent:* Thursday, 31 March 2011 7:10 PM *To:* NT System Admin Issues *Subject:* Re: Samsung keylogger with Vipre mention Nothing substantiated as yet, however. *ASB *(Professional Bio http://about.me/Andrew.S.Baker/bio) *Technology Services that Maximize Business Results...** * * * On Thu, Mar 31, 2011 at 7:01 AM, chipsh...@comcast.net wrote: Interesting: http://news.cnet.com/8301-27080_3-20048896-245.html ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: OT - Parental Controls
Whoa. On Thu, Mar 31, 2011 at 8:48 AM, James Rankin kz2...@googlemail.com wrote: I stopped my wife from using FaceBookI deactivated her account :-) I also once used a hosts file redirect to send Facebook to kittenwar.cominstead On 31 March 2011 13:46, Adam Buckland adam.buckl...@eurohill.com wrote: Think I'll give this a try I'm not concerned about the sites... I just want to keep my wife off facebook 8 hours a day and am fed up with her asking me to take her laptop to work so she can't use it. -Original Message- From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] Sent: 28 March 2011 19:35 To: NT System Admin Issues Subject: Re: OT - Parental Controls I use K-9 at home on my daughter's computer. It's nice, because it lets out an audible bark if she hits a bad site... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. *IMPORTANT: This email is intended for the use of the individual addressee(s) named above and may contain information that is confidential, privileged or unsuitable for overly sensitive persons with low self-esteem, no sense of humour or irrational religious beliefs. If you are not the intended recipient, any dissemination, distribution or copying of this email is not authorised (either explicitly or implicitly) and constitutes an irritating social faux pas. Unless the word absquatulation has been used in its correct context somewhere other than in this warning, it does not have any legal or no grammatical use and may be ignored. No animals were harmed in the transmission of this email, although the kelpie next door is living on borrowed time, let me tell you. Those of you with an overwhelming fear of the unknown will be gratified to learn that there is no hidden message revealed by reading this warning backwards, so just ignore that Alert Notice from Microsoft. However, by pouring a complete circle of salt around yourself and your computer you can ensure that no harm befalls you and your pets. If you have received this email in error, please add some nutmeg and egg whites, whisk and place in a warm oven for 40 minutes.* ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Samsung keylogger with Vipre mention
The challenge/issue here is that every AV has false positives. Most of them, however, don't get written up and /.'ed. The original author should've tested with multiple engines. And, as Vipre starts to play with the big boys, they are going to get big-boy levels of attention... Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Thursday, March 31, 2011 9:04 AM To: NT System Admin Issues Subject: Re: Samsung keylogger with Vipre mention Has someone had a career changing event? On Thu, Mar 31, 2011 at 9:01 AM, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: And it's easily possible to reproduce with Vipre... It's a false alarm. http://www.theregister.co.uk/2011/03/31/samsung_keylogger_rumour_debunked/ Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.comhttp://theessentialexchange.com/ From: Ken Schaefer [mailto:k...@adopenstatic.commailto:k...@adopenstatic.com] Sent: Thursday, March 31, 2011 7:44 AM To: NT System Admin Issues Subject: RE: Samsung keylogger with Vipre mention Samsung denies, according to their blog: http://www.samsungtomorrow.com/1071 Cheers Ken From: Andrew S. Baker [mailto:asbz...@gmail.commailto:asbz...@gmail.com] Sent: Thursday, 31 March 2011 7:10 PM To: NT System Admin Issues Subject: Re: Samsung keylogger with Vipre mention Nothing substantiated as yet, however. ASB (Professional Biohttp://about.me/Andrew.S.Baker/bio) Technology Services that Maximize Business Results... On Thu, Mar 31, 2011 at 7:01 AM, chipsh...@comcast.netmailto:chipsh...@comcast.net wrote: Interesting: http://news.cnet.com/8301-27080_3-20048896-245.html ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Samsung keylogger with Vipre mention
Oh, I agree, but you seem to be finding fault with the tool. I find fault witht he professional using the tool. It seems to me, that many of us forget to test for repeatability, and fewer know how to do to that properly. My opinion of a security research trying to make a name for himself, and there's no doubt that's what this episode was all about, should have enough intellectual rigor to attack the problem from all angles before publishing findings. If I'm a client of NetSec Consulting (firm he founded), and I catch wind of this, I won't be a client for very long. On Thu, Mar 31, 2011 at 9:08 AM, Michael B. Smith mich...@smithcons.comwrote: The challenge/issue here is that every AV has false positives. Most of them, however, don’t get written up and /.’ed. The original author should’ve tested with multiple engines. And, as Vipre starts to play with the big boys, they are going to get “big-boy” levels of attention… Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com http://theessentialexchange.com/ *From:* Jonathan Link [mailto:jonathan.l...@gmail.com] *Sent:* Thursday, March 31, 2011 9:04 AM *To:* NT System Admin Issues *Subject:* Re: Samsung keylogger with Vipre mention Has someone had a career changing event? On Thu, Mar 31, 2011 at 9:01 AM, Michael B. Smith mich...@smithcons.com wrote: And it’s easily possible to reproduce with Vipre… It’s a false alarm. http://www.theregister.co.uk/2011/03/31/samsung_keylogger_rumour_debunked/ Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com http://theessentialexchange.com/ *From:* Ken Schaefer [mailto:k...@adopenstatic.com] *Sent:* Thursday, March 31, 2011 7:44 AM *To:* NT System Admin Issues *Subject:* RE: Samsung keylogger with Vipre mention Samsung denies, according to their blog: http://www.samsungtomorrow.com/1071 Cheers Ken *From:* Andrew S. Baker [mailto:asbz...@gmail.com] *Sent:* Thursday, 31 March 2011 7:10 PM *To:* NT System Admin Issues *Subject:* Re: Samsung keylogger with Vipre mention Nothing substantiated as yet, however. *ASB *(Professional Bio http://about.me/Andrew.S.Baker/bio) *Technology Services that Maximize Business Results...** * * * On Thu, Mar 31, 2011 at 7:01 AM, chipsh...@comcast.net wrote: Interesting: http://news.cnet.com/8301-27080_3-20048896-245.html ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Samsung keylogger with Vipre mention
I find fault with both. :) I agree with you. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Thursday, March 31, 2011 9:18 AM To: NT System Admin Issues Subject: Re: Samsung keylogger with Vipre mention Oh, I agree, but you seem to be finding fault with the tool. I find fault witht he professional using the tool. It seems to me, that many of us forget to test for repeatability, and fewer know how to do to that properly. My opinion of a security research trying to make a name for himself, and there's no doubt that's what this episode was all about, should have enough intellectual rigor to attack the problem from all angles before publishing findings. If I'm a client of NetSec Consulting (firm he founded), and I catch wind of this, I won't be a client for very long. On Thu, Mar 31, 2011 at 9:08 AM, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: The challenge/issue here is that every AV has false positives. Most of them, however, don't get written up and /.'ed. The original author should've tested with multiple engines. And, as Vipre starts to play with the big boys, they are going to get big-boy levels of attention... Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.comhttp://theessentialexchange.com/ From: Jonathan Link [mailto:jonathan.l...@gmail.commailto:jonathan.l...@gmail.com] Sent: Thursday, March 31, 2011 9:04 AM To: NT System Admin Issues Subject: Re: Samsung keylogger with Vipre mention Has someone had a career changing event? On Thu, Mar 31, 2011 at 9:01 AM, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: And it's easily possible to reproduce with Vipre... It's a false alarm. http://www.theregister.co.uk/2011/03/31/samsung_keylogger_rumour_debunked/ Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.comhttp://theessentialexchange.com/ From: Ken Schaefer [mailto:k...@adopenstatic.commailto:k...@adopenstatic.com] Sent: Thursday, March 31, 2011 7:44 AM To: NT System Admin Issues Subject: RE: Samsung keylogger with Vipre mention Samsung denies, according to their blog: http://www.samsungtomorrow.com/1071 Cheers Ken From: Andrew S. Baker [mailto:asbz...@gmail.commailto:asbz...@gmail.com] Sent: Thursday, 31 March 2011 7:10 PM To: NT System Admin Issues Subject: Re: Samsung keylogger with Vipre mention Nothing substantiated as yet, however. ASB (Professional Biohttp://about.me/Andrew.S.Baker/bio) Technology Services that Maximize Business Results... On Thu, Mar 31, 2011 at 7:01 AM, chipsh...@comcast.netmailto:chipsh...@comcast.net wrote: Interesting: http://news.cnet.com/8301-27080_3-20048896-245.html ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe
Re: Find out what is doing this
sysinternals tools from the microsoft site ... process monitor On Thu, Mar 31, 2011 at 9:21 AM, itli...@imcu.com itli...@imcu.com wrote: Have a third party that creates a file before it runs. For about 3 weeks now it has failed to run automagically but when we run it manually it runs. I have process monitor running but I can not tell what is trying to create the process so I can figure out what permissions to look at? What freeware would help with this? From my operators: We’re also using a piece of software called Process Monitor and we were able to pin it down last night to a ‘Sharing Violation’ . ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Find out what is doing this
When you say automagically do you mean via something like task scheduler? I have seen this several times with Task Scheduler. It is usually the credentials setup in the task. Sometimes it happens because of a PW change, sometimes it is a simple check of the tazks and make sure it is set to run whether the user is logged in or not. Either way it works manually since you are logged in probably with a Userid that has privledges to run that task and use the files. From: itli...@imcu.com [itli...@imcu.com] Sent: Thursday, March 31, 2011 8:21 AM To: NT System Admin Issues Subject: Find out what is doing this Have a third party that creates a file before it runs. For about 3 weeks now it has failed to run automagically but when we run it manually it runs. I have process monitor running but I can not tell what is trying to create the process so I can figure out what permissions to look at? What freeware would help with this? From my operators: We’re also using a piece of software called Process Monitor and we were able to pin it down last night to a ‘Sharing Violation’ . ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin CONFIDENTIALITY NOTICE: This e-mail and any attachments are confidential. If you are not the intended recipient, you do not have permission to disclose, copy, distribute, or open any attachments. If you have received this e-mail in error, please notify us immediately by returning it to the sender and delete this copy from your system. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Find out what is doing this
I have it running. Where to I see who/what is holding it so it can't delete and recreate when it needs to? From: Erik Goldoff [mailto:egold...@gmail.com] Posted At: Thursday, March 31, 2011 9:25 AM Posted To: itli...@imcu.com Conversation: Find out what is doing this Subject: Re: Find out what is doing this sysinternals tools from the microsoft site ... process monitor On Thu, Mar 31, 2011 at 9:21 AM, itli...@imcu.com itli...@imcu.com wrote: Have a third party that creates a file before it runs. For about 3 weeks now it has failed to run automagically but when we run it manually it runs. I have process monitor running but I can not tell what is trying to create the process so I can figure out what permissions to look at? What freeware would help with this? From my operators: We're also using a piece of software called Process Monitor and we were able to pin it down last night to a 'Sharing Violation' . ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Find out what is doing this
On Thu, Mar 31, 2011 at 9:21 AM, itli...@imcu.com itli...@imcu.com wrote: Have a third party that creates a file before it runs. You need to explain that using a lot more words. :) We’re also using a piece of software called Process Monitor and we were able to pin it down last night to a ‘Sharing Violation’ . Sharing Violation nominally means a file was already open or locked when the program tried to access it. Of course, that's also one of the error codes that Microsoft sometimes uses for completely unrelated things, so there's a (relatively small) chance it's something else. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: OT - Parental Controls
There are seldom good technical solutions to behavioral problems. Man... first time I've seen that old adage here apropos for non-work environment. -sc -Original Message- From: Adam Buckland [mailto:adam.buckl...@eurohill.com] Sent: Thursday, March 31, 2011 8:46 AM To: NT System Admin Issues Subject: RE: OT - Parental Controls Think I'll give this a try I'm not concerned about the sites... I just want to keep my wife off facebook 8 hours a day and am fed up with her asking me to take her laptop to work so she can't use it. -Original Message- From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] Sent: 28 March 2011 19:35 To: NT System Admin Issues Subject: Re: OT - Parental Controls I use K-9 at home on my daughter's computer. It's nice, because it lets out an audible bark if she hits a bad site... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt- software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Group Enumeration Issue
Dcdiag and netdiag. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Phil Hershey [mailto:phers...@agia.com] Sent: Wednesday, March 30, 2011 3:26 PM To: NT System Admin Issues Subject: RE: Group Enumeration Issue Tried promoting from global to universal, but it didn't help we apparently have bigger AD issues, symptoms of which are starting to bubble up. No events in security event log, although the Default Domain Controller audit policy clearly as logon events, account logon events and other items set to monitor both successful and failed events. (Tried to reply multiple times this morning, but kept being rejected by the list server for send an attachment, although there was never one.) From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Tuesday, March 29, 2011 2:53 PM To: NT System Admin Issues Subject: RE: Group Enumeration Issue Promote it. Sent from my HTC Tilt 2, a Windows phone from ATT From: Phil Hershey phers...@agia.com Sent: Tuesday, March 29, 2011 5:27 PM To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Subject: RE: Group Enumeration Issue Hi, Michael. Global distribution. From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Tuesday, March 29, 2011 2:23 PM To: NT System Admin Issues Subject: RE: Group Enumeration Issue What kind of group? Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Phil Hershey [mailto:phers...@agia.com] Sent: Tuesday, March 29, 2011 4:59 PM To: NT System Admin Issues Subject: Group Enumeration Issue Odd problem that has just cropped up. Domain with 4 DC's in 2 sites that are T3 connected, only about 350 users, native 2003 mode. We have a problem with resolving the members of a single one of our ~100 distribution groups. The server that holds all but one of the FSMO roles correctly shows all the member groups and users for this DL. If I go to the Members tab for this DL on any of the other DCs, the members box is empty. However if you try and add one of the groups or users that is actually already in this DL, you get a 'account name is already a member of the local group' error. REPLMON shows all successful replications, and a REPADMIN /syncall DC /force all shows completion without errors. Seems like we've got a problem with versioning on the DCs. They're all Server 2003 32-bit Std Edition and fully patched. Any ideas? Thanks. Phil Hershey MCSE 2003: Security | MCITP - Enterprise Messaging Admin 2010 AGIA Insurance Services ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Find out what is doing this
It is a scheduled task and the operators are just giving the task a run when they get the error message. So the same perms should be used but it is failing?? From: Terry Dickson [mailto:te...@treasurer.state.ks.us] Posted At: Thursday, March 31, 2011 9:27 AM Posted To: itli...@imcu.com Conversation: Find out what is doing this Subject: RE: Find out what is doing this When you say automagically do you mean via something like task scheduler? I have seen this several times with Task Scheduler. It is usually the credentials setup in the task. Sometimes it happens because of a PW change, sometimes it is a simple check of the tazks and make sure it is set to run whether the user is logged in or not. Either way it works manually since you are logged in probably with a Userid that has privledges to run that task and use the files. From: itli...@imcu.com [itli...@imcu.com] Sent: Thursday, March 31, 2011 8:21 AM To: NT System Admin Issues Subject: Find out what is doing this Have a third party that creates a file before it runs. For about 3 weeks now it has failed to run automagically but when we run it manually it runs. I have process monitor running but I can not tell what is trying to create the process so I can figure out what permissions to look at? What freeware would help with this? From my operators: We're also using a piece of software called Process Monitor and we were able to pin it down last night to a 'Sharing Violation' . ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin CONFIDENTIALITY NOTICE: This e-mail and any attachments are confidential. If you are not the intended recipient, you do not have permission to disclose, copy, distribute, or open any attachments. If you have received this e-mail in error, please notify us immediately by returning it to the sender and delete this copy from your system. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: OT - Parental Controls
You apparently don't have kids. :-) Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: Steven M. Caesare [mailto:scaes...@caesare.com] Sent: Thursday, March 31, 2011 9:47 AM To: NT System Admin Issues Subject: RE: OT - Parental Controls There are seldom good technical solutions to behavioral problems. Man... first time I've seen that old adage here apropos for non-work environment. -sc -Original Message- From: Adam Buckland [mailto:adam.buckl...@eurohill.com] Sent: Thursday, March 31, 2011 8:46 AM To: NT System Admin Issues Subject: RE: OT - Parental Controls Think I'll give this a try I'm not concerned about the sites... I just want to keep my wife off facebook 8 hours a day and am fed up with her asking me to take her laptop to work so she can't use it. -Original Message- From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] Sent: 28 March 2011 19:35 To: NT System Admin Issues Subject: Re: OT - Parental Controls I use K-9 at home on my daughter's computer. It's nice, because it lets out an audible bark if she hits a bad site... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt- software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Windows 7 Imaging
