RE: QNAP iSCSI target for ESX 4.1

2011-08-16 Thread Ben Serebin 
Hello Richard,

I have 5 different models of QNAPs all running iSCSI from ESXi. 
I run VMs directing from them and use others for storage LUNs and while QNAP is 
rock solid, I would NOT recommend QNAP in a production VM running environment 
unless you’re willing to deal with a 1 week RMA process with no Advance RMA 
options. Outside of this, performance is excellent when you separate interfaces 
and VLAN it. My concern is support, since I had 1 unit experience NIC issues, 
and it was a real challenge to get them to swap the unit. Having said that, 
Cisco sells rebranded QNAPs (3-4 different models) and offers proper business 
support. If you want to deploy this right, buy via Cisco. Also, make sure you 
hard drives you buy are on the QNAP compatibility list.

Rebranded QNAPs from Cisco
http://www.cisco.com/cisco/web/solutions/small_business/products/storage/nss300/index.html

Good luck,
-Ben

From: Richard Stovall [mailto:rich...@gmail.com]
Sent: Friday, August 12, 2011 2:09 PM
To: NT System Admin Issues
Subject: QNAP iSCSI target for ESX 4.1

Anyone using a QNAP device as an iSCSI target in a VMware ESX 4.1 production 
environment?  Any experiences you can share?

On a related note, I'm thinking of adding some iSCSI datastores in addition to 
the ones already presented via FC from my EVA.  Any reason that's not a good 
idea?  We have a number of VMs that don't have significant I/O requirements 
(think WSUS servers and the like) that I'm thinking of moving off of the 
expensive storage to an inexpensive iSCSI solution such as a QNAP array.

Thanks,
RS

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Blackberry BES Image Vulnerability

2011-08-16 Thread William Robbins 
Back when it took longer to download a single picture than it does to
download this BES update?  :)

 - WJR


On Tue, Aug 16, 2011 at 21:35, Michael B. Smith wrote:

>  It was before it was even really the “internet”. Alt.sex.pictures, &etc.*
> ***
>
> ** **
>
> Regards,
>
> ** **
>
> Michael B. Smith
>
> Consultant and Exchange MVP
>
> http://TheEssentialExchange.com
>
> ** **
>
> *From:* William Robbins [mailto:dangerw...@gmail.com]
> *Sent:* Tuesday, August 16, 2011 10:33 PM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Blackberry BES Image Vulnerability
>
> ** **
>
> I think it was "monks" that made this mythical.  :)  None of the protectors
> of blinking lights could agree to the celibacy bit.  (just the making of
> beer and wine)
> 
>
> ** **
>
> Which is why the Internet is full of pr0n now...
>
>
>  - WJR
>
> 
>
> On Tue, Aug 16, 2011 at 21:26, Andrew S. Baker  wrote:*
> ***
>
> A mythical parchment, used in ancient times to indoctrinate a sacred order
> of monks who were tasked with guarding the oracle of blinking lights, and
> ensuring that its rhythmic hum never attained a fevered pitch.
> 
>
> *ASB*
>
> *http://XeeMe.com/AndrewBaker*
>
> *Harnessing the Advantages of Technology for the SMB market…*
>
>
>
> 
>
> On Tue, Aug 16, 2011 at 10:10 PM, Crawford, Scott 
> wrote:
>
> What are these “release notes” you speak of?
>
>  
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Sent:* Tuesday, August 16, 2011 8:44 PM
>
>
> *To:* NT System Admin Issues
>
> *Subject:* Re: Blackberry BES Image Vulnerability
>
>  
>
> The first page of the release notes clearly answer this:
>
>
> http://docs.blackberry.com/en/admin/deliverables/32540/BlackBerry_Enterprise_Server_for_Microsoft_Exchange-Maintenance_Release_Notes--1766981-0808012817-001-5.0.3-US.pdf
> 
>
> *ASB*
>
> *http://about.me/Andrew.S.Baker*
>
> *Harnessing the Advantages of Technology for the SMB market…*
>
> ** **
>
> On Tue, Aug 16, 2011 at 8:29 PM, David Liu  wrote:**
> **
>
> Let me rephrase, are the BES MR cumulative? e.g. installation of MR4
> automatically instals all updates/fixes from previous maintenance releases?
> 
>
>  
>
> Thanks
>
>  
>
> On Tue, Aug 16, 2011 at 8:26 PM, David Liu  wrote:**
> **
>
> btw, 5.03 MR4 has just been released and I notice that prerequisite appears
> you have to be at 5.03 to first to install MR4. So, if we are at 5.03 MR1,
> we'dhave to apply MR2/MR3 and then MR4? Does this necessitate a MR 2
> install, reboot, MR3 install and so forth and so on? 
>
>  
>
> Thanks 
>
>  
>
> On Sun, Aug 14, 2011 at 12:51 AM, David Liu  wrote:*
> ***
>
> I think bas only if u have bes running on it...my reading of this is that
> 5.03 MR3 fixes the vulnerability among other things & that the ISSU is only
> applicable for 5.01 and 5.0.2
>
> On Sat, Aug 13, 2011 at 8:57 AM, Martin Blackstone 
> wrote:
>
>  Fix is easy. Lay down a couple of replacement files and restart the BAS.
> 
>
> We did it in less than 5 min with no downtime.
>
>  
>
> *From:* Paul Hutchings [mailto:paul.hutchi...@mira.co.uk]
> *Sent:* Saturday, August 13, 2011 4:46 AM
> *To:* NT System Admin Issues
> *Subject:* Blackberry BES Image Vulnerability
>
>  
>
> Apologies if this has already been posted but I didn’t spot it so..
>
>  
>
>
> http://www.h-online.com/security/news/item/Images-used-to-break-into-BlackBerry-servers-1322436.html
> 
>  --
>
> *MIRA Ltd*
>
>  
>
> Watling Street, Nuneaton, Warwickshire, CV10 0TU, England
>
> Registered in England and Wales No. 402570
>
> VAT Registration  GB 100 1464 84
>
>  
>
> ** **
>
>  ~ Finally, powerful endpoint security that ISN'T a resource hog!
> ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ** **
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sun

RE: Blackberry BES Image Vulnerability

2011-08-16 Thread Michael B. Smith 
It was before it was even really the "internet". Alt.sex.pictures, &etc.

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: William Robbins [mailto:dangerw...@gmail.com]
Sent: Tuesday, August 16, 2011 10:33 PM
To: NT System Admin Issues
Subject: Re: Blackberry BES Image Vulnerability

I think it was "monks" that made this mythical.  :)  None of the protectors of 
blinking lights could agree to the celibacy bit.  (just the making of beer and 
wine)

Which is why the Internet is full of pr0n now...

 - WJR

On Tue, Aug 16, 2011 at 21:26, Andrew S. Baker 
mailto:asbz...@gmail.com>> wrote:
A mythical parchment, used in ancient times to indoctrinate a sacred order of 
monks who were tasked with guarding the oracle of blinking lights, and ensuring 
that its rhythmic hum never attained a fevered pitch.
ASB

http://XeeMe.com/AndrewBaker

Harnessing the Advantages of Technology for the SMB market...



On Tue, Aug 16, 2011 at 10:10 PM, Crawford, Scott 
mailto:crawfo...@evangel.edu>> wrote:
What are these "release notes" you speak of?

From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Tuesday, August 16, 2011 8:44 PM

To: NT System Admin Issues
Subject: Re: Blackberry BES Image Vulnerability

The first page of the release notes clearly answer this:

http://docs.blackberry.com/en/admin/deliverables/32540/BlackBerry_Enterprise_Server_for_Microsoft_Exchange-Maintenance_Release_Notes--1766981-0808012817-001-5.0.3-US.pdf
ASB

http://about.me/Andrew.S.Baker

Harnessing the Advantages of Technology for the SMB market...


On Tue, Aug 16, 2011 at 8:29 PM, David Liu 
mailto:ganymed...@gmail.com>> wrote:
Let me rephrase, are the BES MR cumulative? e.g. installation of MR4 
automatically instals all updates/fixes from previous maintenance releases?

Thanks

On Tue, Aug 16, 2011 at 8:26 PM, David Liu 
mailto:ganymed...@gmail.com>> wrote:
btw, 5.03 MR4 has just been released and I notice that prerequisite appears you 
have to be at 5.03 to first to install MR4. So, if we are at 5.03 MR1, we'dhave 
to apply MR2/MR3 and then MR4? Does this necessitate a MR 2 install, reboot, 
MR3 install and so forth and so on?

Thanks

On Sun, Aug 14, 2011 at 12:51 AM, David Liu 
mailto:ganymed...@gmail.com>> wrote:
I think bas only if u have bes running on it...my reading of this is that 5.03 
MR3 fixes the vulnerability among other things & that the ISSU is only 
applicable for 5.01 and 5.0.2
On Sat, Aug 13, 2011 at 8:57 AM, Martin Blackstone 
mailto:mblackst...@gmail.com>> wrote:
Fix is easy. Lay down a couple of replacement files and restart the BAS.
We did it in less than 5 min with no downtime.

From: Paul Hutchings 
[mailto:paul.hutchi...@mira.co.uk]
Sent: Saturday, August 13, 2011 4:46 AM
To: NT System Admin Issues
Subject: Blackberry BES Image Vulnerability

Apologies if this has already been posted but I didn't spot it so..

http://www.h-online.com/security/news/item/Images-used-to-break-into-BlackBerry-servers-1322436.html

MIRA Ltd

Watling Street, Nuneaton, Warwickshire, CV10 0TU, England
Registered in England and Wales No. 402570
VAT Registration  GB 100 1464 84



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Blackberry BES Image Vulnerability

2011-08-16 Thread William Robbins 
I think it was "monks" that made this mythical.  :)  None of the protectors
of blinking lights could agree to the celibacy bit.  (just the making of
beer and wine)

Which is why the Internet is full of pr0n now...

 - WJR


On Tue, Aug 16, 2011 at 21:26, Andrew S. Baker  wrote:

> A mythical parchment, used in ancient times to indoctrinate a sacred order
> of monks who were tasked with guarding the oracle of blinking lights, and
> ensuring that its rhythmic hum never attained a fevered pitch.
>
> * *
>
> *ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of
> Technology for the SMB market…
>
> *
>
>
>
> On Tue, Aug 16, 2011 at 10:10 PM, Crawford, Scott 
> wrote:
>
>>  What are these “release notes” you speak of?
>>
>> ** **
>>
>> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
>> *Sent:* Tuesday, August 16, 2011 8:44 PM
>>
>> *To:* NT System Admin Issues
>> *Subject:* Re: Blackberry BES Image Vulnerability
>>
>> ** **
>>
>> The first page of the release notes clearly answer this:
>>
>>
>> http://docs.blackberry.com/en/admin/deliverables/32540/BlackBerry_Enterprise_Server_for_Microsoft_Exchange-Maintenance_Release_Notes--1766981-0808012817-001-5.0.3-US.pdf
>> 
>>
>> *ASB*
>>
>> *http://about.me/Andrew.S.Baker*
>>
>> *Harnessing the Advantages of Technology for the SMB market…*
>>
>>
>>
>> 
>>
>> On Tue, Aug 16, 2011 at 8:29 PM, David Liu  wrote:*
>> ***
>>
>> Let me rephrase, are the BES MR cumulative? e.g. installation of MR4
>> automatically instals all updates/fixes from previous maintenance releases?
>> 
>>
>> ** **
>>
>> Thanks
>>
>> ** **
>>
>> On Tue, Aug 16, 2011 at 8:26 PM, David Liu  wrote:*
>> ***
>>
>> btw, 5.03 MR4 has just been released and I notice that prerequisite
>> appears you have to be at 5.03 to first to install MR4. So, if we are at
>> 5.03 MR1, we'dhave to apply MR2/MR3 and then MR4? Does this necessitate a MR
>> 2 install, reboot, MR3 install and so forth and so on? 
>>
>> ** **
>>
>> Thanks 
>>
>> ** **
>>
>> On Sun, Aug 14, 2011 at 12:51 AM, David Liu  wrote:
>> 
>>
>> I think bas only if u have bes running on it...my reading of this is that
>> 5.03 MR3 fixes the vulnerability among other things & that the ISSU is only
>> applicable for 5.01 and 5.0.2
>>
>> On Sat, Aug 13, 2011 at 8:57 AM, Martin Blackstone 
>> wrote:
>>
>>  Fix is easy. Lay down a couple of replacement files and restart the BAS.
>> 
>>
>> We did it in less than 5 min with no downtime.
>>
>>  
>>
>> *From:* Paul Hutchings [mailto:paul.hutchi...@mira.co.uk]
>> *Sent:* Saturday, August 13, 2011 4:46 AM
>> *To:* NT System Admin Issues
>> *Subject:* Blackberry BES Image Vulnerability
>>
>>  
>>
>> Apologies if this has already been posted but I didn’t spot it so..
>>
>>  
>>
>>
>> http://www.h-online.com/security/news/item/Images-used-to-break-into-BlackBerry-servers-1322436.html
>> 
>>  --
>>
>> *MIRA Ltd*
>>
>>  
>>
>> Watling Street, Nuneaton, Warwickshire, CV10 0TU, England
>>
>> Registered in England and Wales No. 402570
>>
>> VAT Registration  GB 100 1464 84
>>
>>  
>>
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Blackberry BES Image Vulnerability

2011-08-16 Thread David Liu 
And of course! Cumulative update it is! Thanks and excuse my myopia!

On Tue, Aug 16, 2011 at 9:43 PM, Andrew S. Baker  wrote:

> The first page of the release notes clearly answer this:
>
>
> http://docs.blackberry.com/en/admin/deliverables/32540/BlackBerry_Enterprise_Server_for_Microsoft_Exchange-Maintenance_Release_Notes--1766981-0808012817-001-5.0.3-US.pdf
>
> * *
>
> *ASB* *http://about.me/Andrew.S.Baker* *Harnessing the Advantages of
> Technology for the SMB market…
>
> *
>
>
>
> On Tue, Aug 16, 2011 at 8:29 PM, David Liu  wrote:
>
>> Let me rephrase, are the BES MR cumulative? e.g. installation of MR4
>> automatically instals all updates/fixes from previous maintenance releases?
>>
>> Thanks
>>
>>
>> On Tue, Aug 16, 2011 at 8:26 PM, David Liu  wrote:
>>
>>> btw, 5.03 MR4 has just been released and I notice that prerequisite
>>> appears you have to be at 5.03 to first to install MR4. So, if we are at
>>> 5.03 MR1, we'dhave to apply MR2/MR3 and then MR4? Does this necessitate a MR
>>> 2 install, reboot, MR3 install and so forth and so on?
>>>
>>> Thanks
>>>
>>>
>>> On Sun, Aug 14, 2011 at 12:51 AM, David Liu wrote:
>>>
 I think bas only if u have bes running on it...my reading of this is
 that 5.03 MR3 fixes the vulnerability among other things & that the ISSU is
 only applicable for 5.01 and 5.0.2

 On Sat, Aug 13, 2011 at 8:57 AM, Martin Blackstone <
 mblackst...@gmail.com> wrote:

> Fix is easy. Lay down a couple of replacement files and restart the
> BAS. 
>
> We did it in less than 5 min with no downtime.
>
> ** **
>
> *From:* Paul Hutchings [mailto:paul.hutchi...@mira.co.uk]
> *Sent:* Saturday, August 13, 2011 4:46 AM
> *To:* NT System Admin Issues
> *Subject:* Blackberry BES Image Vulnerability
>
> ** **
>
> Apologies if this has already been posted but I didn’t spot it so..***
> *
>
> ** **
>
>
> http://www.h-online.com/security/news/item/Images-used-to-break-into-BlackBerry-servers-1322436.html
> 
> --
>
> *MIRA Ltd*
>
> ** **
>
> Watling Street, Nuneaton, Warwickshire, CV10 0TU, England
>
> Registered in England and Wales No. 402570
>
> VAT Registration  GB 100 1464 84
>
> ** **
>
> The contents of this e-mail are confidential and are solely for the use
> of the intended recipient.  If you receive this e-mail in error, please
> delete it and notify us either by e-mail, telephone or fax.  You should 
> not
> copy, forward or otherwise disclose the content of the e-mail as this is
> prohibited.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~   ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin

>>>
>>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Using IP address restrictions in IIS 7

2011-08-16 Thread Ken Schaefer 
Hi,

According to MSDN schema reference, this is settable in a directory's 
web.config file:
http://msdn.microsoft.com/en-us/library/ms691353(v=VS.90).aspx

So, you can either create a web.config with the require settings, or use the 
 tags to set this in applicationHost.config and reference 
the specific folder.

Cheers
Ken

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Wednesday, 17 August 2011 4:18 AM
To: NT System Admin Issues
Subject: Using IP address restrictions in IIS 7

I've dug around, and I've tried my Google-fu to no avail.

In IIS 6, it was very easy to configure a folder under a website so that only 
hosts with certain IP addresses could access it.

Darned if I can see how to do this with IIS 7, though. I see how to configure 
the entire SITE to use IP address restrictions, but not how to do this for a 
specific folder under the site.

Can someone point me in the right direction? I'm sure I'm missing something 
obvious.



John Hornbuckle
MIS Department
Taylor County School District
www.taylor.k12.fl.us



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Blackberry BES Image Vulnerability

2011-08-16 Thread Andrew S. Baker 
A mythical parchment, used in ancient times to indoctrinate a sacred order
of monks who were tasked with guarding the oracle of blinking lights, and
ensuring that its rhythmic hum never attained a fevered pitch.

* *

*ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of
Technology for the SMB market…

*



On Tue, Aug 16, 2011 at 10:10 PM, Crawford, Scott wrote:

>  What are these “release notes” you speak of?
>
> ** **
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Sent:* Tuesday, August 16, 2011 8:44 PM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Blackberry BES Image Vulnerability
>
> ** **
>
> The first page of the release notes clearly answer this:
>
>
> http://docs.blackberry.com/en/admin/deliverables/32540/BlackBerry_Enterprise_Server_for_Microsoft_Exchange-Maintenance_Release_Notes--1766981-0808012817-001-5.0.3-US.pdf
> 
>
> *ASB*
>
> *http://about.me/Andrew.S.Baker*
>
> *Harnessing the Advantages of Technology for the SMB market…*
>
>
>
> 
>
> On Tue, Aug 16, 2011 at 8:29 PM, David Liu  wrote:**
> **
>
> Let me rephrase, are the BES MR cumulative? e.g. installation of MR4
> automatically instals all updates/fixes from previous maintenance releases?
> 
>
> ** **
>
> Thanks
>
> ** **
>
> On Tue, Aug 16, 2011 at 8:26 PM, David Liu  wrote:**
> **
>
> btw, 5.03 MR4 has just been released and I notice that prerequisite appears
> you have to be at 5.03 to first to install MR4. So, if we are at 5.03 MR1,
> we'dhave to apply MR2/MR3 and then MR4? Does this necessitate a MR 2
> install, reboot, MR3 install and so forth and so on? 
>
> ** **
>
> Thanks 
>
> ** **
>
> On Sun, Aug 14, 2011 at 12:51 AM, David Liu  wrote:*
> ***
>
> I think bas only if u have bes running on it...my reading of this is that
> 5.03 MR3 fixes the vulnerability among other things & that the ISSU is only
> applicable for 5.01 and 5.0.2
>
> On Sat, Aug 13, 2011 at 8:57 AM, Martin Blackstone 
> wrote:
>
>  Fix is easy. Lay down a couple of replacement files and restart the BAS.
> 
>
> We did it in less than 5 min with no downtime.
>
>  
>
> *From:* Paul Hutchings [mailto:paul.hutchi...@mira.co.uk]
> *Sent:* Saturday, August 13, 2011 4:46 AM
> *To:* NT System Admin Issues
> *Subject:* Blackberry BES Image Vulnerability
>
>  
>
> Apologies if this has already been posted but I didn’t spot it so..
>
>  
>
>
> http://www.h-online.com/security/news/item/Images-used-to-break-into-BlackBerry-servers-1322436.html
> 
>  --
>
> *MIRA Ltd*
>
>  
>
> Watling Street, Nuneaton, Warwickshire, CV10 0TU, England
>
> Registered in England and Wales No. 402570
>
> VAT Registration  GB 100 1464 84
>
>  
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Sherry's Back

2011-08-16 Thread Ben Scott 
On Tue, Aug 16, 2011 at 1:43 PM, Sherry Abercrombie
 wrote:
> Hello everyone, I’m finally back.

  congrats_and_welcome_back++;

  The list hasn't been the same without you!

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

[OT] The infection continues to spread (HP)

2011-08-16 Thread Ben Scott 
  The suck which has infested HP for the past several years continues
to spread.  We just today took a delivery of a brand new DesignJet
T790.  $4500 wide-format printer.

  The control panel UI is slow and often doesn't respond to finger
presses.  It does, however, have lots of high color graphics and
animations.

  Web UI has two different credential schemes depending on what page
you're on.  Some pages want you to leave the username field blank;
other pages want you to use "admin" for the username.

  Won't load paper.  Seems like it's not actually trying to feed.
After trying to a bit, it says "Edge of roll not found".  Prompts me
to lift the lever and unload paper.  I lift the lever.  New message:
"Lever unexpectedly lifted".  Lather, rinse, repeat.

  Support guidance says load the latest firmware.

  Look for firmware.  It's not under "Download drivers and software".
Eventually find it under a howto section.

  309 MB file!  Get download started.

  Since I'm downloading, decide to grab drivers.  Check under
"Download drivers and software".  Don't see drivers.  Mainly just this
"HP ePrint and Share: Easy printing" thing.  That claims to be a
radical new technology that lets me print without drivers or software.
 To use it, all I have to do is download and install this software.
Umm...

  Eventually find drivers under some other howto page.

  Firmware download finished.  It's just a binary blob, no checksum
info, no wrapper like ZIP or anything.  I just have to hope for the
best.  Takes several minutes to load.  Since then the machine's gone
offline and hasn't come back.

  I'm dreading the day the corruption reaches the ProCurve division.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Blackberry BES Image Vulnerability

2011-08-16 Thread Crawford, Scott 
What are these "release notes" you speak of?

From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Tuesday, August 16, 2011 8:44 PM
To: NT System Admin Issues
Subject: Re: Blackberry BES Image Vulnerability

The first page of the release notes clearly answer this:

http://docs.blackberry.com/en/admin/deliverables/32540/BlackBerry_Enterprise_Server_for_Microsoft_Exchange-Maintenance_Release_Notes--1766981-0808012817-001-5.0.3-US.pdf
ASB

http://about.me/Andrew.S.Baker

Harnessing the Advantages of Technology for the SMB market...



On Tue, Aug 16, 2011 at 8:29 PM, David Liu 
mailto:ganymed...@gmail.com>> wrote:
Let me rephrase, are the BES MR cumulative? e.g. installation of MR4 
automatically instals all updates/fixes from previous maintenance releases?

Thanks

On Tue, Aug 16, 2011 at 8:26 PM, David Liu 
mailto:ganymed...@gmail.com>> wrote:
btw, 5.03 MR4 has just been released and I notice that prerequisite appears you 
have to be at 5.03 to first to install MR4. So, if we are at 5.03 MR1, we'dhave 
to apply MR2/MR3 and then MR4? Does this necessitate a MR 2 install, reboot, 
MR3 install and so forth and so on?

Thanks

On Sun, Aug 14, 2011 at 12:51 AM, David Liu 
mailto:ganymed...@gmail.com>> wrote:
I think bas only if u have bes running on it...my reading of this is that 5.03 
MR3 fixes the vulnerability among other things & that the ISSU is only 
applicable for 5.01 and 5.0.2
On Sat, Aug 13, 2011 at 8:57 AM, Martin Blackstone 
mailto:mblackst...@gmail.com>> wrote:
Fix is easy. Lay down a couple of replacement files and restart the BAS.
We did it in less than 5 min with no downtime.

From: Paul Hutchings 
[mailto:paul.hutchi...@mira.co.uk]
Sent: Saturday, August 13, 2011 4:46 AM
To: NT System Admin Issues
Subject: Blackberry BES Image Vulnerability

Apologies if this has already been posted but I didn't spot it so..

http://www.h-online.com/security/news/item/Images-used-to-break-into-BlackBerry-servers-1322436.html

MIRA Ltd

Watling Street, Nuneaton, Warwickshire, CV10 0TU, England
Registered in England and Wales No. 402570
VAT Registration  GB 100 1464 84

The contents of this e-mail are confidential and are solely for the use of the 
intended recipient.  If you receive this e-mail in error, please delete it and 
notify us either by e-mail, telephone or fax.  You should not copy, forward or 
otherwise disclose the content of the e-mail as this is prohibited.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Sherry's Back

2011-08-16 Thread Bob Fronk 
Great News!

Welcome back


From: Sherry Abercrombie [mailto:sabercrom...@nhdallas.com]
Sent: Tuesday, August 16, 2011 1:44 PM
To: NT System Admin Issues
Subject: Sherry's Back

Hello everyone, I'm finally back.  After being laid off in April 2010, I was 
unemployed for about 4 months, finally landing a job answering Help Desk and 
eventually as a Network Operator at Radio Shack corporate headquarters.  Not 
exactly doing any technical server admin type stuff..this week I started a 
new job as the Facilities/IT Manager at New Horizons Computer Training Center - 
Dallas.  I'll be over the facilities in Dallas, Fort Worth, Tulsa and Oklahoma 
City.  Will be managing a small team, doing server admin stuff and other 
technical stuff, and access to any training I want to takeoh yes, I'm 
really excited about this job.  So here I am back on the lists and very glad to 
be back.


Sherry Abercrombie | Facilities/IT Manager
Dallas | Fort Worth | Oklahoma City | Tulsa
972.490.5151 x2250
sabercrom...@nhdallas.com | 
www.nhcomputerlearning.com




This information may contain information that is privileged, confidential and 
exempt from disclosure under applicable law. If you are not the intended 
recipient, you are hereby notified that any disclosure, photocopying or 
distribution of these contents is unauthorized and prohibited. If you have 
received this in error, please notify the sender immediately and destroy all 
copies.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Blackberry BES Image Vulnerability

2011-08-16 Thread Andrew S. Baker 
The first page of the release notes clearly answer this:

http://docs.blackberry.com/en/admin/deliverables/32540/BlackBerry_Enterprise_Server_for_Microsoft_Exchange-Maintenance_Release_Notes--1766981-0808012817-001-5.0.3-US.pdf

* *

*ASB* *http://about.me/Andrew.S.Baker* *Harnessing the Advantages of
Technology for the SMB market…

*



On Tue, Aug 16, 2011 at 8:29 PM, David Liu  wrote:

> Let me rephrase, are the BES MR cumulative? e.g. installation of MR4
> automatically instals all updates/fixes from previous maintenance releases?
>
> Thanks
>
>
> On Tue, Aug 16, 2011 at 8:26 PM, David Liu  wrote:
>
>> btw, 5.03 MR4 has just been released and I notice that prerequisite
>> appears you have to be at 5.03 to first to install MR4. So, if we are at
>> 5.03 MR1, we'dhave to apply MR2/MR3 and then MR4? Does this necessitate a MR
>> 2 install, reboot, MR3 install and so forth and so on?
>>
>> Thanks
>>
>>
>> On Sun, Aug 14, 2011 at 12:51 AM, David Liu  wrote:
>>
>>> I think bas only if u have bes running on it...my reading of this is that
>>> 5.03 MR3 fixes the vulnerability among other things & that the ISSU is only
>>> applicable for 5.01 and 5.0.2
>>>
>>> On Sat, Aug 13, 2011 at 8:57 AM, Martin Blackstone <
>>> mblackst...@gmail.com> wrote:
>>>
 Fix is easy. Lay down a couple of replacement files and restart the BAS.
 

 We did it in less than 5 min with no downtime.

 ** **

 *From:* Paul Hutchings [mailto:paul.hutchi...@mira.co.uk]
 *Sent:* Saturday, August 13, 2011 4:46 AM
 *To:* NT System Admin Issues
 *Subject:* Blackberry BES Image Vulnerability

 ** **

 Apologies if this has already been posted but I didn’t spot it so..

 ** **


 http://www.h-online.com/security/news/item/Images-used-to-break-into-BlackBerry-servers-1322436.html
 
 --

 *MIRA Ltd*

 ** **

 Watling Street, Nuneaton, Warwickshire, CV10 0TU, England

 Registered in England and Wales No. 402570

 VAT Registration  GB 100 1464 84

 ** **

 The contents of this e-mail are confidential and are solely for the use
 of the intended recipient.  If you receive this e-mail in error, please
 delete it and notify us either by e-mail, telephone or fax.  You should not
 copy, forward or otherwise disclose the content of the e-mail as this is
 prohibited.

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~   ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~   ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin

>>>
>>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>>> ~   ~
>>>
>>> ---
>>> To manage subscriptions click here:
>>> http://lyris.sunbelt-software.com/read/my_forums/
>>> or send an email to listmana...@lyris.sunbeltsoftware.com
>>> with the body: unsubscribe ntsysadmin
>>>
>>
>>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Blackberry BES Image Vulnerability

2011-08-16 Thread David Liu 
Let me rephrase, are the BES MR cumulative? e.g. installation of MR4
automatically instals all updates/fixes from previous maintenance releases?

Thanks

On Tue, Aug 16, 2011 at 8:26 PM, David Liu  wrote:

> btw, 5.03 MR4 has just been released and I notice that prerequisite appears
> you have to be at 5.03 to first to install MR4. So, if we are at 5.03 MR1,
> we'dhave to apply MR2/MR3 and then MR4? Does this necessitate a MR 2
> install, reboot, MR3 install and so forth and so on?
>
> Thanks
>
>
> On Sun, Aug 14, 2011 at 12:51 AM, David Liu  wrote:
>
>> I think bas only if u have bes running on it...my reading of this is that
>> 5.03 MR3 fixes the vulnerability among other things & that the ISSU is only
>> applicable for 5.01 and 5.0.2
>>
>> On Sat, Aug 13, 2011 at 8:57 AM, Martin Blackstone > > wrote:
>>
>>> Fix is easy. Lay down a couple of replacement files and restart the BAS.
>>> 
>>>
>>> We did it in less than 5 min with no downtime.
>>>
>>> ** **
>>>
>>> *From:* Paul Hutchings [mailto:paul.hutchi...@mira.co.uk]
>>> *Sent:* Saturday, August 13, 2011 4:46 AM
>>> *To:* NT System Admin Issues
>>> *Subject:* Blackberry BES Image Vulnerability
>>>
>>> ** **
>>>
>>> Apologies if this has already been posted but I didn’t spot it so..
>>>
>>> ** **
>>>
>>>
>>> http://www.h-online.com/security/news/item/Images-used-to-break-into-BlackBerry-servers-1322436.html
>>> 
>>> --
>>>
>>> *MIRA Ltd*
>>>
>>> ** **
>>>
>>> Watling Street, Nuneaton, Warwickshire, CV10 0TU, England
>>>
>>> Registered in England and Wales No. 402570
>>>
>>> VAT Registration  GB 100 1464 84
>>>
>>> ** **
>>>
>>> The contents of this e-mail are confidential and are solely for the use
>>> of the intended recipient.  If you receive this e-mail in error, please
>>> delete it and notify us either by e-mail, telephone or fax.  You should not
>>> copy, forward or otherwise disclose the content of the e-mail as this is
>>> prohibited.
>>>
>>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>>> ~   ~
>>>
>>> ---
>>> To manage subscriptions click here:
>>> http://lyris.sunbelt-software.com/read/my_forums/
>>> or send an email to listmana...@lyris.sunbeltsoftware.com
>>> with the body: unsubscribe ntsysadmin
>>>
>>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>>> ~   ~
>>>
>>> ---
>>> To manage subscriptions click here:
>>> http://lyris.sunbelt-software.com/read/my_forums/
>>> or send an email to listmana...@lyris.sunbeltsoftware.com
>>> with the body: unsubscribe ntsysadmin
>>>
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Sherry's Back

2011-08-16 Thread dan 
Welcome back Sherry.  Congratulations on your new job.

I have not been on here either in years. I was here in 96-97 when I was working 
for EDS. I see some familiar names like Andrew Baker, Michael.

Dan Evensen
  - Original Message - 
  From: Tony Patton 
  To: NT System Admin Issues 
  Sent: Tuesday, August 16, 2011 5:56 PM
  Subject: Re: Sherry's Back


  Welcome back Sherry :-)

  T

  Typed slowly on HTC Desire

  On Aug 16, 2011 6:44 PM, "Sherry Abercrombie"  
wrote:
  > Hello everyone, I'm finally back. After being laid off in April 2010, I was 
unemployed for about 4 months, finally landing a job answering Help Desk and 
eventually as a Network Operator at Radio Shack corporate headquarters. Not 
exactly doing any technical server admin type stuff..this week I started a 
new job as the Facilities/IT Manager at New Horizons Computer Training Center - 
Dallas. I'll be over the facilities in Dallas, Fort Worth, Tulsa and Oklahoma 
City. Will be managing a small team, doing server admin stuff and other 
technical stuff, and access to any training I want to takeoh yes, I'm 
really excited about this job. So here I am back on the lists and very glad to 
be back.
  > 
  > 
  > Sherry Abercrombie | Facilities/IT Manager
  > Dallas | Fort Worth | Oklahoma City | Tulsa
  > 972.490.5151 x2250
  > sabercrom...@nhdallas.com | 
www.nhcomputerlearning.com
  > 
  > 
  > 
  > 
  > This information may contain information that is privileged, confidential 
and exempt from disclosure under applicable law. If you are not the intended 
recipient, you are hereby notified that any disclosure, photocopying or 
distribution of these contents is unauthorized and prohibited. If you have 
received this in error, please notify the sender immediately and destroy all 
copies.
  > 
  > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
  > ~  ~
  > 
  > ---
  > To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
  > or send an email to listmana...@lyris.sunbeltsoftware.com
  > with the body: unsubscribe ntsysadmin

  ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
  ~   ~

  ---
  To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
  or send an email to listmana...@lyris.sunbeltsoftware.com
  with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Blackberry BES Image Vulnerability

2011-08-16 Thread David Liu 
btw, 5.03 MR4 has just been released and I notice that prerequisite appears
you have to be at 5.03 to first to install MR4. So, if we are at 5.03 MR1,
we'dhave to apply MR2/MR3 and then MR4? Does this necessitate a MR 2
install, reboot, MR3 install and so forth and so on?

Thanks

On Sun, Aug 14, 2011 at 12:51 AM, David Liu  wrote:

> I think bas only if u have bes running on it...my reading of this is that
> 5.03 MR3 fixes the vulnerability among other things & that the ISSU is only
> applicable for 5.01 and 5.0.2
>
> On Sat, Aug 13, 2011 at 8:57 AM, Martin Blackstone 
> wrote:
>
>> Fix is easy. Lay down a couple of replacement files and restart the BAS.
>> 
>>
>> We did it in less than 5 min with no downtime.
>>
>> ** **
>>
>> *From:* Paul Hutchings [mailto:paul.hutchi...@mira.co.uk]
>> *Sent:* Saturday, August 13, 2011 4:46 AM
>> *To:* NT System Admin Issues
>> *Subject:* Blackberry BES Image Vulnerability
>>
>> ** **
>>
>> Apologies if this has already been posted but I didn’t spot it so..
>>
>> ** **
>>
>>
>> http://www.h-online.com/security/news/item/Images-used-to-break-into-BlackBerry-servers-1322436.html
>> 
>> --
>>
>> *MIRA Ltd*
>>
>> ** **
>>
>> Watling Street, Nuneaton, Warwickshire, CV10 0TU, England
>>
>> Registered in England and Wales No. 402570
>>
>> VAT Registration  GB 100 1464 84
>>
>> ** **
>>
>> The contents of this e-mail are confidential and are solely for the use of
>> the intended recipient.  If you receive this e-mail in error, please delete
>> it and notify us either by e-mail, telephone or fax.  You should not copy,
>> forward or otherwise disclose the content of the e-mail as this is
>> prohibited.
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Weird dll files on boot

2011-08-16 Thread Jon Harris 
You might even want to try downloading a Viper Rescue and try running it
from a safe boot or get a USB OS and boot from there and try scanning the
drives.  I think the safe boot mode would be easiest.

Jon

On Tue, Aug 16, 2011 at 1:16 PM, Ziots, Edward  wrote:

>  Also check your scheduled tasks, and use the Microsofts Malicious
> Software Removal tool along with ICesword and Rootkitrevealer and TDSSkiller
> by Kapersky and Fsecure Blacklight. 
>
> ** **
>
> Z
>
> ** **
>
> Edward E. Ziots
>
> CISSP, Network +, Security +
>
> Security Engineer
>
> Lifespan Organization
>
> Email:ezi...@lifespan.org
>
> Cell:401-639-3505
>
> [image: CISSP_logo]
>
> ** **
>
> *From:* Erik Goldoff [mailto:egold...@gmail.com]
> *Sent:* Tuesday, August 16, 2011 10:51 AM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Weird dll files on boot
>
>  ** **
>
> you should check all your Load Points ... registry run keys, startup group,
> autoexec.bat, task scheduler, etc...
>
>
>
>  
>
> On Tue, Aug 16, 2011 at 10:26 AM, James Rankin 
> wrote:
>
> Well, more weirdness.
>
> On a whim, I deleted all of the files out of the
> %windir%\serviceprofiles\LocalSystem\AppData directory - not that any looked
> out of the ordinary - and now when I restart the server, the message I was
> getting has stopped happening. I couldn't find any reference to the
> directory or any files in it in a Process Monitor boot log. I feel
> *slightly* better that the message has gone away - but not really much,
> because it seems like some kind of infection, or attempted infection, has
> crawled under the radar.
>
> I might take one of these systems out and run a full scan from an
> alternative OS as suggested, but I hate the nagging feeling that something
> has gotten away without being fully understood. I'm hoping my strategy of AV
> + whitelisting hasn't led to any compromise, but I'm still wondering whether
> I should initiate a full rebuild of the server farm.
>
> Anyway thanks for all the suggestions,
>
> On 16 August 2011 13:34, Crawford, Scott  wrote:***
> *
>
> sounds rootkit-ish.  MS has a boot cd to run Security Essentials.
>
>
> 
>
> Sent from my Palm Pre on the Now Network from Sprint
>
> ** **
>  --
>
> On Aug 16, 2011 7:19 AM, James Rankin  wrote:
>
> Yes, but I don't have much faith in the AV software of choice (Trend).
> According to it, everything is hunky-dory. MalwareBytes didn't detect
> anything on a full scan either. I'm pulling up some Process Monitor logs now
> to see if there are any needles in that haystack.
>
> On 16 August 2011 13:09, Erik Goldoff  wrote:
>
> have you already checked your AV quarantine for the presence of these DLLs,
> or at least the detection/risk log to see if *that* is why they're gone
> before you can get to them ?
>
> 
>
> On Tue, Aug 16, 2011 at 6:41 AM, James Rankin 
> wrote:
>
> I've just got back from my holidays so I'm probably still not thinking
> straightbut has anyone noticed dll files with random names that appear
> in *c:\windows\serviceprofiles\localservice\appdata\local\temp *when a
> 2008 R2 server boots up? By the time I get to checking for them, they are
> gone. The reason I know they are there is because my whitelisting
> application doesn't allow executable content to have its ownership
> overwritten, and when the servers boot up, they are logging an event
> regarding an attempted ownership overwrite
>
> *AppSense Application Manager intercepted the overwrite of the allowed
> executable 'c:\windows\serviceprofiles\localservice\appdata\local\temp\*
> random_8_character_filename*.dll' on ''servername'. Ownership of this file
> was changed to that of the user*
>
> I've never noticed this happening before, and the randomised filename
> screams "malware" at me - but I have scanned the system with Trend and
> MalwareBytes, and can find no trace of any infection. By the time I dig into
> the folder to check, there's nothing there. Does anyone have any idea why
> these files would be appearing at boot time? My next step is to break out a
> bit of Process Monitor, but I'm just wondering if I am barking up a false
> positive tree here.
>
> TIA,
>
>
>
> JRR
>
> --
> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
> the machine wrong figures, will the right answers come out?' I am not able
> rightly to apprehend the kind of confusion of ideas that could provoke such
> a question."
>
> ** IMPORTANT INFORMATION/DISCLAIMER *
>
> This document should be read only by those persons to whom it is addressed.
> If you have received this message it was obviously addressed to you and
> therefore you can read it, even it we didn't mean to send it to you.
> However, if the contents of this email make no sense whatsoever then you
> probably were not the intended recipient, or, alternatively, you are a
> mindless cretin; either way, you should immediately kill yourself and
>

Re: Sherry's Back

2011-08-16 Thread Sean Martin 
Congratulations and welcome back!

- Sean

On Tue, Aug 16, 2011 at 9:43 AM, Sherry Abercrombie <
sabercrom...@nhdallas.com> wrote:

>  Hello everyone, I’m finally back.  After being laid off in April 2010, I
> was unemployed for about 4 months, finally landing a job answering Help Desk
> and eventually as a Network Operator at Radio Shack corporate headquarters.
> Not exactly doing any technical server admin type stuff……this week I started
> a new job as the Facilities/IT Manager at New Horizons Computer Training
> Center – Dallas.  I’ll be over the facilities in Dallas, Fort Worth, Tulsa
> and Oklahoma City.  Will be managing a small team, doing server admin stuff
> and other technical stuff, and access to any training I want to take….oh
> yes, I’m really excited about this job.  So here I am back on the lists and
> very glad to be back.
>
> ** **
>
> ** **
>
> *Sherry Abercrombie | Facilities/IT Manager*
>
> Dallas | Fort Worth | Oklahoma City | Tulsa 
>
> 972.490.5151 x2250  
>
> sabercrom...@nhdallas.com  |
> www.nhcomputerlearning.com  
>
> ** **
>
> ** **
>
> --
> This information may contain information that is privileged, confidential
> and exempt from disclosure under applicable law. If you are not the intended
> recipient, you are hereby notified that any disclosure, photocopying or
> distribution of these contents is unauthorized and prohibited. If you have
> received this in error, please notify the sender immediately and destroy all
> copies.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Sherry's Back

2011-08-16 Thread James Hill 
That's great news, welcome back.

Many could learn some lessons from your patience and persistence.  Well done.

From: Sherry Abercrombie [mailto:sabercrom...@nhdallas.com]
Sent: Wednesday, 17 August 2011 3:44 AM
To: NT System Admin Issues
Subject: Sherry's Back

Hello everyone, I'm finally back.  After being laid off in April 2010, I was 
unemployed for about 4 months, finally landing a job answering Help Desk and 
eventually as a Network Operator at Radio Shack corporate headquarters.  Not 
exactly doing any technical server admin type stuff..this week I started a 
new job as the Facilities/IT Manager at New Horizons Computer Training Center - 
Dallas.  I'll be over the facilities in Dallas, Fort Worth, Tulsa and Oklahoma 
City.  Will be managing a small team, doing server admin stuff and other 
technical stuff, and access to any training I want to takeoh yes, I'm 
really excited about this job.  So here I am back on the lists and very glad to 
be back.


Sherry Abercrombie | Facilities/IT Manager
Dallas | Fort Worth | Oklahoma City | Tulsa
972.490.5151 x2250
sabercrom...@nhdallas.com | 
www.nhcomputerlearning.com




This information may contain information that is privileged, confidential and 
exempt from disclosure under applicable law. If you are not the intended 
recipient, you are hereby notified that any disclosure, photocopying or 
distribution of these contents is unauthorized and prohibited. If you have 
received this in error, please notify the sender immediately and destroy all 
copies.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Sherry's Back

2011-08-16 Thread Tony Patton 
Welcome back Sherry :-)

T

Typed slowly on HTC Desire
On Aug 16, 2011 6:44 PM, "Sherry Abercrombie" 
wrote:
> Hello everyone, I'm finally back. After being laid off in April 2010, I
was unemployed for about 4 months, finally landing a job answering Help Desk
and eventually as a Network Operator at Radio Shack corporate headquarters.
Not exactly doing any technical server admin type stuff..this week I
started a new job as the Facilities/IT Manager at New Horizons Computer
Training Center - Dallas. I'll be over the facilities in Dallas, Fort Worth,
Tulsa and Oklahoma City. Will be managing a small team, doing server admin
stuff and other technical stuff, and access to any training I want to
takeoh yes, I'm really excited about this job. So here I am back on the
lists and very glad to be back.
>
>
> Sherry Abercrombie | Facilities/IT Manager
> Dallas | Fort Worth | Oklahoma City | Tulsa
> 972.490.5151 x2250
> sabercrom...@nhdallas.com |
www.nhcomputerlearning.com
>
>
>
> 
> This information may contain information that is privileged, confidential
and exempt from disclosure under applicable law. If you are not the intended
recipient, you are hereby notified that any disclosure, photocopying or
distribution of these contents is unauthorized and prohibited. If you have
received this in error, please notify the sender immediately and destroy all
copies.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~  ~
>
> ---
> To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: PGP + SSD = No boot?

2011-08-16 Thread David Lum 
BTDT. You need PGP Desktop client 10.1.2. We have newer Dell's that borked when 
encryption was done with the earlier client version. Contact 
PGPerrSymantec support and get 10.1.2 or later.