+1 for imagex. On Thu, Mar 31, 2011 at 7:58 AM, Michael B. Smith mich...@smithcons.comwrote: I’m a little biased (because I developed courseware for the product), but the Microsoft Deployment Toolkit 2010 Update 1 is easy to use, light-touch – and free. If you need zero touch, System Center Configuration Manager does the job very well and is infinitely configurable. It isn’t, however, free. And it has a learning curve for that “infinitely configurable” part. The imaging process for Win7 is based on one of two options: VHD or WIM (Windows IMaging - and the VHD option is built on-top-of the WIM option, more-or-less). The preferred tool for creating images is ImageX, which is a Microsoft product (part of both MDT and SCCM). Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com *From:* Tom Miller [mailto:tmil...@hnncsb.org] *Sent:* Thursday, March 31, 2011 8:50 AM *To:* NT System Admin Issues *Subject:* Windows 7 Imaging Folks, We are working towards deploying Windows 7 (along with Office 2010) on current and future shipments of new laptops/PCs. We use syprep and Ghost for our XP image, and it works well. I'm looking for your suggestions/warnings/gotchas as to imaging for Windows 7. Favorite imaging tools, methods, etc? I don't do the imaging here, but my PC guy who does the images seems to be having a bit of a struggle with it compared to XP images, so I thought I'd as you experts. We already have a Dell Kace system management system here, and I'll be viewing a demo today for the imaging component (additional purchase). I'm open to anything that makes the process as painless as possible. If it matters we use Lenovo ThinkPads for our laptops and Dell Optiplex business PCs. Your comments are appreciated. Tom Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: OT - Parental Controls
I do. I also have a wife. Life Consequences have to be the solution. For my _CHILDREN_ those consequences may be tha backend end of attempting to circumvent my technical constraints. If I have to resort to that for my _WIFE_, then there are bigger issues at play. -sc -Original Message- From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Thursday, March 31, 2011 9:51 AM To: NT System Admin Issues Subject: RE: OT - Parental Controls You apparently don't have kids. :-) Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: Steven M. Caesare [mailto:scaes...@caesare.com] Sent: Thursday, March 31, 2011 9:47 AM To: NT System Admin Issues Subject: RE: OT - Parental Controls There are seldom good technical solutions to behavioral problems. Man... first time I've seen that old adage here apropos for non-work environment. -sc -Original Message- From: Adam Buckland [mailto:adam.buckl...@eurohill.com] Sent: Thursday, March 31, 2011 8:46 AM To: NT System Admin Issues Subject: RE: OT - Parental Controls Think I'll give this a try I'm not concerned about the sites... I just want to keep my wife off facebook 8 hours a day and am fed up with her asking me to take her laptop to work so she can't use it. -Original Message- From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] Sent: 28 March 2011 19:35 To: NT System Admin Issues Subject: Re: OT - Parental Controls I use K-9 at home on my daughter's computer. It's nice, because it lets out an audible bark if she hits a bad site... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt- software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt- software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt- software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Find out what is doing this
Here is the process .bat creates setenv.bat in dir x About every 60 seconds all day long. At around 11:00pm each night this process fails with a sharing violation of setenv.bat. Rerun the automated task and it runs. The problem is this file is being Created all day long no issues just around 11:00pm. With process monitor we see the sharing violation but can't tell what was trying to share it or what was sharing it at the time?? Need more guidance with process monitor I guess? Can I turn on auditing for dir x ? Will Windows give me more of a feel for what failed? -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Posted At: Thursday, March 31, 2011 9:34 AM Posted To: itli...@imcu.com Conversation: Find out what is doing this Subject: Re: Find out what is doing this On Thu, Mar 31, 2011 at 9:21 AM, itli...@imcu.com itli...@imcu.com wrote: Have a third party that creates a file before it runs. You need to explain that using a lot more words. :) We're also using a piece of software called Process Monitor and we were able to pin it down last night to a 'Sharing Violation' . Sharing Violation nominally means a file was already open or locked when the program tried to access it. Of course, that's also one of the error codes that Microsoft sometimes uses for completely unrelated things, so there's a (relatively small) chance it's something else. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Find out what is doing this
Is there a backup going on at that time? *** Charlie Kaiser charl...@golden-eagle.org Kingman, AZ *** -Original Message- From: itli...@imcu.com [mailto:itli...@imcu.com] Sent: Thursday, March 31, 2011 6:55 AM To: NT System Admin Issues Subject: RE: Find out what is doing this Here is the process .bat creates setenv.bat in dir x About every 60 seconds all day long. At around 11:00pm each night this process fails with a sharing violation of setenv.bat. Rerun the automated task and it runs. The problem is this file is being Created all day long no issues just around 11:00pm. With process monitor we see the sharing violation but can't tell what was trying to share it or what was sharing it at the time?? Need more guidance with process monitor I guess? Can I turn on auditing for dir x ? Will Windows give me more of a feel for what failed? -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Posted At: Thursday, March 31, 2011 9:34 AM Posted To: itli...@imcu.com Conversation: Find out what is doing this Subject: Re: Find out what is doing this On Thu, Mar 31, 2011 at 9:21 AM, itli...@imcu.com itli...@imcu.com wrote: Have a third party that creates a file before it runs. You need to explain that using a lot more words. :) We're also using a piece of software called Process Monitor and we were able to pin it down last night to a 'Sharing Violation' . Sharing Violation nominally means a file was already open or locked when the program tried to access it. Of course, that's also one of the error codes that Microsoft sometimes uses for completely unrelated things, so there's a (relatively small) chance it's something else. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: OT - Parental Controls
+1 On Thu, Mar 31, 2011 at 9:54 AM, Steven M. Caesare scaes...@caesare.comwrote: I do. I also have a wife. Life Consequences have to be the solution. For my _CHILDREN_ those consequences may be tha backend end of attempting to circumvent my technical constraints. If I have to resort to that for my _WIFE_, then there are bigger issues at play. -sc -Original Message- From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Thursday, March 31, 2011 9:51 AM To: NT System Admin Issues Subject: RE: OT - Parental Controls You apparently don't have kids. :-) Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com http://theessentialexchange.com/ -Original Message- From: Steven M. Caesare [mailto:scaes...@caesare.com] Sent: Thursday, March 31, 2011 9:47 AM To: NT System Admin Issues Subject: RE: OT - Parental Controls There are seldom good technical solutions to behavioral problems. Man... first time I've seen that old adage here apropos for non-work environment. -sc -Original Message- From: Adam Buckland [mailto:adam.buckl...@eurohill.com] Sent: Thursday, March 31, 2011 8:46 AM To: NT System Admin Issues Subject: RE: OT - Parental Controls Think I'll give this a try I'm not concerned about the sites... I just want to keep my wife off facebook 8 hours a day and am fed up with her asking me to take her laptop to work so she can't use it. -Original Message- From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] Sent: 28 March 2011 19:35 To: NT System Admin Issues Subject: Re: OT - Parental Controls I use K-9 at home on my daughter's computer. It's nice, because it lets out an audible bark if she hits a bad site... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt- software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt- software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt- software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Windows Web Server 2008 R2
All, I have a need for a new file server that will only have a few users on it at any given time(Under 5 ). I have an available license for Windows Web Server 2008 R2.I'm looking to save money and thought This might work for the OS. I have never used this version of Windows before and would appreciate any thoughts on whether Or not this is feasible or am I reaching here. Thanks Greg ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Find out what is doing this
No backups at the time of error. -Original Message- From: Charlie Kaiser [mailto:charl...@golden-eagle.org] Posted At: Thursday, March 31, 2011 9:58 AM Posted To: itli...@imcu.com Conversation: Find out what is doing this Subject: RE: Find out what is doing this Is there a backup going on at that time? *** Charlie Kaiser charl...@golden-eagle.org Kingman, AZ *** -Original Message- From: itli...@imcu.com [mailto:itli...@imcu.com] Sent: Thursday, March 31, 2011 6:55 AM To: NT System Admin Issues Subject: RE: Find out what is doing this Here is the process .bat creates setenv.bat in dir x About every 60 seconds all day long. At around 11:00pm each night this process fails with a sharing violation of setenv.bat. Rerun the automated task and it runs. The problem is this file is being Created all day long no issues just around 11:00pm. With process monitor we see the sharing violation but can't tell what was trying to share it or what was sharing it at the time?? Need more guidance with process monitor I guess? Can I turn on auditing for dir x ? Will Windows give me more of a feel for what failed? -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Posted At: Thursday, March 31, 2011 9:34 AM Posted To: itli...@imcu.com Conversation: Find out what is doing this Subject: Re: Find out what is doing this On Thu, Mar 31, 2011 at 9:21 AM, itli...@imcu.com itli...@imcu.com wrote: Have a third party that creates a file before it runs. You need to explain that using a lot more words. :) We're also using a piece of software called Process Monitor and we were able to pin it down last night to a 'Sharing Violation' . Sharing Violation nominally means a file was already open or locked when the program tried to access it. Of course, that's also one of the error codes that Microsoft sometimes uses for completely unrelated things, so there's a (relatively small) chance it's something else. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Find out what is doing this
Crank up auditing on the file and see who's accessing it. Also, with process monitor, see what other processes are involved... *** Charlie Kaiser charl...@golden-eagle.org Kingman, AZ *** -Original Message- From: itli...@imcu.com [mailto:itli...@imcu.com] Sent: Thursday, March 31, 2011 7:02 AM To: NT System Admin Issues Subject: RE: Find out what is doing this No backups at the time of error. -Original Message- From: Charlie Kaiser [mailto:charl...@golden-eagle.org] Posted At: Thursday, March 31, 2011 9:58 AM Posted To: itli...@imcu.com Conversation: Find out what is doing this Subject: RE: Find out what is doing this Is there a backup going on at that time? *** Charlie Kaiser charl...@golden-eagle.org Kingman, AZ *** -Original Message- From: itli...@imcu.com [mailto:itli...@imcu.com] Sent: Thursday, March 31, 2011 6:55 AM To: NT System Admin Issues Subject: RE: Find out what is doing this Here is the process .bat creates setenv.bat in dir x About every 60 seconds all day long. At around 11:00pm each night this process fails with a sharing violation of setenv.bat. Rerun the automated task and it runs. The problem is this file is being Created all day long no issues just around 11:00pm. With process monitor we see the sharing violation but can't tell what was trying to share it or what was sharing it at the time?? Need more guidance with process monitor I guess? Can I turn on auditing for dir x ? Will Windows give me more of a feel for what failed? -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Posted At: Thursday, March 31, 2011 9:34 AM Posted To: itli...@imcu.com Conversation: Find out what is doing this Subject: Re: Find out what is doing this On Thu, Mar 31, 2011 at 9:21 AM, itli...@imcu.com itli...@imcu.com wrote: Have a third party that creates a file before it runs. You need to explain that using a lot more words. :) We're also using a piece of software called Process Monitor and we were able to pin it down last night to a 'Sharing Violation' . Sharing Violation nominally means a file was already open or locked when the program tried to access it. Of course, that's also one of the error codes that Microsoft sometimes uses for completely unrelated things, so there's a (relatively small) chance it's something else. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Windows Web Server 2008 R2
Not allowed. *Q.* Can I use Windows Web Server 2008 R2 as a file server or a remote desktop server? https://mail.google.com/mail/html/compose/static_files/blank_quirks.html# *A.* No. Windows Web Server 2008 R2 can be used solely to deploy Internet-accessible front-end Web pages, Web sites, Web applications, Web services, and POP3 mail serving. For more information, see the Licensing Windows Web Server 2008 R2https://mail.google.com/windowsserver2008/en/us/licensing-web-server.aspxpage. On Thu, Mar 31, 2011 at 10:00 AM, Lewin, Greg le...@infimed.com wrote: All, I have a need for a new file server that will only have a few users on it at any given time(Under 5 ). I have an available license for Windows Web Server 2008 R2.I’m looking to save money and thought This might work for the OS. I have never used this version of Windows before and would appreciate any thoughts on whether Or not this is feasible or am I reaching here. Thanks Greg ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Find out what is doing this
Is there another task that runs setenv.bat at 11pm? If so, that'll cause your sharing violation, because they both fire at the same time, and the file can't be saved. On Thu, Mar 31, 2011 at 10:05 AM, Charlie Kaiser charl...@golden-eagle.orgwrote: Crank up auditing on the file and see who's accessing it. Also, with process monitor, see what other processes are involved... *** Charlie Kaiser charl...@golden-eagle.org Kingman, AZ *** -Original Message- From: itli...@imcu.com [mailto:itli...@imcu.com] Sent: Thursday, March 31, 2011 7:02 AM To: NT System Admin Issues Subject: RE: Find out what is doing this No backups at the time of error. -Original Message- From: Charlie Kaiser [mailto:charl...@golden-eagle.org] Posted At: Thursday, March 31, 2011 9:58 AM Posted To: itli...@imcu.com Conversation: Find out what is doing this Subject: RE: Find out what is doing this Is there a backup going on at that time? *** Charlie Kaiser charl...@golden-eagle.org Kingman, AZ *** -Original Message- From: itli...@imcu.com [mailto:itli...@imcu.com] Sent: Thursday, March 31, 2011 6:55 AM To: NT System Admin Issues Subject: RE: Find out what is doing this Here is the process .bat creates setenv.bat in dir x About every 60 seconds all day long. At around 11:00pm each night this process fails with a sharing violation of setenv.bat. Rerun the automated task and it runs. The problem is this file is being Created all day long no issues just around 11:00pm. With process monitor we see the sharing violation but can't tell what was trying to share it or what was sharing it at the time?? Need more guidance with process monitor I guess? Can I turn on auditing for dir x ? Will Windows give me more of a feel for what failed? -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Posted At: Thursday, March 31, 2011 9:34 AM Posted To: itli...@imcu.com Conversation: Find out what is doing this Subject: Re: Find out what is doing this On Thu, Mar 31, 2011 at 9:21 AM, itli...@imcu.com itli...@imcu.com wrote: Have a third party that creates a file before it runs. You need to explain that using a lot more words. :) We're also using a piece of software called Process Monitor and we were able to pin it down last night to a 'Sharing Violation' . Sharing Violation nominally means a file was already open or locked when the program tried to access it. Of course, that's also one of the error codes that Microsoft sometimes uses for completely unrelated things, so there's a (relatively small) chance it's something else. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Find out what is doing this
We are putting process monitor on all servers to see who might be using it but we haven't found any so far. Could a local security policy or gpo cause this kind of issue? From: Jonathan Link [mailto:jonathan.l...@gmail.com] Posted At: Thursday, March 31, 2011 10:09 AM Posted To: itli...@imcu.com Conversation: Find out what is doing this Subject: Re: Find out what is doing this Is there another task that runs setenv.bat at 11pm? If so, that'll cause your sharing violation, because they both fire at the same time, and the file can't be saved. On Thu, Mar 31, 2011 at 10:05 AM, Charlie Kaiser charl...@golden-eagle.org wrote: Crank up auditing on the file and see who's accessing it. Also, with process monitor, see what other processes are involved... *** Charlie Kaiser charl...@golden-eagle.org Kingman, AZ *** -Original Message- From: itli...@imcu.com [mailto:itli...@imcu.com] Sent: Thursday, March 31, 2011 7:02 AM To: NT System Admin Issues Subject: RE: Find out what is doing this No backups at the time of error. -Original Message- From: Charlie Kaiser [mailto:charl...@golden-eagle.org] Posted At: Thursday, March 31, 2011 9:58 AM Posted To: itli...@imcu.com Conversation: Find out what is doing this Subject: RE: Find out what is doing this Is there a backup going on at that time? *** Charlie Kaiser charl...@golden-eagle.org Kingman, AZ *** -Original Message- From: itli...@imcu.com [mailto:itli...@imcu.com] Sent: Thursday, March 31, 2011 6:55 AM To: NT System Admin Issues Subject: RE: Find out what is doing this Here is the process .bat creates setenv.bat in dir x About every 60 seconds all day long. At around 11:00pm each night this process fails with a sharing violation of setenv.bat. Rerun the automated task and it runs. The problem is this file is being Created all day long no issues just around 11:00pm. With process monitor we see the sharing violation but can't tell what was trying to share it or what was sharing it at the time?? Need more guidance with process monitor I guess? Can I turn on auditing for dir x ? Will Windows give me more of a feel for what failed? -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Posted At: Thursday, March 31, 2011 9:34 AM Posted To: itli...@imcu.com Conversation: Find out what is doing this Subject: Re: Find out what is doing this On Thu, Mar 31, 2011 at 9:21 AM, itli...@imcu.com itli...@imcu.com wrote: Have a third party that creates a file before it runs. You need to explain that using a lot more words. :) We're also using a piece of software called Process Monitor and we were able to pin it down last night to a 'Sharing Violation' . Sharing Violation nominally means a file was already open or locked when the program tried to access it. Of course, that's also one of the error codes that Microsoft sometimes uses for completely unrelated things, so there's a (relatively small) chance it's something else. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here:
Re: OT - Parental Controls