Dave

-Original Message-
From: Jon D [mailto:rekcahp...@gmail.com] 
Sent: Tuesday, August 16, 2011 10:57 AM
To: NT System Admin Issues
Subject: PGP + SSD = No boot?

Has anyone here had issues with PGP Whole Disk Encryption not booting
when used with SSD hard drives?
Our helpdesk asked me, and I don't know.
Seems like around 10% of the laptops they're rolling out will work for
a few days and then then it seems like PGP loses the location of the
partition or something.



Thanks,
Jon



.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Acrobat Alternatives - PDF-XChange?

2011-08-16 Thread Paul Hutchings 
Yes, thanks though.  It's a little limiting in that you can't do things such as 
stamps or use certificates, and of course you can't modify existing PDF files 
(add/remove/merge pages etc.).

From: Terry Dickson [te...@treasurer.state.ks.us]
Sent: 16 August 2011 8:52 PM
To: NT System Admin Issues
Subject: RE: Acrobat Alternatives - PDF-XChange?


What version of Word?  You know you can do that directly from Word now, no 
other software required?


From: Paul Hutchings [paul.hutchi...@mira.co.uk]
Sent: Tuesday, August 16, 2011 2:23 PM
To: NT System Admin Issues
Subject: Acrobat Alternatives - PDF-XChange?

We currently use Adobe Acrobat Standard or Pro to create anything other than 
basic PDF's.

Acrobat isn't cheap, each new version of Windows and Office seems to break 
something unless you're running the latest version, and it's overkill for 
creating PDFs from Word documents or inserting/deleting the odd page from a PDF 
and perhaps adding a few stamps and saving it with some document security.

A couple of people have recommended PDF-XChange which I hadn't heard of until 
today.

I'll download the demo's and give them a try, but does anyone have any 
first-hand feedback on their products?

Thanks,
Paul

MIRA Ltd

Watling Street, Nuneaton, Warwickshire, CV10 0TU, England
Registered in England and Wales No. 402570
VAT Registration  GB 100 1464 84

The contents of this e-mail are confidential and are solely for the use of the 
intended recipient.  If you receive this e-mail in error, please delete it and 
notify us either by e-mail, telephone or fax.  You should not copy, forward or 
otherwise disclose the content of the e-mail as this is prohibited.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


CONFIDENTIALITY NOTICE: This e-mail and any attachments are confidential. If 
you are not the intended recipient, you do not have permission to disclose, 
copy, distribute, or open any attachments. If you have received this e-mail in 
error, please notify us immediately by returning it to the sender and delete 
this copy from your system.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

OT: Kid made CIO.com

2011-08-16 Thread Kennedy, Jim 
He is the third 'scariest' hack from Black Hat/DefCon.

http://www.cio.com/article/687919/10_Scariest_Hacks_?page=1#slideshow


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Acrobat Alternatives - PDF-XChange?

2011-08-16 Thread Terry Dickson 
What version of Word?  You know you can do that directly from Word now, no 
other software required?


From: Paul Hutchings [paul.hutchi...@mira.co.uk]
Sent: Tuesday, August 16, 2011 2:23 PM
To: NT System Admin Issues
Subject: Acrobat Alternatives - PDF-XChange?

We currently use Adobe Acrobat Standard or Pro to create anything other than 
basic PDF's.

Acrobat isn't cheap, each new version of Windows and Office seems to break 
something unless you're running the latest version, and it's overkill for 
creating PDFs from Word documents or inserting/deleting the odd page from a PDF 
and perhaps adding a few stamps and saving it with some document security.

A couple of people have recommended PDF-XChange which I hadn't heard of until 
today.

I'll download the demo's and give them a try, but does anyone have any 
first-hand feedback on their products?

Thanks,
Paul

MIRA Ltd

Watling Street, Nuneaton, Warwickshire, CV10 0TU, England
Registered in England and Wales No. 402570
VAT Registration  GB 100 1464 84

The contents of this e-mail are confidential and are solely for the use of the 
intended recipient.  If you receive this e-mail in error, please delete it and 
notify us either by e-mail, telephone or fax.  You should not copy, forward or 
otherwise disclose the content of the e-mail as this is prohibited.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


CONFIDENTIALITY NOTICE: This e-mail and any attachments are confidential. If 
you are not the intended recipient, you do not have permission to disclose, 
copy, distribute, or open any attachments. If you have received this e-mail in 
error, please notify us immediately by returning it to the sender and delete 
this copy from your system.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Sherry's Back

2011-08-16 Thread Kurt Buff 
A measure of respectability comes back, and just in time.

Kurt

On Tue, Aug 16, 2011 at 10:43, Sherry Abercrombie
 wrote:
> Hello everyone, I’m finally back.  After being laid off in April 2010, I was
> unemployed for about 4 months, finally landing a job answering Help Desk and
> eventually as a Network Operator at Radio Shack corporate headquarters.  Not
> exactly doing any technical server admin type stuff……this week I started a
> new job as the Facilities/IT Manager at New Horizons Computer Training
> Center – Dallas.  I’ll be over the facilities in Dallas, Fort Worth, Tulsa
> and Oklahoma City.  Will be managing a small team, doing server admin stuff
> and other technical stuff, and access to any training I want to take….oh
> yes, I’m really excited about this job.  So here I am back on the lists and
> very glad to be back.
>
>
>
>
>
> Sherry Abercrombie | Facilities/IT Manager
>
> Dallas | Fort Worth | Oklahoma City | Tulsa
>
> 972.490.5151 x2250
>
> sabercrom...@nhdallas.com | www.nhcomputerlearning.com
>
>
>
>
>
> 
> This information may contain information that is privileged, confidential
> and exempt from disclosure under applicable law. If you are not the intended
> recipient, you are hereby notified that any disclosure, photocopying or
> distribution of these contents is unauthorized and prohibited. If you have
> received this in error, please notify the sender immediately and destroy all
> copies.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Acrobat Alternatives - PDF-XChange?

2011-08-16 Thread Roger Wright 
Someone here recommended PDFRedirect recently and I've begun using it.  Nice
freeware product!  Haven't checked out the Pro version.


Roger Wright
___

My short term goal is to make it through the day.
My long term goal is to string a bunch of short term goals together.





2011/8/16 Paul Hutchings 

>  We currently use Adobe Acrobat Standard or Pro to create anything other
> than basic PDF's.
>
>  Acrobat isn't cheap, each new version of Windows and Office seems to
> break something unless you're running the latest version, and it's overkill
> for creating PDFs from Word documents or inserting/deleting the odd page
> from a PDF and perhaps adding a few stamps and saving it with some document
> security.
>
>  A couple of people have recommended PDF-XChange which I hadn't heard of
> until today.
>
>  I'll download the demo's and give them a try, but does anyone have any
> first-hand feedback on their products?
>
>  Thanks,
> Paul
>  --
> *MIRA Ltd*
>
> Watling Street, Nuneaton, Warwickshire, CV10 0TU, England
> Registered in England and Wales No. 402570
> VAT Registration  GB 100 1464 84
>
> The contents of this e-mail are confidential and are solely for the use of
> the intended recipient.  If you receive this e-mail in error, please delete
> it and notify us either by e-mail, telephone or fax.  You should not copy,
> forward or otherwise disclose the content of the e-mail as this is
> prohibited.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: WIndows 95 and Server 2008 R2 DCs

2011-08-16 Thread Ralph Smith 
Could you P2V one of the Win95 machines and install the AD client
extension on it as a test to see if it works? Back when I had Win 95
machines on a 2003 domain I ended up installing it on all the win9x
machines with good success.

 

Alternately, and this is kind of a kludgey (is that a word?), assuming
your forest is at Windows 2003 functional level, could you create a new
Win 2003 Domain Controller in its own domain, create a 2 way trust
between your existing domain and the new domain, and have the two Win 95
computers log into the new domain?

 

From: Ken Cornetet [mailto:ken.corne...@kimball.com] 
Sent: Tuesday, August 16, 2011 12:51 PM
To: NT System Admin Issues
Subject: WIndows 95 and Server 2008 R2 DCs

 

I have some Windows 95 computers authenticating against my domain.
Currently, the domain is running on Server 2003 DCs, but I am in the
process of upgrading to Server 2008 R2 DCs. I have already started to
deploy Server 2008 DCs.

 

I have one location that has a couple of Windows 95 computers, and they
cannot authenticate against a Server 2008 R2 DC - even with what I think
is the appropriate group policy (the same policy allows the Windows 95
machines to authenticate against Server 2003 DCs).

 

OK, I know, Windows 95. But, these are used as controllers in some
multi-million dollar machinery that was purchased long ago from a
company that is now defunct. Replacing this equipment is simply not an
option. Upgrading the OS is not an option. Installing the AD client
extension for Windows 9x *might* be an option, but only as a last
resort. The factory guys who maintain this equipment obviously do not
like to stir the soup, because the apparently only human left on earth
who can support this equipment charges 5 figures to just answer the
phone.

 

Here's what I have in the Default Domain Controller Policy:

Microsoft network client: Digitally sign communications (always)
Disabled

Microsoft network server: Digitally sign communications (always)
Disabled

Microsoft network server: Digitally sign communications (if client
agrees) Enabled

Network security: Do not store LAN Manager hash value on next password
change Disabled

Network security: LAN Manager authentication level Send LM & NTLM - use
NTLMv2 session security if negotiated

Allow cryptography algorithms compatible with Windows NT 4.0 Enabled 

 

Any suggestions?

 

Ken Cornetet 812.482.8499

To err is human - to moo, bovine.

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Acrobat Alternatives - PDF-XChange?

2011-08-16 Thread Paul Hutchings 
We currently use Adobe Acrobat Standard or Pro to create anything other than 
basic PDF's.

Acrobat isn't cheap, each new version of Windows and Office seems to break 
something unless you're running the latest version, and it's overkill for 
creating PDFs from Word documents or inserting/deleting the odd page from a PDF 
and perhaps adding a few stamps and saving it with some document security.

A couple of people have recommended PDF-XChange which I hadn't heard of until 
today.

I'll download the demo's and give them a try, but does anyone have any 
first-hand feedback on their products?

Thanks,
Paul

--
MIRA Ltd

Watling Street, Nuneaton, Warwickshire, CV10 0TU, England
Registered in England and Wales No. 402570
VAT Registration  GB 100 1464 84

The contents of this e-mail are confidential and are solely for the use of the 
intended recipient.  If you receive this e-mail in error, please delete it and 
notify us either by e-mail, telephone or fax.  You should not copy, forward or 
otherwise disclose the content of the e-mail as this is prohibited.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Sherry's Back

2011-08-16 Thread Orland, Kathleen 
Welcome back, we missed you!

 

From: Sherry Abercrombie [mailto:sabercrom...@nhdallas.com] 
Sent: Tuesday, August 16, 2011 1:44 PM
To: NT System Admin Issues
Subject: Sherry's Back

 

Hello everyone, I'm finally back.  After being laid off in April 2010, I was
unemployed for about 4 months, finally landing a job answering Help Desk and
eventually as a Network Operator at Radio Shack corporate headquarters.  Not
exactly doing any technical server admin type stuff..this week I started a
new job as the Facilities/IT Manager at New Horizons Computer Training
Center - Dallas.  I'll be over the facilities in Dallas, Fort Worth, Tulsa
and Oklahoma City.  Will be managing a small team, doing server admin stuff
and other technical stuff, and access to any training I want to take..oh
yes, I'm really excited about this job.  So here I am back on the lists and
very glad to be back.

 

 

Sherry Abercrombie | Facilities/IT Manager

Dallas | Fort Worth | Oklahoma City | Tulsa 

972.490.5151 x2250  

  sabercrom...@nhdallas.com |
 www.nhcomputerlearning.com 

 

 

 

  _  

This information may contain information that is privileged, confidential
and exempt from disclosure under applicable law. If you are not the intended
recipient, you are hereby notified that any disclosure, photocopying or
distribution of these contents is unauthorized and prohibited. If you have
received this in error, please notify the sender immediately and destroy all
copies.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Sherry's Back

2011-08-16 Thread Steven Peck 
And welcome back as well.

On Tue, Aug 16, 2011 at 10:43 AM, Sherry Abercrombie <
sabercrom...@nhdallas.com> wrote:

>  Hello everyone, I’m finally back.  After being laid off in April 2010, I
> was unemployed for about 4 months, finally landing a job answering Help Desk
> and eventually as a Network Operator at Radio Shack corporate headquarters.
> Not exactly doing any technical server admin type stuff……this week I started
> a new job as the Facilities/IT Manager at New Horizons Computer Training
> Center – Dallas.  I’ll be over the facilities in Dallas, Fort Worth, Tulsa
> and Oklahoma City.  Will be managing a small team, doing server admin stuff
> and other technical stuff, and access to any training I want to take….oh
> yes, I’m really excited about this job.  So here I am back on the lists and
> very glad to be back.
>
> ** **
>
> ** **
>
> *Sherry Abercrombie | Facilities/IT Manager*
>
> Dallas | Fort Worth | Oklahoma City | Tulsa 
>
> 972.490.5151 x2250  
>
> sabercrom...@nhdallas.com  |
> www.nhcomputerlearning.com  
>
> ** **
>
> ** **
>
> --
> This information may contain information that is privileged, confidential
> and exempt from disclosure under applicable law. If you are not the intended
> recipient, you are hereby notified that any disclosure, photocopying or
> distribution of these contents is unauthorized and prohibited. If you have
> received this in error, please notify the sender immediately and destroy all
> copies.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Sherry's Back

2011-08-16 Thread Maglinger, Paul 
Congrats Sherry!  Welcome home!

 

From: Sherry Abercrombie [mailto:sabercrom...@nhdallas.com] 
Sent: Tuesday, August 16, 2011 12:44 PM
To: NT System Admin Issues
Subject: Sherry's Back

 

Hello everyone, I'm finally back.  After being laid off in April 2010, I
was unemployed for about 4 months, finally landing a job answering Help
Desk and eventually as a Network Operator at Radio Shack corporate
headquarters.  Not exactly doing any technical server admin type
stuff..this week I started a new job as the Facilities/IT Manager at
New Horizons Computer Training Center - Dallas.  I'll be over the
facilities in Dallas, Fort Worth, Tulsa and Oklahoma City.  Will be
managing a small team, doing server admin stuff and other technical
stuff, and access to any training I want to takeoh yes, I'm really
excited about this job.  So here I am back on the lists and very glad to
be back.

 

 

Sherry Abercrombie | Facilities/IT Manager

Dallas | Fort Worth | Oklahoma City | Tulsa 

972.490.5151 x2250  

sabercrom...@nhdallas.com   |
www.nhcomputerlearning.com   

 

 

 



This information may contain information that is privileged,
confidential and exempt from disclosure under applicable law. If you are
not the intended recipient, you are hereby notified that any disclosure,
photocopying or distribution of these contents is unauthorized and
prohibited. If you have received this in error, please notify the sender
immediately and destroy all copies.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Sherry's Back

2011-08-16 Thread Erik Goldoff 
Welcome back to the world, glad you've landed a spot that you like !



On Tue, Aug 16, 2011 at 1:43 PM, Sherry Abercrombie <
sabercrom...@nhdallas.com> wrote:

>  Hello everyone, I’m finally back.  After being laid off in April 2010, I
> was unemployed for about 4 months, finally landing a job answering Help Desk
> and eventually as a Network Operator at Radio Shack corporate headquarters.
> Not exactly doing any technical server admin type stuff……this week I started
> a new job as the Facilities/IT Manager at New Horizons Computer Training
> Center – Dallas.  I’ll be over the facilities in Dallas, Fort Worth, Tulsa
> and Oklahoma City.  Will be managing a small team, doing server admin stuff
> and other technical stuff, and access to any training I want to take….oh
> yes, I’m really excited about this job.  So here I am back on the lists and
> very glad to be back.
>
> ** **
>
> ** **
>
> *Sherry Abercrombie | Facilities/IT Manager*
>
> Dallas | Fort Worth | Oklahoma City | Tulsa 
>
> 972.490.5151 x2250  
>
> sabercrom...@nhdallas.com  |
> www.nhcomputerlearning.com  
>
> ** **
>
> ** **
>
> --
> This information may contain information that is privileged, confidential
> and exempt from disclosure under applicable law. If you are not the intended
> recipient, you are hereby notified that any disclosure, photocopying or
> distribution of these contents is unauthorized and prohibited. If you have
> received this in error, please notify the sender immediately and destroy all
> copies.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Sherry's Back

2011-08-16 Thread Chipshead 
Well, well. Welcome back! 

- Original Message -
From: "Sherry Abercrombie"  
To: "NT System Admin Issues"  
Sent: Tuesday, August 16, 2011 1:43:56 PM 
Subject: Sherry's Back 




Hello everyone, I’m finally back.  After being laid off in April 2010, I was 
unemployed for about 4 months, finally landing a job answering Help Desk and 
eventually as a Network Operator at Radio Shack corporate headquarters.  Not 
exactly doing any technical server admin type stuff……this week I started a new 
job as the Facilities/IT Manager at New Horizons Computer Training Center – 
Dallas.  I’ll be over the facilities in Dallas, Fort Worth, Tulsa and Oklahoma 
City.  Will be managing a small team, doing server admin stuff and other 
technical stuff, and access to any training I want to take….oh yes, I’m really 
excited about this job.  So here I am back on the lists and very glad to be 
back. 

  

  

Sherry Abercrombie | Facilities/IT Manager 

Dallas | Fort Worth | Oklahoma City | Tulsa 

972.490.5151 x2250  

sabercrom...@nhdallas.com | www.nhcomputerlearning.com 

  

  

This information may contain information that is privileged, confidential and 
exempt from disclosure under applicable law. If you are not the intended 
recipient, you are hereby notified that any disclosure, photocopying or 
distribution of these contents is unauthorized and prohibited. If you have 
received this in error, please notify the sender immediately and destroy all 
copies. 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ 
~ < http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ >  ~ 

--- 
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/ 
or send an email to listmana...@lyris.sunbeltsoftware.com 
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Sherry's Back

2011-08-16 Thread G.Waleed Kavalec 
Welcome Home !



On Tue, Aug 16, 2011 at 12:43 PM, Sherry Abercrombie <
sabercrom...@nhdallas.com> wrote:

>  Hello everyone, I’m finally back.  After being laid off in April 2010, I
> was unemployed for about 4 months, finally landing a job answering Help Desk
> and eventually as a Network Operator at Radio Shack corporate headquarters.
> Not exactly doing any technical server admin type stuff……this week I started
> a new job as the Facilities/IT Manager at New Horizons Computer Training
> Center – Dallas.  I’ll be over the facilities in Dallas, Fort Worth, Tulsa
> and Oklahoma City.  Will be managing a small team, doing server admin stuff
> and other technical stuff, and access to any training I want to take….oh
> yes, I’m really excited about this job.  So here I am back on the lists and
> very glad to be back.
>
> ** **
>
> ** **
>
> *Sherry Abercrombie | Facilities/IT Manager*
>
> Dallas | Fort Worth | Oklahoma City | Tulsa 
>
> 972.490.5151 x2250  
>
> sabercrom...@nhdallas.com  |
> www.nhcomputerlearning.com  
>
> ** **
>
> ** **
>
> --
> This information may contain information that is privileged, confidential
> and exempt from disclosure under applicable law. If you are not the intended
> recipient, you are hereby notified that any disclosure, photocopying or
> distribution of these contents is unauthorized and prohibited. If you have
> received this in error, please notify the sender immediately and destroy all
> copies.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>



-- 
G. Waleed Kavalec
__
Remember Remember this Coming November
The Debt Crisis Treason and Plot
I know of No Reason the Republican Treason
Should EVER be Forgot !

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Sherry's Back

2011-08-16 Thread Roger Wright 
Yes, but only when you're not busy Ghosting machines for the other classes.
 I'd think that'll really keep you busy!


Roger Wright
___

My short term goal is to make it through the day.
My long term goal is to string a bunch of short term goals together.





On Tue, Aug 16, 2011 at 2:12 PM, Sherry Abercrombie <
sabercrom...@nhdallas.com> wrote:

>  Yes, did I mention the free training perk?  Of course it’s on a standby
> basis, but yes, training = Woot!
>
> ** **
>
> *From:* William Robbins [mailto:dangerw...@gmail.com]
> *Sent:* Tuesday, August 16, 2011 1:05 PM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Sherry's Back
>
>  ** **
>
> Well hello Sherry!  Glad to hear things are going well again.  Free
> training huh?  Woot!
>
>  - WJR
>
> 
>
> On Tue, Aug 16, 2011 at 12:43, Sherry Abercrombie <
> sabercrom...@nhdallas.com> wrote:
>
> Hello everyone, I’m finally back.  After being laid off in April 2010, I
> was unemployed for about 4 months, finally landing a job answering Help Desk
> and eventually as a Network Operator at Radio Shack corporate headquarters.
> Not exactly doing any technical server admin type stuff……this week I started
> a new job as the Facilities/IT Manager at New Horizons Computer Training
> Center – Dallas.  I’ll be over the facilities in Dallas, Fort Worth, Tulsa
> and Oklahoma City.  Will be managing a small team, doing server admin stuff
> and other technical stuff, and access to any training I want to take….oh
> yes, I’m really excited about this job.  So here I am back on the lists and
> very glad to be back.
>
>  
>
>  
>
> *Sherry Abercrombie | Facilities/IT Manager*
>
> Dallas | Fort Worth | Oklahoma City | Tulsa 
>
> 972.490.5151 x2250  
>
> sabercrom...@nhdallas.com  |
> www.nhcomputerlearning.com  
>
>  
>
>  
>
> ** **
>  --
>
> This information may contain information that is privileged, confidential
> and exempt from disclosure under applicable law. If you are not the intended
> recipient, you are hereby notified that any disclosure, photocopying or
> distribution of these contents is unauthorized and prohibited. If you have
> received this in error, please notify the sender immediately and destroy all
> copies.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ** **
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> --
> This information may contain information that is privileged, confidential
> and exempt from disclosure under applicable law. If you are not the intended
> recipient, you are hereby notified that any disclosure, photocopying or
> distribution of these contents is unauthorized and prohibited. If you have
> received this in error, please notify the sender immediately and destroy all
> copies.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: WIndows 95 and Server 2008 R2 DCs

2011-08-16 Thread Andrew S. Baker 
That's not going to change the lack of authentication between Win95 and a
2008R2 DC.

* *

*ASB* *http://about.me/Andrew.S.Baker* *Harnessing the Advantages of
Technology for the SMB market…

*



On Tue, Aug 16, 2011 at 2:30 PM,  wrote:

> ** Could you not P2V the Win95 boxes and run them as virtual guests of
> some type on an XP workstation with autologon configured on the 95 guests?
> Although this may defeat the point of having them authenticate in the first
> place...
>
> Sent from my POS BlackBerry wireless device, which may wipe itself at any
> moment
> --
> *From: * "Andrew S. Baker" 
> *Date: *Tue, 16 Aug 2011 14:24:28 -0400
> *To: *NT System Admin Issues
> *ReplyTo: * "NT System Admin Issues" <
> ntsysadmin@lyris.sunbelt-software.com>
> *Subject: *Re: WIndows 95 and Server 2008 R2 DCs
>
> Given the business situation, it would seem that you have the choice
> between the following:
>
> -- Upgrading to 2008R2, and not authenticating the Win95 systems at all (as
> it is not supported) - http://support.microsoft.com/kb/954387
> -- Leaving the Win2K3 DCs in place
>
>
> * *
>
> *ASB* *http://about.me/Andrew.S.Baker* *Harnessing the Advantages of
> Technology for the SMB market…
>
> *
>
>
>
> On Tue, Aug 16, 2011 at 12:50 PM, Ken Cornetet 
> wrote:
>
>> I have some Windows 95 computers authenticating against my domain.
>> Currently, the domain is running on Server 2003 DCs, but I am in the process
>> of upgrading to Server 2008 R2 DCs. I have already started to deploy Server
>> 2008 DCs.
>>
>> ** **
>>
>> I have one location that has a couple of Windows 95 computers, and they
>> cannot authenticate against a Server 2008 R2 DC – even with what I think is
>> the appropriate group policy (the same policy allows the Windows 95 machines
>> to authenticate against Server 2003 DCs).
>>
>> ** **
>>
>> OK, I know, Windows 95. But, these are used as controllers in some
>> multi-million dollar machinery that was purchased long ago from a company
>> that is now defunct. Replacing this equipment is simply not an option.
>> Upgrading the OS is not an option. Installing the AD client extension for
>> Windows 9x **might** be an option, but only as a last resort. The factory
>> guys who maintain this equipment obviously do not like to stir the soup,
>> because the apparently only human left on earth who can support this
>> equipment charges 5 figures to just answer the phone.
>>
>> ** **
>>
>> Here’s what I have in the Default Domain Controller Policy:
>>
>> Microsoft network client: Digitally sign communications (always) *
>> Disabled*
>>
>> Microsoft network server: Digitally sign communications (always) *
>> Disabled*
>>
>> Microsoft network server: Digitally sign communications (if client agrees)
>> *Enabled*
>>
>> Network security: Do not store LAN Manager hash value on next password
>> change *Disabled*
>>
>> Network security: LAN Manager authentication level *Send LM & NTLM - use
>> NTLMv2 session security if negotiated*
>>
>> Allow cryptography algorithms compatible with Windows NT 4.0 *Enabled* **
>> **
>>
>> ** **
>>
>> Any suggestions?
>>
>> ** **
>>
>> Ken Cornetet 812.482.8499
>>
>> To err is human - to moo, bovine.
>>
>>
>>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Sherry's Back

2011-08-16 Thread Jonathan Link 
And there was much rejoicing...

Welcome back!

On Tue, Aug 16, 2011 at 1:43 PM, Sherry Abercrombie <
sabercrom...@nhdallas.com> wrote:

>  Hello everyone, I’m finally back.  After being laid off in April 2010, I
> was unemployed for about 4 months, finally landing a job answering Help Desk
> and eventually as a Network Operator at Radio Shack corporate headquarters.
> Not exactly doing any technical server admin type stuff……this week I started
> a new job as the Facilities/IT Manager at New Horizons Computer Training
> Center – Dallas.  I’ll be over the facilities in Dallas, Fort Worth, Tulsa
> and Oklahoma City.  Will be managing a small team, doing server admin stuff
> and other technical stuff, and access to any training I want to take….oh
> yes, I’m really excited about this job.  So here I am back on the lists and
> very glad to be back.
>
> ** **
>
> ** **
>
> *Sherry Abercrombie | Facilities/IT Manager*
>
> Dallas | Fort Worth | Oklahoma City | Tulsa 
>
> 972.490.5151 x2250  
>
> sabercrom...@nhdallas.com  |
> www.nhcomputerlearning.com  
>
> ** **
>
> ** **
>
> --
> This information may contain information that is privileged, confidential
> and exempt from disclosure under applicable law. If you are not the intended
> recipient, you are hereby notified that any disclosure, photocopying or
> distribution of these contents is unauthorized and prohibited. If you have
> received this in error, please notify the sender immediately and destroy all
> copies.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: WIndows 95 and Server 2008 R2 DCs

2011-08-16 Thread kz20fl 
Could you not P2V the Win95 boxes and run them as virtual guests of some type 
on an XP workstation with autologon configured on the 95 guests? Although this 
may defeat the point of having them authenticate in the first place...

Sent from my POS BlackBerry  wireless device, which may wipe itself at any 
moment

-Original Message-
From: "Andrew S. Baker" 
Date: Tue, 16 Aug 2011 14:24:28 
To: NT System Admin Issues
Reply-To: "NT System Admin Issues" 
Subject: Re: WIndows 95 and Server 2008 R2 DCs

Given the business situation, it would seem that you have the choice between
the following:

-- Upgrading to 2008R2, and not authenticating the Win95 systems at all (as
it is not supported) - http://support.microsoft.com/kb/954387
-- Leaving the Win2K3 DCs in place


* *

*ASB* *http://about.me/Andrew.S.Baker* *Harnessing the Advantages of
Technology for the SMB market…

*



On Tue, Aug 16, 2011 at 12:50 PM, Ken Cornetet wrote:

> I have some Windows 95 computers authenticating against my domain.
> Currently, the domain is running on Server 2003 DCs, but I am in the process
> of upgrading to Server 2008 R2 DCs. I have already started to deploy Server
> 2008 DCs.
>
> ** **
>
> I have one location that has a couple of Windows 95 computers, and they
> cannot authenticate against a Server 2008 R2 DC – even with what I think is
> the appropriate group policy (the same policy allows the Windows 95 machines
> to authenticate against Server 2003 DCs).
>
> ** **
>
> OK, I know, Windows 95. But, these are used as controllers in some
> multi-million dollar machinery that was purchased long ago from a company
> that is now defunct. Replacing this equipment is simply not an option.
> Upgrading the OS is not an option. Installing the AD client extension for
> Windows 9x **might** be an option, but only as a last resort. The factory
> guys who maintain this equipment obviously do not like to stir the soup,
> because the apparently only human left on earth who can support this
> equipment charges 5 figures to just answer the phone.
>
> ** **
>
> Here’s what I have in the Default Domain Controller Policy:
>
> Microsoft network client: Digitally sign communications (always) *Disabled
> *
>
> Microsoft network server: Digitally sign communications (always) *Disabled
> *
>
> Microsoft network server: Digitally sign communications (if client agrees)
> *Enabled*
>
> Network security: Do not store LAN Manager hash value on next password
> change *Disabled*
>
> Network security: LAN Manager authentication level *Send LM & NTLM - use
> NTLMv2 session security if negotiated*
>
> Allow cryptography algorithms compatible with Windows NT 4.0 *Enabled* ***
> *
>
> ** **
>
> Any suggestions?
>
> ** **
>
> Ken Cornetet 812.482.8499
>
> To err is human - to moo, bovine.
>
>
> **
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Sherry's Back

2011-08-16 Thread Andrew S. Baker 
Welcome back, Sherry...

* *

*ASB* *http://about.me/Andrew.S.Baker* *Harnessing the Advantages of
Technology for the SMB market…

*



On Tue, Aug 16, 2011 at 1:43 PM, Sherry Abercrombie <
sabercrom...@nhdallas.com> wrote:

>  Hello everyone, I’m finally back.  After being laid off in April 2010, I
> was unemployed for about 4 months, finally landing a job answering Help Desk
> and eventually as a Network Operator at Radio Shack corporate headquarters.
> Not exactly doing any technical server admin type stuff……this week I started
> a new job as the Facilities/IT Manager at New Horizons Computer Training
> Center – Dallas.  I’ll be over the facilities in Dallas, Fort Worth, Tulsa
> and Oklahoma City.  Will be managing a small team, doing server admin stuff
> and other technical stuff, and access to any training I want to take….oh
> yes, I’m really excited about this job.  So here I am back on the lists and
> very glad to be back.
>
> ** **
>
> ** **
>
> *Sherry Abercrombie | Facilities/IT Manager*
>
> Dallas | Fort Worth | Oklahoma City | Tulsa 
>
> 972.490.5151 x2250  
>
> sabercrom...@nhdallas.com  |
> www.nhcomputerlearning.com  
>
> ** **
>
> ** **
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: WIndows 95 and Server 2008 R2 DCs

2011-08-16 Thread Andrew S. Baker 
Given the business situation, it would seem that you have the choice between
the following:

-- Upgrading to 2008R2, and not authenticating the Win95 systems at all (as
it is not supported) - http://support.microsoft.com/kb/954387
-- Leaving the Win2K3 DCs in place


* *

*ASB* *http://about.me/Andrew.S.Baker* *Harnessing the Advantages of
Technology for the SMB market…

*



On Tue, Aug 16, 2011 at 12:50 PM, Ken Cornetet wrote:

> I have some Windows 95 computers authenticating against my domain.
> Currently, the domain is running on Server 2003 DCs, but I am in the process
> of upgrading to Server 2008 R2 DCs. I have already started to deploy Server
> 2008 DCs.
>
> ** **
>
> I have one location that has a couple of Windows 95 computers, and they
> cannot authenticate against a Server 2008 R2 DC – even with what I think is
> the appropriate group policy (the same policy allows the Windows 95 machines
> to authenticate against Server 2003 DCs).
>
> ** **
>
> OK, I know, Windows 95. But, these are used as controllers in some
> multi-million dollar machinery that was purchased long ago from a company
> that is now defunct. Replacing this equipment is simply not an option.
> Upgrading the OS is not an option. Installing the AD client extension for
> Windows 9x **might** be an option, but only as a last resort. The factory
> guys who maintain this equipment obviously do not like to stir the soup,
> because the apparently only human left on earth who can support this
> equipment charges 5 figures to just answer the phone.
>
> ** **
>
> Here’s what I have in the Default Domain Controller Policy:
>
> Microsoft network client: Digitally sign communications (always) *Disabled
> *
>
> Microsoft network server: Digitally sign communications (always) *Disabled
> *
>
> Microsoft network server: Digitally sign communications (if client agrees)
> *Enabled*
>
> Network security: Do not store LAN Manager hash value on next password
> change *Disabled*
>
> Network security: LAN Manager authentication level *Send LM & NTLM - use
> NTLMv2 session security if negotiated*
>
> Allow cryptography algorithms compatible with Windows NT 4.0 *Enabled* ***
> *
>
> ** **
>
> Any suggestions?
>
> ** **
>
> Ken Cornetet 812.482.8499
>
> To err is human - to moo, bovine.
>
>
> **
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Sherry's Back

2011-08-16 Thread James Kerr 
Happy to hear the good news!

On Tue, Aug 16, 2011 at 1:43 PM, Sherry Abercrombie <
sabercrom...@nhdallas.com> wrote:

>  Hello everyone, I’m finally back.  After being laid off in April 2010, I
> was unemployed for about 4 months, finally landing a job answering Help Desk
> and eventually as a Network Operator at Radio Shack corporate headquarters.
> Not exactly doing any technical server admin type stuff……this week I started
> a new job as the Facilities/IT Manager at New Horizons Computer Training
> Center – Dallas.  I’ll be over the facilities in Dallas, Fort Worth, Tulsa
> and Oklahoma City.  Will be managing a small team, doing server admin stuff
> and other technical stuff, and access to any training I want to take….oh
> yes, I’m really excited about this job.  So here I am back on the lists and
> very glad to be back.
>
> ** **
>
> ** **
>
> *Sherry Abercrombie | Facilities/IT Manager*
>
> Dallas | Fort Worth | Oklahoma City | Tulsa 
>
> 972.490.5151 x2250  
>
> sabercrom...@nhdallas.com  |
> www.nhcomputerlearning.com  
>
> ** **
>
> ** **
>
> --
> This information may contain information that is privileged, confidential
> and exempt from disclosure under applicable law. If you are not the intended
> recipient, you are hereby notified that any disclosure, photocopying or
> distribution of these contents is unauthorized and prohibited. If you have
> received this in error, please notify the sender immediately and destroy all
> copies.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Sherry's Back

2011-08-16 Thread Sherry Abercrombie 
Yes, did I mention the free training perk?  Of course it's on a standby basis, 
but yes, training = Woot!

From: William Robbins [mailto:dangerw...@gmail.com]
Sent: Tuesday, August 16, 2011 1:05 PM
To: NT System Admin Issues
Subject: Re: Sherry's Back

Well hello Sherry!  Glad to hear things are going well again.  Free training 
huh?  Woot!

 - WJR

On Tue, Aug 16, 2011 at 12:43, Sherry Abercrombie 
mailto:sabercrom...@nhdallas.com>> wrote:
Hello everyone, I'm finally back.  After being laid off in April 2010, I was 
unemployed for about 4 months, finally landing a job answering Help Desk and 
eventually as a Network Operator at Radio Shack corporate headquarters.  Not 
exactly doing any technical server admin type stuff..this week I started a 
new job as the Facilities/IT Manager at New Horizons Computer Training Center - 
Dallas.  I'll be over the facilities in Dallas, Fort Worth, Tulsa and Oklahoma 
City.  Will be managing a small team, doing server admin stuff and other 
technical stuff, and access to any training I want to takeoh yes, I'm 
really excited about this job.  So here I am back on the lists and very glad to 
be back.


Sherry Abercrombie | Facilities/IT Manager
Dallas | Fort Worth | Oklahoma City | Tulsa
972.490.5151 x2250
sabercrom...@nhdallas.com | 
www.nhcomputerlearning.com




This information may contain information that is privileged, confidential and 
exempt from disclosure under applicable law. If you are not the intended 
recipient, you are hereby notified that any disclosure, photocopying or 
distribution of these contents is unauthorized and prohibited. If you have 
received this in error, please notify the sender immediately and destroy all 
copies.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


This information may contain information that is privileged, confidential and 
exempt from disclosure under applicable law. If you are not the intended 
recipient, you are hereby notified that any disclosure, photocopying or 
distribution of these contents is unauthorized and prohibited. If you have 
received this in error, please notify the sender immediately and destroy all 
copies.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Sherry's Back

2011-08-16 Thread William Robbins 
Well hello Sherry!  Glad to hear things are going well again.  Free training
huh?  Woot!

 - WJR


On Tue, Aug 16, 2011 at 12:43, Sherry Abercrombie  wrote:

>  Hello everyone, I’m finally back.  After being laid off in April 2010, I
> was unemployed for about 4 months, finally landing a job answering Help Desk
> and eventually as a Network Operator at Radio Shack corporate headquarters.
> Not exactly doing any technical server admin type stuff……this week I started
> a new job as the Facilities/IT Manager at New Horizons Computer Training
> Center – Dallas.  I’ll be over the facilities in Dallas, Fort Worth, Tulsa
> and Oklahoma City.  Will be managing a small team, doing server admin stuff
> and other technical stuff, and access to any training I want to take….oh
> yes, I’m really excited about this job.  So here I am back on the lists and
> very glad to be back.
>
> ** **
>
> ** **
>
> *Sherry Abercrombie | Facilities/IT Manager*
>
> Dallas | Fort Worth | Oklahoma City | Tulsa 
>
> 972.490.5151 x2250  
>
> sabercrom...@nhdallas.com  |
> www.nhcomputerlearning.com  
>
> ** **
>
> ** **
>
> --
> This information may contain information that is privileged, confidential
> and exempt from disclosure under applicable law. If you are not the intended
> recipient, you are hereby notified that any disclosure, photocopying or
> distribution of these contents is unauthorized and prohibited. If you have
> received this in error, please notify the sender immediately and destroy all
> copies.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Sherry's Back

2011-08-16 Thread Charlie Kaiser 
Welcome back!

***
Charlie Kaiser
charl...@golden-eagle.org
Kingman, AZ
***  


> -Original Message-
> From: Sherry Abercrombie [mailto:sabercrom...@nhdallas.com]
> Sent: Tuesday, August 16, 2011 10:44 AM
> To: NT System Admin Issues
> Subject: Sherry's Back
> 
> Hello everyone, I'm finally back.  After being laid off in April 2010, I
was unemployed for
> about 4 months, finally landing a job answering Help Desk and eventually
as a Network
> Operator at Radio Shack corporate headquarters.  Not exactly doing any
technical server
> admin type stuff..this week I started a new job as the Facilities/IT
Manager at New
> Horizons Computer Training Center - Dallas.  I'll be over the facilities
in Dallas, Fort
> Worth, Tulsa and Oklahoma City.  Will be managing a small team, doing
server admin stuff
> and other technical stuff, and access to any training I want to take..oh
yes, I'm really
> excited about this job.  So here I am back on the lists and very glad to
be back.
> 
> 
> 
> 
> 
> Sherry Abercrombie | Facilities/IT Manager
> 
> Dallas | Fort Worth | Oklahoma City | Tulsa
> 
> 972.490.5151 x2250
> 
> sabercrom...@nhdallas.com   |
> www.nhcomputerlearning.com 
> 
> 
> 
> 
> 
> 
> 
> 
> This information may contain information that is privileged, confidential
and exempt from
> disclosure under applicable law. If you are not the intended recipient,
you are hereby
> notified that any disclosure, photocopying or distribution of these
contents is
> unauthorized and prohibited. If you have received this in error, please
notify the sender
> immediately and destroy all copies.
> 
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
> 
> ---
> To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

PGP + SSD = No boot?

2011-08-16 Thread Jon D 
Has anyone here had issues with PGP Whole Disk Encryption not booting
when used with SSD hard drives?
Our helpdesk asked me, and I don't know.
Seems like around 10% of the laptops they're rolling out will work for
a few days and then then it seems like PGP loses the location of the
partition or something.



Thanks,
Jon



.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Sherry's Back

2011-08-16 Thread Jeff Brown 
I meet with an IT Pro usergroup at the NH office here in Tulsa.  Welcome
back to the list, congrats on working through all that to get to a sweet
sounding spot.

On Tue, Aug 16, 2011 at 12:49 PM, Ziots, Edward  wrote:

>  Welcome Back J 
>
> ** **
>
> Good to see ya on the list again..
>
> Z
>
> ** **
>
> Edward E. Ziots
>
> CISSP, Network +, Security +
>
> Security Engineer
>
> Lifespan Organization
>
> Email:ezi...@lifespan.org
>
> Cell:401-639-3505
>
> [image: CISSP_logo]
>
> ** **
>
> *From:* Sherry Abercrombie [mailto:sabercrom...@nhdallas.com]
> *Sent:* Tuesday, August 16, 2011 1:44 PM
>
> *To:* NT System Admin Issues
> *Subject:* Sherry's Back
>
>  ** **
>
> Hello everyone, I’m finally back.  After being laid off in April 2010, I
> was unemployed for about 4 months, finally landing a job answering Help Desk
> and eventually as a Network Operator at Radio Shack corporate headquarters.
> Not exactly doing any technical server admin type stuff……this week I started
> a new job as the Facilities/IT Manager at New Horizons Computer Training
> Center – Dallas.  I’ll be over the facilities in Dallas, Fort Worth, Tulsa
> and Oklahoma City.  Will be managing a small team, doing server admin stuff
> and other technical stuff, and access to any training I want to take….oh
> yes, I’m really excited about this job.  So here I am back on the lists and
> very glad to be back.
>
> ** **
>
> ** **
>
> *Sherry Abercrombie | Facilities/IT Manager*
>
> Dallas | Fort Worth | Oklahoma City | Tulsa 
>
> 972.490.5151 x2250  
>
> sabercrom...@nhdallas.com  |
> www.nhcomputerlearning.com  
>
> ** **
>
> ** **
>
> ** **
>  --
>
> This information may contain information that is privileged, confidential
> and exempt from disclosure under applicable law. If you are not the intended
> recipient, you are hereby notified that any disclosure, photocopying or
> distribution of these contents is unauthorized and prohibited. If you have
> received this in error, please notify the sender immediately and destroy all
> copies.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

RE: Sherry's Back

2011-08-16 Thread Kennedy, Jim 
Awesome, WB. Sounds like a really cool gig.

From: Sherry Abercrombie [mailto:sabercrom...@nhdallas.com]
Sent: Tuesday, August 16, 2011 1:44 PM
To: NT System Admin Issues
Subject: Sherry's Back

Hello everyone, I'm finally back.  After being laid off in April 2010, I was 
unemployed for about 4 months, finally landing a job answering Help Desk and 
eventually as a Network Operator at Radio Shack corporate headquarters.  Not 
exactly doing any technical server admin type stuff..this week I started a 
new job as the Facilities/IT Manager at New Horizons Computer Training Center - 
Dallas.  I'll be over the facilities in Dallas, Fort Worth, Tulsa and Oklahoma 
City.  Will be managing a small team, doing server admin stuff and other 
technical stuff, and access to any training I want to takeoh yes, I'm 
really excited about this job.  So here I am back on the lists and very glad to 
be back.


Sherry Abercrombie | Facilities/IT Manager
Dallas | Fort Worth | Oklahoma City | Tulsa
972.490.5151 x2250
sabercrom...@nhdallas.com | 
www.nhcomputerlearning.com




This information may contain information that is privileged, confidential and 
exempt from disclosure under applicable law. If you are not the intended 
recipient, you are hereby notified that any disclosure, photocopying or 
distribution of these contents is unauthorized and prohibited. If you have 
received this in error, please notify the sender immediately and destroy all 
copies.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Sherry's Back

2011-08-16 Thread Shamika Fehr 
Congratualations and Welcome Back! 


From: Sherry Abercrombie 
To: NT System Admin Issues 
Sent: Tuesday, August 16, 2011 12:43 PM
Subject: Sherry's Back


Hello everyone, I’m finally back.  After being laid off in April 2010, I was 
unemployed for about 4 months, finally landing a job answering Help Desk and 
eventually as a Network Operator at Radio Shack corporate headquarters.  Not 
exactly doing any technical server admin type stuff……this week I started a new 
job as the Facilities/IT Manager at New Horizons Computer Training Center – 
Dallas.  I’ll be over the facilities in Dallas, Fort Worth, Tulsa and Oklahoma 
City.  Will be managing a small team, doing server admin stuff and other 
technical stuff, and access to any training I want to take….oh yes, I’m really 
excited about this job.  So here I am back on the lists and very glad to be 
back.
 