Oh, she doesn't use it enough to be of concern really. If she did, she'd have noticed I deactivated it. I only deactivated because I am anal about closing down unused accounts. On 31 March 2011 14:54, Steven M. Caesare scaes...@caesare.com wrote: I do. I also have a wife. Life Consequences have to be the solution. For my _CHILDREN_ those consequences may be tha backend end of attempting to circumvent my technical constraints. If I have to resort to that for my _WIFE_, then there are bigger issues at play. -sc -Original Message- From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Thursday, March 31, 2011 9:51 AM To: NT System Admin Issues Subject: RE: OT - Parental Controls You apparently don't have kids. :-) Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: Steven M. Caesare [mailto:scaes...@caesare.com] Sent: Thursday, March 31, 2011 9:47 AM To: NT System Admin Issues Subject: RE: OT - Parental Controls There are seldom good technical solutions to behavioral problems. Man... first time I've seen that old adage here apropos for non-work environment. -sc -Original Message- From: Adam Buckland [mailto:adam.buckl...@eurohill.com] Sent: Thursday, March 31, 2011 8:46 AM To: NT System Admin Issues Subject: RE: OT - Parental Controls Think I'll give this a try I'm not concerned about the sites... I just want to keep my wife off facebook 8 hours a day and am fed up with her asking me to take her laptop to work so she can't use it. -Original Message- From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] Sent: 28 March 2011 19:35 To: NT System Admin Issues Subject: Re: OT - Parental Controls I use K-9 at home on my daughter's computer. It's nice, because it lets out an audible bark if she hits a bad site... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt- software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt- software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt- software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. *IMPORTANT: This email is intended for the use of the individual addressee(s) named above and may contain information that is confidential, privileged or unsuitable for overly sensitive persons with low self-esteem, no sense of humour or irrational religious beliefs. If you are not the intended recipient, any dissemination, distribution or copying of this email is not authorised (either explicitly or implicitly) and constitutes an irritating social faux pas. Unless the word absquatulation has been used in its correct context somewhere other than in this warning, it does not have any legal or no grammatical use and may be ignored. No animals were harmed in the transmission of this email, although the kelpie next door is living on borrowed time, let me tell you. Those of you with an overwhelming fear of the unknown will be gratified to learn that there is no hidden message revealed by reading this warning backwards, so just ignore that Alert Notice from Microsoft. However, by pouring a complete circle of salt around yourself and your computer you can ensure that no harm befalls you and your pets. If you have received this email in error, please add some nutmeg and egg whites, whisk and place in a warm oven for 40 minutes.* ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here:
Re: Find out what is doing this
You're creating a batch file every 60 seconds, for some reason. At some point, one would expect it to run... I guess I am unclear on the process taking place. Is it creating the file and then running the file every 60 seconds? Or is it just creating the file every 60 seconds, and only running it once per day at 11pm? Could? I am not sure. Have you changed anything recently. On Thu, Mar 31, 2011 at 10:15 AM, itli...@imcu.com itli...@imcu.com wrote: We are putting process monitor on all servers to see who might be using it but we haven’t found any so far. Could a local security policy or gpo cause this kind of issue? *From:* Jonathan Link [mailto:jonathan.l...@gmail.com] *Posted At:* Thursday, March 31, 2011 10:09 AM *Posted To:* itli...@imcu.com *Conversation:* Find out what is doing this *Subject:* Re: Find out what is doing this Is there another task that runs setenv.bat at 11pm? If so, that'll cause your sharing violation, because they both fire at the same time, and the file can't be saved. On Thu, Mar 31, 2011 at 10:05 AM, Charlie Kaiser charl...@golden-eagle.org wrote: Crank up auditing on the file and see who's accessing it. Also, with process monitor, see what other processes are involved... *** Charlie Kaiser charl...@golden-eagle.org Kingman, AZ *** -Original Message- From: itli...@imcu.com [mailto:itli...@imcu.com] Sent: Thursday, March 31, 2011 7:02 AM To: NT System Admin Issues Subject: RE: Find out what is doing this No backups at the time of error. -Original Message- From: Charlie Kaiser [mailto:charl...@golden-eagle.org] Posted At: Thursday, March 31, 2011 9:58 AM Posted To: itli...@imcu.com Conversation: Find out what is doing this Subject: RE: Find out what is doing this Is there a backup going on at that time? *** Charlie Kaiser charl...@golden-eagle.org Kingman, AZ *** -Original Message- From: itli...@imcu.com [mailto:itli...@imcu.com] Sent: Thursday, March 31, 2011 6:55 AM To: NT System Admin Issues Subject: RE: Find out what is doing this Here is the process .bat creates setenv.bat in dir x About every 60 seconds all day long. At around 11:00pm each night this process fails with a sharing violation of setenv.bat. Rerun the automated task and it runs. The problem is this file is being Created all day long no issues just around 11:00pm. With process monitor we see the sharing violation but can't tell what was trying to share it or what was sharing it at the time?? Need more guidance with process monitor I guess? Can I turn on auditing for dir x ? Will Windows give me more of a feel for what failed? -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Posted At: Thursday, March 31, 2011 9:34 AM Posted To: itli...@imcu.com Conversation: Find out what is doing this Subject: Re: Find out what is doing this On Thu, Mar 31, 2011 at 9:21 AM, itli...@imcu.com itli...@imcu.com wrote: Have a third party that creates a file before it runs. You need to explain that using a lot more words. :) We're also using a piece of software called Process Monitor and we were able to pin it down last night to a 'Sharing Violation' . Sharing Violation nominally means a file was already open or locked when the program tried to access it. Of course, that's also one of the error codes that Microsoft sometimes uses for completely unrelated things, so there's a (relatively small) chance it's something else. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/
RE: Find out what is doing this
Creating every 60 seconds or so. It is an environment variable batch creation. Creates time, date, etc... We had to stop a bunch of WSUS GPO's because of network lag. We have them all back on and we have rebooted all servers since but I am really thinking the coincidence lies with the disabling and enabling of the gpo's. From: Jonathan Link [mailto:jonathan.l...@gmail.com] Posted At: Thursday, March 31, 2011 10:23 AM Posted To: itli...@imcu.com Conversation: Find out what is doing this Subject: Re: Find out what is doing this You're creating a batch file every 60 seconds, for some reason. At some point, one would expect it to run... I guess I am unclear on the process taking place. Is it creating the file and then running the file every 60 seconds? Or is it just creating the file every 60 seconds, and only running it once per day at 11pm? Could? I am not sure. Have you changed anything recently. On Thu, Mar 31, 2011 at 10:15 AM, itli...@imcu.com itli...@imcu.com wrote: We are putting process monitor on all servers to see who might be using it but we haven't found any so far. Could a local security policy or gpo cause this kind of issue? From: Jonathan Link [mailto:jonathan.l...@gmail.com] Posted At: Thursday, March 31, 2011 10:09 AM Posted To: itli...@imcu.com Conversation: Find out what is doing this Subject: Re: Find out what is doing this Is there another task that runs setenv.bat at 11pm? If so, that'll cause your sharing violation, because they both fire at the same time, and the file can't be saved. On Thu, Mar 31, 2011 at 10:05 AM, Charlie Kaiser charl...@golden-eagle.org wrote: Crank up auditing on the file and see who's accessing it. Also, with process monitor, see what other processes are involved... *** Charlie Kaiser charl...@golden-eagle.org Kingman, AZ *** -Original Message- From: itli...@imcu.com [mailto:itli...@imcu.com] Sent: Thursday, March 31, 2011 7:02 AM To: NT System Admin Issues Subject: RE: Find out what is doing this No backups at the time of error. -Original Message- From: Charlie Kaiser [mailto:charl...@golden-eagle.org] Posted At: Thursday, March 31, 2011 9:58 AM Posted To: itli...@imcu.com Conversation: Find out what is doing this Subject: RE: Find out what is doing this Is there a backup going on at that time? *** Charlie Kaiser charl...@golden-eagle.org Kingman, AZ *** -Original Message- From: itli...@imcu.com [mailto:itli...@imcu.com] Sent: Thursday, March 31, 2011 6:55 AM To: NT System Admin Issues Subject: RE: Find out what is doing this Here is the process .bat creates setenv.bat in dir x About every 60 seconds all day long. At around 11:00pm each night this process fails with a sharing violation of setenv.bat. Rerun the automated task and it runs. The problem is this file is being Created all day long no issues just around 11:00pm. With process monitor we see the sharing violation but can't tell what was trying to share it or what was sharing it at the time?? Need more guidance with process monitor I guess? Can I turn on auditing for dir x ? Will Windows give me more of a feel for what failed? -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Posted At: Thursday, March 31, 2011 9:34 AM Posted To: itli...@imcu.com Conversation: Find out what is doing this Subject: Re: Find out what is doing this On Thu, Mar 31, 2011 at 9:21 AM, itli...@imcu.com itli...@imcu.com wrote: Have a third party that creates a file before it runs. You need to explain that using a lot more words. :) We're also using a piece of software called Process Monitor and we were able to pin it down last night to a 'Sharing Violation' . Sharing Violation nominally means a file was already open or locked when the program tried to access it. Of course, that's also one of the error codes that Microsoft sometimes uses for completely unrelated things, so there's a (relatively small) chance it's something else. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Find out what is doing this
What? I don't understand what the batch file is doing. AND. Creation of the batch file is not running of the batch file. You haven't answered that specific question. When does the batch file run? I'm clear on when it gets created. On Thu, Mar 31, 2011 at 10:27 AM, itli...@imcu.com itli...@imcu.com wrote: Creating every 60 seconds or so. It is an environment variable batch creation. Creates time, date, etc… We had to stop a bunch of WSUS GPO’s because of network lag. We have them all back on and we have rebooted all servers since but I am really thinking the coincidence lies with the disabling and enabling of the gpo’s. *From:* Jonathan Link [mailto:jonathan.l...@gmail.com] *Posted At:* Thursday, March 31, 2011 10:23 AM *Posted To:* itli...@imcu.com *Conversation:* Find out what is doing this *Subject:* Re: Find out what is doing this You're creating a batch file every 60 seconds, for some reason. At some point, one would expect it to run... I guess I am unclear on the process taking place. Is it creating the file and then running the file every 60 seconds? Or is it just creating the file every 60 seconds, and only running it once per day at 11pm? Could? I am not sure. Have you changed anything recently. On Thu, Mar 31, 2011 at 10:15 AM, itli...@imcu.com itli...@imcu.com wrote: We are putting process monitor on all servers to see who might be using it but we haven’t found any so far. Could a local security policy or gpo cause this kind of issue? *From:* Jonathan Link [mailto:jonathan.l...@gmail.com] *Posted At:* Thursday, March 31, 2011 10:09 AM *Posted To:* itli...@imcu.com *Conversation:* Find out what is doing this *Subject:* Re: Find out what is doing this Is there another task that runs setenv.bat at 11pm? If so, that'll cause your sharing violation, because they both fire at the same time, and the file can't be saved. On Thu, Mar 31, 2011 at 10:05 AM, Charlie Kaiser charl...@golden-eagle.org wrote: Crank up auditing on the file and see who's accessing it. Also, with process monitor, see what other processes are involved... *** Charlie Kaiser charl...@golden-eagle.org Kingman, AZ *** -Original Message- From: itli...@imcu.com [mailto:itli...@imcu.com] Sent: Thursday, March 31, 2011 7:02 AM To: NT System Admin Issues Subject: RE: Find out what is doing this No backups at the time of error. -Original Message- From: Charlie Kaiser [mailto:charl...@golden-eagle.org] Posted At: Thursday, March 31, 2011 9:58 AM Posted To: itli...@imcu.com Conversation: Find out what is doing this Subject: RE: Find out what is doing this Is there a backup going on at that time? *** Charlie Kaiser charl...@golden-eagle.org Kingman, AZ *** -Original Message- From: itli...@imcu.com [mailto:itli...@imcu.com] Sent: Thursday, March 31, 2011 6:55 AM To: NT System Admin Issues Subject: RE: Find out what is doing this Here is the process .bat creates setenv.bat in dir x About every 60 seconds all day long. At around 11:00pm each night this process fails with a sharing violation of setenv.bat. Rerun the automated task and it runs. The problem is this file is being Created all day long no issues just around 11:00pm. With process monitor we see the sharing violation but can't tell what was trying to share it or what was sharing it at the time?? Need more guidance with process monitor I guess? Can I turn on auditing for dir x ? Will Windows give me more of a feel for what failed? -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Posted At: Thursday, March 31, 2011 9:34 AM Posted To: itli...@imcu.com Conversation: Find out what is doing this Subject: Re: Find out what is doing this On Thu, Mar 31, 2011 at 9:21 AM, itli...@imcu.com itli...@imcu.com wrote: Have a third party that creates a file before it runs. You need to explain that using a lot more words. :) We're also using a piece of software called Process Monitor and we were able to pin it down last night to a 'Sharing Violation' . Sharing Violation nominally means a file was already open or locked when the program tried to access it. Of course, that's also one of the error codes that Microsoft sometimes uses for completely unrelated things, so there's a (relatively small) chance it's something else. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful
RE: Find out what is doing this
What time does your backup run? Shauna Hensala Subject: RE: Find out what is doing this Date: Thu, 31 Mar 2011 09:54:37 -0400 From: itli...@imcu.com To: ntsysadmin@lyris.sunbelt-software.com Here is the process .bat creates setenv.bat in dir x About every 60 seconds all day long. At around 11:00pm each night this process fails with a sharing violation of setenv.bat. Rerun the automated task and it runs. The problem is this file is being Created all day long no issues just around 11:00pm. With process monitor we see the sharing violation but can't tell what was trying to share it or what was sharing it at the time?? Need more guidance with process monitor I guess? Can I turn on auditing for dir x ? Will Windows give me more of a feel for what failed? -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Posted At: Thursday, March 31, 2011 9:34 AM Posted To: itli...@imcu.com Conversation: Find out what is doing this Subject: Re: Find out what is doing this On Thu, Mar 31, 2011 at 9:21 AM, itli...@imcu.com itli...@imcu.com wrote: Have a third party that creates a file before it runs. You need to explain that using a lot more words. :) We're also using a piece of software called Process Monitor and we were able to pin it down last night to a 'Sharing Violation' . Sharing Violation nominally means a file was already open or locked when the program tried to access it. Of course, that's also one of the error codes that Microsoft sometimes uses for completely unrelated things, so there's a (relatively small) chance it's something else. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Windows 7 Imaging
+1 for imagex and WDS. Free and easy if you already have the servers. On Thu, Mar 31, 2011 at 6:53 AM, Steve Ens stevey...@gmail.com wrote: +1 for imagex. On Thu, Mar 31, 2011 at 7:58 AM, Michael B. Smith mich...@smithcons.comwrote: I’m a little biased (because I developed courseware for the product), but the Microsoft Deployment Toolkit 2010 Update 1 is easy to use, light-touch – and free. If you need zero touch, System Center Configuration Manager does the job very well and is infinitely configurable. It isn’t, however, free. And it has a learning curve for that “infinitely configurable” part. The imaging process for Win7 is based on one of two options: VHD or WIM (Windows IMaging - and the VHD option is built on-top-of the WIM option, more-or-less). The preferred tool for creating images is ImageX, which is a Microsoft product (part of both MDT and SCCM). Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com *From:* Tom Miller [mailto:tmil...@hnncsb.org] *Sent:* Thursday, March 31, 2011 8:50 AM *To:* NT System Admin Issues *Subject:* Windows 7 Imaging Folks, We are working towards deploying Windows 7 (along with Office 2010) on current and future shipments of new laptops/PCs. We use syprep and Ghost for our XP image, and it works well. I'm looking for your suggestions/warnings/gotchas as to imaging for Windows 7. Favorite imaging tools, methods, etc? I don't do the imaging here, but my PC guy who does the images seems to be having a bit of a struggle with it compared to XP images, so I thought I'd as you experts. We already have a Dell Kace system management system here, and I'll be viewing a demo today for the imaging component (additional purchase). I'm open to anything that makes the process as painless as possible. If it matters we use Lenovo ThinkPads for our laptops and Dell Optiplex business PCs. Your comments are appreciated. Tom Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Find out what is doing this
I would also use handle.exe which should show you what process has what open at the time, I have a sneaking suspicion that your backup software has a lock on the file during the time. Can you have the backup software exclude the directory in which you run the batch file, and see if the lock alleviates. Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 -Original Message- From: Charlie Kaiser [mailto:charl...@golden-eagle.org] Sent: Thursday, March 31, 2011 10:06 AM To: NT System Admin Issues Subject: RE: Find out what is doing this Crank up auditing on the file and see who's accessing it. Also, with process monitor, see what other processes are involved... *** Charlie Kaiser charl...@golden-eagle.org Kingman, AZ *** -Original Message- From: itli...@imcu.com [mailto:itli...@imcu.com] Sent: Thursday, March 31, 2011 7:02 AM To: NT System Admin Issues Subject: RE: Find out what is doing this No backups at the time of error. -Original Message- From: Charlie Kaiser [mailto:charl...@golden-eagle.org] Posted At: Thursday, March 31, 2011 9:58 AM Posted To: itli...@imcu.com Conversation: Find out what is doing this Subject: RE: Find out what is doing this Is there a backup going on at that time? *** Charlie Kaiser charl...@golden-eagle.org Kingman, AZ *** -Original Message- From: itli...@imcu.com [mailto:itli...@imcu.com] Sent: Thursday, March 31, 2011 6:55 AM To: NT System Admin Issues Subject: RE: Find out what is doing this Here is the process .bat creates setenv.bat in dir x About every 60 seconds all day long. At around 11:00pm each night this process fails with a sharing violation of setenv.bat. Rerun the automated task and it runs. The problem is this file is being Created all day long no issues just around 11:00pm. With process monitor we see the sharing violation but can't tell what was trying to share it or what was sharing it at the time?? Need more guidance with process monitor I guess? Can I turn on auditing for dir x ? Will Windows give me more of a feel for what failed? -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Posted At: Thursday, March 31, 2011 9:34 AM Posted To: itli...@imcu.com Conversation: Find out what is doing this Subject: Re: Find out what is doing this On Thu, Mar 31, 2011 at 9:21 AM, itli...@imcu.com itli...@imcu.com wrote: Have a third party that creates a file before it runs. You need to explain that using a lot more words. :) We're also using a piece of software called Process Monitor and we were able to pin it down last night to a 'Sharing Violation' . Sharing Violation nominally means a file was already open or locked when the program tried to access it. Of course, that's also one of the error codes that Microsoft sometimes uses for completely unrelated things, so there's a (relatively small) chance it's something else. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here:
RE: Samsung keylogger with Vipre mention
I wrote a response this morning: http://sunbeltblog.blogspot.com/2011/03/samsung-laptops-do-not-have-keylogger.html Alex From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Thursday, March 31, 2011 9:20 AM To: NT System Admin Issues Subject: RE: Samsung keylogger with Vipre mention I find fault with both. :) I agree with you. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Thursday, March 31, 2011 9:18 AM To: NT System Admin Issues Subject: Re: Samsung keylogger with Vipre mention Oh, I agree, but you seem to be finding fault with the tool. I find fault witht he professional using the tool. It seems to me, that many of us forget to test for repeatability, and fewer know how to do to that properly. My opinion of a security research trying to make a name for himself, and there's no doubt that's what this episode was all about, should have enough intellectual rigor to attack the problem from all angles before publishing findings. If I'm a client of NetSec Consulting (firm he founded), and I catch wind of this, I won't be a client for very long. On Thu, Mar 31, 2011 at 9:08 AM, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: The challenge/issue here is that every AV has false positives. Most of them, however, don't get written up and /.'ed. The original author should've tested with multiple engines. And, as Vipre starts to play with the big boys, they are going to get big-boy levels of attention... Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.comhttp://theessentialexchange.com/ From: Jonathan Link [mailto:jonathan.l...@gmail.commailto:jonathan.l...@gmail.com] Sent: Thursday, March 31, 2011 9:04 AM To: NT System Admin Issues Subject: Re: Samsung keylogger with Vipre mention Has someone had a career changing event? On Thu, Mar 31, 2011 at 9:01 AM, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: And it's easily possible to reproduce with Vipre... It's a false alarm. http://www.theregister.co.uk/2011/03/31/samsung_keylogger_rumour_debunked/ Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.comhttp://theessentialexchange.com/ From: Ken Schaefer [mailto:k...@adopenstatic.commailto:k...@adopenstatic.com] Sent: Thursday, March 31, 2011 7:44 AM To: NT System Admin Issues Subject: RE: Samsung keylogger with Vipre mention Samsung denies, according to their blog: http://www.samsungtomorrow.com/1071 Cheers Ken From: Andrew S. Baker [mailto:asbz...@gmail.commailto:asbz...@gmail.com] Sent: Thursday, 31 March 2011 7:10 PM To: NT System Admin Issues Subject: Re: Samsung keylogger with Vipre mention Nothing substantiated as yet, however. ASB (Professional Biohttp://about.me/Andrew.S.Baker/bio) Technology Services that Maximize Business Results... On Thu, Mar 31, 2011 at 7:01 AM, chipsh...@comcast.netmailto:chipsh...@comcast.net wrote: Interesting: http://news.cnet.com/8301-27080_3-20048896-245.html ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource
Re: Samsung keylogger with Vipre mention
False positives are an unfortunate fact of detection, in any shape or form. I think, as others have said, Mr Hasan needs to concentrate on verifying his facts rather than chasing the media to get his name out there. *Security researcher*? H On 31 March 2011 16:35, Alex Eckelberry al...@sunbelt-software.com wrote: I wrote a response this morning: http://sunbeltblog.blogspot.com/2011/03/samsung-laptops-do-not-have-keylogger.html Alex *From:* Michael B. Smith [mailto:mich...@smithcons.com] *Sent:* Thursday, March 31, 2011 9:20 AM *To:* NT System Admin Issues *Subject:* RE: Samsung keylogger with Vipre mention I find fault with both. J I agree with you. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com *From:* Jonathan Link [mailto:jonathan.l...@gmail.com] *Sent:* Thursday, March 31, 2011 9:18 AM *To:* NT System Admin Issues *Subject:* Re: Samsung keylogger with Vipre mention Oh, I agree, but you seem to be finding fault with the tool. I find fault witht he professional using the tool. It seems to me, that many of us forget to test for repeatability, and fewer know how to do to that properly. My opinion of a security research trying to make a name for himself, and there's no doubt that's what this episode was all about, should have enough intellectual rigor to attack the problem from all angles before publishing findings. If I'm a client of NetSec Consulting (firm he founded), and I catch wind of this, I won't be a client for very long. On Thu, Mar 31, 2011 at 9:08 AM, Michael B. Smith mich...@smithcons.com wrote: The challenge/issue here is that every AV has false positives. Most of them, however, don’t get written up and /.’ed. The original author should’ve tested with multiple engines. And, as Vipre starts to play with the big boys, they are going to get “big-boy” levels of attention… Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com http://theessentialexchange.com/ *From:* Jonathan Link [mailto:jonathan.l...@gmail.com] *Sent:* Thursday, March 31, 2011 9:04 AM *To:* NT System Admin Issues *Subject:* Re: Samsung keylogger with Vipre mention Has someone had a career changing event? On Thu, Mar 31, 2011 at 9:01 AM, Michael B. Smith mich...@smithcons.com wrote: And it’s easily possible to reproduce with Vipre… It’s a false alarm. http://www.theregister.co.uk/2011/03/31/samsung_keylogger_rumour_debunked/ Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com http://theessentialexchange.com/ *From:* Ken Schaefer [mailto:k...@adopenstatic.com] *Sent:* Thursday, March 31, 2011 7:44 AM *To:* NT System Admin Issues *Subject:* RE: Samsung keylogger with Vipre mention Samsung denies, according to their blog: http://www.samsungtomorrow.com/1071 Cheers Ken *From:* Andrew S. Baker [mailto:asbz...@gmail.com] *Sent:* Thursday, 31 March 2011 7:10 PM *To:* NT System Admin Issues *Subject:* Re: Samsung keylogger with Vipre mention Nothing substantiated as yet, however. *ASB *(Professional Bio http://about.me/Andrew.S.Baker/bio) *Technology Services that Maximize Business Results...** * * * On Thu, Mar 31, 2011 at 7:01 AM, chipsh...@comcast.net wrote: Interesting: http://news.cnet.com/8301-27080_3-20048896-245.html ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to
Re: Samsung keylogger with Vipre mention
I think you apologizing to Mr. Hassan is over and above the call of duty, and just illustrates why I recommend Vipre to clients, friends and family. You guys stand behind your product, and own your mistakes. Nothing is perfect, but the people that are behind the product really do make a difference. As a security researcher, he has a greater duty than relying on a single piece of software to make a determination of whether or not something is malware. On Thu, Mar 31, 2011 at 11:35 AM, Alex Eckelberry al...@sunbelt-software.com wrote: I wrote a response this morning: http://sunbeltblog.blogspot.com/2011/03/samsung-laptops-do-not-have-keylogger.html Alex *From:* Michael B. Smith [mailto:mich...@smithcons.com] *Sent:* Thursday, March 31, 2011 9:20 AM *To:* NT System Admin Issues *Subject:* RE: Samsung keylogger with Vipre mention I find fault with both. J I agree with you. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com http://theessentialexchange.com/ *From:* Jonathan Link [mailto:jonathan.l...@gmail.com] *Sent:* Thursday, March 31, 2011 9:18 AM *To:* NT System Admin Issues *Subject:* Re: Samsung keylogger with Vipre mention Oh, I agree, but you seem to be finding fault with the tool. I find fault witht he professional using the tool. It seems to me, that many of us forget to test for repeatability, and fewer know how to do to that properly. My opinion of a security research trying to make a name for himself, and there's no doubt that's what this episode was all about, should have enough intellectual rigor to attack the problem from all angles before publishing findings. If I'm a client of NetSec Consulting (firm he founded), and I catch wind of this, I won't be a client for very long. On Thu, Mar 31, 2011 at 9:08 AM, Michael B. Smith mich...@smithcons.com wrote: The challenge/issue here is that every AV has false positives. Most of them, however, don’t get written up and /.’ed. The original author should’ve tested with multiple engines. And, as Vipre starts to play with the big boys, they are going to get “big-boy” levels of attention… Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com http://theessentialexchange.com/ *From:* Jonathan Link [mailto:jonathan.l...@gmail.com] *Sent:* Thursday, March 31, 2011 9:04 AM *To:* NT System Admin Issues *Subject:* Re: Samsung keylogger with Vipre mention Has someone had a career changing event? On Thu, Mar 31, 2011 at 9:01 AM, Michael B. Smith mich...@smithcons.com wrote: And it’s easily possible to reproduce with Vipre… It’s a false alarm. http://www.theregister.co.uk/2011/03/31/samsung_keylogger_rumour_debunked/ Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com http://theessentialexchange.com/ *From:* Ken Schaefer [mailto:k...@adopenstatic.com] *Sent:* Thursday, March 31, 2011 7:44 AM *To:* NT System Admin Issues *Subject:* RE: Samsung keylogger with Vipre mention Samsung denies, according to their blog: http://www.samsungtomorrow.com/1071 Cheers Ken *From:* Andrew S. Baker [mailto:asbz...@gmail.com] *Sent:* Thursday, 31 March 2011 7:10 PM *To:* NT System Admin Issues *Subject:* Re: Samsung keylogger with Vipre mention Nothing substantiated as yet, however. *ASB *(Professional Bio http://about.me/Andrew.S.Baker/bio) *Technology Services that Maximize Business Results...** * * * On Thu, Mar 31, 2011 at 7:01 AM, chipsh...@comcast.net wrote: Interesting: http://news.cnet.com/8301-27080_3-20048896-245.html ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe
Re: Find out what is doing this
It might help if you post a sanitized copy of the script, rather than trying to describe it like in the current fashion. The easiest guess, with a sharing violation, is that the file is locked for reading or writing by a process other than the one which the scheduled job is running under. That, or that scheduled job credentials are inadequate. *ASB *(Professional Bio http://about.me/Andrew.S.Baker/bio) *Technology Services that Maximize Business Results... * On Thu, Mar 31, 2011 at 10:27 AM, itli...@imcu.com itli...@imcu.com wrote: Creating every 60 seconds or so. It is an environment variable batch creation. Creates time, date, etc… We had to stop a bunch of WSUS GPO’s because of network lag. We have them all back on and we have rebooted all servers since but I am really thinking the coincidence lies with the disabling and enabling of the gpo’s. *From:* Jonathan Link [mailto:jonathan.l...@gmail.com] *Posted At:* Thursday, March 31, 2011 10:23 AM *Posted To:* itli...@imcu.com *Conversation:* Find out what is doing this *Subject:* Re: Find out what is doing this You're creating a batch file every 60 seconds, for some reason. At some point, one would expect it to run... I guess I am unclear on the process taking place. Is it creating the file and then running the file every 60 seconds? Or is it just creating the file every 60 seconds, and only running it once per day at 11pm? Could? I am not sure. Have you changed anything recently. On Thu, Mar 31, 2011 at 10:15 AM, itli...@imcu.com itli...@imcu.com wrote: We are putting process monitor on all servers to see who might be using it but we haven’t found any so far. Could a local security policy or gpo cause this kind of issue? *From:* Jonathan Link [mailto:jonathan.l...@gmail.com] *Posted At:* Thursday, March 31, 2011 10:09 AM *Posted To:* itli...@imcu.com *Conversation:* Find out what is doing this *Subject:* Re: Find out what is doing this Is there another task that runs setenv.bat at 11pm? If so, that'll cause your sharing violation, because they both fire at the same time, and the file can't be saved. On Thu, Mar 31, 2011 at 10:05 AM, Charlie Kaiser charl...@golden-eagle.org wrote: Crank up auditing on the file and see who's accessing it. Also, with process monitor, see what other processes are involved... *** Charlie Kaiser charl...@golden-eagle.org Kingman, AZ *** -Original Message- From: itli...@imcu.com [mailto:itli...@imcu.com] Sent: Thursday, March 31, 2011 7:02 AM To: NT System Admin Issues Subject: RE: Find out what is doing this No backups at the time of error. -Original Message- From: Charlie Kaiser [mailto:charl...@golden-eagle.org] Posted At: Thursday, March 31, 2011 9:58 AM Posted To: itli...@imcu.com Conversation: Find out what is doing this Subject: RE: Find out what is doing this Is there a backup going on at that time? *** Charlie Kaiser charl...@golden-eagle.org Kingman, AZ *** -Original Message- From: itli...@imcu.com [mailto:itli...@imcu.com] Sent: Thursday, March 31, 2011 6:55 AM To: NT System Admin Issues Subject: RE: Find out what is doing this Here is the process .bat creates setenv.bat in dir x About every 60 seconds all day long. At around 11:00pm each night this process fails with a sharing violation of setenv.bat. Rerun the automated task and it runs. The problem is this file is being Created all day long no issues just around 11:00pm. With process monitor we see the sharing violation but can't tell what was trying to share it or what was sharing it at the time?? Need more guidance with process monitor I guess? Can I turn on auditing for dir x ? Will Windows give me more of a feel for what failed? -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Posted At: Thursday, March 31, 2011 9:34 AM Posted To: itli...@imcu.com Conversation: Find out what is doing this Subject: Re: Find out what is doing this On Thu, Mar 31, 2011 at 9:21 AM, itli...@imcu.com itli...@imcu.com wrote: Have a third party that creates a file before it runs. You need to explain that using a lot more words. :) We're also using a piece of software called Process Monitor and we were able to pin it down last night to a 'Sharing Violation' . Sharing Violation nominally means a file was already open or locked when the program tried to access it. Of course, that's also one of the error codes that Microsoft sometimes uses for completely unrelated things, so there's a (relatively small) chance it's something else. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ---
RE: Samsung keylogger with Vipre mention
I think you were astonishingly gracious. Props to you! Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Alex Eckelberry [mailto:al...@sunbelt-software.com] Sent: Thursday, March 31, 2011 11:36 AM To: NT System Admin Issues Subject: RE: Samsung keylogger with Vipre mention I wrote a response this morning: http://sunbeltblog.blogspot.com/2011/03/samsung-laptops-do-not-have-keylogger.html Alex From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Thursday, March 31, 2011 9:20 AM To: NT System Admin Issues Subject: RE: Samsung keylogger with Vipre mention I find fault with both. :) I agree with you. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Thursday, March 31, 2011 9:18 AM To: NT System Admin Issues Subject: Re: Samsung keylogger with Vipre mention Oh, I agree, but you seem to be finding fault with the tool. I find fault witht he professional using the tool. It seems to me, that many of us forget to test for repeatability, and fewer know how to do to that properly. My opinion of a security research trying to make a name for himself, and there's no doubt that's what this episode was all about, should have enough intellectual rigor to attack the problem from all angles before publishing findings. If I'm a client of NetSec Consulting (firm he founded), and I catch wind of this, I won't be a client for very long. On Thu, Mar 31, 2011 at 9:08 AM, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: The challenge/issue here is that every AV has false positives. Most of them, however, don't get written up and /.'ed. The original author should've tested with multiple engines. And, as Vipre starts to play with the big boys, they are going to get big-boy levels of attention... Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.comhttp://theessentialexchange.com/ From: Jonathan Link [mailto:jonathan.l...@gmail.commailto:jonathan.l...@gmail.com] Sent: Thursday, March 31, 2011 9:04 AM To: NT System Admin Issues Subject: Re: Samsung keylogger with Vipre mention Has someone had a career changing event? On Thu, Mar 31, 2011 at 9:01 AM, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: And it's easily possible to reproduce with Vipre... It's a false alarm. http://www.theregister.co.uk/2011/03/31/samsung_keylogger_rumour_debunked/ Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.comhttp://theessentialexchange.com/ From: Ken Schaefer [mailto:k...@adopenstatic.commailto:k...@adopenstatic.com] Sent: Thursday, March 31, 2011 7:44 AM To: NT System Admin Issues Subject: RE: Samsung keylogger with Vipre mention Samsung denies, according to their blog: http://www.samsungtomorrow.com/1071 Cheers Ken From: Andrew S. Baker [mailto:asbz...@gmail.commailto:asbz...@gmail.com] Sent: Thursday, 31 March 2011 7:10 PM To: NT System Admin Issues Subject: Re: Samsung keylogger with Vipre mention Nothing substantiated as yet, however. ASB (Professional Biohttp://about.me/Andrew.S.Baker/bio) Technology Services that Maximize Business Results... On Thu, Mar 31, 2011 at 7:01 AM, chipsh...@comcast.netmailto:chipsh...@comcast.net wrote: Interesting: http://news.cnet.com/8301-27080_3-20048896-245.html ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
Re: Find out what is doing this