 
Sherry Abercrombie | Facilities/IT Manager
Dallas| Fort Worth | Oklahoma City | Tulsa 
972.490.5151 x2250  
sabercrom...@nhdallas.com | www.nhcomputerlearning.com 
 
 
This information may contain information that is privileged, confidential and 
exempt from disclosure under applicable law. If you are not the intended 
recipient, you are hereby notified that any disclosure, photocopying or 
distribution of these contents is unauthorized and prohibited. If you have 
received this in error, please notify the sender immediately and destroy all 
copies.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Sherry's Back

2011-08-16 Thread Mike Sullivan 
Welcome Back and congratulations on your new gig, Sherry!

On Tue, Aug 16, 2011 at 10:43 AM, Sherry Abercrombie <
sabercrom...@nhdallas.com> wrote:

>  Hello everyone, I’m finally back.  After being laid off in April 2010, I
> was unemployed for about 4 months, finally landing a job answering Help Desk
> and eventually as a Network Operator at Radio Shack corporate headquarters.
> Not exactly doing any technical server admin type stuff……this week I started
> a new job as the Facilities/IT Manager at New Horizons Computer Training
> Center – Dallas.  I’ll be over the facilities in Dallas, Fort Worth, Tulsa
> and Oklahoma City.  Will be managing a small team, doing server admin stuff
> and other technical stuff, and access to any training I want to take….oh
> yes, I’m really excited about this job.  So here I am back on the lists and
> very glad to be back.
>
> ** **
>
> ** **
>
> *Sherry Abercrombie | Facilities/IT Manager*
>
> Dallas | Fort Worth | Oklahoma City | Tulsa 
>
> 972.490.5151 x2250  
>
> sabercrom...@nhdallas.com  |
> www.nhcomputerlearning.com  
>
> ** **
>
> ** **
>
> --
> This information may contain information that is privileged, confidential
> and exempt from disclosure under applicable law. If you are not the intended
> recipient, you are hereby notified that any disclosure, photocopying or
> distribution of these contents is unauthorized and prohibited. If you have
> received this in error, please notify the sender immediately and destroy all
> copies.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>



-- 
Thank you,
Mike Sullivan

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Sherry's Back

2011-08-16 Thread Roger Wright 
Welcome home, Sherry!


Roger Wright
___

My short term goal is to make it through the day.
My long term goal is to string a bunch of short term goals together.





On Tue, Aug 16, 2011 at 1:43 PM, Sherry Abercrombie <
sabercrom...@nhdallas.com> wrote:

>  Hello everyone, I’m finally back.  After being laid off in April 2010, I
> was unemployed for about 4 months, finally landing a job answering Help Desk
> and eventually as a Network Operator at Radio Shack corporate headquarters.
> Not exactly doing any technical server admin type stuff……this week I started
> a new job as the Facilities/IT Manager at New Horizons Computer Training
> Center – Dallas.  I’ll be over the facilities in Dallas, Fort Worth, Tulsa
> and Oklahoma City.  Will be managing a small team, doing server admin stuff
> and other technical stuff, and access to any training I want to take….oh
> yes, I’m really excited about this job.  So here I am back on the lists and
> very glad to be back.
>
> ** **
>
> ** **
>
> *Sherry Abercrombie | Facilities/IT Manager*
>
> Dallas | Fort Worth | Oklahoma City | Tulsa 
>
> 972.490.5151 x2250  
>
> sabercrom...@nhdallas.com  |
> www.nhcomputerlearning.com  
>
> ** **
>
> ** **
>
> --
> This information may contain information that is privileged, confidential
> and exempt from disclosure under applicable law. If you are not the intended
> recipient, you are hereby notified that any disclosure, photocopying or
> distribution of these contents is unauthorized and prohibited. If you have
> received this in error, please notify the sender immediately and destroy all
> copies.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Sherry's Back

2011-08-16 Thread Ziots, Edward 
Welcome Back J 

 

Good to see ya on the list again..

Z

 

Edward E. Ziots

CISSP, Network +, Security +

Security Engineer

Lifespan Organization

Email:ezi...@lifespan.org

Cell:401-639-3505

 

 

From: Sherry Abercrombie [mailto:sabercrom...@nhdallas.com] 
Sent: Tuesday, August 16, 2011 1:44 PM
To: NT System Admin Issues
Subject: Sherry's Back

 

Hello everyone, I'm finally back.  After being laid off in April 2010, I
was unemployed for about 4 months, finally landing a job answering Help
Desk and eventually as a Network Operator at Radio Shack corporate
headquarters.  Not exactly doing any technical server admin type
stuff..this week I started a new job as the Facilities/IT Manager at
New Horizons Computer Training Center - Dallas.  I'll be over the
facilities in Dallas, Fort Worth, Tulsa and Oklahoma City.  Will be
managing a small team, doing server admin stuff and other technical
stuff, and access to any training I want to takeoh yes, I'm really
excited about this job.  So here I am back on the lists and very glad to
be back.

 

 

Sherry Abercrombie | Facilities/IT Manager

Dallas | Fort Worth | Oklahoma City | Tulsa 

972.490.5151 x2250  

sabercrom...@nhdallas.com   | 
www.nhcomputerlearning.com   

 

 

 



This information may contain information that is privileged,
confidential and exempt from disclosure under applicable law. If you are
not the intended recipient, you are hereby notified that any disclosure,
photocopying or distribution of these contents is unauthorized and
prohibited. If you have received this in error, please notify the sender
immediately and destroy all copies.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

Re: Sherry's Back

2011-08-16 Thread Eldridge, Dave 
Sweet welcome back 
-- 
Sent using BlackBerry 




From: Sherry Abercrombie  
To: NT System Admin Issues  
Sent: Tue Aug 16 11:43:56 2011
Subject: Sherry's Back 



Hello everyone, I’m finally back.  After being laid off in April 2010, I was 
unemployed for about 4 months, finally landing a job answering Help Desk and 
eventually as a Network Operator at Radio Shack corporate headquarters.  Not 
exactly doing any technical server admin type stuff……this week I started a new 
job as the Facilities/IT Manager at New Horizons Computer Training Center – 
Dallas.  I’ll be over the facilities in Dallas, Fort Worth, Tulsa and Oklahoma 
City.  Will be managing a small team, doing server admin stuff and other 
technical stuff, and access to any training I want to take….oh yes, I’m really 
excited about this job.  So here I am back on the lists and very glad to be 
back.

 

 

Sherry Abercrombie | Facilities/IT Manager

Dallas | Fort Worth | Oklahoma City | Tulsa 

972.490.5151 x2250  

sabercrom...@nhdallas.com   | 
www.nhcomputerlearning.com   

 

 




This information may contain information that is privileged, confidential and 
exempt from disclosure under applicable law. If you are not the intended 
recipient, you are hereby notified that any disclosure, photocopying or 
distribution of these contents is unauthorized and prohibited. If you have 
received this in error, please notify the sender immediately and destroy all 
copies.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin




This email and any attached files are confidential and intended solely for the 
intended recipient(s). If you are not the named recipient you should not read, 
distribute, copy or alter this email. Any views or opinions expressed in this 
email are those of the author and do not represent those of the  company. 
Warning: Although precautions have been taken to make sure no viruses are 
present in this email, the company cannot accept responsibility for any loss or 
damage that arise from the use of this email or attachments.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Sherry's Back

2011-08-16 Thread John Cook 
Congrats, welcome back!

 John W. Cook
System Administrator
Partnership For Strong Families
5950 NW 1st Place
Gainesville, Fl 32607
Office (352) 244-1610
Cell (352) 215-6944
MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4

From: Sherry Abercrombie [mailto:sabercrom...@nhdallas.com]
Sent: Tuesday, August 16, 2011 1:44 PM
To: NT System Admin Issues
Subject: Sherry's Back

Hello everyone, I'm finally back.  After being laid off in April 2010, I was 
unemployed for about 4 months, finally landing a job answering Help Desk and 
eventually as a Network Operator at Radio Shack corporate headquarters.  Not 
exactly doing any technical server admin type stuff..this week I started a 
new job as the Facilities/IT Manager at New Horizons Computer Training Center - 
Dallas.  I'll be over the facilities in Dallas, Fort Worth, Tulsa and Oklahoma 
City.  Will be managing a small team, doing server admin stuff and other 
technical stuff, and access to any training I want to takeoh yes, I'm 
really excited about this job.  So here I am back on the lists and very glad to 
be back.


Sherry Abercrombie | Facilities/IT Manager
Dallas | Fort Worth | Oklahoma City | Tulsa
972.490.5151 x2250
sabercrom...@nhdallas.com | 
www.nhcomputerlearning.com




This information may contain information that is privileged, confidential and 
exempt from disclosure under applicable law. If you are not the intended 
recipient, you are hereby notified that any disclosure, photocopying or 
distribution of these contents is unauthorized and prohibited. If you have 
received this in error, please notify the sender immediately and destroy all 
copies.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


CONFIDENTIALITY STATEMENT: The information transmitted, or contained or 
attached to or with this Notice is intended only for the person or entity to 
which it is addressed and may contain Protected Health Information (PHI), 
confidential and/or privileged material. Any review, transmission, 
dissemination, or other use of, and taking any action in reliance upon this 
information by persons or entities other than the intended recipient without 
the express written consent of the sender are prohibited. This information may 
be protected by the Health Insurance Portability and Accountability Act of 1996 
(HIPAA), and other Federal and Florida laws. Improper or unauthorized use or 
disclosure of this information could result in civil and/or criminal penalties.
Consider the environment. Please don't print this e-mail unless you really need 
to.

This email and any attached files are confidential and intended solely for the 
intended recipient(s). If you are not the named recipient you should not read, 
distribute, copy or alter this email. Any views or opinions expressed in this 
email are those of the author and do not represent those of the company. 
Warning: Although precautions have been taken to make sure no viruses are 
present in this email, the company cannot accept responsibility for any loss or 
damage that arise from the use of this email or attachments.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Sherry's Back

2011-08-16 Thread Kim Longenbaugh 
Welcome Back!

From: Sherry Abercrombie [mailto:sabercrom...@nhdallas.com]
Sent: Tuesday, August 16, 2011 12:44 PM
To: NT System Admin Issues
Subject: Sherry's Back

Hello everyone, I'm finally back.  After being laid off in April 2010, I was 
unemployed for about 4 months, finally landing a job answering Help Desk and 
eventually as a Network Operator at Radio Shack corporate headquarters.  Not 
exactly doing any technical server admin type stuff..this week I started a 
new job as the Facilities/IT Manager at New Horizons Computer Training Center - 
Dallas.  I'll be over the facilities in Dallas, Fort Worth, Tulsa and Oklahoma 
City.  Will be managing a small team, doing server admin stuff and other 
technical stuff, and access to any training I want to takeoh yes, I'm 
really excited about this job.  So here I am back on the lists and very glad to 
be back.


Sherry Abercrombie | Facilities/IT Manager
Dallas | Fort Worth | Oklahoma City | Tulsa
972.490.5151 x2250
sabercrom...@nhdallas.com | 
www.nhcomputerlearning.com




This information may contain information that is privileged, confidential and 
exempt from disclosure under applicable law. If you are not the intended 
recipient, you are hereby notified that any disclosure, photocopying or 
distribution of these contents is unauthorized and prohibited. If you have 
received this in error, please notify the sender immediately and destroy all 
copies.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Sherry's Back

2011-08-16 Thread Sherry Abercrombie 
Hello everyone, I'm finally back.  After being laid off in April 2010, I was 
unemployed for about 4 months, finally landing a job answering Help Desk and 
eventually as a Network Operator at Radio Shack corporate headquarters.  Not 
exactly doing any technical server admin type stuff..this week I started a 
new job as the Facilities/IT Manager at New Horizons Computer Training Center - 
Dallas.  I'll be over the facilities in Dallas, Fort Worth, Tulsa and Oklahoma 
City.  Will be managing a small team, doing server admin stuff and other 
technical stuff, and access to any training I want to takeoh yes, I'm 
really excited about this job.  So here I am back on the lists and very glad to 
be back.


Sherry Abercrombie | Facilities/IT Manager
Dallas | Fort Worth | Oklahoma City | Tulsa
972.490.5151 x2250
sabercrom...@nhdallas.com | 
www.nhcomputerlearning.com




This information may contain information that is privileged, confidential and 
exempt from disclosure under applicable law. If you are not the intended 
recipient, you are hereby notified that any disclosure, photocopying or 
distribution of these contents is unauthorized and prohibited. If you have 
received this in error, please notify the sender immediately and destroy all 
copies.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: WIndows 95 and Server 2008 R2 DCs

2011-08-16 Thread Guyer, Don 
I am kinda familiar with how touchy of a situation this is.

 

Back in the day during the Y2k craze, we did some work for an engine
shop that was a supplier for NASCAR. One of them being the station that
controlled the huge CNC machine that cranked out the heads from a block
of aluminum.

 

There was a lot of teeth clenching and breath holding that day!

 

J

 

Don Guyer

Windows Systems Engineer

RIM Operations Engineering Distributed - A Team, Tier 2

Enterprise Technology Group

Fiserv

don.gu...@fiserv.com

Office: 1-800-523-7282 x 1673

Fax: 610-233-0404

www.fiserv.com  

 

 

From: Ken Cornetet [mailto:ken.corne...@kimball.com] 
Sent: Tuesday, August 16, 2011 12:59 PM
To: NT System Admin Issues
Subject: RE: WIndows 95 and Server 2008 R2 DCs

 

It is preferable to have them authenticate to the domain, but I might be
able to convince them to authenticate  to a local account on the file
server they hit. The problem is that I assume whenever the file server
gets upgraded to Server 2008 R2, the same problem will occur.

 

Ken Cornetet 812.482.8499

To err is human - to moo, bovine.

 

From: Guyer, Don [mailto:don.gu...@fiserv.com] 
Sent: Tuesday, August 16, 2011 12:55 PM
To: NT System Admin Issues
Subject: RE: WIndows 95 and Server 2008 R2 DCs

 

Do they "have to" auth against the domain? 

 

Don Guyer

Windows Systems Engineer

RIM Operations Engineering Distributed - A Team, Tier 2

Enterprise Technology Group

Fiserv

don.gu...@fiserv.com

Office: 1-800-523-7282 x 1673

Fax: 610-233-0404

www.fiserv.com  



 

From: Ken Cornetet [mailto:ken.corne...@kimball.com] 
Sent: Tuesday, August 16, 2011 12:51 PM
To: NT System Admin Issues
Subject: WIndows 95 and Server 2008 R2 DCs

 

I have some Windows 95 computers authenticating against my domain.
Currently, the domain is running on Server 2003 DCs, but I am in the
process of upgrading to Server 2008 R2 DCs. I have already started to
deploy Server 2008 DCs.

 

I have one location that has a couple of Windows 95 computers, and they
cannot authenticate against a Server 2008 R2 DC - even with what I think
is the appropriate group policy (the same policy allows the Windows 95
machines to authenticate against Server 2003 DCs).

 

OK, I know, Windows 95. But, these are used as controllers in some
multi-million dollar machinery that was purchased long ago from a
company that is now defunct. Replacing this equipment is simply not an
option. Upgrading the OS is not an option. Installing the AD client
extension for Windows 9x *might* be an option, but only as a last
resort. The factory guys who maintain this equipment obviously do not
like to stir the soup, because the apparently only human left on earth
who can support this equipment charges 5 figures to just answer the
phone.

 

Here's what I have in the Default Domain Controller Policy:

Microsoft network client: Digitally sign communications (always)
Disabled

Microsoft network server: Digitally sign communications (always)
Disabled

Microsoft network server: Digitally sign communications (if client
agrees) Enabled

Network security: Do not store LAN Manager hash value on next password
change Disabled

Network security: LAN Manager authentication level Send LM & NTLM - use
NTLMv2 session security if negotiated

Allow cryptography algorithms compatible with Windows NT 4.0 Enabled 

 

Any suggestions?

 

Ken Cornetet 812.482.8499

To err is human - to moo, bovine.

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

Re: WIndows 95 and Server 2008 R2 DCs

2011-08-16 Thread Kurt Buff 
We're looking at a similar issue.

It sounds like a kludge, but I'm considering setting up a file server
running SAMBA, just for those machines, and using local accounts on the
SAMBA box. I'm even thinking about not joining the SAMBA box to the domain,
but backing it up using a cron job that copies data to the main file server.

Kurt

On Tue, Aug 16, 2011 at 09:58, Ken Cornetet wrote:

> It is preferable to have them authenticate to the domain, but I might be
> able to convince them to authenticate  to a local account on the file server
> they hit. The problem is that I assume whenever the file server gets
> upgraded to Server 2008 R2, the same problem will occur.
>
> ** **
>
> Ken Cornetet 812.482.8499
>
> To err is human - to moo, bovine.
>
> ** **
>
> *From:* Guyer, Don [mailto:don.gu...@fiserv.com]
> *Sent:* Tuesday, August 16, 2011 12:55 PM
>
> *To:* NT System Admin Issues
> *Subject:* RE: WIndows 95 and Server 2008 R2 DCs
>
> ** **
>
> Do they “have to” auth against the domain? 
>
> ** **
>
> *Don Guyer*
>
> Windows Systems Engineer
>
> RIM Operations Engineering Distributed – A Team, Tier 2
>
> Enterprise Technology Group
>
> *Fiserv*
>
> don.gu...@fiserv.com
>
> Office: 1-800-523-7282 x 1673
>
> Fax: 610-233-0404
>
> www.fiserv.com
>
> [image: Description: Frog Signature]
>
> ** **
>
> *From:* Ken Cornetet [mailto:ken.corne...@kimball.com]
> *Sent:* Tuesday, August 16, 2011 12:51 PM
> *To:* NT System Admin Issues
> *Subject:* WIndows 95 and Server 2008 R2 DCs
>
> ** **
>
> I have some Windows 95 computers authenticating against my domain.
> Currently, the domain is running on Server 2003 DCs, but I am in the process
> of upgrading to Server 2008 R2 DCs. I have already started to deploy Server
> 2008 DCs.
>
> ** **
>
> I have one location that has a couple of Windows 95 computers, and they
> cannot authenticate against a Server 2008 R2 DC – even with what I think is
> the appropriate group policy (the same policy allows the Windows 95 machines
> to authenticate against Server 2003 DCs).
>
> ** **
>
> OK, I know, Windows 95. But, these are used as controllers in some
> multi-million dollar machinery that was purchased long ago from a company
> that is now defunct. Replacing this equipment is simply not an option.
> Upgrading the OS is not an option. Installing the AD client extension for
> Windows 9x **might** be an option, but only as a last resort. The factory
> guys who maintain this equipment obviously do not like to stir the soup,
> because the apparently only human left on earth who can support this
> equipment charges 5 figures to just answer the phone.
>
> ** **
>
> Here’s what I have in the Default Domain Controller Policy:
>
> Microsoft network client: Digitally sign communications (always) *Disabled
> *
>
> Microsoft network server: Digitally sign communications (always) *Disabled
> *
>
> Microsoft network server: Digitally sign communications (if client agrees)
> *Enabled*
>
> Network security: Do not store LAN Manager hash value on next password
> change *Disabled*
>
> Network security: LAN Manager authentication level *Send LM & NTLM - use
> NTLMv2 session security if negotiated*
>
> Allow cryptography algorithms compatible with Windows NT 4.0 *Enabled* ***
> *
>
> ** **
>
> Any suggestions?
>
> ** **
>
> Ken Cornetet 812.482.8499
>
> To err is human - to moo, bovine.
>
> ** **
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

RE: Weird dll files on boot

2011-08-16 Thread Ziots, Edward 
Also check your scheduled tasks, and use the Microsofts Malicious
Software Removal tool along with ICesword and Rootkitrevealer and
TDSSkiller by Kapersky and Fsecure Blacklight. 

 

Z

 

Edward E. Ziots

CISSP, Network +, Security +

Security Engineer

Lifespan Organization

Email:ezi...@lifespan.org

Cell:401-639-3505

 

 

From: Erik Goldoff [mailto:egold...@gmail.com] 
Sent: Tuesday, August 16, 2011 10:51 AM
To: NT System Admin Issues
Subject: Re: Weird dll files on boot

 

you should check all your Load Points ... registry run keys, startup
group, autoexec.bat, task scheduler, etc...



 

On Tue, Aug 16, 2011 at 10:26 AM, James Rankin 
wrote:

Well, more weirdness.

On a whim, I deleted all of the files out of the
%windir%\serviceprofiles\LocalSystem\AppData directory - not that any
looked out of the ordinary - and now when I restart the server, the
message I was getting has stopped happening. I couldn't find any
reference to the directory or any files in it in a Process Monitor boot
log. I feel *slightly* better that the message has gone away - but not
really much, because it seems like some kind of infection, or attempted
infection, has crawled under the radar.

I might take one of these systems out and run a full scan from an
alternative OS as suggested, but I hate the nagging feeling that
something has gotten away without being fully understood. I'm hoping my
strategy of AV + whitelisting hasn't led to any compromise, but I'm
still wondering whether I should initiate a full rebuild of the server
farm.

Anyway thanks for all the suggestions,

On 16 August 2011 13:34, Crawford, Scott  wrote:

sounds rootkit-ish.  MS has a boot cd to run Security Essentials.




Sent from my Palm Pre on the Now Network from Sprint

 



On Aug 16, 2011 7:19 AM, James Rankin  wrote: 

Yes, but I don't have much faith in the AV software of choice (Trend).
According to it, everything is hunky-dory. MalwareBytes didn't detect
anything on a full scan either. I'm pulling up some Process Monitor logs
now to see if there are any needles in that haystack.

On 16 August 2011 13:09, Erik Goldoff  wrote:

have you already checked your AV quarantine for the presence of these
DLLs, or at least the detection/risk log to see if *that* is why they're
gone before you can get to them ?



On Tue, Aug 16, 2011 at 6:41 AM, James Rankin 
wrote:

I've just got back from my holidays so I'm probably still not thinking
straightbut has anyone noticed dll files with random names that
appear in c:\windows\serviceprofiles\localservice\appdata\local\temp
when a 2008 R2 server boots up? By the time I get to checking for them,
they are gone. The reason I know they are there is because my
whitelisting application doesn't allow executable content to have its
ownership overwritten, and when the servers boot up, they are logging an
event regarding an attempted ownership overwrite

AppSense Application Manager intercepted the overwrite of the allowed
executable
'c:\windows\serviceprofiles\localservice\appdata\local\temp\random_8_cha
racter_filename.dll' on ''servername'. Ownership of this file was
changed to that of the user

I've never noticed this happening before, and the randomised filename
screams "malware" at me - but I have scanned the system with Trend and
MalwareBytes, and can find no trace of any infection. By the time I dig
into the folder to check, there's nothing there. Does anyone have any
idea why these files would be appearing at boot time? My next step is to
break out a bit of Process Monitor, but I'm just wondering if I am
barking up a false positive tree here.

TIA,



JRR

-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put
into the machine wrong figures, will the right answers come out?' I am
not able rightly to apprehend the kind of confusion of ideas that could
provoke such a question."

* IMPORTANT INFORMATION/DISCLAIMER *

This document should be read only by those persons to whom it is
addressed. If you have received this message it was obviously addressed
to you and therefore you can read it, even it we didn't mean to send it
to you. However, if the contents of this email make no sense whatsoever
then you probably were not the intended recipient, or, alternatively,
you are a mindless cretin; either way, you should immediately kill
yourself and destroy your computer (not necessarily in that order). Once
you have taken this action, please contact us.. no, sorry, you can't use
your computer, because you just destroyed it, and possibly also
committed suicide afterwards, but I am starting to digress.. 

The originator of this email is not liable for the transmission of the
information contained in this communication. Or are they? Either way
it's a pretty dull legal query and frankly one I'm not going to dwell
on. But should you have nothing better to do, please feel free to
ruminate on it, and please pass on any concrete conclusions should you
find them. Howev

RE: WIndows 95 and Server 2008 R2 DCs

2011-08-16 Thread Ken Cornetet 
It is preferable to have them authenticate to the domain, but I might be able 
to convince them to authenticate  to a local account on the file server they 
hit. The problem is that I assume whenever the file server gets upgraded to 
Server 2008 R2, the same problem will occur.

Ken Cornetet 812.482.8499
To err is human - to moo, bovine.

From: Guyer, Don [mailto:don.gu...@fiserv.com]
Sent: Tuesday, August 16, 2011 12:55 PM
To: NT System Admin Issues
Subject: RE: WIndows 95 and Server 2008 R2 DCs

Do they "have to" auth against the domain?

Don Guyer
Windows Systems Engineer
RIM Operations Engineering Distributed - A Team, Tier 2
Enterprise Technology Group
Fiserv
don.gu...@fiserv.com
Office: 1-800-523-7282 x 1673
Fax: 610-233-0404
www.fiserv.com
[cid:image001.jpg@01CC5C14.326409E0]

From: Ken Cornetet [mailto:ken.corne...@kimball.com]
Sent: Tuesday, August 16, 2011 12:51 PM
To: NT System Admin Issues
Subject: WIndows 95 and Server 2008 R2 DCs

I have some Windows 95 computers authenticating against my domain. Currently, 
the domain is running on Server 2003 DCs, but I am in the process of upgrading 
to Server 2008 R2 DCs. I have already started to deploy Server 2008 DCs.

I have one location that has a couple of Windows 95 computers, and they cannot 
authenticate against a Server 2008 R2 DC - even with what I think is the 
appropriate group policy (the same policy allows the Windows 95 machines to 
authenticate against Server 2003 DCs).

OK, I know, Windows 95. But, these are used as controllers in some 
multi-million dollar machinery that was purchased long ago from a company that 
is now defunct. Replacing this equipment is simply not an option. Upgrading the 
OS is not an option. Installing the AD client extension for Windows 9x *might* 
be an option, but only as a last resort. The factory guys who maintain this 
equipment obviously do not like to stir the soup, because the apparently only 
human left on earth who can support this equipment charges 5 figures to just 
answer the phone.

Here's what I have in the Default Domain Controller Policy:
Microsoft network client: Digitally sign communications (always) Disabled
Microsoft network server: Digitally sign communications (always) Disabled
Microsoft network server: Digitally sign communications (if client agrees) 
Enabled
Network security: Do not store LAN Manager hash value on next password change 
Disabled
Network security: LAN Manager authentication level Send LM & NTLM - use NTLMv2 
session security if negotiated
Allow cryptography algorithms compatible with Windows NT 4.0 Enabled

Any suggestions?

Ken Cornetet 812.482.8499
To err is human - to moo, bovine.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

RE: WIndows 95 and Server 2008 R2 DCs

2011-08-16 Thread Guyer, Don 
Do they "have to" auth against the domain? 

 

Don Guyer

Windows Systems Engineer

RIM Operations Engineering Distributed - A Team, Tier 2

Enterprise Technology Group

Fiserv

don.gu...@fiserv.com

Office: 1-800-523-7282 x 1673

Fax: 610-233-0404

www.fiserv.com  

 

 

From: Ken Cornetet [mailto:ken.corne...@kimball.com] 
Sent: Tuesday, August 16, 2011 12:51 PM
To: NT System Admin Issues
Subject: WIndows 95 and Server 2008 R2 DCs

 

I have some Windows 95 computers authenticating against my domain.
Currently, the domain is running on Server 2003 DCs, but I am in the
process of upgrading to Server 2008 R2 DCs. I have already started to
deploy Server 2008 DCs.

 

I have one location that has a couple of Windows 95 computers, and they
cannot authenticate against a Server 2008 R2 DC - even with what I think
is the appropriate group policy (the same policy allows the Windows 95
machines to authenticate against Server 2003 DCs).

 

OK, I know, Windows 95. But, these are used as controllers in some
multi-million dollar machinery that was purchased long ago from a
company that is now defunct. Replacing this equipment is simply not an
option. Upgrading the OS is not an option. Installing the AD client
extension for Windows 9x *might* be an option, but only as a last
resort. The factory guys who maintain this equipment obviously do not
like to stir the soup, because the apparently only human left on earth
who can support this equipment charges 5 figures to just answer the
phone.

 

Here's what I have in the Default Domain Controller Policy:

Microsoft network client: Digitally sign communications (always)
Disabled

Microsoft network server: Digitally sign communications (always)
Disabled

Microsoft network server: Digitally sign communications (if client
agrees) Enabled

Network security: Do not store LAN Manager hash value on next password
change Disabled

Network security: LAN Manager authentication level Send LM & NTLM - use
NTLMv2 session security if negotiated

Allow cryptography algorithms compatible with Windows NT 4.0 Enabled 

 

Any suggestions?

 

Ken Cornetet 812.482.8499

To err is human - to moo, bovine.

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

Re: Batch help please

2011-08-16 Thread Andrew S. Baker 
Two options based on what you have:

set FOLDER=%%a
set FIRSTCHAR=!FOLDER:~0,1!
if /i *!FIRSTCHAR!*==A goto :MAPA
if /i *!FIRSTCHAR!*==B goto :MAPB
if /i *!FIRSTCHAR!*==C goto :MAPC
GOTO :END


Or

set FOLDER=%%a
set FIRSTCHAR=!FOLDER:~0,1!
GOTO MAP*!FIRSTCHAR!*

GOTO :END



Then continue on with the rest of what you have...

(I would recommend surrounding your comparisons in quotes, just to avoid bad
input situations:  if /i "*!FIRSTCHAR!"*=="A" goto :MAPA)

Execution can be a bit interesting when the whole large block is in
parentheses, so make sure you don't have other random parentheses laying
about, or expand the whole block of execution into its own subroutine and
CALL it instead.   What you have *should* work.


* *

*ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of
Technology for the SMB market…

*



On Tue, Aug 16, 2011 at 10:48 AM, m b  wrote:

> Apologies in advance, I did try googling, not finding exactly what I need.
> I do this so infrequently now, I can't recall what I need when I need it.
>
> I need to read a text file containing a list of directories, and for each
> directory, I need to pull the first character of the directory name & then
> take action based on that character.  Ultimately, I'm needing to create a
> bunch of DFS links, and our folder's actual home locations are in different
> places depending on their alphabetical order.  I can handle the dfscmd part,
> I just can't come up with something to get me rolling through the list.
>
> Here's what I've been wrestling with so far.  If I'm way off track, I'm
> humble enough to accept a complete overhaul, and even some ridicule.
> 'directorylist.txt' is a list of all the folders on our current DFS that we
> intend to replace.
>
> rem setLocal EnableDelayedExpansion
> @echo off
>
> for /f "Tokens=*" %%a in (c:\tasks\directorylist.txt) do (
>  set FOLDER=%%a
>  set FIRSTCHAR=!FOLDER:~0,1!
>  if FIRSTCHAR==A goto MAPA
>  if FIRSTCHAR==B goto MAPB
>  if FIRSTCHAR==C goto MAPC
>
> :MAPA
>  set MAPPATH=client2\client_a$
> rem insert dfs link creation for folders beginning with 'a'
> goto END
>
> :MAPB
>  set MAPPATH=client1\client_b$
> rem insert dfs link creation for folders beginning with 'b'
> goto END
>
> :MAPC
>  set MAPPATH=client1\client_c$
> rem insert dfs link creation for folders beginning with 'c'
> goto END
>
> rem etc etc on through 'Z'
>
> :END
> )
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

R: File in use error when trying to modify

2011-08-16 Thread HELP_PC 
Sometimes the handle remains open

Guido Elia

HELPPC

-Messaggio originale-
Da: Maglinger, Paul [mailto:pmaglin...@scvl.com] 
Inviato: martedì 16 agosto 2011 16.31
A: NT System Admin Issues
Oggetto: RE: File in use error when trying to modify

The first thing I checked was for open files and didn't see anyone else having 
it open except for the user who was modifying it and trying to save it.

-Original Message-
From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Tuesday, August 16, 2011 9:19 AM
To: NT System Admin Issues
Subject: RE: File in use error when trying to modify

We have been seeing some file locking on one of our file servers with McCrappy, 
but most times its been a user having a file open over the network ( in read 
and write mode) and another user is trying to open it and modify it, causing 
the lock. 

Z

Edward E. Ziots
CISSP, Network +, Security +
Security Engineer
Lifespan Organization
Email:ezi...@lifespan.org
Cell:401-639-3505



-Original Message-
From: Maglinger, Paul [mailto:pmaglin...@scvl.com] 
Sent: Tuesday, August 16, 2011 9:39 AM
To: NT System Admin Issues
Subject: RE: File in use error when trying to modify

Hmmm... we are running McCrappy on that server.  Was it the same circumstance 
in that domain users couldn't save the file yet a domain admin could?  We're 
not seeing any blue screens or weird temp files.

-Original Message-
From: Orland, Kathleen [mailto:korl...@rogers.com] 
Sent: Monday, August 15, 2011 6:47 PM
To: NT System Admin Issues
Subject: RE: File in use error when trying to modify

Another question - AV? I had a similar issue on a W2K3 file server a couple of 
years ago where users couldn't even edit their own Excel files in their Home 
drives with the same error message. In addition, the server was blue-screening 
and creating all kinds of temp files. Turned out to be McAfee. As soon as I 
upgraded the server to Forefront the problem went away. 

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Monday, August 15, 2011 7:37 PM
To: NT System Admin Issues
Subject: Re: File in use error when trying to modify

Just a hunch...

Local editing, or over the network?

On Mon, Aug 15, 2011 at 15:08, Maglinger, Paul  wrote:
> Running IIS V6.0 on Windows 2003 R2 server.  We have a html file that a
> domain administrator account can edit and save, but when a domain user
> tries to do the same they get a "file in use by process" error.  I have
> checked task manager and even run Process Monitor and can't find
> anything that has hold of that file.  And again, the domain admin
> account can change it.  The local and shared directory and file
> permissions were set to "change" for the user in question, and we have
> even given the user full control and it doesn't allow the file to be
> saved.  I even re-created the file from scratch and see the same
> behavior.  Anyone have any ideas what's going on here?
>
> -Paul
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



-
No virus found in this message.
Checked by AVG - www.avg.com
Version: 10.0.1392 / Virus Database: 1520/3836 - Release Date: 08/15/11



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.s

Re: Weird dll files on boot

2011-08-16 Thread James Rankin 
I've had a good comb through everything I could find via *autoruns*. Nothing
jumps out at me. Although these modern process-injection malware variants
are very good at hiding themselves, this I know from painful experience.

I'm tempted to take the "nuke it from orbit" option, if only to satisfy my
own paranoia :-)

On 16 August 2011 15:51, Erik Goldoff  wrote:

> you should check all your Load Points ... registry run keys, startup group,
> autoexec.bat, task scheduler, etc...
>
>
>
> On Tue, Aug 16, 2011 at 10:26 AM, James Rankin wrote:
>
>> Well, more weirdness.
>>
>> On a whim, I deleted all of the files out of the
>> %windir%\serviceprofiles\LocalSystem\AppData directory - not that any looked
>> out of the ordinary - and now when I restart the server, the message I was
>> getting has stopped happening. I couldn't find any reference to the
>> directory or any files in it in a Process Monitor boot log. I feel
>> *slightly* better that the message has gone away - but not really much,
>> because it seems like some kind of infection, or attempted infection, has
>> crawled under the radar.
>>
>> I might take one of these systems out and run a full scan from an
>> alternative OS as suggested, but I hate the nagging feeling that something
>> has gotten away without being fully understood. I'm hoping my strategy of AV
>> + whitelisting hasn't led to any compromise, but I'm still wondering whether
>> I should initiate a full rebuild of the server farm.
>>
>> Anyway thanks for all the suggestions,
>>
>> On 16 August 2011 13:34, Crawford, Scott  wrote:
>>
>>> sounds rootkit-ish.  MS has a boot cd to run Security Essentials.
>>>
>>>
>>>
>>> Sent from my Palm Pre on the Now Network from Sprint
>>>
>>> --
>>>  On Aug 16, 2011 7:19 AM, James Rankin  wrote:
>>>
>>> Yes, but I don't have much faith in the AV software of choice (Trend).
>>> According to it, everything is hunky-dory. MalwareBytes didn't detect
>>> anything on a full scan either. I'm pulling up some Process Monitor logs now
>>> to see if there are any needles in that haystack.
>>>
>>> On 16 August 2011 13:09, Erik Goldoff  wrote:
>>>
 have you already checked your AV quarantine for the presence of these
 DLLs, or at least the detection/risk log to see if *that* is why they're
 gone before you can get to them ?


   On Tue, Aug 16, 2011 at 6:41 AM, James Rankin 
 wrote:

> I've just got back from my holidays so I'm probably still not thinking
> straightbut has anyone noticed dll files with random names that appear
> in *c:\windows\serviceprofiles\localservice\appdata\local\temp *when a
> 2008 R2 server boots up? By the time I get to checking for them, they are
> gone. The reason I know they are there is because my whitelisting
> application doesn't allow executable content to have its ownership
> overwritten, and when the servers boot up, they are logging an event
> regarding an attempted ownership overwrite
>
> *AppSense Application Manager intercepted the overwrite of the allowed
> executable 'c:\windows\serviceprofiles\localservice\appdata\local\temp\
> *random_8_character_filename*.dll' on ''servername'. Ownership of this
> file was changed to that of the user*
>
> I've never noticed this happening before, and the randomised filename
> screams "malware" at me - but I have scanned the system with Trend and
> MalwareBytes, and can find no trace of any infection. By the time I dig 
> into
> the folder to check, there's nothing there. Does anyone have any idea why
> these files would be appearing at boot time? My next step is to break out 
> a
> bit of Process Monitor, but I'm just wondering if I am barking up a false
> positive tree here.
>
> TIA,
>
>
>
> JRR
>
> --
> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put
> into the machine wrong figures, will the right answers come out?' I am not
> able rightly to apprehend the kind of confusion of ideas that could 
> provoke
> such a question."
>
> ** IMPORTANT INFORMATION/DISCLAIMER *
>
> This document should be read only by those persons to whom it is
> addressed. If you have received this message it was obviously addressed to
> you and therefore you can read it, even it we didn't mean to send it to 
> you.
> However, if the contents of this email make no sense whatsoever then you
> probably were not the intended recipient, or, alternatively, you are a
> mindless cretin; either way, you should immediately kill yourself and
> destroy your computer (not necessarily in that order). Once you have taken
> this action, please contact us.. no, sorry, you can't use your computer,
> because you just destroyed it, and possibly also committed suicide
> afterwards, but I am starting to digress.. *
>
> *The originator of t

Re: BIS/BES in China?

2011-08-16 Thread MMF 
Having made 7 trips to China in the last 5 years to see my son who was working 
there, I have one suggestion and will contact my son for more. I just went into 
a shopping mall in shanghai and there was a little booth where I could purchase 
a sim card which worked fine. Of course I didn’t use it a lot, but it did the 
job. My son is now back in the states, but travels back to China regularly. 
I’ll ask him for alternatives.

MMF

From: Paul Hutchings 
Sent: Tuesday, August 16, 2011 7:13 AM
To: NT System Admin Issues 
Subject: BIS/BES in China?

We have a member of staff who is based in China.  Because of this we’re 
interested in getting a SIM for them which will work out cheaper than them 
using one of ours and being classed a “roaming”.

 

BIS/BES is proving difficult to get firm info on, lots of links but little hard 
fact.

 

Does anyone know from direct experience where/how to buy a SIM card in China 
that can be used in a phone that’s already enabled for BES usage and that works 
perfectly in China with a UK SIM card?

 

Thanks,

Paul




MIRA Ltd


Watling Street, Nuneaton, Warwickshire, CV10 0TU, England
Registered in England and Wales No. 402570
VAT Registration  GB 100 1464 84


The contents of this e-mail are confidential and are solely for the use of the 
intended recipient.  If you receive this e-mail in error, please delete it and 
notify us either by e-mail, telephone or fax.  You should not copy, forward or 
otherwise disclose the content of the e-mail as this is prohibited.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Weird dll files on boot

2011-08-16 Thread Erik Goldoff 
you should check all your Load Points ... registry run keys, startup group,
autoexec.bat, task scheduler, etc...



On Tue, Aug 16, 2011 at 10:26 AM, James Rankin wrote:

> Well, more weirdness.
>
> On a whim, I deleted all of the files out of the
> %windir%\serviceprofiles\LocalSystem\AppData directory - not that any looked
> out of the ordinary - and now when I restart the server, the message I was
> getting has stopped happening. I couldn't find any reference to the
> directory or any files in it in a Process Monitor boot log. I feel
> *slightly* better that the message has gone away - but not really much,
> because it seems like some kind of infection, or attempted infection, has
> crawled under the radar.
>
> I might take one of these systems out and run a full scan from an
> alternative OS as suggested, but I hate the nagging feeling that something
> has gotten away without being fully understood. I'm hoping my strategy of AV
> + whitelisting hasn't led to any compromise, but I'm still wondering whether
> I should initiate a full rebuild of the server farm.
>
> Anyway thanks for all the suggestions,
>
> On 16 August 2011 13:34, Crawford, Scott  wrote:
>
>> sounds rootkit-ish.  MS has a boot cd to run Security Essentials.
>>
>>
>>
>> Sent from my Palm Pre on the Now Network from Sprint
>>
>> --
>>  On Aug 16, 2011 7:19 AM, James Rankin  wrote:
>>
>> Yes, but I don't have much faith in the AV software of choice (Trend).
>> According to it, everything is hunky-dory. MalwareBytes didn't detect
>> anything on a full scan either. I'm pulling up some Process Monitor logs now
>> to see if there are any needles in that haystack.
>>
>> On 16 August 2011 13:09, Erik Goldoff  wrote:
>>
>>> have you already checked your AV quarantine for the presence of these
>>> DLLs, or at least the detection/risk log to see if *that* is why they're
>>> gone before you can get to them ?
>>>
>>>
>>>   On Tue, Aug 16, 2011 at 6:41 AM, James Rankin 
>>> wrote:
>>>
 I've just got back from my holidays so I'm probably still not thinking
 straightbut has anyone noticed dll files with random names that appear
 in *c:\windows\serviceprofiles\localservice\appdata\local\temp *when a
 2008 R2 server boots up? By the time I get to checking for them, they are
 gone. The reason I know they are there is because my whitelisting
 application doesn't allow executable content to have its ownership
 overwritten, and when the servers boot up, they are logging an event
 regarding an attempted ownership overwrite

 *AppSense Application Manager intercepted the overwrite of the allowed
 executable 'c:\windows\serviceprofiles\localservice\appdata\local\temp\
 *random_8_character_filename*.dll' on ''servername'. Ownership of this
 file was changed to that of the user*

 I've never noticed this happening before, and the randomised filename
 screams "malware" at me - but I have scanned the system with Trend and
 MalwareBytes, and can find no trace of any infection. By the time I dig 
 into
 the folder to check, there's nothing there. Does anyone have any idea why
 these files would be appearing at boot time? My next step is to break out a
 bit of Process Monitor, but I'm just wondering if I am barking up a false
 positive tree here.

 TIA,



 JRR

 --
 "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put
 into the machine wrong figures, will the right answers come out?' I am not
 able rightly to apprehend the kind of confusion of ideas that could provoke
 such a question."

 ** IMPORTANT INFORMATION/DISCLAIMER *

 This document should be read only by those persons to whom it is
 addressed. If you have received this message it was obviously addressed to
 you and therefore you can read it, even it we didn't mean to send it to 
 you.
 However, if the contents of this email make no sense whatsoever then you
 probably were not the intended recipient, or, alternatively, you are a
 mindless cretin; either way, you should immediately kill yourself and
 destroy your computer (not necessarily in that order). Once you have taken
 this action, please contact us.. no, sorry, you can't use your computer,
 because you just destroyed it, and possibly also committed suicide
 afterwards, but I am starting to digress.. *

 *The originator of this email is not liable for the transmission of the
 information contained in this communication. Or are they? Either way it's a
 pretty dull legal query and frankly one I'm not going to dwell on. But
 should you have nothing better to do, please feel free to ruminate on it,
 and please pass on any concrete conclusions should you find them. However,
 if you pass them on via email, be sure to include a disclaimer regarding
 liability for transmission.

RE: File in use error when trying to modify

2011-08-16 Thread Maglinger, Paul 
The first thing I checked was for open files and didn't see anyone else having 
it open except for the user who was modifying it and trying to save it.

-Original Message-
From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Tuesday, August 16, 2011 9:19 AM
To: NT System Admin Issues
Subject: RE: File in use error when trying to modify

We have been seeing some file locking on one of our file servers with McCrappy, 
but most times its been a user having a file open over the network ( in read 
and write mode) and another user is trying to open it and modify it, causing 
the lock. 

Z

Edward E. Ziots
CISSP, Network +, Security +
Security Engineer
Lifespan Organization
Email:ezi...@lifespan.org
Cell:401-639-3505



-Original Message-
From: Maglinger, Paul [mailto:pmaglin...@scvl.com] 
Sent: Tuesday, August 16, 2011 9:39 AM
To: NT System Admin Issues
Subject: RE: File in use error when trying to modify

Hmmm... we are running McCrappy on that server.  Was it the same circumstance 
in that domain users couldn't save the file yet a domain admin could?  We're 
not seeing any blue screens or weird temp files.