What a co-incidence, we had this happen recently and wrote a powershell script to run handle every minute around the time of the issue to find the cause. We found it was McAfee and that the database admin moved a database path and it was no longer excluded. In this example I picked word.exe at random -- start file # #Name: detectFileLocks.ps1 # Author: Steven Peck #Date: 3/17/2011 # Description: Script to check and log file locks on a specific file # Source: #Requires: Handle.exe from sysinternal in same directory as the source_directory # scheduled task # # Set date/time format $date = get-date -format M-d--HHmmss # set source directory $source_directory = c:\scripts\handle # set file to monitor $monitoredfile = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\word.exe # cmd and output $source_directory\handle.exe $monitoredfile | out-file $source_directory\$date.txt --- end file On Thu, Mar 31, 2011 at 8:29 AM, Ziots, Edward ezi...@lifespan.org wrote: I would also use handle.exe which should show you what process has what open at the time, I have a sneaking suspicion that your backup software has a lock on the file during the time. Can you have the backup software exclude the directory in which you run the batch file, and see if the lock alleviates. Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 -Original Message- From: Charlie Kaiser [mailto:charl...@golden-eagle.org] Sent: Thursday, March 31, 2011 10:06 AM To: NT System Admin Issues Subject: RE: Find out what is doing this Crank up auditing on the file and see who's accessing it. Also, with process monitor, see what other processes are involved... *** Charlie Kaiser charl...@golden-eagle.org Kingman, AZ *** -Original Message- From: itli...@imcu.com [mailto:itli...@imcu.com] Sent: Thursday, March 31, 2011 7:02 AM To: NT System Admin Issues Subject: RE: Find out what is doing this No backups at the time of error. -Original Message- From: Charlie Kaiser [mailto:charl...@golden-eagle.org] Posted At: Thursday, March 31, 2011 9:58 AM Posted To: itli...@imcu.com Conversation: Find out what is doing this Subject: RE: Find out what is doing this Is there a backup going on at that time? *** Charlie Kaiser charl...@golden-eagle.org Kingman, AZ *** -Original Message- From: itli...@imcu.com [mailto:itli...@imcu.com] Sent: Thursday, March 31, 2011 6:55 AM To: NT System Admin Issues Subject: RE: Find out what is doing this Here is the process .bat creates setenv.bat in dir x About every 60 seconds all day long. At around 11:00pm each night this process fails with a sharing violation of setenv.bat. Rerun the automated task and it runs. The problem is this file is being Created all day long no issues just around 11:00pm. With process monitor we see the sharing violation but can't tell what was trying to share it or what was sharing it at the time?? Need more guidance with process monitor I guess? Can I turn on auditing for dir x ? Will Windows give me more of a feel for what failed? -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Posted At: Thursday, March 31, 2011 9:34 AM Posted To: itli...@imcu.com Conversation: Find out what is doing this Subject: Re: Find out what is doing this On Thu, Mar 31, 2011 at 9:21 AM, itli...@imcu.com itli...@imcu.com wrote: Have a third party that creates a file before it runs. You need to explain that using a lot more words. :) We're also using a piece of software called Process Monitor and we were able to pin it down last night to a 'Sharing Violation' . Sharing Violation nominally means a file was already open or locked when the program tried to access it. Of course, that's also one of the error codes that Microsoft sometimes uses for completely unrelated things, so there's a (relatively small) chance it's something else. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ---
RE: Find out what is doing this
It is the tard101.exe that is trying to create a new setenv.bat to be used later in this process. Once we get the error on our phones we remote in and give the job a run and it runs no problem. ÉÍÍÍ»inst: in01 º Task Mode ºcomptype: 1_central º ºtimeout: 20 ÈÍÍͼmachine: ce01 ECHO is on. ECHO is on. 03/30/11 23:22:45ECHO is off. ECHO is off. Checking for a task to perform... \2900\exeopnt\fm\tapd101 Version 4.3.1 (Build 103 ANSI Release) Copyright (c) 1986-1992 Prologic Corporation. Copyright (c) 1993-1996 Prologic Computer Corporation. All rights reserved. Copyright (c) 1996-1997 Prologic Corporation. All rights reserved. Performing task... Running purgsahi: Opens purgesahi window and start purge process. \2900\exeopnt\rep\tard101 Version 4.3.1 (Build 103 ANSI Release) Copyright (c) 1986-1992 Prologic Corporation. Copyright (c) 1993-1996 Prologic Computer Corporation. All rights reserved. Copyright (c) 1996-1997 Prologic Corporation. All rights reserved. ERR_LFORM_COULDNT_OPEN(171): lform openoutfile couldn't open outfile 'setenv.bat '. The diag created by that error: Logged ERROR event ID c0ab category 6 'ERR_LFORM_COULDNT_OPEN(171): lform openoutfile couldn't open outfile 'setenv.bat'.' Context of error follows: PRM: Last PRM function called was:. PRM:PRMFind(cal,EQ,0xa2bee8,calixcode,0,0x0) [Success] PRM:Within the PRM function, the last ODBC function called was: SQL:SQLFetch(...) [SQL_SUCCESS] Most recent DOS Error before Exception: Permission denied (13) From: Andrew S. Baker [mailto:asbz...@gmail.com] Posted At: Thursday, March 31, 2011 11:43 AM Posted To: itli...@imcu.com Conversation: Find out what is doing this Subject: Re: Find out what is doing this It might help if you post a sanitized copy of the script, rather than trying to describe it like in the current fashion. The easiest guess, with a sharing violation, is that the file is locked for reading or writing by a process other than the one which the scheduled job is running under. That, or that scheduled job credentials are inadequate. ASB (Professional Bio http://about.me/Andrew.S.Baker/bio ) Technology Services that Maximize Business Results... On Thu, Mar 31, 2011 at 10:27 AM, itli...@imcu.com itli...@imcu.com wrote: Creating every 60 seconds or so. It is an environment variable batch creation. Creates time, date, etc... We had to stop a bunch of WSUS GPO's because of network lag. We have them all back on and we have rebooted all servers since but I am really thinking the coincidence lies with the disabling and enabling of the gpo's. From: Jonathan Link [mailto:jonathan.l...@gmail.com] Posted At: Thursday, March 31, 2011 10:23 AM Posted To: itli...@imcu.com Conversation: Find out what is doing this Subject: Re: Find out what is doing this You're creating a batch file every 60 seconds, for some reason. At some point, one would expect it to run... I guess I am unclear on the process taking place. Is it creating the file and then running the file every 60 seconds? Or is it just creating the file every 60 seconds, and only running it once per day at 11pm? Could? I am not sure. Have you changed anything recently. On Thu, Mar 31, 2011 at 10:15 AM, itli...@imcu.com itli...@imcu.com wrote: We are putting process monitor on all servers to see who might be using it but we haven't found any so far. Could a local security policy or gpo cause this kind of issue? From: Jonathan Link [mailto:jonathan.l...@gmail.com] Posted At: Thursday, March 31, 2011 10:09 AM Posted To: itli...@imcu.com Conversation: Find out what is doing this Subject: Re: Find out what is doing this Is there another task that runs setenv.bat at 11pm? If so, that'll cause your sharing violation, because they both fire at the same time, and the file can't be saved. On Thu, Mar 31, 2011 at 10:05 AM, Charlie Kaiser charl...@golden-eagle.org wrote: Crank up auditing on the file and see who's accessing it. Also, with process monitor,
Re: OT - Parental Controls
You ain't lying... *ASB *(Professional Bio http://about.me/Andrew.S.Baker/bio) *Technology Services that Maximize Business Results... * On Thu, Mar 31, 2011 at 9:54 AM, Steven M. Caesare scaes...@caesare.comwrote: I do. I also have a wife. Life Consequences have to be the solution. For my _CHILDREN_ those consequences may be tha backend end of attempting to circumvent my technical constraints. If I have to resort to that for my _WIFE_, then there are bigger issues at play. -sc -Original Message- From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Thursday, March 31, 2011 9:51 AM To: NT System Admin Issues Subject: RE: OT - Parental Controls You apparently don't have kids. :-) Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: Steven M. Caesare [mailto:scaes...@caesare.com] Sent: Thursday, March 31, 2011 9:47 AM To: NT System Admin Issues Subject: RE: OT - Parental Controls There are seldom good technical solutions to behavioral problems. Man... first time I've seen that old adage here apropos for non-work environment. -sc -Original Message- From: Adam Buckland [mailto:adam.buckl...@eurohill.com] Sent: Thursday, March 31, 2011 8:46 AM To: NT System Admin Issues Subject: RE: OT - Parental Controls Think I'll give this a try I'm not concerned about the sites... I just want to keep my wife off facebook 8 hours a day and am fed up with her asking me to take her laptop to work so she can't use it. -Original Message- From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] Sent: 28 March 2011 19:35 To: NT System Admin Issues Subject: Re: OT - Parental Controls I use K-9 at home on my daughter's computer. It's nice, because it lets out an audible bark if she hits a bad site... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Samsung keylogger with Vipre mention
GFI/Vipre displays a higher level of integrity than the researcher - IMHO. Shauna Hensala From: al...@sunbelt-software.com To: ntsysadmin@lyris.sunbelt-software.com Date: Thu, 31 Mar 2011 11:35:33 -0400 Subject: RE: Samsung keylogger with Vipre mention I wrote a response this morning: http://sunbeltblog.blogspot.com/2011/03/samsung-laptops-do-not-have-keylogger.html Alex From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Thursday, March 31, 2011 9:20 AM To: NT System Admin Issues Subject: RE: Samsung keylogger with Vipre mention I find fault with both. J I agree with you. Regards, Michael B. SmithConsultant and Exchange MVPhttp://TheEssentialExchange.com From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Thursday, March 31, 2011 9:18 AM To: NT System Admin Issues Subject: Re: Samsung keylogger with Vipre mention Oh, I agree, but you seem to be finding fault with the tool. I find fault witht he professional using the tool. It seems to me, that many of us forget to test for repeatability, and fewer know how to do to that properly. My opinion of a security research trying to make a name for himself, and there's no doubt that's what this episode was all about, should have enough intellectual rigor to attack the problem from all angles before publishing findings. If I'm a client of NetSec Consulting (firm he founded), and I catch wind of this, I won't be a client for very long. On Thu, Mar 31, 2011 at 9:08 AM, Michael B. Smith mich...@smithcons.com wrote:The challenge/issue here is that every AV has false positives. Most of them, however, don’t get written up and /.’ed. The original author should’ve tested with multiple engines. And, as Vipre starts to play with the big boys, they are going to get “big-boy” levels of attention… Regards, Michael B. SmithConsultant and Exchange MVPhttp://TheEssentialExchange.com From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Thursday, March 31, 2011 9:04 AM To: NT System Admin IssuesSubject: Re: Samsung keylogger with Vipre mention Has someone had a career changing event? On Thu, Mar 31, 2011 at 9:01 AM, Michael B. Smith mich...@smithcons.com wrote:And it’s easily possible to reproduce with Vipre… It’s a false alarm. http://www.theregister.co.uk/2011/03/31/samsung_keylogger_rumour_debunked/ Regards, Michael B. SmithConsultant and Exchange MVPhttp://TheEssentialExchange.com From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Thursday, March 31, 2011 7:44 AM To: NT System Admin IssuesSubject: RE: Samsung keylogger with Vipre mention Samsung denies, according to their blog:http://www.samsungtomorrow.com/1071 CheersKen From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, 31 March 2011 7:10 PM To: NT System Admin Issues Subject: Re: Samsung keylogger with Vipre mention Nothing substantiated as yet, however. ASB (Professional Bio) Technology Services that Maximize Business Results... On Thu, Mar 31, 2011 at 7:01 AM, chipsh...@comcast.net wrote:Interesting:http://news.cnet.com/8301-27080_3-20048896-245.html ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe
DP-8016p Panasonic 64bit compatible driver for W7
Anyone have an idea where to find it ? TIA GuidoElia HELPPC ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Samsung keylogger with Vipre mention
HIJACK!!! OTOH, GFI might want to reconsider the advertizing sticker on the front cover of Windows IT Pro. It's taste is rather questionable and really doesn't belong on the front cover. Shauna Hensala she...@msn.com 03/31/2011 10:49 AM Please respond to NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com To NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Press this button if the To is a fax number. Enter in the fax number like 123-456-7890. cc Subject RE: Samsung keylogger with Vipre mention GFI/Vipre displays a higher level of integrity than the researcher - IMHO. Shauna Hensala From: al...@sunbelt-software.com To: ntsysadmin@lyris.sunbelt-software.com Date: Thu, 31 Mar 2011 11:35:33 -0400 Subject: RE: Samsung keylogger with Vipre mention I wrote a response this morning: http://sunbeltblog.blogspot.com/2011/03/samsung-laptops-do-not-have-keylogger.html Alex From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Thursday, March 31, 2011 9:20 AM To: NT System Admin Issues Subject: RE: Samsung keylogger with Vipre mention I find fault with both. J I agree with you. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Thursday, March 31, 2011 9:18 AM To: NT System Admin Issues Subject: Re: Samsung keylogger with Vipre mention Oh, I agree, but you seem to be finding fault with the tool. I find fault witht he professional using the tool. It seems to me, that many of us forget to test for repeatability, and fewer know how to do to that properly. My opinion of a security research trying to make a name for himself, and there's no doubt that's what this episode was all about, should have enough intellectual rigor to attack the problem from all angles before publishing findings. If I'm a client of NetSec Consulting (firm he founded), and I catch wind of this, I won't be a client for very long. On Thu, Mar 31, 2011 at 9:08 AM, Michael B. Smith mich...@smithcons.com wrote: The challenge/issue here is that every AV has false positives. Most of them, however, don?t get written up and /.?ed. The original author should?ve tested with multiple engines. And, as Vipre starts to play with the big boys, they are going to get ?big-boy? levels of attention? Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Thursday, March 31, 2011 9:04 AM To: NT System Admin Issues Subject: Re: Samsung keylogger with Vipre mention Has someone had a career changing event? On Thu, Mar 31, 2011 at 9:01 AM, Michael B. Smith mich...@smithcons.com wrote: And it?s easily possible to reproduce with Vipre? It?s a false alarm. http://www.theregister.co.uk/2011/03/31/samsung_keylogger_rumour_debunked/ Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Thursday, March 31, 2011 7:44 AM To: NT System Admin Issues Subject: RE: Samsung keylogger with Vipre mention Samsung denies, according to their blog: http://www.samsungtomorrow.com/1071 Cheers Ken From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, 31 March 2011 7:10 PM To: NT System Admin Issues Subject: Re: Samsung keylogger with Vipre mention Nothing substantiated as yet, however. ASB (Professional Bio) Technology Services that Maximize Business Results... On Thu, Mar 31, 2011 at 7:01 AM, chipsh...@comcast.net wrote: Interesting: http://news.cnet.com/8301-27080_3-20048896-245.html ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that
RE: Samsung keylogger with Vipre mention
At least it didn't delete any Windows files like McAfee DAT 5958... From: James Rankin [mailto:kz2...@googlemail.com] Sent: Thursday, March 31, 2011 10:40 AM To: NT System Admin Issues Subject: Re: Samsung keylogger with Vipre mention False positives are an unfortunate fact of detection, in any shape or form. I think, as others have said, Mr Hasan needs to concentrate on verifying his facts rather than chasing the media to get his name out there. Security researcher? H On 31 March 2011 16:35, Alex Eckelberry al...@sunbelt-software.com wrote: I wrote a response this morning: http://sunbeltblog.blogspot.com/2011/03/samsung-laptops-do-not-have-keyl ogger.html Alex From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Thursday, March 31, 2011 9:20 AM To: NT System Admin Issues Subject: RE: Samsung keylogger with Vipre mention I find fault with both. J I agree with you. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Thursday, March 31, 2011 9:18 AM To: NT System Admin Issues Subject: Re: Samsung keylogger with Vipre mention Oh, I agree, but you seem to be finding fault with the tool. I find fault witht he professional using the tool. It seems to me, that many of us forget to test for repeatability, and fewer know how to do to that properly. My opinion of a security research trying to make a name for himself, and there's no doubt that's what this episode was all about, should have enough intellectual rigor to attack the problem from all angles before publishing findings. If I'm a client of NetSec Consulting (firm he founded), and I catch wind of this, I won't be a client for very long. On Thu, Mar 31, 2011 at 9:08 AM, Michael B. Smith mich...@smithcons.com wrote: The challenge/issue here is that every AV has false positives. Most of them, however, don't get written up and /.'ed. The original author should've tested with multiple engines. And, as Vipre starts to play with the big boys, they are going to get big-boy levels of attention... Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com http://theessentialexchange.com/ From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Thursday, March 31, 2011 9:04 AM To: NT System Admin Issues Subject: Re: Samsung keylogger with Vipre mention Has someone had a career changing event? On Thu, Mar 31, 2011 at 9:01 AM, Michael B. Smith mich...@smithcons.com wrote: And it's easily possible to reproduce with Vipre... It's a false alarm. http://www.theregister.co.uk/2011/03/31/samsung_keylogger_rumour_debunke d/ Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com http://theessentialexchange.com/ From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Thursday, March 31, 2011 7:44 AM To: NT System Admin Issues Subject: RE: Samsung keylogger with Vipre mention Samsung denies, according to their blog: http://www.samsungtomorrow.com/1071 Cheers Ken From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, 31 March 2011 7:10 PM To: NT System Admin Issues Subject: Re: Samsung keylogger with Vipre mention Nothing substantiated as yet, however. ASB (Professional Bio http://about.me/Andrew.S.Baker/bio ) Technology Services that Maximize Business Results... On Thu, Mar 31, 2011 at 7:01 AM, chipsh...@comcast.net wrote: Interesting: http://news.cnet.com/8301-27080_3-20048896-245.html ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
RE: Samsung keylogger with Vipre mention