-Original Message-
From: Orland, Kathleen [mailto:korl...@rogers.com] 
Sent: Monday, August 15, 2011 6:47 PM
To: NT System Admin Issues
Subject: RE: File in use error when trying to modify

Another question - AV? I had a similar issue on a W2K3 file server a couple of 
years ago where users couldn't even edit their own Excel files in their Home 
drives with the same error message. In addition, the server was blue-screening 
and creating all kinds of temp files. Turned out to be McAfee. As soon as I 
upgraded the server to Forefront the problem went away. 

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Monday, August 15, 2011 7:37 PM
To: NT System Admin Issues
Subject: Re: File in use error when trying to modify

Just a hunch...

Local editing, or over the network?

On Mon, Aug 15, 2011 at 15:08, Maglinger, Paul  wrote:
> Running IIS V6.0 on Windows 2003 R2 server.  We have a html file that a
> domain administrator account can edit and save, but when a domain user
> tries to do the same they get a "file in use by process" error.  I have
> checked task manager and even run Process Monitor and can't find
> anything that has hold of that file.  And again, the domain admin
> account can change it.  The local and shared directory and file
> permissions were set to "change" for the user in question, and we have
> even given the user full control and it doesn't allow the file to be
> saved.  I even re-created the file from scratch and see the same
> behavior.  Anyone have any ideas what's going on here?
>
> -Paul
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



-
No virus found in this message.
Checked by AVG - www.avg.com
Version: 10.0.1392 / Virus Database: 1520/3836 - Release Date: 08/15/11



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: VPN Client

2011-08-16 Thread Kelli Sterley 
That's it .. thanks Michael

On Tue, Aug 16, 2011 at 10:05 AM, Michael B. Smith wrote:

>  Shrewsoft.
>
> ** **
>
> Regards,
>
> ** **
>
> Michael B. Smith
>
> Consultant and Exchange MVP
>
> http://TheEssentialExchange.com
>
> ** **
>
> *From:* Kelli Sterley [mailto:kjsterley.li...@gmail.com]
> *Sent:* Tuesday, August 16, 2011 9:53 AM
> *To:* NT System Admin Issues
> *Subject:* VPN Client
>
> ** **
>
> I've been looking thru my archive emails looking for the thread about a VPN
> client that works with multiple appliances but I can't seem to find it.
> Does anyone know the software by chance?
>
>  
>
> thanks!
>
> Kelli
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Weird dll files on boot

2011-08-16 Thread James Rankin 
Well, more weirdness.

On a whim, I deleted all of the files out of the
%windir%\serviceprofiles\LocalSystem\AppData directory - not that any looked
out of the ordinary - and now when I restart the server, the message I was
getting has stopped happening. I couldn't find any reference to the
directory or any files in it in a Process Monitor boot log. I feel
*slightly* better that the message has gone away - but not really much,
because it seems like some kind of infection, or attempted infection, has
crawled under the radar.

I might take one of these systems out and run a full scan from an
alternative OS as suggested, but I hate the nagging feeling that something
has gotten away without being fully understood. I'm hoping my strategy of AV
+ whitelisting hasn't led to any compromise, but I'm still wondering whether
I should initiate a full rebuild of the server farm.

Anyway thanks for all the suggestions,

On 16 August 2011 13:34, Crawford, Scott  wrote:

>  sounds rootkit-ish.  MS has a boot cd to run Security Essentials.
>
>
>
>  Sent from my Palm Pre on the Now Network from Sprint
>
>  --
> On Aug 16, 2011 7:19 AM, James Rankin  wrote:
>
> Yes, but I don't have much faith in the AV software of choice (Trend).
> According to it, everything is hunky-dory. MalwareBytes didn't detect
> anything on a full scan either. I'm pulling up some Process Monitor logs now
> to see if there are any needles in that haystack.
>
> On 16 August 2011 13:09, Erik Goldoff  wrote:
>
>> have you already checked your AV quarantine for the presence of these
>> DLLs, or at least the detection/risk log to see if *that* is why they're
>> gone before you can get to them ?
>>
>>
>>   On Tue, Aug 16, 2011 at 6:41 AM, James Rankin wrote:
>>
>>> I've just got back from my holidays so I'm probably still not thinking
>>> straightbut has anyone noticed dll files with random names that appear
>>> in *c:\windows\serviceprofiles\localservice\appdata\local\temp *when a
>>> 2008 R2 server boots up? By the time I get to checking for them, they are
>>> gone. The reason I know they are there is because my whitelisting
>>> application doesn't allow executable content to have its ownership
>>> overwritten, and when the servers boot up, they are logging an event
>>> regarding an attempted ownership overwrite
>>>
>>> *AppSense Application Manager intercepted the overwrite of the allowed
>>> executable 'c:\windows\serviceprofiles\localservice\appdata\local\temp\*
>>> random_8_character_filename*.dll' on ''servername'. Ownership of this
>>> file was changed to that of the user*
>>>
>>> I've never noticed this happening before, and the randomised filename
>>> screams "malware" at me - but I have scanned the system with Trend and
>>> MalwareBytes, and can find no trace of any infection. By the time I dig into
>>> the folder to check, there's nothing there. Does anyone have any idea why
>>> these files would be appearing at boot time? My next step is to break out a
>>> bit of Process Monitor, but I'm just wondering if I am barking up a false
>>> positive tree here.
>>>
>>> TIA,
>>>
>>>
>>>
>>> JRR
>>>
>>> --
>>> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
>>> the machine wrong figures, will the right answers come out?' I am not able
>>> rightly to apprehend the kind of confusion of ideas that could provoke such
>>> a question."
>>>
>>> ** IMPORTANT INFORMATION/DISCLAIMER *
>>>
>>> This document should be read only by those persons to whom it is
>>> addressed. If you have received this message it was obviously addressed to
>>> you and therefore you can read it, even it we didn't mean to send it to you.
>>> However, if the contents of this email make no sense whatsoever then you
>>> probably were not the intended recipient, or, alternatively, you are a
>>> mindless cretin; either way, you should immediately kill yourself and
>>> destroy your computer (not necessarily in that order). Once you have taken
>>> this action, please contact us.. no, sorry, you can't use your computer,
>>> because you just destroyed it, and possibly also committed suicide
>>> afterwards, but I am starting to digress.. *
>>>
>>> *The originator of this email is not liable for the transmission of the
>>> information contained in this communication. Or are they? Either way it's a
>>> pretty dull legal query and frankly one I'm not going to dwell on. But
>>> should you have nothing better to do, please feel free to ruminate on it,
>>> and please pass on any concrete conclusions should you find them. However,
>>> if you pass them on via email, be sure to include a disclaimer regarding
>>> liability for transmission.
>>> *
>>>
>>> *In the event that the originator did not send this email to you, then
>>> please return it to us and attach a scanned-in picture of your mother's
>>> brother's wife wearing nothing but a kangaroo suit, and we will immediately
>>> refund you exactly half of what you paid for the can of Whis

RE: File in use error when trying to modify

2011-08-16 Thread Ziots, Edward 
We have been seeing some file locking on one of our file servers with McCrappy, 
but most times its been a user having a file open over the network ( in read 
and write mode) and another user is trying to open it and modify it, causing 
the lock. 

Z

Edward E. Ziots
CISSP, Network +, Security +
Security Engineer
Lifespan Organization
Email:ezi...@lifespan.org
Cell:401-639-3505



-Original Message-
From: Maglinger, Paul [mailto:pmaglin...@scvl.com] 
Sent: Tuesday, August 16, 2011 9:39 AM
To: NT System Admin Issues
Subject: RE: File in use error when trying to modify

Hmmm... we are running McCrappy on that server.  Was it the same circumstance 
in that domain users couldn't save the file yet a domain admin could?  We're 
not seeing any blue screens or weird temp files.

-Original Message-
From: Orland, Kathleen [mailto:korl...@rogers.com] 
Sent: Monday, August 15, 2011 6:47 PM
To: NT System Admin Issues
Subject: RE: File in use error when trying to modify

Another question - AV? I had a similar issue on a W2K3 file server a couple of 
years ago where users couldn't even edit their own Excel files in their Home 
drives with the same error message. In addition, the server was blue-screening 
and creating all kinds of temp files. Turned out to be McAfee. As soon as I 
upgraded the server to Forefront the problem went away. 

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Monday, August 15, 2011 7:37 PM
To: NT System Admin Issues
Subject: Re: File in use error when trying to modify

Just a hunch...

Local editing, or over the network?

On Mon, Aug 15, 2011 at 15:08, Maglinger, Paul  wrote:
> Running IIS V6.0 on Windows 2003 R2 server.  We have a html file that a
> domain administrator account can edit and save, but when a domain user
> tries to do the same they get a "file in use by process" error.  I have
> checked task manager and even run Process Monitor and can't find
> anything that has hold of that file.  And again, the domain admin
> account can change it.  The local and shared directory and file
> permissions were set to "change" for the user in question, and we have
> even given the user full control and it doesn't allow the file to be
> saved.  I even re-created the file from scratch and see the same
> behavior.  Anyone have any ideas what's going on here?
>
> -Paul
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



-
No virus found in this message.
Checked by AVG - www.avg.com
Version: 10.0.1392 / Virus Database: 1520/3836 - Release Date: 08/15/11



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: VPN Client

2011-08-16 Thread Michael B. Smith 
Shrewsoft.

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Kelli Sterley [mailto:kjsterley.li...@gmail.com]
Sent: Tuesday, August 16, 2011 9:53 AM
To: NT System Admin Issues
Subject: VPN Client

I've been looking thru my archive emails looking for the thread about a VPN 
client that works with multiple appliances but I can't seem to find it.  Does 
anyone know the software by chance?

thanks!
Kelli

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: File in use error when trying to modify

2011-08-16 Thread Maglinger, Paul 
I ran handle and if I'm interpreting the results correctly I'm not see
anything that is attached to the file directly, however it appears that
WinSxS is somehow involved with the directory the file resides in.
That's rather odd isn't it?  Isn't Windows Side by Side used to keep
track of software updates?  There are no applications installed in this
directory, just pdf, doc and html files.

 

From: Andrew S. Baker [mailto:asbz...@gmail.com] 
Sent: Monday, August 15, 2011 6:54 PM
To: NT System Admin Issues
Subject: Re: File in use error when trying to modify

 

HANDLE should show what is using the file, and I would expect it to be
one of the IIS processes...


ASB

http://about.me/Andrew.S.Baker

Harnessing the Advantages of Technology for the SMB market...





On Mon, Aug 15, 2011 at 6:08 PM, Maglinger, Paul 
wrote:

Running IIS V6.0 on Windows 2003 R2 server.  We have a html file that a
domain administrator account can edit and save, but when a domain user
tries to do the same they get a "file in use by process" error.  I have
checked task manager and even run Process Monitor and can't find
anything that has hold of that file.  And again, the domain admin
account can change it.  The local and shared directory and file
permissions were set to "change" for the user in question, and we have
even given the user full control and it doesn't allow the file to be
saved.  I even re-created the file from scratch and see the same
behavior.  Anyone have any ideas what's going on here?

-Paul

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

VPN Client

2011-08-16 Thread Kelli Sterley 
I've been looking thru my archive emails looking for the thread about a VPN
client that works with multiple appliances but I can't seem to find it.
Does anyone know the software by chance?

thanks!
Kelli

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: File in use error when trying to modify

2011-08-16 Thread Maglinger, Paul 
Hmmm... we are running McCrappy on that server.  Was it the same circumstance 
in that domain users couldn't save the file yet a domain admin could?  We're 
not seeing any blue screens or weird temp files.

-Original Message-
From: Orland, Kathleen [mailto:korl...@rogers.com] 
Sent: Monday, August 15, 2011 6:47 PM
To: NT System Admin Issues
Subject: RE: File in use error when trying to modify

Another question - AV? I had a similar issue on a W2K3 file server a couple of 
years ago where users couldn't even edit their own Excel files in their Home 
drives with the same error message. In addition, the server was blue-screening 
and creating all kinds of temp files. Turned out to be McAfee. As soon as I 
upgraded the server to Forefront the problem went away. 

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Monday, August 15, 2011 7:37 PM
To: NT System Admin Issues
Subject: Re: File in use error when trying to modify

Just a hunch...

Local editing, or over the network?

On Mon, Aug 15, 2011 at 15:08, Maglinger, Paul  wrote:
> Running IIS V6.0 on Windows 2003 R2 server.  We have a html file that a
> domain administrator account can edit and save, but when a domain user
> tries to do the same they get a "file in use by process" error.  I have
> checked task manager and even run Process Monitor and can't find
> anything that has hold of that file.  And again, the domain admin
> account can change it.  The local and shared directory and file
> permissions were set to "change" for the user in question, and we have
> even given the user full control and it doesn't allow the file to be
> saved.  I even re-created the file from scratch and see the same
> behavior.  Anyone have any ideas what's going on here?
>
> -Paul
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



-
No virus found in this message.
Checked by AVG - www.avg.com
Version: 10.0.1392 / Virus Database: 1520/3836 - Release Date: 08/15/11



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: File in use error when trying to modify

2011-08-16 Thread Maglinger, Paul 
Over the network, using mapped drive to share.

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Monday, August 15, 2011 6:37 PM
To: NT System Admin Issues
Subject: Re: File in use error when trying to modify

Just a hunch...

Local editing, or over the network?

On Mon, Aug 15, 2011 at 15:08, Maglinger, Paul  wrote:
> Running IIS V6.0 on Windows 2003 R2 server.  We have a html file that a
> domain administrator account can edit and save, but when a domain user
> tries to do the same they get a "file in use by process" error.  I have
> checked task manager and even run Process Monitor and can't find
> anything that has hold of that file.  And again, the domain admin
> account can change it.  The local and shared directory and file
> permissions were set to "change" for the user in question, and we have
> even given the user full control and it doesn't allow the file to be
> saved.  I even re-created the file from scratch and see the same
> behavior.  Anyone have any ideas what's going on here?
>
> -Paul
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Weird dll files on boot

2011-08-16 Thread Crawford, Scott 
sounds rootkit-ish.  MS has a boot cd to run Security Essentials.



Sent from my Palm Pre on the Now Network from Sprint


On Aug 16, 2011 7:19 AM, James Rankin  wrote:

Yes, but I don't have much faith in the AV software of choice (Trend). 
According to it, everything is hunky-dory. MalwareBytes didn't detect anything 
on a full scan either. I'm pulling up some Process Monitor logs now to see if 
there are any needles in that haystack.

On 16 August 2011 13:09, Erik Goldoff 
mailto:egold...@gmail.com>> wrote:
have you already checked your AV quarantine for the presence of these DLLs, or 
at least the detection/risk log to see if *that* is why they're gone before you 
can get to them ?


On Tue, Aug 16, 2011 at 6:41 AM, James Rankin 
mailto:kz2...@googlemail.com>> wrote:
I've just got back from my holidays so I'm probably still not thinking 
straightbut has anyone noticed dll files with random names that appear in 
c:\windows\serviceprofiles\localservice\appdata\local\temp when a 2008 R2 
server boots up? By the time I get to checking for them, they are gone. The 
reason I know they are there is because my whitelisting application doesn't 
allow executable content to have its ownership overwritten, and when the 
servers boot up, they are logging an event regarding an attempted ownership 
overwrite

AppSense Application Manager intercepted the overwrite of the allowed 
executable 
'c:\windows\serviceprofiles\localservice\appdata\local\temp\random_8_character_filename.dll'
 on ''servername'. Ownership of this file was changed to that of the user

I've never noticed this happening before, and the randomised filename screams 
"malware" at me - but I have scanned the system with Trend and MalwareBytes, 
and can find no trace of any infection. By the time I dig into the folder to 
check, there's nothing there. Does anyone have any idea why these files would 
be appearing at boot time? My next step is to break out a bit of Process 
Monitor, but I'm just wondering if I am barking up a false positive tree here.

TIA,



JRR

--
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the 
machine wrong figures, will the right answers come out?' I am not able rightly 
to apprehend the kind of confusion of ideas that could provoke such a question."

* IMPORTANT INFORMATION/DISCLAIMER *

This document should be read only by those persons to whom it is addressed. If 
you have received this message it was obviously addressed to you and therefore 
you can read it, even it we didn't mean to send it to you. However, if the 
contents of this email make no sense whatsoever then you probably were not the 
intended recipient, or, alternatively, you are a mindless cretin; either way, 
you should immediately kill yourself and destroy your computer (not necessarily 
in that order). Once you have taken this action, please contact us.. no, sorry, 
you can't use your computer, because you just destroyed it, and possibly also 
committed suicide afterwards, but I am starting to digress..

The originator of this email is not liable for the transmission of the 
information contained in this communication. Or are they? Either way it's a 
pretty dull legal query and frankly one I'm not going to dwell on. But should 
you have nothing better to do, please feel free to ruminate on it, and please 
pass on any concrete conclusions should you find them. However, if you pass 
them on via email, be sure to include a disclaimer regarding liability for 
transmission.

In the event that the originator did not send this email to you, then please 
return it to us and attach a scanned-in picture of your mother's brother's wife 
wearing nothing but a kangaroo suit, and we will immediately refund you exactly 
half of what you paid for the can of Whiskas you bought when you went to Pets 
At Home yesterday.

We take no responsibility for non-receipt of this email because we are running 
Exchange 5.5 and everyone knows how glitchy that can be. In the event that you 
do get this message then please note that we take no responsibility for that 
either. Nor will we accept any liability, tacit or implied, for any damage you 
may or may not incur as a result of receiving, or not, as the case may be, from 
time to time, notwithstanding all liabilities implied or otherwise, ummm, hell, 
where was I...umm, no matter what happens, it is NOT, and NEVER WILL BE, OUR 
FAULT!

The comments and opinions expressed herein are my own and NOT those of my 
employer, who, if he knew I was sending emails and surfing the seamier side of 
the Internet, would cut off my manhood and feed it to me for afternoon tea.



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com

Re: Weird dll files on boot

2011-08-16 Thread James Rankin 
Yeah, that's what I've checked in the Trend AV server web console. There
isn't a single entry of note for the entire last week, which is the
timeframe I've noticed this appearing in.

Sorry if I wasn't clear about that.

On 16 August 2011 13:23, Erik Goldoff  wrote:

> to be clear, I don't mean run a scan now, but to check the logs and
> quarantines for activity from On Access/AutoProtect type protection that
> could have happened when no one was monitoring the server.
>
>
> On Tue, Aug 16, 2011 at 8:18 AM, James Rankin wrote:
>
>> Yes, but I don't have much faith in the AV software of choice (Trend).
>> According to it, everything is hunky-dory. MalwareBytes didn't detect
>> anything on a full scan either. I'm pulling up some Process Monitor logs now
>> to see if there are any needles in that haystack.
>>
>> On 16 August 2011 13:09, Erik Goldoff  wrote:
>>
>>> have you already checked your AV quarantine for the presence of these
>>> DLLs, or at least the detection/risk log to see if *that* is why they're
>>> gone before you can get to them ?
>>>
>>>
>>>   On Tue, Aug 16, 2011 at 6:41 AM, James Rankin 
>>> wrote:
>>>
 I've just got back from my holidays so I'm probably still not thinking
 straightbut has anyone noticed dll files with random names that appear
 in *c:\windows\serviceprofiles\localservice\appdata\local\temp *when a
 2008 R2 server boots up? By the time I get to checking for them, they are
 gone. The reason I know they are there is because my whitelisting
 application doesn't allow executable content to have its ownership
 overwritten, and when the servers boot up, they are logging an event
 regarding an attempted ownership overwrite

 *AppSense Application Manager intercepted the overwrite of the allowed
 executable 'c:\windows\serviceprofiles\localservice\appdata\local\temp\
 *random_8_character_filename*.dll' on ''servername'. Ownership of this
 file was changed to that of the user*

 I've never noticed this happening before, and the randomised filename
 screams "malware" at me - but I have scanned the system with Trend and
 MalwareBytes, and can find no trace of any infection. By the time I dig 
 into
 the folder to check, there's nothing there. Does anyone have any idea why
 these files would be appearing at boot time? My next step is to break out a
 bit of Process Monitor, but I'm just wondering if I am barking up a false
 positive tree here.

 TIA,



 JRR

 --
 "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put
 into the machine wrong figures, will the right answers come out?' I am not
 able rightly to apprehend the kind of confusion of ideas that could provoke
 such a question."

 ** IMPORTANT INFORMATION/DISCLAIMER *

 This document should be read only by those persons to whom it is
 addressed. If you have received this message it was obviously addressed to
 you and therefore you can read it, even it we didn't mean to send it to 
 you.
 However, if the contents of this email make no sense whatsoever then you
 probably were not the intended recipient, or, alternatively, you are a
 mindless cretin; either way, you should immediately kill yourself and
 destroy your computer (not necessarily in that order). Once you have taken
 this action, please contact us.. no, sorry, you can't use your computer,
 because you just destroyed it, and possibly also committed suicide
 afterwards, but I am starting to digress.. *

 *The originator of this email is not liable for the transmission of the
 information contained in this communication. Or are they? Either way it's a
 pretty dull legal query and frankly one I'm not going to dwell on. But
 should you have nothing better to do, please feel free to ruminate on it,
 and please pass on any concrete conclusions should you find them. However,
 if you pass them on via email, be sure to include a disclaimer regarding
 liability for transmission.
 *

 *In the event that the originator did not send this email to you, then
 please return it to us and attach a scanned-in picture of your mother's
 brother's wife wearing nothing but a kangaroo suit, and we will immediately
 refund you exactly half of what you paid for the can of Whiskas you bought
 when you went to Pets** **At Home yesterday. *

 *We take no responsibility for non-receipt of this email because we are
 running Exchange 5.5 and everyone knows how glitchy that can be. In the
 event that you do get this message then please note that we take no
 responsibility for that either. Nor will we accept any liability, tacit or
 implied, for any damage you may or may not incur as a result of receiving,
 or not, as the case may be, from time to time, notwithstanding all
 liabilities implied or ot

Re: Weird dll files on boot

2011-08-16 Thread Erik Goldoff 
to be clear, I don't mean run a scan now, but to check the logs and
quarantines for activity from On Access/AutoProtect type protection that
could have happened when no one was monitoring the server.