If it's of questionable taste... clearly I need to see it. Link? -sc From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] Sent: Thursday, March 31, 2011 12:01 PM To: NT System Admin Issues Subject: RE: Samsung keylogger with Vipre mention HIJACK!!! OTOH, GFI might want to reconsider the advertizing sticker on the front cover of Windows IT Pro. It's taste is rather questionable and really doesn't belong on the front cover. Shauna Hensala she...@msn.com 03/31/2011 10:49 AM Please respond to NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com To NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Press this button if the To is a fax number. Enter in the fax number like 123-456-7890. cc Subject RE: Samsung keylogger with Vipre mention GFI/Vipre displays a higher level of integrity than the researcher - IMHO. Shauna Hensala From: al...@sunbelt-software.com To: ntsysadmin@lyris.sunbelt-software.com Date: Thu, 31 Mar 2011 11:35:33 -0400 Subject: RE: Samsung keylogger with Vipre mention I wrote a response this morning: http://sunbeltblog.blogspot.com/2011/03/samsung-laptops-do-not-have-keyl ogger.html http://sunbeltblog.blogspot.com/2011/03/samsung-laptops-do-not-have-key logger.html Alex From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Thursday, March 31, 2011 9:20 AM To: NT System Admin Issues Subject: RE: Samsung keylogger with Vipre mention I find fault with both. :-) I agree with you. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com http://theessentialexchange.com/ From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Thursday, March 31, 2011 9:18 AM To: NT System Admin Issues Subject: Re: Samsung keylogger with Vipre mention Oh, I agree, but you seem to be finding fault with the tool. I find fault witht he professional using the tool. It seems to me, that many of us forget to test for repeatability, and fewer know how to do to that properly. My opinion of a security research trying to make a name for himself, and there's no doubt that's what this episode was all about, should have enough intellectual rigor to attack the problem from all angles before publishing findings. If I'm a client of NetSec Consulting (firm he founded), and I catch wind of this, I won't be a client for very long. On Thu, Mar 31, 2011 at 9:08 AM, Michael B. Smith mich...@smithcons.com mailto:mich...@smithcons.com wrote: The challenge/issue here is that every AV has false positives. Most of them, however, don't get written up and /.'ed. The original author should've tested with multiple engines. And, as Vipre starts to play with the big boys, they are going to get big-boy levels of attention... Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com http://theessentialexchange.com/ From: Jonathan Link [mailto:jonathan.l...@gmail.com mailto:jonathan.l...@gmail.com ] Sent: Thursday, March 31, 2011 9:04 AM To: NT System Admin Issues Subject: Re: Samsung keylogger with Vipre mention Has someone had a career changing event? On Thu, Mar 31, 2011 at 9:01 AM, Michael B. Smith mich...@smithcons.com mailto:mich...@smithcons.com wrote: And it's easily possible to reproduce with Vipre... It's a false alarm. http://www.theregister.co.uk/2011/03/31/samsung_keylogger_rumour_debunke d/ http://www.theregister.co.uk/2011/03/31/samsung_keylogger_rumour_debunk ed/ Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com http://theessentialexchange.com/ From: Ken Schaefer [mailto:k...@adopenstatic.com mailto:k...@adopenstatic.com ] Sent: Thursday, March 31, 2011 7:44 AM To: NT System Admin Issues Subject: RE: Samsung keylogger with Vipre mention Samsung denies, according to their blog: http://www.samsungtomorrow.com/1071 http://www.samsungtomorrow.com/1071 Cheers Ken From: Andrew S. Baker [mailto:asbz...@gmail.com mailto:asbz...@gmail.com ] Sent: Thursday, 31 March 2011 7:10 PM To: NT System Admin Issues Subject: Re: Samsung keylogger with Vipre mention Nothing substantiated as yet, however. ASB (Professional Bio http://about.me/Andrew.S.Baker/bio ) Technology Services that Maximize Business Results... On Thu, Mar 31, 2011 at 7:01 AM, chipsh...@comcast.net mailto:chipsh...@comcast.net wrote: Interesting: http://news.cnet.com/8301-27080_3-20048896-245.html http://news.cnet.com/8301-27080_3-20048896-245.html ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ http://lyris.sunbelt-software.com/read/my_forums/ or send an email
Re: Samsung keylogger with Vipre mention
Yes? On Thu, Mar 31, 2011 at 12:15 PM, Steven M. Caesare scaes...@caesare.comwrote: If it’s of questionable taste… clearly I need to see it. Link? -sc *From:* richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] *Sent:* Thursday, March 31, 2011 12:01 PM *To:* NT System Admin Issues *Subject:* RE: Samsung keylogger with Vipre mention HIJACK!!! OTOH, GFI might want to reconsider the advertizing sticker on the front cover of Windows IT Pro. It's taste is rather questionable and really doesn't belong on the front cover. *Shauna Hensala she...@msn.com* 03/31/2011 10:49 AM Please respond to NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com To NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Press this button if the To is a fax number. Enter in the fax number like 123-456-7890. cc Subject RE: Samsung keylogger with Vipre mention GFI/Vipre displays a higher level of integrity than the researcher - IMHO. Shauna Hensala -- From: al...@sunbelt-software.com To: ntsysadmin@lyris.sunbelt-software.com Date: Thu, 31 Mar 2011 11:35:33 -0400 Subject: RE: Samsung keylogger with Vipre mention I wrote a response this morning: http://sunbeltblog.blogspot.com/2011/03/samsung-laptops-do-not-have-keylogger.html Alex *From:* Michael B. Smith [mailto:mich...@smithcons.com] * Sent:* Thursday, March 31, 2011 9:20 AM* To:* NT System Admin Issues* Subject:* RE: Samsung keylogger with Vipre mention I find fault with both. J I agree with you. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com http://theessentialexchange.com/ *From:* Jonathan Link [mailto:jonathan.l...@gmail.com] * Sent:* Thursday, March 31, 2011 9:18 AM* To:* NT System Admin Issues* Subject:* Re: Samsung keylogger with Vipre mention Oh, I agree, but you seem to be finding fault with the tool. I find fault witht he professional using the tool. It seems to me, that many of us forget to test for repeatability, and fewer know how to do to that properly. My opinion of a security research trying to make a name for himself, and there's no doubt that's what this episode was all about, should have enough intellectual rigor to attack the problem from all angles before publishing findings. If I'm a client of NetSec Consulting (firm he founded), and I catch wind of this, I won't be a client for very long. On Thu, Mar 31, 2011 at 9:08 AM, Michael B. Smith mich...@smithcons.com wrote: The challenge/issue here is that every AV has false positives. Most of them, however, don’t get written up and /.’ed. The original author should’ve tested with multiple engines. And, as Vipre starts to play with the big boys, they are going to get “big-boy” levels of attention… Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com http://theessentialexchange.com/ *From:* Jonathan Link [mailto:jonathan.l...@gmail.com] * Sent:* Thursday, March 31, 2011 9:04 AM * To:* NT System Admin Issues *Subject:* Re: Samsung keylogger with Vipre mention Has someone had a career changing event? On Thu, Mar 31, 2011 at 9:01 AM, Michael B. Smith mich...@smithcons.com wrote: And it’s easily possible to reproduce with Vipre… It’s a false alarm. http://www.theregister.co.uk/2011/03/31/samsung_keylogger_rumour_debunked/ Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com http://theessentialexchange.com/ *From:* Ken Schaefer [mailto:k...@adopenstatic.com] * Sent:* Thursday, March 31, 2011 7:44 AM * To:* NT System Admin Issues *Subject:* RE: Samsung keylogger with Vipre mention Samsung denies, according to their blog: http://www.samsungtomorrow.com/1071 Cheers Ken *From:* Andrew S. Baker [mailto:asbz...@gmail.com] * Sent:* Thursday, 31 March 2011 7:10 PM* To:* NT System Admin Issues* Subject:* Re: Samsung keylogger with Vipre mention Nothing substantiated as yet, however. * ASB *(Professional Bio http://about.me/Andrew.S.Baker/bio) * Technology Services that Maximize Business Results...* * * On Thu, Mar 31, 2011 at 7:01 AM, chipsh...@comcast.net wrote: Interesting:* *http://news.cnet.com/8301-27080_3-20048896-245.html ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint
Re: Find out what is doing this
I see couldn't write and permission denied What is the account being used for the scheduled job, and what is the account that you're testing it with manually? If they are not the same, then you need to test with the former one and rectify the issues with permissions. *ASB *(Professional Bio http://about.me/Andrew.S.Baker/bio) *Technology Services that Maximize Business Results... * On Thu, Mar 31, 2011 at 11:47 AM, itli...@imcu.com itli...@imcu.com wrote: It is the tard101.exe that is trying to create a new setenv.bat to be used later in this process. Once we get the error on our phones we remote in and give the job a run and it runs no problem. ÉÍÍÍ»inst: in01 º Task Mode ºcomptype: 1_central º ºtimeout: 20 ÈÍÍͼmachine: ce01 ECHO is on. ECHO is on. 03/30/11 23:22:45ECHO is off. ECHO is off. Checking for a task to perform... \2900\exeopnt\fm\tapd101 Version 4.3.1 (Build 103 ANSI Release) Copyright (c) 1986-1992 Prologic Corporation. Copyright (c) 1993-1996 Prologic Computer Corporation. All rights reserved. Copyright (c) 1996-1997 Prologic Corporation. All rights reserved. Performing task... Running purgsahi: Opens purgesahi window and start purge process. \2900\exeopnt\rep\tard101 Version 4.3.1 (Build 103 ANSI Release) Copyright (c) 1986-1992 Prologic Corporation. Copyright (c) 1993-1996 Prologic Computer Corporation. All rights reserved. Copyright (c) 1996-1997 Prologic Corporation. All rights reserved. ERR_LFORM_COULDNT_OPEN(171): lform openoutfile couldn't open outfile 'setenv.bat '. The diag created by that error: Logged ERROR event ID c0ab category 6 'ERR_LFORM_COULDNT_OPEN(171): lform openoutfile couldn't open outfile 'setenv.bat'.' Context of error follows: PRM: Last PRM function called was:. PRM:PRMFind(cal,EQ,0xa2bee8,calixcode,0,0x0) [Success] PRM:Within the PRM function, the last ODBC function called was: SQL:SQLFetch(...) [SQL_SUCCESS] Most recent DOS Error before Exception: Permission denied (13) *From:* Andrew S. Baker [mailto:asbz...@gmail.com] *Posted At:* Thursday, March 31, 2011 11:43 AM *Posted To:* itli...@imcu.com *Conversation:* Find out what is doing this *Subject:* Re: Find out what is doing this It might help if you post a sanitized copy of the script, rather than trying to describe it like in the current fashion. The easiest guess, with a sharing violation, is that the file is locked for reading or writing by a process other than the one which the scheduled job is running under. That, or that scheduled job credentials are inadequate. *ASB *(Professional Bio http://about.me/Andrew.S.Baker/bio) *Technology Services that Maximize Business Results...** * * * On Thu, Mar 31, 2011 at 10:27 AM, itli...@imcu.com itli...@imcu.com wrote: Creating every 60 seconds or so. It is an environment variable batch creation. Creates time, date, etc… We had to stop a bunch of WSUS GPO’s because of network lag. We have them all back on and we have rebooted all servers since but I am really thinking the coincidence lies with the disabling and enabling of the gpo’s. *From:* Jonathan Link [mailto:jonathan.l...@gmail.com] *Posted At:* Thursday, March 31, 2011 10:23 AM *Posted To:* itli...@imcu.com *Conversation:* Find out what is doing this *Subject:* Re: Find out what is doing this You're creating a batch file every 60 seconds, for some reason. At some point, one would expect it to run... I guess I am unclear on the process taking place. Is it creating the file and then running the file every 60 seconds? Or is it just creating the file every 60 seconds, and only running it once per day at 11pm? Could? I am not sure. Have you changed anything recently. On Thu, Mar 31, 2011 at 10:15 AM, itli...@imcu.com itli...@imcu.com wrote: We are putting process monitor on all servers to see who might be using it but we haven’t found any so far. Could a local security policy or gpo cause this kind of issue? *From:* Jonathan Link [mailto:jonathan.l...@gmail.com] *Posted At:* Thursday, March 31, 2011 10:09 AM *Posted To:* itli...@imcu.com *Conversation:* Find out what is doing this *Subject:* Re: Find out what is doing this Is there another task that runs setenv.bat at 11pm? If so, that'll cause your sharing violation, because they both fire at the same time, and the file can't be saved. On Thu, Mar 31, 2011 at 10:05 AM, Charlie Kaiser charl...@golden-eagle.org wrote: Crank up auditing on the file and see who's accessing it. Also, with process monitor, see what other processes are involved... *** Charlie Kaiser charl...@golden-eagle.org Kingman, AZ *** -Original Message- From: itli...@imcu.com
Re: Samsung keylogger with Vipre mention
It's a suggestive view of a woman's lower leg with the caption, Who doesn't like fast and easy? Jonathan Link jonathan.l...@gmail.com wrote on 03/31/2011 11:40:50 AM: Yes? On Thu, Mar 31, 2011 at 12:15 PM, Steven M. Caesare scaes...@caesare.com wrote: If it?s of questionable taste? clearly I need to see it. Link? -sc From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] Sent: Thursday, March 31, 2011 12:01 PM To: NT System Admin Issues Subject: RE: Samsung keylogger with Vipre mention HIJACK!!! OTOH, GFI might want to reconsider the advertizing sticker on the front cover of Windows IT Pro. It's taste is rather questionable and really doesn't belong on the front cover. Shauna Hensala she...@msn.com 03/31/2011 10:49 AM Please respond to NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com To NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Press this button if the To is a fax number. Enter in the fax number like 123-456-7890. cc Subject RE: Samsung keylogger with Vipre mention GFI/Vipre displays a higher level of integrity than the researcher - IMHO. Shauna Hensala From: al...@sunbelt-software.com To: ntsysadmin@lyris.sunbelt-software.com Date: Thu, 31 Mar 2011 11:35:33 -0400 Subject: RE: Samsung keylogger with Vipre mention I wrote a response this morning: http://sunbeltblog.blogspot.com/2011/03/samsung-laptops-do-not-have- keylogger.html Alex From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Thursday, March 31, 2011 9:20 AM To: NT System Admin Issues Subject: RE: Samsung keylogger with Vipre mention I find fault with both. J I agree with you. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Thursday, March 31, 2011 9:18 AM To: NT System Admin Issues Subject: Re: Samsung keylogger with Vipre mention Oh, I agree, but you seem to be finding fault with the tool. I find fault witht he professional using the tool. It seems to me, that many of us forget to test for repeatability, and fewer know how to do to that properly. My opinion of a security research trying to make a name for himself, and there's no doubt that's what this episode was all about, should have enough intellectual rigor to attack the problem from all angles before publishing findings. If I'm a client of NetSec Consulting (firm he founded), and I catch wind of this, I won't be a client for very long. On Thu, Mar 31, 2011 at 9:08 AM, Michael B. Smith mich...@smithcons.com wrote: The challenge/issue here is that every AV has false positives. Most of them, however, don?t get written up and /.?ed. The original author should?ve tested with multiple engines. And, as Vipre starts to play with the big boys, they are going to get ?big-boy? levels of attention? Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Thursday, March 31, 2011 9:04 AM To: NT System Admin Issues Subject: Re: Samsung keylogger with Vipre mention Has someone had a career changing event? On Thu, Mar 31, 2011 at 9:01 AM, Michael B. Smith mich...@smithcons.com wrote: And it?s easily possible to reproduce with Vipre? It?s a false alarm. http://www.theregister.co.uk/2011/03/31/samsung_keylogger_rumour_debunked/ Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Thursday, March 31, 2011 7:44 AM To: NT System Admin Issues Subject: RE: Samsung keylogger with Vipre mention Samsung denies, according to their blog: http://www.samsungtomorrow.com/1071 Cheers Ken From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, 31 March 2011 7:10 PM To: NT System Admin Issues Subject: Re: Samsung keylogger with Vipre mention Nothing substantiated as yet, however. ASB (Professional Bio) Technology Services that Maximize Business Results... On Thu, Mar 31, 2011 at 7:01 AM, chipsh...@comcast.net wrote: Interesting: http://news.cnet.com/8301-27080_3-20048896-245.html ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software. com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software. com/read/my_forums/
RE: Samsung keylogger with Vipre mention
Be careful... fast and easy will get you... infected. -sc From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] Sent: Thursday, March 31, 2011 12:44 PM To: NT System Admin Issues Subject: Re: Samsung keylogger with Vipre mention It's a suggestive view of a woman's lower leg with the caption, Who doesn't like fast and easy? Jonathan Link jonathan.l...@gmail.com wrote on 03/31/2011 11:40:50 AM: Yes? On Thu, Mar 31, 2011 at 12:15 PM, Steven M. Caesare scaes...@caesare.com mailto:scaes...@caesare.com%0b wrote: If it's of questionable taste... clearly I need to see it. Link? -sc From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] Sent: Thursday, March 31, 2011 12:01 PM To: NT System Admin Issues Subject: RE: Samsung keylogger with Vipre mention HIJACK!!! OTOH, GFI might want to reconsider the advertizing sticker on the front cover of Windows IT Pro. It's taste is rather questionable and really doesn't belong on the front cover. Shauna Hensala she...@msn.com 03/31/2011 10:49 AM Please respond to NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com To NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Press this button if the To is a fax number. Enter in the fax number like 123-456-7890. cc Subject RE: Samsung keylogger with Vipre mention GFI/Vipre displays a higher level of integrity than the researcher - IMHO. Shauna Hensala From: al...@sunbelt-software.com To: ntsysadmin@lyris.sunbelt-software.com Date: Thu, 31 Mar 2011 11:35:33 -0400 Subject: RE: Samsung keylogger with Vipre mention I wrote a response this morning: http://sunbeltblog.blogspot.com/2011/03/samsung-laptops-do-not-have- keylogger.html Alex From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Thursday, March 31, 2011 9:20 AM To: NT System Admin Issues Subject: RE: Samsung keylogger with Vipre mention I find fault with both. J I agree with you. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Thursday, March 31, 2011 9:18 AM To: NT System Admin Issues Subject: Re: Samsung keylogger with Vipre mention Oh, I agree, but you seem to be finding fault with the tool. I find fault witht he professional using the tool. It seems to me, that many of us forget to test for repeatability, and fewer know how to do to that properly. My opinion of a security research trying to make a name for himself, and there's no doubt that's what this episode was all about, should have enough intellectual rigor to attack the problem from all angles before publishing findings. If I'm a client of NetSec Consulting (firm he founded), and I catch wind of this, I won't be a client for very long. On Thu, Mar 31, 2011 at 9:08 AM, Michael B. Smith mich...@smithcons.com mailto:mich...@smithcons.com%0b wrote: The challenge/issue here is that every AV has false positives. Most of them, however, don't get written up and /.'ed. The original author should've tested with multiple engines. And, as Vipre starts to play with the big boys, they are going to get big-boy levels of attention... Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Thursday, March 31, 2011 9:04 AM To: NT System Admin Issues Subject: Re: Samsung keylogger with Vipre mention Has someone had a career changing event? On Thu, Mar 31, 2011 at 9:01 AM, Michael B. Smith mich...@smithcons.com mailto:mich...@smithcons.com%0b wrote: And it's easily possible to reproduce with Vipre... It's a false alarm. http://www.theregister.co.uk/2011/03/31/samsung_keylogger_rumour_debunke d/ Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Thursday, March 31, 2011 7:44 AM To: NT System Admin Issues Subject: RE: Samsung keylogger with Vipre mention Samsung denies, according to their blog: http://www.samsungtomorrow.com/1071 Cheers Ken From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, 31 March 2011 7:10 PM To: NT System Admin Issues Subject: Re: Samsung keylogger with Vipre mention Nothing substantiated as yet, however. ASB (Professional Bio) Technology Services that Maximize Business Results... On Thu, Mar 31, 2011 at 7:01 AM, chipsh...@comcast.net wrote: Interesting: http://news.cnet.com/8301-27080_3-20048896-245.html ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here:
GPO Not Applying
Windows 2003 AD Windows 2003/2008 member servers I've got a GPO that configures security descriptors on event logs for Symantec SSIM to do log collection. I have a security group containing the computer accounts used for security filtering on the GPO. The GPO is linked to 2 OUs where these computer accounts reside. There's a top level OU with multiple sub OUs. One of the sub OUs blocks inheritance for other reasons so the policy is linked directly to that OU. We're having problems collecting logs from computers that reside in the sub OU. Group Policy is being singled out because RSOP lists the following: Policy Name Filtering: Not Applied (Unknown Reason) However, the policy also appears under Applied Group Policy Objects. I haven't been able to identify anything that would prevent the GPO from applying. Other GPOs linked directly to the sub OU apply without issue. The only difference is the problem GPO uses more granular security filtering, where the others default to authenticated users. I'm going to create a separate GPO that can be applied to only the sub OU and not modify security filtering. I'm not entirely convinced this is specifically a GPO problem because there are other environmental differences that make members of this OU unique. Anyone have any ideas on the GPO scenario? Does it sound like there's an issue? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Windows 7 Imaging
+1 again for ImageX and WDS. I abandoned all my other imaging options as soon I became comfortable with this (which was fast). -Sam From: Ben N [mailto:bennordlan...@gmail.com] Sent: Thursday, March 31, 2011 10:20 AM To: NT System Admin Issues Subject: Re: Windows 7 Imaging +1 for imagex and WDS. Free and easy if you already have the servers. On Thu, Mar 31, 2011 at 6:53 AM, Steve Ens stevey...@gmail.com wrote: +1 for imagex. On Thu, Mar 31, 2011 at 7:58 AM, Michael B. Smith mich...@smithcons.com wrote: I'm a little biased (because I developed courseware for the product), but the Microsoft Deployment Toolkit 2010 Update 1 is easy to use, light-touch - and free. If you need zero touch, System Center Configuration Manager does the job very well and is infinitely configurable. It isn't, however, free. And it has a learning curve for that infinitely configurable part. The imaging process for Win7 is based on one of two options: VHD or WIM (Windows IMaging - and the VHD option is built on-top-of the WIM option, more-or-less). The preferred tool for creating images is ImageX, which is a Microsoft product (part of both MDT and SCCM). Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Tom Miller [mailto:tmil...@hnncsb.org] Sent: Thursday, March 31, 2011 8:50 AM To: NT System Admin Issues Subject: Windows 7 Imaging Folks, We are working towards deploying Windows 7 (along with Office 2010) on current and future shipments of new laptops/PCs. We use syprep and Ghost for our XP image, and it works well. I'm looking for your suggestions/warnings/gotchas as to imaging for Windows 7. Favorite imaging tools, methods, etc? I don't do the imaging here, but my PC guy who does the images seems to be having a bit of a struggle with it compared to XP images, so I thought I'd as you experts. We already have a Dell Kace system management system here, and I'll be viewing a demo today for the imaging component (additional purchase). I'm open to anything that makes the process as painless as possible. If it matters we use Lenovo ThinkPads for our laptops and Dell Optiplex business PCs. Your comments are appreciated. Tom Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: GPO Not Applying
First I would check the overall health of the GPO components with gpotool including checking the ACL- gpotool /gpo:GUID od suspect GPO /checkacl Then I would check it locally on an affected server with grpesult /v to see what is going on in more detail and also see if you get something better than (unknown reason) I usually do something like gpresult /v gp.txt notepad gp.txt -Original Message- From: Sean Martin [mailto:seanmarti...@gmail.com] Sent: Thursday, March 31, 2011 10:10 AM To: NT System Admin Issues Subject: GPO Not Applying Windows 2003 AD Windows 2003/2008 member servers I've got a GPO that configures security descriptors on event logs for Symantec SSIM to do log collection. I have a security group containing the computer accounts used for security filtering on the GPO. The GPO is linked to 2 OUs where these computer accounts reside. There's a top level OU with multiple sub OUs. One of the sub OUs blocks inheritance for other reasons so the policy is linked directly to that OU. We're having problems collecting logs from computers that reside in the sub OU. Group Policy is being singled out because RSOP lists the following: Policy Name Filtering: Not Applied (Unknown Reason) However, the policy also appears under Applied Group Policy Objects. I haven't been able to identify anything that would prevent the GPO from applying. Other GPOs linked directly to the sub OU apply without issue. The only difference is the problem GPO uses more granular security filtering, where the others default to authenticated users. I'm going to create a separate GPO that can be applied to only the sub OU and not modify security filtering. I'm not entirely convinced this is specifically a GPO problem because there are other environmental differences that make members of this OU unique. Anyone have any ideas on the GPO scenario? Does it sound like there's an issue? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Samsung keylogger with Vipre mention
I agree. We've pulled it. From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] Sent: Thursday, March 31, 2011 12:01 PM To: NT System Admin Issues Subject: RE: Samsung keylogger with Vipre mention HIJACK!!! OTOH, GFI might want to reconsider the advertizing sticker on the front cover of Windows IT Pro. It's taste is rather questionable and really doesn't belong on the front cover. Shauna Hensala she...@msn.commailto:she...@msn.com 03/31/2011 10:49 AM Please respond to NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com To NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Press this button if the To is a fax number. Enter in the fax number like 123-456-7890. cc Subject RE: Samsung keylogger with Vipre mention GFI/Vipre displays a higher level of integrity than the researcher - IMHO. Shauna Hensala From: al...@sunbelt-software.com To: ntsysadmin@lyris.sunbelt-software.com Date: Thu, 31 Mar 2011 11:35:33 -0400 Subject: RE: Samsung keylogger with Vipre mention I wrote a response this morning: http://sunbeltblog.blogspot.com/2011/03/samsung-laptops-do-not-have-keylogger.html Alex From: Michael B. Smith [mailto:mich...@smithcons.com]mailto:[mailto:mich...@smithcons.com] Sent: Thursday, March 31, 2011 9:20 AM To: NT System Admin Issues Subject: RE: Samsung keylogger with Vipre mention I find fault with both. :) I agree with you. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.comhttp://theessentialexchange.com/ From: Jonathan Link [mailto:jonathan.l...@gmail.com]mailto:[mailto:jonathan.l...@gmail.com] Sent: Thursday, March 31, 2011 9:18 AM To: NT System Admin Issues Subject: Re: Samsung keylogger with Vipre mention Oh, I agree, but you seem to be finding fault with the tool. I find fault witht he professional using the tool. It seems to me, that many of us forget to test for repeatability, and fewer know how to do to that properly. My opinion of a security research trying to make a name for himself, and there's no doubt that's what this episode was all about, should have enough intellectual rigor to attack the problem from all angles before publishing findings. If I'm a client of NetSec Consulting (firm he founded), and I catch wind of this, I won't be a client for very long. On Thu, Mar 31, 2011 at 9:08 AM, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: The challenge/issue here is that every AV has false positives. Most of them, however, don't get written up and /.'ed. The original author should've tested with multiple engines. And, as Vipre starts to play with the big boys, they are going to get big-boy levels of attention... Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.comhttp://theessentialexchange.com/ From: Jonathan Link [mailto:jonathan.l...@gmail.commailto:jonathan.l...@gmail.com] Sent: Thursday, March 31, 2011 9:04 AM To: NT System Admin Issues Subject: Re: Samsung keylogger with Vipre mention Has someone had a career changing event? On Thu, Mar 31, 2011 at 9:01 AM, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: And it's easily possible to reproduce with Vipre... It's a false alarm. http://www.theregister.co.uk/2011/03/31/samsung_keylogger_rumour_debunked/ Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.comhttp://theessentialexchange.com/ From: Ken Schaefer [mailto:k...@adopenstatic.commailto:k...@adopenstatic.com] Sent: Thursday, March 31, 2011 7:44 AM To: NT System Admin Issues Subject: RE: Samsung keylogger with Vipre mention Samsung denies, according to their blog: http://www.samsungtomorrow.com/1071 Cheers Ken From: Andrew S. Baker [mailto:asbz...@gmail.commailto:asbz...@gmail.com] Sent: Thursday, 31 March 2011 7:10 PM To: NT System Admin Issues Subject: Re: Samsung keylogger with Vipre mention Nothing substantiated as yet, however. ASB (Professional Biohttp://about.me/Andrew.S.Baker/bio) Technology Services that Maximize Business Results... On Thu, Mar 31, 2011 at 7:01 AM, chipsh...@comcast.netmailto:chipsh...@comcast.net wrote: Interesting: http://news.cnet.com/8301-27080_3-20048896-245.html ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to
Outlook Search
Hey all, I have a client that is using SBS 2003 and Outlook 2007. Whenever he does a search in Outlook to any folder, whether it's his Inbox or any other, the search only goes to a certain date and then stops. For instance, he wants to search for an email he received a week ago, so he searches either for subject or sender and the search results come back up to January of this year. I have tried putting him in online mode and it works for a while, but then it happens again - both in online mode and cached mode. We delete and recreate his profile, but the same thing happens again. I'm not sure if it's an Outlook issue or an Exchange issue. We tried to use the Instant Search feature to fix the issue but it still happens. Any clues? Jay Dale Senior Systems Administrator Unetek, Inc. Phone: 281.574.2414 Email:jd...@unetek.commailto:jd...@unetek.com Confidentiality Notice: This e-mail, including any attached files, may contain confidential and/or privileged information for the sole use of the intended recipient. If you are not the intended recipient, you are hereby notified that any review, dissemination or copying of this e-mail and attachments, if any, or the information contained herein, is strictly prohibited. If you are not the intended recipient (or authorized to receive information for the intended recipient), please contact the sender by reply e-mail and delete all copies of this message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Samsung keylogger with Vipre mention
Is my taste questionable because I hold you in high esteem? Actually, I wondered why you were calling me back to this discussion... On Thu, Mar 31, 2011 at 1:43 PM, Steven M. Caesare scaes...@caesare.comwrote: Speaking of questionable taste.. .look who showed up! -sc *From:* Jonathan Link [mailto:jonathan.l...@gmail.com] *Sent:* Thursday, March 31, 2011 12:41 PM *To:* NT System Admin Issues *Subject:* Re: Samsung keylogger with Vipre mention Yes? On Thu, Mar 31, 2011 at 12:15 PM, Steven M. Caesare scaes...@caesare.com wrote: If it’s of questionable taste… clearly I need to see it. Link? -sc *From:* richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] *Sent:* Thursday, March 31, 2011 12:01 PM *To:* NT System Admin Issues *Subject:* RE: Samsung keylogger with Vipre mention HIJACK!!! OTOH, GFI might want to reconsider the advertizing sticker on the front cover of Windows IT Pro. It's taste is rather questionable and really doesn't belong on the front cover. *Shauna Hensala she...@msn.com* 03/31/2011 10:49 AM Please respond to NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com To NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Press this button if the To is a fax number. Enter in the fax number like 123-456-7890. cc Subject RE: Samsung keylogger with Vipre mention GFI/Vipre displays a higher level of integrity than the researcher - IMHO. Shauna Hensala -- From: al...@sunbelt-software.com To: ntsysadmin@lyris.sunbelt-software.com Date: Thu, 31 Mar 2011 11:35:33 -0400 Subject: RE: Samsung keylogger with Vipre mention I wrote a response this morning: http://sunbeltblog.blogspot.com/2011/03/samsung-laptops-do-not-have-keylogger.html Alex *From:* Michael B. Smith [mailto:mich...@smithcons.com] * Sent:* Thursday, March 31, 2011 9:20 AM* To:* NT System Admin Issues* Subject:* RE: Samsung keylogger with Vipre mention I find fault with both. J I agree with you. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com http://theessentialexchange.com/ *From:* Jonathan Link [mailto:jonathan.l...@gmail.com] * Sent:* Thursday, March 31, 2011 9:18 AM* To:* NT System Admin Issues* Subject:* Re: Samsung keylogger with Vipre mention Oh, I agree, but you seem to be finding fault with the tool. I find fault witht he professional using the tool. It seems to me, that many of us forget to test for repeatability, and fewer know how to do to that properly. My opinion of a security research trying to make a name for himself, and there's no doubt that's what this episode was all about, should have enough intellectual rigor to attack the problem from all angles before publishing findings. If I'm a client of NetSec Consulting (firm he founded), and I catch wind of this, I won't be a client for very long. On Thu, Mar 31, 2011 at 9:08 AM, Michael B. Smith mich...@smithcons.com wrote: The challenge/issue here is that every AV has false positives. Most of them, however, don’t get written up and /.’ed. The original author should’ve tested with multiple engines. And, as Vipre starts to play with the big boys, they are going to get “big-boy” levels of attention… Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com http://theessentialexchange.com/ *From:* Jonathan Link [mailto:jonathan.l...@gmail.com] * Sent:* Thursday, March 31, 2011 9:04 AM * To:* NT System Admin Issues *Subject:* Re: Samsung keylogger with Vipre mention Has someone had a career changing event? On Thu, Mar 31, 2011 at 9:01 AM, Michael B. Smith mich...@smithcons.com wrote: And it’s easily possible to reproduce with Vipre… It’s a false alarm. http://www.theregister.co.uk/2011/03/31/samsung_keylogger_rumour_debunked/ Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com http://theessentialexchange.com/ *From:* Ken Schaefer [mailto:k...@adopenstatic.com] * Sent:* Thursday, March 31, 2011 7:44 AM * To:* NT System Admin Issues *Subject:* RE: Samsung keylogger with Vipre mention Samsung denies, according to their blog: http://www.samsungtomorrow.com/1071 Cheers Ken *From:* Andrew S. Baker [mailto:asbz...@gmail.com] * Sent:* Thursday, 31 March 2011 7:10 PM* To:* NT System Admin Issues* Subject:* Re: Samsung keylogger with Vipre mention Nothing substantiated as yet, however. * ASB *(Professional Bio http://about.me/Andrew.S.Baker/bio) * Technology Services that Maximize Business Results...* * * On Thu, Mar 31, 2011 at 7:01 AM, chipsh...@comcast.net wrote: Interesting:* *http://news.cnet.com/8301-27080_3-20048896-245.html ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here:
Moving memory dump's default location
I need to move my pagefile.sys from the C drive to the D drive. Moving the page file was easy ... however I have been reading about the memory dump files. I would like to move this as well to ensure I get a memory dump if one occurs. Has anyone referenced the following link or have an easy how to to follow? http://technet.microsoft.com/en-us/library/ee424384%28WS.10%29.aspx#BKMK_Step1 Any help is great - thanks! Kelli ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Outlook Search
It is an indexing issue on the local machine. Check the tools instant search search options in Outlook and make sure it is set to index. You can also view the indexing status to check the status. You can also go to control panel indexing. You may need to rebuild the index. Play with those settings. That should get you going. Jimmy From: Jay Dale [mailto:jd...@unetek.com] Sent: Thursday, March 31, 2011 10:48 AM To: NT System Admin Issues Subject: Outlook Search Hey all, I have a client that is using SBS 2003 and Outlook 2007. Whenever he does a search in Outlook to any folder, whether it's his Inbox or any other, the search only goes to a certain date and then stops. For instance, he wants to search for an email he received a week ago, so he searches either for subject or sender and the search results come back up to January of this year. I have tried putting him in online mode and it works for a while, but then it happens again - both in online mode and cached mode. We delete and recreate his profile, but the same thing happens again. I'm not sure if it's an Outlook issue or an Exchange issue. We tried to use the Instant Search feature to fix the issue but it still happens. Any clues? Jay Dale Senior Systems Administrator Unetek, Inc. Phone: 281.574.2414 Email:jd...@unetek.com Confidentiality Notice: This e-mail, including any attached files, may contain confidential and/or privileged information for the sole use of the intended recipient. If you are not the intended recipient, you are hereby notified that any review, dissemination or copying of this e-mail and attachments, if any, or the information contained herein, is strictly prohibited. If you are not the intended recipient (or authorized to receive information for the intended recipient), please contact the sender by reply e-mail and delete all copies of this message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: GPO Not Applying
Thanks for the advice. Gpotool indicates the policy is ok. Gpresult /v results seem ok, but the policy in question displays oddly in the results. The policy settings are under Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options: Eventlog: Security descriptor for Application event log With additional settings for each log were collecting. The results from gpresult show the following: GPO: policy name Policy: N/A ValueName: machine\system\currentcontrolset\services\eventlog\directory service\customsd Computer Setting: the settings What is odd is that the policy is only referenced once, even though it should configuring up to 6 settings. Also, the policyname shows N/A. I tried comparing gpresults to a server where the policy apppears to apply correctly, but the only one I'm aware of is a domain controller and the format of the results are completely different. Please bear with me if I'm not providing enough information. We're blocking GMail at %work% until we get patch 2524375 deployed, so I'm doing this from my iPhone. On Mar 31, 2011, at 9:32 AM, Free, Bob r...@pge.com wrote: First I would check the overall health of the GPO components with gpotool including checking the ACL- gpotool /gpo:GUID od suspect GPO /checkacl Then I would check it locally on an affected server with grpesult /v to see what is going on in more detail and also see if you get something better than (unknown reason) I usually do something like gpresult /v gp.txt notepad gp.txt -Original Message- From: Sean Martin [mailto:seanmarti...@gmail.com] Sent: Thursday, March 31, 2011 10:10 AM To: NT System Admin Issues Subject: GPO Not Applying Windows 2003 AD Windows 2003/2008 member servers I've got a GPO that configures security descriptors on event logs for Symantec SSIM to do log collection. I have a security group containing the computer accounts used for security filtering on the GPO. The GPO is linked to 2 OUs where these computer accounts reside. There's a top level OU with multiple sub OUs. One of the sub OUs blocks inheritance for other reasons so the policy is linked directly to that OU. We're having problems collecting logs from computers that reside in the sub OU. Group Policy is being singled out because RSOP lists the following: Policy Name Filtering: Not Applied (Unknown Reason) However, the policy also appears under Applied Group Policy Objects. I haven't been able to identify anything that would prevent the GPO from applying. Other GPOs linked directly to the sub OU apply without issue. The only difference is the problem GPO uses more granular security filtering, where the others default to authenticated users. I'm going to create a separate GPO that can be applied to only the sub OU and not modify security filtering. I'm not entirely convinced this is specifically a GPO problem because there are other environmental differences that make members of this OU unique. Anyone have any ideas on the GPO scenario? Does it sound like there's an issue? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Moving memory dump's default location
Is there a specific question about the procedure documented in the link you reference? The registry setting is necessary for this. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com c - 312.731.3132 From: Kelli Sterley [mailto:kjsterley.li...@gmail.com] Sent: Thursday, March 31, 2011 1:05 PM To: NT System Admin Issues Subject: Moving memory dump's default location I need to move my pagefile.sys from the C drive to the D drive. Moving the page file was easy ... however I have been reading about the memory dump files. I would like to move this as well to ensure I get a memory dump if one occurs. Has anyone referenced the following link or have an easy how to to follow? http://technet.microsoft.com/en-us/library/ee424384%28WS.10%29.aspx#BKMK_Step1 Any help is great - thanks! Kelli ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Windows 7 Imaging
+1 MDT 2010 worked great as a migration tool. One thing we ran into an issue with was several computers having a recovery partition (from Dell) that would ask which volume to install on. Of course this can be fixed within MDT. Thank you, _ Cameron Cooper System Administrator | CompTIA A+ Certified Aurico Phone: 847-890-4021 | Fax: 847-255-1896 ccoo...@aurico.com | www.aurico.com From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Thursday, March 31, 2011 7:58 AM To: NT System Admin Issues Subject: RE: Windows 7 Imaging I'm a little biased (because I developed courseware for the product), but the Microsoft Deployment Toolkit 2010 Update 1 is easy to use, light-touch - and free. If you need zero touch, System Center Configuration Manager does the job very well and is infinitely configurable. It isn't, however, free. And it has a learning curve for that infinitely configurable part. The imaging process for Win7 is based on one of two options: VHD or WIM (Windows IMaging - and the VHD option is built on-top-of the WIM option, more-or-less). The preferred tool for creating images is ImageX, which is a Microsoft product (part of both MDT and SCCM). Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Tom Miller [mailto:tmil...@hnncsb.org] Sent: Thursday, March 31, 2011 8:50 AM To: NT System Admin Issues Subject: Windows 7 Imaging Folks, We are working towards deploying Windows 7 (along with Office 2010) on current and future shipments of new laptops/PCs. We use syprep and Ghost for our XP image, and it works well. I'm looking for your suggestions/warnings/gotchas as to imaging for Windows 7. Favorite imaging tools, methods, etc? I don't do the imaging here, but my PC guy who does the images seems to be having a bit of a struggle with it compared to XP images, so I thought I'd as you experts. We already have a Dell Kace system management system here, and I'll be viewing a demo today for the imaging component (additional purchase). I'm open to anything that makes the process as painless as possible. If it matters we use Lenovo ThinkPads for our laptops and Dell Optiplex business PCs. Your comments are appreciated. Tom Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: vpn issue
If I understand the situation correctly, you want to route everything coming from a VPN address back through the VPN tunnel and everything else to the internet? I think what you want to do is make the default gateway 192.168.6.250 and create a static route for VPN: route -p add VPN ENDPOINT IP ADDRESS mask 255.255.255.255 192.168.6.1 I'm assuming a single VPN address in this example, the address that is on the other side of the tunnel. If the addresses are not being translated over the VPN, but on another network, you may be able to use the network instead of the vpn endpoint, i.e. 172.16.1.0 (or whatever the addresses look like over there. You will need to adjust the subnet mask if this is the case). hope this helps some. Jeff On Thu, Mar 31, 2011 at 6:27 AM, bruno cantin bruno.can...@genevahelpdesk.com wrote: Hi team. Have a problem i can't figure out… ORIGIN Server Win2k3 configured as TSE server with 1 nic,dedicated to VPN between the main site and a near site : it is setup by the local ISP and impossible to modify without their assistance… Local address 192.168.6.20/255.255.255.0/192.168.6.1 EVOLUTION To be able to connect to the server from ANY place in the world So i've set up a nic (number2) dedicated to a DSL line (with a local modem router than i can manage)…Local address 192.168.6.227/255.255.255.0/192.168.6.250 PROBLEM When i configure the nic2 without a gateway, the VPN from distant site works fine…. When i add the gateway 192.168.6.250 which is my local modem-router address ,the VPN clients on the distant site can't connect anymore …they see an RDP error message Remote desktop can't connect Try to reconnect…. When i disactivate nic1 and let my local modem-router address, i have Internet, ok, and i can connect through RDP from anywhere…but no VPN…. I'm confused….Is Windows able to deal with these 2 nics and this configuration ? Any help VERYY welcome…. Bruno CANTIN ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Windows 7 Imaging
+100, I used MDT2010 at %prevjob% for XP deployments, 1 image for all the Dell models we had, very customizable. It can take a bit of playing about to get the deployment sequences working the way you want but its still quick and easy out of the box. The biggest benefit over BDD2007 was the linking to different sites to keep everything in sync. There is a very good forum/list on MyITForum, can't remember the name at the the minute but think it had [mdt-osd] in the email subjects. T On Thursday, 31 March 2011, Cameron Cooper ccoo...@aurico.com wrote: +1MDT 2010 worked great as a migration tool. One thing we ran into an issue with was several computers having a recovery partition (from Dell) that would ask which volume to install on. Of course this can be fixed within MDT.Thank you, _Cameron CooperSystem Administrator | CompTIA A+ Certified AuricoPhone: 847-890-4021 | Fax: 847-255-1896ccoo...@aurico.com | www.aurico.com From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Thursday, March 31, 2011 7:58 AM To: NT System Admin Issues Subject: RE: Windows 7 Imaging I’m a little biased (because I developed courseware for the product), but the Microsoft Deployment Toolkit 2010 Update 1 is easy to use, light-touch – and free.If you need zero touch, System Center Configuration Manager does the job very well and is infinitely configurable. It isn’t, however, free. And it has a learning curve for that “infinitely configurable” part.The imaging process for Win7 is based on one of two options: VHD or WIM (Windows IMaging - and the VHD option is built on-top-of the WIM option, more-or-less). The preferred tool for creating images is ImageX, which is a Microsoft product (part of both MDT and SCCM).Regards, Michael B. SmithConsultant and Exchange MVPhttp://TheEssentialExchange.com From: Tom Miller [mailto:tmil...@hnncsb.org] Sent: Thursday, March 31, 2011 8:50 AM To: NT System Admin Issues Subject: Windows 7 Imaging Folks, We are working towards deploying Windows 7 (along with Office 2010) on current and future shipments of new laptops/PCs. We use syprep and Ghost for our XP image, and it works well. I'm looking for your suggestions/warnings/gotchas as to imaging for Windows 7. Favorite imaging tools, methods, etc? I don't do the imaging here, but my PC guy who does the images seems to be having a bit of a struggle with it compared to XP images, so I thought I'd as you experts. We already have a Dell Kace system management system here, and I'll be viewing a demo today for the imaging component (additional purchase). I'm open to anything that makes the process as painless as possible. If it matters we use Lenovo ThinkPads for our laptops and Dell Optiplex business PCs. Your comments are appreciated. Tom Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Moving memory dump's default location
The document you linked appears to be an easy how-to -- both with registry edits or WMIC commands. *ASB *(Professional Bio http://about.me/Andrew.S.Baker/bio) *Technology Services that Maximize Business Results... * On Thu, Mar 31, 2011 at 2:04 PM, Kelli Sterley kjsterley.li...@gmail.comwrote: I need to move my pagefile.sys from the C drive to the D drive. Moving the page file was easy ... however I have been reading about the memory dump files. I would like to move this as well to ensure I get a memory dump if one occurs. Has anyone referenced the following link or have an easy how to to follow? http://technet.microsoft.com/en-us/library/ee424384%28WS.10%29.aspx#BKMK_Step1 Any help is great - thanks! Kelli ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: SCHEMA.DAT.LOG1
It's part of WMI as far as I can tell. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com c - 312.731.3132 From: David Lum [mailto:david@nwea.org] Sent: Thursday, March 31, 2011 5:42 PM To: NT System Admin Issues Subject: SCHEMA.DAT.LOG1 Anyone ever seen this file and know what it's for? It's not on a DC/formerDC c:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT.LOG1 ? David Lum Systems Engineer // NWEATM Office 503.548.5229 // Mobile 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: OT - Parental Controls
K9 is good but easy to circumvent. OpenDNS takes care of the whole household. Sent from my HTC - Reply message - From: Andrew S. Baker asbz...@gmail.com Date: Thu, Mar 31, 2011 16:47 Subject: OT - Parental Controls To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Windows Web Server 2008 R2
For 5 users you don't even need a server, just use a desktop OS ... ie Vista/Win7/XP. -Jeff Steward On Thu, Mar 31, 2011 at 10:00 AM, Lewin, Greg le...@infimed.com wrote: All, I have a need for a new file server that will only have a few users on it at any given time(Under 5 ). I have an available license for Windows Web Server 2008 R2.I’m looking to save money and thought This might work for the OS. I have never used this version of Windows before and would appreciate any thoughts on whether Or not this is feasible or am I reaching here. Thanks Greg ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: OT - Parental Controls
(1) I haven't found K9 that easy to circumvent, and (2) OpenDNS doesn't support time-based restrictions, and (3) the kids have other restrictions that are more extensive than me or their mother. So, the combination of OpenDNS + K9 provides the biggest bang for the buck. OpenDNS is easy enough to get around too, but my kids cannot do either, so I'm more than fine. *ASB *(Professional Bio http://about.me/Andrew.S.Baker/bio) *Technology Services that Maximize Business Results... * On Thu, Mar 31, 2011 at 7:55 PM, alex.sten...@gmail.com alex.sten...@gmail.com wrote: K9 is good but easy to circumvent. OpenDNS takes care of the whole household. Sent from my HTC - Reply message - From: Andrew S. Baker asbz...@gmail.com Date: Thu, Mar 31, 2011 16:47 Subject: OT - Parental Controls To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com You ain't lying... *ASB *(Professional Bio http://about.me/Andrew.S.Baker/bio) *Technology Services that Maximize Business Results... * On Thu, Mar 31, 2011 at 9:54 AM, Steven M. Caesare scaes...@caesare.comwrote: I do. I also have a wife. Life Consequences have to be the solution. For my _CHILDREN_ those consequences may be tha backend end of attempting to circumvent my technical constraints. If I have to resort to that for my _WIFE_, then there are bigger issues at play. -sc -Original Message- From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Thursday, March 31, 2011 9:51 AM To: NT System Admin Issues Subject: RE: OT - Parental Controls You apparently don't have kids. :-) Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: Steven M. Caesare [mailto:scaes...@caesare.com] Sent: Thursday, March 31, 2011 9:47 AM To: NT System Admin Issues Subject: RE: OT - Parental Controls There are seldom good technical solutions to behavioral problems. Man... first time I've seen that old adage here apropos for non-work environment. -sc -Original Message- From: Adam Buckland [mailto:adam.buckl...@eurohill.com] Sent: Thursday, March 31, 2011 8:46 AM To: NT System Admin Issues Subject: RE: OT - Parental Controls Think I'll give this a try I'm not concerned about the sites... I just want to keep my wife off facebook 8 hours a day and am fed up with her asking me to take her laptop to work so she can't use it. -Original Message- From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] Sent: 28 March 2011 19:35 To: NT System Admin Issues Subject: Re: OT - Parental Controls I use K-9 at home on my daughter's computer. It's nice, because it lets out an audible bark if she hits a bad site... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: GPO Not Applying
Just for kicksare the affected clients wired or wireless. Also, are other machine policies being applied properly? Jonathan A+, MCSA, MCSE Thumb-typed from my HTC Droid Incredible (and yes, it really is) on the Verizon network. Please excuse brevity and any misspellings. On Mar 31, 2011 2:24 PM, Sean Martin seanmarti...@gmail.com wrote: Thanks for the advice. Gpotool indicates the policy is ok. Gpresult /v results seem ok, but the policy in question displays oddly in the results. The policy settings are under Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options: Eventlog: Security descriptor for Application event log With additional settings for each log were collecting. The results from gpresult show the following: GPO: policy name Policy: N/A ValueName: machine\system\currentcontrolset\services\eventlog\directory service\customsd Computer Setting: the settings What is odd is that the policy is only referenced once, even though it should configuring up to 6 settings. Also, the policyname shows N/A. I tried comparing gpresults to a server where the policy apppears to apply correctly, but the only one I'm aware of is a domain controller and the format of the results are completely different. Please bear with me if I'm not providing enough information. We're blocking GMail at %work% until we get patch 2524375 deployed, so I'm doing this from my iPhone. On Mar 31, 2011, at 9:32 AM, Free, Bob r...@pge.com wrote: First I would check the overall health of the GPO components with gpotool including checking the ACL- gpotool /gpo:GUID od suspect GPO /checkacl Then I would check it locally on an affected server with grpesult /v to see what is going on in more detail and also see if you get something better than (unknown reason) I usually do something like gpresult /v gp.txt notepad gp.txt -Original Message- From: Sean Martin [mailto:seanmarti...@gmail.com] Sent: Thursday, March 31, 2011 10:10 AM To: NT System Admin Issues Subject: GPO Not Applying Windows 2003 AD Windows 2003/2008 member servers I've got a GPO that configures security descriptors on event logs for Symantec SSIM to do log collection. I have a security group containing the computer accounts used for security filtering on the GPO. The GPO is linked to 2 OUs where these computer accounts reside. There's a top level OU with multiple sub OUs. One of the sub OUs blocks inheritance for other reasons so the policy is linked directly to that OU. We're having problems collecting logs from computers that reside in the sub OU. Group Policy is being singled out because RSOP lists the following: Policy Name Filtering: Not Applied (Unknown Reason) However, the policy also appears under Applied Group Policy Objects. I haven't been able to identify anything that would prevent the GPO from applying. Other GPOs linked directly to the sub OU apply without issue. The only difference is the problem GPO uses more granular security filtering, where the others default to authenticated users. I'm going to create a separate GPO that can be applied to only the sub OU and not modify security filtering. I'm not entirely convinced this is specifically a GPO problem because there are other environmental differences that make members of this OU unique. Anyone have any ideas on the GPO scenario? Does it sound like there's an issue? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: GPO Not Applying
They're all wired. I think the policy might be a red herring. I finally got a list of servers they're having problems collecting logs from and they're not all in the previously mentioned OU and gpresult from the others shows no oddities. I advised them to engage the deployment engineer from symantec since the product hasn't even been fully implemented yet. I appreciate all of the assistance. - Sean On Mar 31, 2011, at 5:35 PM, Jonathan ncm...@gmail.com wrote: Just for kicksare the affected clients wired or wireless. Also, are other machine policies being applied properly? Jonathan A+, MCSA, MCSE Thumb-typed from my HTC Droid Incredible (and yes, it really is) on the Verizon network. Please excuse brevity and any misspellings. On Mar 31, 2011 2:24 PM, Sean Martin seanmarti...@gmail.com wrote: Thanks for the advice. Gpotool indicates the policy is ok. Gpresult /v results seem ok, but the policy in question displays oddly in the results. The policy settings are under Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options: Eventlog: Security descriptor for Application event log With additional settings for each log were collecting. The results from gpresult show the following: GPO: policy name Policy: N/A ValueName: machine\system\currentcontrolset\services\eventlog\directory service\customsd Computer Setting: the settings What is odd is that the policy is only referenced once, even though it should configuring up to 6 settings. Also, the policyname shows N/A. I tried comparing gpresults to a server where the policy apppears to apply correctly, but the only one I'm aware of is a domain controller and the format of the results are completely different. Please bear with me if I'm not providing enough information. We're blocking GMail at %work% until we get patch 2524375 deployed, so I'm doing this from my iPhone. On Mar 31, 2011, at 9:32 AM, Free, Bob r...@pge.com wrote: First I would check the overall health of the GPO components with gpotool including checking the ACL- gpotool /gpo:GUID od suspect GPO /checkacl Then I would check it locally on an affected server with grpesult /v to see what is going on in more detail and also see if you get something better than (unknown reason) I usually do something like gpresult /v gp.txt notepad gp.txt -Original Message- From: Sean Martin [mailto:seanmarti...@gmail.com] Sent: Thursday, March 31, 2011 10:10 AM To: NT System Admin Issues Subject: GPO Not Applying Windows 2003 AD Windows 2003/2008 member servers I've got a GPO that configures security descriptors on event logs for Symantec SSIM to do log collection. I have a security group containing the computer accounts used for security filtering on the GPO. The GPO is linked to 2 OUs where these computer accounts reside. There's a top level OU with multiple sub OUs. One of the sub OUs blocks inheritance for other reasons so the policy is linked directly to that OU. We're having problems collecting logs from computers that reside in the sub OU. Group Policy is being singled out because RSOP lists the following: Policy Name Filtering: Not Applied (Unknown Reason) However, the policy also appears under Applied Group Policy Objects. I haven't been able to identify anything that would prevent the GPO from applying. Other GPOs linked directly to the sub OU apply without issue. The only difference is the problem GPO uses more granular security filtering, where the others default to authenticated users. I'm going to create a separate GPO that can be applied to only the sub OU and not modify security filtering. I'm not entirely convinced this is specifically a GPO problem because there are other environmental differences that make members of this OU unique. Anyone have any ideas on the GPO scenario? Does it sound like there's an issue? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/