On Tue, Aug 16, 2011 at 8:18 AM, James Rankin  wrote:

> Yes, but I don't have much faith in the AV software of choice (Trend).
> According to it, everything is hunky-dory. MalwareBytes didn't detect
> anything on a full scan either. I'm pulling up some Process Monitor logs now
> to see if there are any needles in that haystack.
>
> On 16 August 2011 13:09, Erik Goldoff  wrote:
>
>> have you already checked your AV quarantine for the presence of these
>> DLLs, or at least the detection/risk log to see if *that* is why they're
>> gone before you can get to them ?
>>
>>
>>   On Tue, Aug 16, 2011 at 6:41 AM, James Rankin wrote:
>>
>>> I've just got back from my holidays so I'm probably still not thinking
>>> straightbut has anyone noticed dll files with random names that appear
>>> in *c:\windows\serviceprofiles\localservice\appdata\local\temp *when a
>>> 2008 R2 server boots up? By the time I get to checking for them, they are
>>> gone. The reason I know they are there is because my whitelisting
>>> application doesn't allow executable content to have its ownership
>>> overwritten, and when the servers boot up, they are logging an event
>>> regarding an attempted ownership overwrite
>>>
>>> *AppSense Application Manager intercepted the overwrite of the allowed
>>> executable 'c:\windows\serviceprofiles\localservice\appdata\local\temp\*
>>> random_8_character_filename*.dll' on ''servername'. Ownership of this
>>> file was changed to that of the user*
>>>
>>> I've never noticed this happening before, and the randomised filename
>>> screams "malware" at me - but I have scanned the system with Trend and
>>> MalwareBytes, and can find no trace of any infection. By the time I dig into
>>> the folder to check, there's nothing there. Does anyone have any idea why
>>> these files would be appearing at boot time? My next step is to break out a
>>> bit of Process Monitor, but I'm just wondering if I am barking up a false
>>> positive tree here.
>>>
>>> TIA,
>>>
>>>
>>>
>>> JRR
>>>
>>> --
>>> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
>>> the machine wrong figures, will the right answers come out?' I am not able
>>> rightly to apprehend the kind of confusion of ideas that could provoke such
>>> a question."
>>>
>>> ** IMPORTANT INFORMATION/DISCLAIMER *
>>>
>>> This document should be read only by those persons to whom it is
>>> addressed. If you have received this message it was obviously addressed to
>>> you and therefore you can read it, even it we didn't mean to send it to you.
>>> However, if the contents of this email make no sense whatsoever then you
>>> probably were not the intended recipient, or, alternatively, you are a
>>> mindless cretin; either way, you should immediately kill yourself and
>>> destroy your computer (not necessarily in that order). Once you have taken
>>> this action, please contact us.. no, sorry, you can't use your computer,
>>> because you just destroyed it, and possibly also committed suicide
>>> afterwards, but I am starting to digress.. *
>>>
>>> *The originator of this email is not liable for the transmission of the
>>> information contained in this communication. Or are they? Either way it's a
>>> pretty dull legal query and frankly one I'm not going to dwell on. But
>>> should you have nothing better to do, please feel free to ruminate on it,
>>> and please pass on any concrete conclusions should you find them. However,
>>> if you pass them on via email, be sure to include a disclaimer regarding
>>> liability for transmission.
>>> *
>>>
>>> *In the event that the originator did not send this email to you, then
>>> please return it to us and attach a scanned-in picture of your mother's
>>> brother's wife wearing nothing but a kangaroo suit, and we will immediately
>>> refund you exactly half of what you paid for the can of Whiskas you bought
>>> when you went to Pets** **At Home yesterday. *
>>>
>>> *We take no responsibility for non-receipt of this email because we are
>>> running Exchange 5.5 and everyone knows how glitchy that can be. In the
>>> event that you do get this message then please note that we take no
>>> responsibility for that either. Nor will we accept any liability, tacit or
>>> implied, for any damage you may or may not incur as a result of receiving,
>>> or not, as the case may be, from time to time, notwithstanding all
>>> liabilities implied or otherwise, ummm, hell, where was I...umm, no matter
>>> what happens, it is NOT, and NEVER WILL BE, OUR FAULT! *
>>>
>>> *The comments and opinions expressed herein are my own and NOT those of
>>> my employer, who, if he knew I was sending emails and surfing the seamier
>>> side of the Internet, would cut off my manhood and feed it to me for
>>> afternoon tea. *
>>>
>>>
>>> ~ Fi

Re: Weird dll files on boot

2011-08-16 Thread James Rankin 
Yes, but I don't have much faith in the AV software of choice (Trend).
According to it, everything is hunky-dory. MalwareBytes didn't detect
anything on a full scan either. I'm pulling up some Process Monitor logs now
to see if there are any needles in that haystack.

On 16 August 2011 13:09, Erik Goldoff  wrote:

> have you already checked your AV quarantine for the presence of these DLLs,
> or at least the detection/risk log to see if *that* is why they're gone
> before you can get to them ?
>
>
> On Tue, Aug 16, 2011 at 6:41 AM, James Rankin wrote:
>
>> I've just got back from my holidays so I'm probably still not thinking
>> straightbut has anyone noticed dll files with random names that appear
>> in *c:\windows\serviceprofiles\localservice\appdata\local\temp *when a
>> 2008 R2 server boots up? By the time I get to checking for them, they are
>> gone. The reason I know they are there is because my whitelisting
>> application doesn't allow executable content to have its ownership
>> overwritten, and when the servers boot up, they are logging an event
>> regarding an attempted ownership overwrite
>>
>> *AppSense Application Manager intercepted the overwrite of the allowed
>> executable 'c:\windows\serviceprofiles\localservice\appdata\local\temp\*
>> random_8_character_filename*.dll' on ''servername'. Ownership of this
>> file was changed to that of the user*
>>
>> I've never noticed this happening before, and the randomised filename
>> screams "malware" at me - but I have scanned the system with Trend and
>> MalwareBytes, and can find no trace of any infection. By the time I dig into
>> the folder to check, there's nothing there. Does anyone have any idea why
>> these files would be appearing at boot time? My next step is to break out a
>> bit of Process Monitor, but I'm just wondering if I am barking up a false
>> positive tree here.
>>
>> TIA,
>>
>>
>>
>> JRR
>>
>> --
>> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
>> the machine wrong figures, will the right answers come out?' I am not able
>> rightly to apprehend the kind of confusion of ideas that could provoke such
>> a question."
>>
>> ** IMPORTANT INFORMATION/DISCLAIMER *
>>
>> This document should be read only by those persons to whom it is
>> addressed. If you have received this message it was obviously addressed to
>> you and therefore you can read it, even it we didn't mean to send it to you.
>> However, if the contents of this email make no sense whatsoever then you
>> probably were not the intended recipient, or, alternatively, you are a
>> mindless cretin; either way, you should immediately kill yourself and
>> destroy your computer (not necessarily in that order). Once you have taken
>> this action, please contact us.. no, sorry, you can't use your computer,
>> because you just destroyed it, and possibly also committed suicide
>> afterwards, but I am starting to digress.. *
>>
>> *The originator of this email is not liable for the transmission of the
>> information contained in this communication. Or are they? Either way it's a
>> pretty dull legal query and frankly one I'm not going to dwell on. But
>> should you have nothing better to do, please feel free to ruminate on it,
>> and please pass on any concrete conclusions should you find them. However,
>> if you pass them on via email, be sure to include a disclaimer regarding
>> liability for transmission.
>> *
>>
>> *In the event that the originator did not send this email to you, then
>> please return it to us and attach a scanned-in picture of your mother's
>> brother's wife wearing nothing but a kangaroo suit, and we will immediately
>> refund you exactly half of what you paid for the can of Whiskas you bought
>> when you went to Pets** **At Home yesterday. *
>>
>> *We take no responsibility for non-receipt of this email because we are
>> running Exchange 5.5 and everyone knows how glitchy that can be. In the
>> event that you do get this message then please note that we take no
>> responsibility for that either. Nor will we accept any liability, tacit or
>> implied, for any damage you may or may not incur as a result of receiving,
>> or not, as the case may be, from time to time, notwithstanding all
>> liabilities implied or otherwise, ummm, hell, where was I...umm, no matter
>> what happens, it is NOT, and NEVER WILL BE, OUR FAULT! *
>>
>> *The comments and opinions expressed herein are my own and NOT those of
>> my employer, who, if he knew I was sending emails and surfing the seamier
>> side of the Internet, would cut off my manhood and feed it to me for
>> afternoon tea. *
>>
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>
> ~ Finally, po

Re: Weird dll files on boot

2011-08-16 Thread Erik Goldoff 
have you already checked your AV quarantine for the presence of these DLLs,
or at least the detection/risk log to see if *that* is why they're gone
before you can get to them ?


On Tue, Aug 16, 2011 at 6:41 AM, James Rankin  wrote:

> I've just got back from my holidays so I'm probably still not thinking
> straightbut has anyone noticed dll files with random names that appear
> in *c:\windows\serviceprofiles\localservice\appdata\local\temp *when a
> 2008 R2 server boots up? By the time I get to checking for them, they are
> gone. The reason I know they are there is because my whitelisting
> application doesn't allow executable content to have its ownership
> overwritten, and when the servers boot up, they are logging an event
> regarding an attempted ownership overwrite
>
> *AppSense Application Manager intercepted the overwrite of the allowed
> executable 'c:\windows\serviceprofiles\localservice\appdata\local\temp\*
> random_8_character_filename*.dll' on ''servername'. Ownership of this file
> was changed to that of the user*
>
> I've never noticed this happening before, and the randomised filename
> screams "malware" at me - but I have scanned the system with Trend and
> MalwareBytes, and can find no trace of any infection. By the time I dig into
> the folder to check, there's nothing there. Does anyone have any idea why
> these files would be appearing at boot time? My next step is to break out a
> bit of Process Monitor, but I'm just wondering if I am barking up a false
> positive tree here.
>
> TIA,
>
>
>
> JRR
>
> --
> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
> the machine wrong figures, will the right answers come out?' I am not able
> rightly to apprehend the kind of confusion of ideas that could provoke such
> a question."
>
> ** IMPORTANT INFORMATION/DISCLAIMER *
>
> This document should be read only by those persons to whom it is addressed.
> If you have received this message it was obviously addressed to you and
> therefore you can read it, even it we didn't mean to send it to you.
> However, if the contents of this email make no sense whatsoever then you
> probably were not the intended recipient, or, alternatively, you are a
> mindless cretin; either way, you should immediately kill yourself and
> destroy your computer (not necessarily in that order). Once you have taken
> this action, please contact us.. no, sorry, you can't use your computer,
> because you just destroyed it, and possibly also committed suicide
> afterwards, but I am starting to digress.. *
>
> *The originator of this email is not liable for the transmission of the
> information contained in this communication. Or are they? Either way it's a
> pretty dull legal query and frankly one I'm not going to dwell on. But
> should you have nothing better to do, please feel free to ruminate on it,
> and please pass on any concrete conclusions should you find them. However,
> if you pass them on via email, be sure to include a disclaimer regarding
> liability for transmission.
> *
>
> *In the event that the originator did not send this email to you, then
> please return it to us and attach a scanned-in picture of your mother's
> brother's wife wearing nothing but a kangaroo suit, and we will immediately
> refund you exactly half of what you paid for the can of Whiskas you bought
> when you went to Pets** **At Home yesterday. *
>
> *We take no responsibility for non-receipt of this email because we are
> running Exchange 5.5 and everyone knows how glitchy that can be. In the
> event that you do get this message then please note that we take no
> responsibility for that either. Nor will we accept any liability, tacit or
> implied, for any damage you may or may not incur as a result of receiving,
> or not, as the case may be, from time to time, notwithstanding all
> liabilities implied or otherwise, ummm, hell, where was I...umm, no matter
> what happens, it is NOT, and NEVER WILL BE, OUR FAULT! *
>
> *The comments and opinions expressed herein are my own and NOT those of my
> employer, who, if he knew I was sending emails and surfing the seamier side
> of the Internet, would cut off my manhood and feed it to me for afternoon
> tea. *
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Weird dll files on boot

2011-08-16 Thread Ziots, Edward 
I am thinking you are on the right path with the malware, I would check
your scheduled tasks see if anything snuck in there and the run keys in
the registry accordingly. 

 

If you can boot to alternative media and look at that systems with a
Live Cd and see if the DLL's are there and get a copy, probably can send
it up to virustotal or other sites for disassembly. 

 

But I agree that screams malware to me without any other information.  (
Possibly getting loaded on a alternative File Stream or process
injection.)

 

Z

 

Edward E. Ziots

CISSP, Network +, Security +

Security Engineer

Lifespan Organization

Email:ezi...@lifespan.org

Cell:401-639-3505

 

 

From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: Tuesday, August 16, 2011 6:41 AM
To: NT System Admin Issues
Subject: Weird dll files on boot

 

I've just got back from my holidays so I'm probably still not thinking
straightbut has anyone noticed dll files with random names that
appear in c:\windows\serviceprofiles\localservice\appdata\local\temp
when a 2008 R2 server boots up? By the time I get to checking for them,
they are gone. The reason I know they are there is because my
whitelisting application doesn't allow executable content to have its
ownership overwritten, and when the servers boot up, they are logging an
event regarding an attempted ownership overwrite

AppSense Application Manager intercepted the overwrite of the allowed
executable
'c:\windows\serviceprofiles\localservice\appdata\local\temp\random_8_cha
racter_filename.dll' on ''servername'. Ownership of this file was
changed to that of the user

I've never noticed this happening before, and the randomised filename
screams "malware" at me - but I have scanned the system with Trend and
MalwareBytes, and can find no trace of any infection. By the time I dig
into the folder to check, there's nothing there. Does anyone have any
idea why these files would be appearing at boot time? My next step is to
break out a bit of Process Monitor, but I'm just wondering if I am
barking up a false positive tree here.

TIA,



JRR

-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put
into the machine wrong figures, will the right answers come out?' I am
not able rightly to apprehend the kind of confusion of ideas that could
provoke such a question."

* IMPORTANT INFORMATION/DISCLAIMER *

This document should be read only by those persons to whom it is
addressed. If you have received this message it was obviously addressed
to you and therefore you can read it, even it we didn't mean to send it
to you. However, if the contents of this email make no sense whatsoever
then you probably were not the intended recipient, or, alternatively,
you are a mindless cretin; either way, you should immediately kill
yourself and destroy your computer (not necessarily in that order). Once
you have taken this action, please contact us.. no, sorry, you can't use
your computer, because you just destroyed it, and possibly also
committed suicide afterwards, but I am starting to digress.. 

The originator of this email is not liable for the transmission of the
information contained in this communication. Or are they? Either way
it's a pretty dull legal query and frankly one I'm not going to dwell
on. But should you have nothing better to do, please feel free to
ruminate on it, and please pass on any concrete conclusions should you
find them. However, if you pass them on via email, be sure to include a
disclaimer regarding liability for transmission.

In the event that the originator did not send this email to you, then
please return it to us and attach a scanned-in picture of your mother's
brother's wife wearing nothing but a kangaroo suit, and we will
immediately refund you exactly half of what you paid for the can of
Whiskas you bought when you went to Pets At Home yesterday. 

We take no responsibility for non-receipt of this email because we are
running Exchange 5.5 and everyone knows how glitchy that can be. In the
event that you do get this message then please note that we take no
responsibility for that either. Nor will we accept any liability, tacit
or implied, for any damage you may or may not incur as a result of
receiving, or not, as the case may be, from time to time,
notwithstanding all liabilities implied or otherwise, ummm, hell, where
was I...umm, no matter what happens, it is NOT, and NEVER WILL BE, OUR
FAULT! 

The comments and opinions expressed herein are my own and NOT those of
my employer, who, if he knew I was sending emails and surfing the
seamier side of the Internet, would cut off my manhood and feed it to me
for afternoon tea. 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Fina

RE: GUI-less VM hosts and Dell OM software

2011-08-16 Thread Spencer Read 
Sorry, yes you can see everything that you would on a normal
installation with this one

 

...Spence

 

From: Oliver Marshall [mailto:oliver.marsh...@g2support.com] 
Sent: 16 August 2011 11:36
To: NT System Admin Issues
Subject: GUI-less VM hosts and Dell OM software

 

Hi chaps

 

Im looking at putting either VMWare ESX or MS Hyper-V Server (the
GUI-less one) on a server here with a Dell Perc 700. 

 

My question I suppose is really whether the Dell  Open Manage software
works on the GUI-less implementation of HyperV server? I know that the
raid card works fine in ESX and Hyper-V Server but I'm interested in
being informed of drive failures within the array. 

 

Anyone got this running and can you tell me whether you are able to see
the state of drives within the array?


Olly

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


__
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
__
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: GUI-less VM hosts and Dell OM software

2011-08-16 Thread Spencer Read 
I followed this -
http://www.mcbsys.com/techblog/2009/11/setting-up-dell-openmanage-on-hyp
er-v-server-2008-r2/

And it installed just fine

 

...Spence

 

 

From: Oliver Marshall [mailto:oliver.marsh...@g2support.com] 
Sent: 16 August 2011 11:36
To: NT System Admin Issues
Subject: GUI-less VM hosts and Dell OM software

 

Hi chaps

 

Im looking at putting either VMWare ESX or MS Hyper-V Server (the
GUI-less one) on a server here with a Dell Perc 700. 

 

My question I suppose is really whether the Dell  Open Manage software
works on the GUI-less implementation of HyperV server? I know that the
raid card works fine in ESX and Hyper-V Server but I'm interested in
being informed of drive failures within the array. 

 

Anyone got this running and can you tell me whether you are able to see
the state of drives within the array?


Olly

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


__
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
__
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: GUI-less VM hosts and Dell OM software

2011-08-16 Thread James Rankin 
OpenManage works fine from within ESX - just download and install the Linux
OpenManage install software from the Dell website. I know you didn't
specifically mention that, but I can see all my ESX server drives and other
hardware just fine in IT Assistant.

Can't speak to Hyper-V, though, as I haven't used it.

On 16 August 2011 11:36, Oliver Marshall wrote:

> Hi chaps
>
> ** **
>
> Im looking at putting either VMWare ESX or MS Hyper-V Server (the GUI-less
> one) on a server here with a Dell Perc 700. 
>
> ** **
>
> My question I suppose is really whether the Dell  Open Manage software
> works on the GUI-less implementation of HyperV server? I know that the raid
> card works fine in ESX and Hyper-V Server but I’m interested in being
> informed of drive failures within the array. 
>
> ** **
>
> Anyone got this running and can you tell me whether you are able to see the
> state of drives within the array?
>
>
> Olly
>
> 
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>



-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question."

** IMPORTANT INFORMATION/DISCLAIMER *

This document should be read only by those persons to whom it is addressed.
If you have received this message it was obviously addressed to you and
therefore you can read it, even it we didn't mean to send it to you.
However, if the contents of this email make no sense whatsoever then you
probably were not the intended recipient, or, alternatively, you are a
mindless cretin; either way, you should immediately kill yourself and
destroy your computer (not necessarily in that order). Once you have taken
this action, please contact us.. no, sorry, you can't use your computer,
because you just destroyed it, and possibly also committed suicide
afterwards, but I am starting to digress.. *

* The originator of this email is not liable for the transmission of the
information contained in this communication. Or are they? Either way it's a
pretty dull legal query and frankly one I'm not going to dwell on. But
should you have nothing better to do, please feel free to ruminate on it,
and please pass on any concrete conclusions should you find them. However,
if you pass them on via email, be sure to include a disclaimer regarding
liability for transmission.
*

* In the event that the originator did not send this email to you, then
please return it to us and attach a scanned-in picture of your mother's
brother's wife wearing nothing but a kangaroo suit, and we will immediately
refund you exactly half of what you paid for the can of Whiskas you bought
when you went to Pets** ** At Home yesterday. *

* We take no responsibility for non-receipt of this email because we are
running Exchange 5.5 and everyone knows how glitchy that can be. In the
event that you do get this message then please note that we take no
responsibility for that either. Nor will we accept any liability, tacit or
implied, for any damage you may or may not incur as a result of receiving,
or not, as the case may be, from time to time, notwithstanding all
liabilities implied or otherwise, ummm, hell, where was I...umm, no matter
what happens, it is NOT, and NEVER WILL BE, OUR FAULT! *

* The comments and opinions expressed herein are my own and NOT those of my
employer, who, if he knew I was sending emails and surfing the seamier side
of the Internet, would cut off my manhood and feed it to me for afternoon
tea. *

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Weird dll files on boot

2011-08-16 Thread James Rankin 
I've just got back from my holidays so I'm probably still not thinking
straightbut has anyone noticed dll files with random names that appear
in *c:\windows\serviceprofiles\localservice\appdata\local\temp *when a 2008
R2 server boots up? By the time I get to checking for them, they are gone.
The reason I know they are there is because my whitelisting application
doesn't allow executable content to have its ownership overwritten, and when
the servers boot up, they are logging an event regarding an attempted
ownership overwrite

*AppSense Application Manager intercepted the overwrite of the allowed
executable 'c:\windows\serviceprofiles\localservice\appdata\local\temp\*
random_8_character_filename*.dll' on ''servername'. Ownership of this file
was changed to that of the user*

I've never noticed this happening before, and the randomised filename
screams "malware" at me - but I have scanned the system with Trend and
MalwareBytes, and can find no trace of any infection. By the time I dig into
the folder to check, there's nothing there. Does anyone have any idea why
these files would be appearing at boot time? My next step is to break out a
bit of Process Monitor, but I'm just wondering if I am barking up a false
positive tree here.

TIA,



JRR

-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question."

** IMPORTANT INFORMATION/DISCLAIMER *

This document should be read only by those persons to whom it is addressed.
If you have received this message it was obviously addressed to you and
therefore you can read it, even it we didn't mean to send it to you.
However, if the contents of this email make no sense whatsoever then you
probably were not the intended recipient, or, alternatively, you are a
mindless cretin; either way, you should immediately kill yourself and
destroy your computer (not necessarily in that order). Once you have taken
this action, please contact us.. no, sorry, you can't use your computer,
because you just destroyed it, and possibly also committed suicide
afterwards, but I am starting to digress.. *

* The originator of this email is not liable for the transmission of the
information contained in this communication. Or are they? Either way it's a
pretty dull legal query and frankly one I'm not going to dwell on. But
should you have nothing better to do, please feel free to ruminate on it,
and please pass on any concrete conclusions should you find them. However,
if you pass them on via email, be sure to include a disclaimer regarding
liability for transmission.
*

* In the event that the originator did not send this email to you, then
please return it to us and attach a scanned-in picture of your mother's
brother's wife wearing nothing but a kangaroo suit, and we will immediately
refund you exactly half of what you paid for the can of Whiskas you bought
when you went to Pets** ** At Home yesterday. *

* We take no responsibility for non-receipt of this email because we are
running Exchange 5.5 and everyone knows how glitchy that can be. In the
event that you do get this message then please note that we take no
responsibility for that either. Nor will we accept any liability, tacit or
implied, for any damage you may or may not incur as a result of receiving,
or not, as the case may be, from time to time, notwithstanding all
liabilities implied or otherwise, ummm, hell, where was I...umm, no matter
what happens, it is NOT, and NEVER WILL BE, OUR FAULT! *

* The comments and opinions expressed herein are my own and NOT those of my
employer, who, if he knew I was sending emails and surfing the seamier side
of the Internet, would cut off my manhood and feed it to me for afternoon
tea. *

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin