RE: LDAP\DC with a public IP

[Brian Desmond]

That's basically private WAN...

Thanks,
Brian Desmond
br...@briandesmond.com

w - 312.625.1438 | c   - 312.731.3132


-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com] 
Sent: Thursday, September 22, 2011 9:14 PM
To: NT System Admin Issues
Subject: Re: LDAP\DC with a public IP

On Thu, Sep 22, 2011 at 9:11 PM, Brian Desmond  wrote:
>> ... the provider gives you a VPN box to make the link ...
>
> This certainly didn't used to be called the cloud - this is classic 
> service hosting. I usually consider cloud to require Internet 
> connection between you and the provider as opposed to private WAN, but that's 
> just me.

  I'm not talking private WAN, I'm talking VPN.  Using the public Internet to 
carry a secure tunnel for a private payload.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Remote Desktop App recommendation?

[Ralph Smith]

Thanks all.  I purchased the Wyse app - it was easy to set up and works
great  with my 2003 and 2008 servers. I don't actually have a Remote
Desktop Gateway set up yet so i didn't test that.  There is a place in
the client to set it up, but Wyse calls that feature "experimental".  It
also includes a VNC client, which could be useful.
 


From: James Hill [mailto:james.h...@coffeeclub.com.au] 
Sent: Thursday, September 22, 2011 5:31 PM
To: NT System Admin Issues
Subject: RE: Remote Desktop App recommendation?



http://itap-mobile.com/itap-rdp 

 

Supports RD Gateway.  I haven't used it for a while(7 months +) but
hopefully the performance has improved.  It was very slow on an iphone
and slow on an ipad at the time.  Particularly when compared to
comparable products for Android.

 

Always found it amusing that you can get apps for Android, ios etc that
support RD Gateway but nothing exists for OSX.

 

From: Ralph Smith [mailto:m...@gatewayindustries.org] 
Sent: Thursday, 22 September 2011 11:37 PM
To: NT System Admin Issues
Subject: Remote Desktop App recommendation?

 

It seems like I saw this asked and answered here before but I can't find
the thread:

Anybody using a Remote Desktop app for iPad 2 that you can recommend
that works with Windows Server 2003, 2008 R2 and Remote Desktop Gateway?

 

My CEO was just issued an iPad through another agency for which she
serves on the board, and she wants to use it this way.  This is the
first time I've actually touched an iPad.  I downloaded the free Remote
Desktop Lite, but apparently Mochasofts's remote desktop products can't
be used with Windows Servers.  Read a bunch of reviews and am
considering trying either Antecea Easy Connect or Wyse PocketCloud, but
there's a lot of choices and am hoping to get a trusted recommendation
from the list.

 

Thanks,

 

Ralph

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: LDAP\DC with a public IP

[Ben Scott]

On Thu, Sep 22, 2011 at 9:11 PM, Brian Desmond  wrote:
>> ... the provider gives you a VPN box to make the link ...
>
> This certainly didn't used to be called the cloud - this is classic service 
> hosting. I usually
> consider cloud to require Internet connection between you and the provider as 
> opposed
> to private WAN, but that's just me.

  I'm not talking private WAN, I'm talking VPN.  Using the public
Internet to carry a secure tunnel for a private payload.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: LDAP\DC with a public IP

[Steven Peck]

No no... now it's a 'Private Cloud'.  This is the technical way of 'mocking
the marketers' since they co-opted all the terminology.

On Thu, Sep 22, 2011 at 6:11 PM, Brian Desmond wrote:

> This certainly didn't used to be called the cloud - this is classic service
> hosting. I usually consider cloud to require Internet connection between you
> and the provider as opposed to private WAN, but that's just me.
>
> Thanks,
> Brian Desmond
> br...@briandesmond.com
>
> w - 312.625.1438 | c   - 312.731.3132
>
>
> -Original Message-
> From: Ben Scott [mailto:mailvor...@gmail.com]
> Sent: Thursday, September 22, 2011 6:14 PM
> To: NT System Admin Issues
> Subject: Re: LDAP\DC with a public IP
>
> On Thu, Sep 22, 2011 at 6:53 PM, Brian Desmond 
> wrote:
> >> You have an IP address on your private side that duplicates their
> >> private net, and you're connected to them via some kind of VPN or
> >> other secure router, so you do a one-to-one static NAT between your
> >> private net and some other private net that they're not using.
> >
> > Yes that's exactly what I was describing. That doesn't usually come to
> > mind in the same thought as "cloud" though.
>
>  "Cloud" means whatever the speaker wants it to, these days.  :)  But I
> don't even see this one as much of a stretch: If the provider has a big net
> of distributed datacenters, and you're outsourcing some service to that, and
> the provider gives you a VPN box to make the link, that still seems pretty
> cloud-ish to me.
>
> -- Ben
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <
> http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: LDAP\DC with a public IP

[Brian Desmond]

This certainly didn't used to be called the cloud - this is classic service 
hosting. I usually consider cloud to require Internet connection between you 
and the provider as opposed to private WAN, but that's just me. 

Thanks,
Brian Desmond
br...@briandesmond.com

w - 312.625.1438 | c   - 312.731.3132


-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com] 
Sent: Thursday, September 22, 2011 6:14 PM
To: NT System Admin Issues
Subject: Re: LDAP\DC with a public IP

On Thu, Sep 22, 2011 at 6:53 PM, Brian Desmond  wrote:
>> You have an IP address on your private side that duplicates their 
>> private net, and you're connected to them via some kind of VPN or 
>> other secure router, so you do a one-to-one static NAT between your 
>> private net and some other private net that they're not using.
>
> Yes that's exactly what I was describing. That doesn't usually come to 
> mind in the same thought as "cloud" though.

  "Cloud" means whatever the speaker wants it to, these days.  :)  But I don't 
even see this one as much of a stretch: If the provider has a big net of 
distributed datacenters, and you're outsourcing some service to that, and the 
provider gives you a VPN box to make the link, that still seems pretty 
cloud-ish to me.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Public time sources

[Steve Kradel]

Agreed with Ben on naming multiple NTP sources, so you're not hosed if
one of them goes wacky.  I've had best results by configuring like so:
0.us.pool.ntp.org
1.us.pool.ntp.org
2.us.pool.ntp.org
etc...

--Steve

On Thu, Sep 22, 2011 at 12:05 PM, Ben Scott  wrote:
> On Thu, Sep 22, 2011 at 11:05 AM, Tom Miller  wrote:
>> I am reconfiguring my time providers for my AD servers.  What are you using
>> for your public time sources?
>
>  I've got my PDC Emulator configured to get its time from our
> in-house Linux server running the reference implementation of NTP.
> That Linux box is configured to sync to multiple pool.ntp.org servers:
>
>                server us.pool.ntp.org
>                server us.pool.ntp.org
>                server us.pool.ntp.org
>                server time.windows.com
>
>  I list the same name three times because I'm running an older NTP
> release which doesn't support the "pool" directive (which does the
> same thing and better).
>
>  I threw time.windows.com in there as a further diversity measure.
>
>  By using multiple diverse time sources, NTP can better detect and
> compensate for network latency and drift.  Accuracies within a few
> seconds of "atomic" time are achievable this way.
>
>  Microsoft's documentation on the Windows time service isn't clear on
> if/how it handles multiple upstream NTP servers, and given MSKB 939322
> I figured I wasn't likely to get an answer, and I already had NTP
> configured on *nix, so that's the route I chose.
>
> -- Ben
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: LDAP\DC with a public IP

[Jon Harris]

Alarmist no not to me.  I would tell them find or propose another way.  I
would look at a way maybe using a Linux machine that sync's (more or less)
what they need and then maybe put that where it could be seen from the web.
Others may have better ways to skin the cat.

Jon

On Thu, Sep 22, 2011 at 1:57 PM,  wrote:

>  We are getting a new product to report variances.  It is web-based but
> using LDAP to authenticate users.  The way it works is that a person can log
> a variance anonymously  but then directors can use their AD credentials to
> log in and report their findings.
> My issue is that they want my two LDAP servers (which are my dc's) to have
> a public IP address.  Even with ACL and security, I am very uncomfortable
> with having my DC's be "visible" on the 'net.  From past experience of
> scanning my firewall logs, I know that a lot of times, hackers (or script
> kiddies) just use a range of public IP's to scan for vulnerabilities.
> Am I being unduly alarmist in my concern?  Do other organizations attach a
> public IP to their LDAP servers?
> Thanks for any opinions you can give me.  I have no problem going back to
> the people involved and saying ' I was wrong.'  OTOH, I also have no problem
> telling them no way, you need to come up with a work around.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: LDAP\DC with a public IP

[Ben Scott]

On Thu, Sep 22, 2011 at 6:53 PM, Brian Desmond  wrote:
>> You have an IP address on your private side that duplicates
>> their private net, and you're connected to them via some kind
>> of VPN or other secure router, so you do a one-to-one static
>> NAT between your private net and some other private net that
>> they're not using.
>
> Yes that's exactly what I was describing. That doesn't usually
> come to mind in the same thought as "cloud" though.

  "Cloud" means whatever the speaker wants it to, these days.  :)  But
I don't even see this one as much of a stretch: If the provider has a
big net of distributed datacenters, and you're outsourcing some
service to that, and the provider gives you a VPN box to make the
link, that still seems pretty cloud-ish to me.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: LDAP\DC with a public IP

[Brian Desmond]

Yes that's exactly what I was describing. That doesn't usually come to mind in 
the same thought as "cloud" though. 

Thanks,
Brian Desmond
br...@briandesmond.com

w - 312.625.1438 | c   - 312.731.3132


-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com] 
Sent: Thursday, September 22, 2011 5:50 PM
To: NT System Admin Issues
Subject: Re: LDAP\DC with a public IP

On Thu, Sep 22, 2011 at 6:17 PM, Brian Desmond  wrote:
> I'm rather lost now. How is doing this double NAT going to help you in 
> a typical cloud scenario? Usually you do this type of thing with a 
> direct link to a business partner/supplier.

  You have an IP address on your private side that duplicates their private 
net, and you're connected to them via some kind of VPN or other secure router, 
so you do a one-to-one static NAT between your private net and some other 
private net that they're not using.

  That's what I imagine, anyway.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: LDAP\DC with a public IP

[Ben Scott]

On Thu, Sep 22, 2011 at 6:17 PM, Brian Desmond  wrote:
> I’m rather lost now. How is doing this double NAT going to help you in a
> typical cloud scenario? Usually you do this type of thing with a direct link
> to a business partner/supplier.

  You have an IP address on your private side that duplicates their
private net, and you're connected to them via some kind of VPN or
other secure router, so you do a one-to-one static NAT between your
private net and some other private net that they're not using.

  That's what I imagine, anyway.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: App compatability continues

[Kurt Buff]

1) What is the difference between your account and the user account
with admin privileges?

2) What happens if you make user admin, try it once, it fails, log off
and try again as user with admin?

On Thu, Sep 22, 2011 at 14:42, David Lum  wrote:
> Revisiting this one today, check this out.
>
>
>
> Log into RDS as standard user, try to launch this app and get “Run-time
> error ‘70’: Permission denied” (same error I have been battling).
>
> Log that user off, make said user local admin, repeat the sequence fully
> expecting the error to go away. Nope, same error
>
> Log in as myself, log into app as the standard user, application now works
> (as has been the case)
>
> Log off, log in as standard user, launch app as standard user, application
> now works
>
>
>
> Looking up the error, it appears to be a DCOM thing, but running the DCOM
> config tool doesn’t help me as nothing jumps out at me to change…
>
>
>
> 
>
>
>
> Dave
>
>
>
> From: David Lum [mailto:david@nwea.org]
> Sent: Wednesday, September 14, 2011 10:29 AM
> To: NT System Admin Issues
> Subject: RE: App compatability
>
>
>
> Looking at this error further, it tells me just *opening* this key
> (operation is RegOpenKeyExA) is a problem for a standard user.
>
> HKLM\System\CurrentControlSet\Services\WinSock2\Parameters
>
> “Fails as standard user and succeeded with full admin permissions”
>
>
>
> With this app  - it’s on RDS - if I log in as local admin and launch it, it
> runs fine. If a standard users tried to launch it any time after I have
> fired it up (and even if I have opened then closed it), it works too, so
> it’s as if there’s some dependent service that fires up when initially
> launched.
>
>
>
> Bizarro info #2, rebooting the server after making the app work by me
> logging in…the app still works for a standard user even if I don’t log in
> after the reboot, yet after some undetermined amount of time (days) it
> “breaks” again. This sucks because I can’t break the app on demand. When it
> breaks what the users sees is they launch the app and they get “Error 20 –
> access is denied” after trying to login to it (credentials are specific to
> the app, which come to think of it talks to a DB on a different machine).
>
>
>
> This app has a dependency on Mozilla, but the users have access to the
> relevant Mozilla folders.
>
>
>
> Any guesses?
>
>
>
> Dave
>
>
>
> From: David Lum [mailto:david@nwea.org]
> Sent: Monday, September 12, 2011 9:09 AM
> To: NT System Admin Issues
> Subject: RE: App compatability
>
>
>
> Ok cool, thanks!
>
>
>
> From: Brian Desmond [mailto:br...@briandesmond.com]
> Sent: Monday, September 12, 2011 8:40 AM
> To: NT System Admin Issues
> Subject: RE: App compatability
>
>
>
> Shouldn’t be any reason you can’t build and install a shim there.
>
>
>
> Thanks,
>
> Brian Desmond
>
> br...@briandesmond.com
>
>
>
> c   – 312.731.3132
>
>
>
> From: David Lum [mailto:david@nwea.org]
> Sent: Monday, September 12, 2011 10:29 AM
> To: NT System Admin Issues
> Subject: RE: App compatability
>
>
>
> Whoa I omitted that this is for a 2008 R2 RDS application server, does that
> change things?
>
>
>
> From: Brian Desmond [mailto:br...@briandesmond.com]
> Sent: Monday, September 12, 2011 8:22 AM
> To: NT System Admin Issues
> Subject: RE: App compatability
>
>
>
> No, the second one you just need to build the shim with the AppCompat
> toolkit.
>
>
>
> Thanks,
>
> Brian Desmond
>
> br...@briandesmond.com
>
>
>
> c   – 312.731.3132
>
>
>
> From: Crawford, Scott [mailto:crawfo...@evangel.edu]
> Sent: Monday, September 12, 2011 10:09 AM
> To: NT System Admin Issues
> Subject: RE: App compatability
>
>
>
> Standard users already have read access to that key.
>
>
>
> Registry virtualization is automatically on in Windows 7 with UAC enabled.
>
>
>
> From: David Lum [mailto:david@nwea.org]
> Sent: Monday, September 12, 2011 9:43 AM
> To: NT System Admin Issues
> Subject: App compatability
>
>
>
> Using LUA Biglight which helps show what apps need permissions to run as a
> standard user and not admin, it points to the following key:
>
> HKLM\System\CurrentControlSet\Services\WinSock2\Parameters
>
>
>
> Solutions include “registry virtualization, the VirtualRegistry shim, as a
> last resort, loosen permissions”. The first two involve the developer doing
> something right?
>
>
>
> How much of a security hole is it  if I allow read access by Domain Users?
>
> David Lum
> Systems Engineer // NWEATM
> Office 503.548.5229 // Cell (voice/text) 503.267.9764
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To man

RE: LDAP\DC with a public IP

[Brian Desmond]

I'm rather lost now. How is doing this double NAT going to help you in a 
typical cloud scenario? Usually you do this type of thing with a direct link to 
a business partner/supplier.

Thanks,
Brian Desmond
br...@briandesmond.com

w - 312.625.1438 | c   - 312.731.3132

From: pdw1...@hotmail.com [mailto:pdw1...@hotmail.com]
Sent: Thursday, September 22, 2011 3:01 PM
To: NT System Admin Issues
Subject: RE: LDAP\DC with a public IP

Cloud.
They explain further on that they have a lot of clients, some of whom may use 
the same private IP so to prevent "overlap" (in their words) they want our 
private IP natted.  I've done this with GE and Philips because they're so large 
they have over-lapping private IP's, too. However, when they requested it, they 
gave me another private ip.  For example, nat your 192.168.x.x to 192.168.40.1 
or something like that.
Apparently, this company doesn't do that but just uses the public IP as a 
reference.

From: lilst...@fnal.gov
To: 
ntsysadmin@lyris.sunbelt-software.com
Date: Thu, 22 Sep 2011 13:22:21 -0500
Subject: RE: LDAP\DC with a public IP
Is the "new product" cloud based or internal? If internal I can't see why you 
would need your DCs/LDAP servers to be available to the public internet. If 
cloud based just open up to the IP of the server in the cloud to allow 
authentication.

And insist on LDAP over SSL.

al

--
Al Lilianstrom
CD/LSC/SOS/ES
lilst...@fnal.gov

From: pdw1...@hotmail.com 
[mailto:pdw1...@hotmail.com]
Sent: Thursday, September 22, 2011 12:58 PM
To: NT System Admin Issues
Subject: LDAP\DC with a public IP

We are getting a new product to report variances.  It is web-based but using 
LDAP to authenticate users.  The way it works is that a person can log a 
variance anonymously  but then directors can use their AD credentials to log in 
and report their findings.
My issue is that they want my two LDAP servers (which are my dc's) to have a 
public IP address.  Even with ACL and security, I am very uncomfortable with 
having my DC's be "visible" on the 'net.  From past experience of scanning my 
firewall logs, I know that a lot of times, hackers (or script kiddies) just use 
a range of public IP's to scan for vulnerabilities.
Am I being unduly alarmist in my concern?  Do other organizations attach a 
public IP to their LDAP servers?
Thanks for any opinions you can give me.  I have no problem going back to the 
people involved and saying ' I was wrong.'  OTOH, I also have no problem 
telling them no way, you need to come up with a work around.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: OT:Age Discrimination in IT

[Daniel Evensen]

I try to focus on the items that can be changed. My health, I  walk 50 miles a 
month, dye my hair, am the correct weight for my height, and I dress to fit the 
corporate environment, etc. I try to keep abreast of new technologies and I am 
going to start attending local user group meetings.  When I was at EDS now HP I 
remember being told they turned a applicant away because he did not dress like 
them and they felt uncomfortable.
I can not change the current National employment crisis, our countries 
viewpoints on age etc. They can figure your age by the dates of college 
graduation and employment history so that is one reason Andrews advice was spot 
on.

Daniel Evensen

  - Original Message - 
  From: David 
  To: NT System Admin Issues 
  Sent: Thursday, September 22, 2011 5:15 PM
  Subject: Re: OT:Age Discrimination in IT


  I'm about your age and had similar experiences.  I've ended up doing a 
combination of consluting and some pre-existing private clients.  Hell, I've 
thought about investing in some of the gray-away stuff for what hair I have 
left.




  On Thu, Sep 22, 2011 at 1:45 PM, Don Holstrom  wrote:

I am 63, and seeing this. I don’t even hear back from firms to whom I 
apply. I have been a full, sole IT director with no help at two different firms 
for a dozen years. But I don’t want to lie or cut short my resume, don’t want 
to waste time interviewing at firms that don’t want an oldster…



From: Jon Harris [mailto:jk.har...@gmail.com] 
Sent: Tuesday, September 20, 2011 6:23 PM
To: NT System Admin Issues
Subject: Re: OT:Age Discrimination in IT



Amen and +1 on this.  Having gone through this two years ago most of the 
applicants I was competing against were in the sub 35 age range and when ever I 
got an interview the major questions were about pay and how low I would go, and 
a lot less on skills.  I know at least one place I did not get an interview but 
an insider told me they only hired those right out of college or high school as 
they did not want anyone questioning the management staff about decisions.



Jon

On Tue, Sep 20, 2011 at 9:40 AM, Erik Goldoff  wrote:

one issue related to age discrimination has to do with salary expectations, 
and that the young bucks just out of schooling have less responsibility, less 
expenses, and therefore will accept lower salaries implying that the older 
applicants automatically would not accept as low a salary, costing too much, 
and therefore excluded.



On Tue, Sep 20, 2011 at 8:22 AM, Daniel Evensen  wrote:

Age Discrimination in IT: I have read several articles online that states 
that age Discrimination in IT is more prevalent than in other fields. Question, 
do you find this true or false? If you find it true how do you handle it? 

I am a former NT System Administrator that was semi-retired and that wants 
to return to the IT field after a 10 year absence. Financially, I do not need 
to work but want to. I feel that the fact my health at 52 is excellent, am at 
the right weight etc, will be a plus in my favor. 



Daniel Evensen

Former NT System Administrator

EDS

Belltech.logix

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin




  -- 
  David

  _

  "The real danger is the gradual erosion of individual liberties through the 
automation, integration, and interconnection of many small, separate 
record-keeping systems, each of which alone may seem innocuous, even 
benevolent, and wholly justifiable."  

  The Report of the Privacy Protection Study Commission, 1977


  ~ Finally, powerful endpoint security that ISN'T a resou

RE: App compatability continues

[David Lum]

Revisiting this one today, check this out.

Log into RDS as standard user, try to launch this app and get "Run-time error 
'70': Permission denied" (same error I have been battling).
Log that user off, make said user local admin, repeat the sequence fully 
expecting the error to go away. Nope, same error
Log in as myself, log into app as the standard user, application now works (as 
has been the case)
Log off, log in as standard user, launch app as standard user, application now 
works

Looking up the error, it appears to be a DCOM thing, but running the DCOM 
config tool doesn't help me as nothing jumps out at me to change...



Dave

From: David Lum [mailto:david@nwea.org]
Sent: Wednesday, September 14, 2011 10:29 AM
To: NT System Admin Issues
Subject: RE: App compatability

Looking at this error further, it tells me just *opening* this key (operation 
is RegOpenKeyExA) is a problem for a standard user.
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters
"Fails as standard user and succeeded with full admin permissions"

With this app  - it's on RDS - if I log in as local admin and launch it, it 
runs fine. If a standard users tried to launch it any time after I have fired 
it up (and even if I have opened then closed it), it works too, so it's as if 
there's some dependent service that fires up when initially launched.

Bizarro info #2, rebooting the server after making the app work by me logging 
in...the app still works for a standard user even if I don't log in after the 
reboot, yet after some undetermined amount of time (days) it "breaks" again. 
This sucks because I can't break the app on demand. When it breaks what the 
users sees is they launch the app and they get "Error 20 - access is denied" 
after trying to login to it (credentials are specific to the app, which come to 
think of it talks to a DB on a different machine).

This app has a dependency on Mozilla, but the users have access to the relevant 
Mozilla folders.

Any guesses?

Dave

From: David Lum [mailto:david@nwea.org]
Sent: Monday, September 12, 2011 9:09 AM
To: NT System Admin Issues
Subject: RE: App compatability

Ok cool, thanks!

From: Brian Desmond [mailto:br...@briandesmond.com]
Sent: Monday, September 12, 2011 8:40 AM
To: NT System Admin Issues
Subject: RE: App compatability

Shouldn't be any reason you can't build and install a shim there.

Thanks,
Brian Desmond
br...@briandesmond.com

c   - 312.731.3132

From: David Lum [mailto:david@nwea.org]
Sent: Monday, September 12, 2011 10:29 AM
To: NT System Admin Issues
Subject: RE: App compatability

Whoa I omitted that this is for a 2008 R2 RDS application server, does that 
change things?

From: Brian Desmond 
[mailto:br...@briandesmond.com]
Sent: Monday, September 12, 2011 8:22 AM
To: NT System Admin Issues
Subject: RE: App compatability

No, the second one you just need to build the shim with the AppCompat toolkit.

Thanks,
Brian Desmond
br...@briandesmond.com

c   - 312.731.3132

From: Crawford, Scott 
[mailto:crawfo...@evangel.edu]
Sent: Monday, September 12, 2011 10:09 AM
To: NT System Admin Issues
Subject: RE: App compatability

Standard users already have read access to that key.

Registry virtualization is automatically on in Windows 7 with UAC enabled.

From: David Lum [mailto:david@nwea.org]
Sent: Monday, September 12, 2011 9:43 AM
To: NT System Admin Issues
Subject: App compatability

Using LUA Biglight which helps show what apps need permissions to run as a 
standard user and not admin, it points to the following key:
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters

Solutions include "registry virtualization, the VirtualRegistry shim, as a last 
resort, loosen permissions". The first two involve the developer doing 
something right?

How much of a security hole is it  if I allow read access by Domain Users?
David Lum
Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: OT:Age Discrimination in IT

[Steven Peck]

Ya, but that A+ still hangs in there :)

On Thu, Sep 22, 2011 at 2:31 PM, David Lum  wrote:

> LOL, I took CNE (the little Novell cert) off my resume a few years ago..
>
> -Original Message-
> From: Ben Scott [mailto:mailvor...@gmail.com]
> Sent: Thursday, September 22, 2011 2:25 PM
> To: NT System Admin Issues
> Subject: Re: OT:Age Discrimination in IT
>
> On Thu, Sep 22, 2011 at 5:18 PM,  wrote:
> > You mean my NT4 MCSE should be removed from my CV?
> > I thought that was my killer qualification :-)
>
>  What no CNE?
>
> -- Ben
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <
> http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: OT:Age Discrimination in IT

[David Lum]

LOL, I took CNE (the little Novell cert) off my resume a few years ago..

-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com] 
Sent: Thursday, September 22, 2011 2:25 PM
To: NT System Admin Issues
Subject: Re: OT:Age Discrimination in IT

On Thu, Sep 22, 2011 at 5:18 PM,  wrote:
> You mean my NT4 MCSE should be removed from my CV?
> I thought that was my killer qualification :-)

  What no CNE?

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Remote Desktop App recommendation?

[James Hill]

http://itap-mobile.com/itap-rdp

Supports RD Gateway.  I haven't used it for a while(7 months +) but hopefully 
the performance has improved.  It was very slow on an iphone and slow on an 
ipad at the time.  Particularly when compared to comparable products for 
Android.

Always found it amusing that you can get apps for Android, ios etc that support 
RD Gateway but nothing exists for OSX.

From: Ralph Smith [mailto:m...@gatewayindustries.org]
Sent: Thursday, 22 September 2011 11:37 PM
To: NT System Admin Issues
Subject: Remote Desktop App recommendation?

It seems like I saw this asked and answered here before but I can't find the 
thread:
Anybody using a Remote Desktop app for iPad 2 that you can recommend that works 
with Windows Server 2003, 2008 R2 and Remote Desktop Gateway?

My CEO was just issued an iPad through another agency for which she serves on 
the board, and she wants to use it this way.  This is the first time I've 
actually touched an iPad.  I downloaded the free Remote Desktop Lite, but 
apparently Mochasofts's remote desktop products can't be used with Windows 
Servers.  Read a bunch of reviews and am considering trying either Antecea Easy 
Connect or Wyse PocketCloud, but there's a lot of choices and am hoping to get 
a trusted recommendation from the list.

Thanks,

Ralph

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: OT:Age Discrimination in IT

[Ben Scott]

On Thu, Sep 22, 2011 at 5:18 PM,  wrote:
> You mean my NT4 MCSE should be removed from my CV?
> I thought that was my killer qualification :-)

  What no CNE?

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: OT:Age Discrimination in IT

[kz20fl]

You mean my NT4 MCSE should be removed from my CV? I thought that was my killer 
qualification :-)

Sent from my POS BlackBerry  wireless device, which may wipe itself at any 
moment

-Original Message-
From: "Andrew S. Baker" 
Date: Thu, 22 Sep 2011 17:11:42 
To: NT System Admin Issues
Reply-To: "NT System Admin Issues" 
Subject: Re: OT:Age Discrimination in IT

Regardless of ones age, anything on the resume that goes back more than
10-12 years is of limited value, unless you're in the same organization as
you were a decade ago.

Beyond that, technology professionals are best served by networking into
roles.  Knowing people who can get you in front of a hiring manager removes
75% of the barriers you will encounter.


* *

*ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of
Technology for the SMB market…

*



On Thu, Sep 22, 2011 at 4:45 PM, Don Holstrom  wrote:

> I am 63, and seeing this. I don’t even hear back from firms to whom I
> apply. I have been a full, sole IT director with no help at two different
> firms for a dozen years. But I don’t want to lie or cut short my resume,
> don’t want to waste time interviewing at firms that don’t want an oldster…
> 
>
> ** **
>
> *From:* Jon Harris [mailto:jk.har...@gmail.com]
> *Sent:* Tuesday, September 20, 2011 6:23 PM
>
> *To:* NT System Admin Issues
> *Subject:* Re: OT:Age Discrimination in IT
>
> ** **
>
> Amen and +1 on this.  Having gone through this two years ago most of the
> applicants I was competing against were in the sub 35 age range and when
> ever I got an interview the major questions were about pay and how low I
> would go, and a lot less on skills.  I know at least one place I did not get
> an interview but an insider told me they only hired those right out of
> college or high school as they did not want anyone questioning the
> management staff about decisions.
>
>  
>
> Jon
>
> On Tue, Sep 20, 2011 at 9:40 AM, Erik Goldoff  wrote:*
> ***
>
> one issue related to age discrimination has to do with salary expectations,
> and that the young bucks just out of schooling have less responsibility,
> less expenses, and therefore will accept lower salaries implying that
> the older applicants automatically would not accept as low a salary, costing
> too much, and therefore excluded.
>
> ** **
>
> On Tue, Sep 20, 2011 at 8:22 AM, Daniel Evensen  wrote:**
> **
>
> Age Discrimination in IT: I have read several articles online that states
> that age Discrimination in IT is more prevalent than in other fields.
> Question, do you find this true or false? If you find it true how do you
> handle it? 
>
> I am a former NT System Administrator that was semi-retired and that wants
> to return to the IT field after a 10 year absence. Financially, I do not
> need to work but want to. I feel that the fact my health at 52 is excellent,
> am at the right weight etc, will be a plus in my favor. 
>
>  
>
> Daniel Evensen
>
> Former NT System Administrator
>
> EDS
>
> Belltech.logix
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: OT:Age Discrimination in IT

[David]

I'm about your age and had similar experiences.  I've ended up doing a
combination of consluting and some pre-existing private clients.  Hell, I've
thought about investing in some of the gray-away stuff for what hair I have
left.



On Thu, Sep 22, 2011 at 1:45 PM, Don Holstrom  wrote:

> I am 63, and seeing this. I don’t even hear back from firms to whom I
> apply. I have been a full, sole IT director with no help at two different
> firms for a dozen years. But I don’t want to lie or cut short my resume,
> don’t want to waste time interviewing at firms that don’t want an oldster…
> 
>
> ** **
>
> *From:* Jon Harris [mailto:jk.har...@gmail.com]
> *Sent:* Tuesday, September 20, 2011 6:23 PM
> *To:* NT System Admin Issues
> *Subject:* Re: OT:Age Discrimination in IT
>
> ** **
>
> Amen and +1 on this.  Having gone through this two years ago most of the
> applicants I was competing against were in the sub 35 age range and when
> ever I got an interview the major questions were about pay and how low I
> would go, and a lot less on skills.  I know at least one place I did not get
> an interview but an insider told me they only hired those right out of
> college or high school as they did not want anyone questioning the
> management staff about decisions.
>
>  
>
> Jon
>
> On Tue, Sep 20, 2011 at 9:40 AM, Erik Goldoff  wrote:*
> ***
>
> one issue related to age discrimination has to do with salary expectations,
> and that the young bucks just out of schooling have less responsibility,
> less expenses, and therefore will accept lower salaries implying that
> the older applicants automatically would not accept as low a salary, costing
> too much, and therefore excluded.
>
> ** **
>
> On Tue, Sep 20, 2011 at 8:22 AM, Daniel Evensen  wrote:**
> **
>
> Age Discrimination in IT: I have read several articles online that states
> that age Discrimination in IT is more prevalent than in other fields.
> Question, do you find this true or false? If you find it true how do you
> handle it? 
>
> I am a former NT System Administrator that was semi-retired and that wants
> to return to the IT field after a 10 year absence. Financially, I do not
> need to work but want to. I feel that the fact my health at 52 is excellent,
> am at the right weight etc, will be a plus in my favor. 
>
>  
>
> Daniel Evensen
>
> Former NT System Administrator
>
> EDS
>
> Belltech.logix
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ** **
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ** **
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>



-- 
David

_

*"The real danger is the gradual erosion of individual liberties through the
automation, integration, and interconnection of many small, separate
record-keeping systems, each of which alone may seem innocuous, even
benevolent, and wholly justifiable."  *

The Report of the Privacy Protection Study Commission, 1977

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: OT:Age Discrimination in IT

[Andrew S. Baker]

Regardless of ones age, anything on the resume that goes back more than
10-12 years is of limited value, unless you're in the same organization as
you were a decade ago.

Beyond that, technology professionals are best served by networking into
roles.  Knowing people who can get you in front of a hiring manager removes
75% of the barriers you will encounter.


* *

*ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of
Technology for the SMB market…

*



On Thu, Sep 22, 2011 at 4:45 PM, Don Holstrom  wrote:

> I am 63, and seeing this. I don’t even hear back from firms to whom I
> apply. I have been a full, sole IT director with no help at two different
> firms for a dozen years. But I don’t want to lie or cut short my resume,
> don’t want to waste time interviewing at firms that don’t want an oldster…
> 
>
> ** **
>
> *From:* Jon Harris [mailto:jk.har...@gmail.com]
> *Sent:* Tuesday, September 20, 2011 6:23 PM
>
> *To:* NT System Admin Issues
> *Subject:* Re: OT:Age Discrimination in IT
>
> ** **
>
> Amen and +1 on this.  Having gone through this two years ago most of the
> applicants I was competing against were in the sub 35 age range and when
> ever I got an interview the major questions were about pay and how low I
> would go, and a lot less on skills.  I know at least one place I did not get
> an interview but an insider told me they only hired those right out of
> college or high school as they did not want anyone questioning the
> management staff about decisions.
>
>  
>
> Jon
>
> On Tue, Sep 20, 2011 at 9:40 AM, Erik Goldoff  wrote:*
> ***
>
> one issue related to age discrimination has to do with salary expectations,
> and that the young bucks just out of schooling have less responsibility,
> less expenses, and therefore will accept lower salaries implying that
> the older applicants automatically would not accept as low a salary, costing
> too much, and therefore excluded.
>
> ** **
>
> On Tue, Sep 20, 2011 at 8:22 AM, Daniel Evensen  wrote:**
> **
>
> Age Discrimination in IT: I have read several articles online that states
> that age Discrimination in IT is more prevalent than in other fields.
> Question, do you find this true or false? If you find it true how do you
> handle it? 
>
> I am a former NT System Administrator that was semi-retired and that wants
> to return to the IT field after a 10 year absence. Financially, I do not
> need to work but want to. I feel that the fact my health at 52 is excellent,
> am at the right weight etc, will be a plus in my favor. 
>
>  
>
> Daniel Evensen
>
> Former NT System Administrator
>
> EDS
>
> Belltech.logix
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: OT:Age Discrimination in IT

[Don Holstrom]

I am 63, and seeing this. I don't even hear back from firms to whom I apply.
I have been a full, sole IT director with no help at two different firms for
a dozen years. But I don't want to lie or cut short my resume, don't want to
waste time interviewing at firms that don't want an oldster.

 

From: Jon Harris [mailto:jk.har...@gmail.com] 
Sent: Tuesday, September 20, 2011 6:23 PM
To: NT System Admin Issues
Subject: Re: OT:Age Discrimination in IT

 

Amen and +1 on this.  Having gone through this two years ago most of the
applicants I was competing against were in the sub 35 age range and when
ever I got an interview the major questions were about pay and how low I
would go, and a lot less on skills.  I know at least one place I did not get
an interview but an insider told me they only hired those right out of
college or high school as they did not want anyone questioning the
management staff about decisions.

 

Jon

On Tue, Sep 20, 2011 at 9:40 AM, Erik Goldoff  wrote:

one issue related to age discrimination has to do with salary expectations,
and that the young bucks just out of schooling have less responsibility,
less expenses, and therefore will accept lower salaries implying that
the older applicants automatically would not accept as low a salary, costing
too much, and therefore excluded.

 

On Tue, Sep 20, 2011 at 8:22 AM, Daniel Evensen  wrote:

Age Discrimination in IT: I have read several articles online that states
that age Discrimination in IT is more prevalent than in other fields.
Question, do you find this true or false? If you find it true how do you
handle it? 

I am a former NT System Administrator that was semi-retired and that wants
to return to the IT field after a 10 year absence. Financially, I do not
need to work but want to. I feel that the fact my health at 52 is excellent,
am at the right weight etc, will be a plus in my favor. 

 

Daniel Evensen

Former NT System Administrator

EDS

Belltech.logix

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: LDAP\DC with a public IP

[pdw1914]

Cloud.
They explain further on that they have a lot of clients, some of whom may use 
the same private IP so to prevent "overlap" (in their words) they want our 
private IP natted.  I've done this with GE and Philips because they're so large 
they have over-lapping private IP's, too. However, when they requested it, they 
gave me another private ip.  For example, nat your 192.168.x.x to 192.168.40.1 
or something like that.  
Apparently, this company doesn't do that but just uses the public IP as a 
reference.

From: lilst...@fnal.gov
To: ntsysadmin@lyris.sunbelt-software.com
Date: Thu, 22 Sep 2011 13:22:21 -0500
Subject: RE: LDAP\DC with a public IP



Is the “new product” cloud based or internal? If internal I can’t see why you 
would need your DCs/LDAP servers to be available to the public internet. If 
cloud based just open up to the IP of the server in the cloud to allow 
authentication.  And insist on LDAP over SSL. al --Al 
LilianstromCD/LSC/SOS/eslilst...@fnal.gov From: pdw1...@hotmail.com 
[mailto:pdw1...@hotmail.com] 
Sent: Thursday, September 22, 2011 12:58 PM
To: NT System Admin Issues
Subject: LDAP\DC with a public IP We are getting a new product to report 
variances.  It is web-based but using LDAP to authenticate users.  The way it 
works is that a person can log a variance anonymously  but then directors can 
use their AD credentials to log in and report their findings.
My issue is that they want my two LDAP servers (which are my dc's) to have a 
public IP address.  Even with ACL and security, I am very uncomfortable with 
having my DC's be "visible" on the 'net.  From past experience of scanning my 
firewall logs, I know that a lot of times, hackers (or script kiddies) just use 
a range of public IP's to scan for vulnerabilities.
Am I being unduly alarmist in my concern?  Do other organizations attach a 
public IP to their LDAP servers?
Thanks for any opinions you can give me.  I have no problem going back to the 
people involved and saying ' I was wrong.'  OTOH, I also have no problem 
telling them no way, you need to come up with a work around.~ Finally, powerful 
endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~

~   ~



---

To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/

or send an email to listmana...@lyris.sunbeltsoftware.com

with the body: unsubscribe ntsysadmin   
  
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: LDAP\DC with a public IP

[pdw1914]

Quantros

Date: Thu, 22 Sep 2011 14:18:53 -0400
Subject: Re: LDAP\DC with a public IP
From: rich...@gmail.com
To: ntsysadmin@lyris.sunbelt-software.com

Out of curiosity, can you tell us the name of the product?


On Thu, Sep 22, 2011 at 1:57 PM,  wrote:



We are getting a new product to report variances.  It is web-based but using 
LDAP to authenticate users.  The way it works is that a person can log a 
variance anonymously  but then directors can use their AD credentials to log in 
and report their findings.

My issue is that they want my two LDAP servers (which are my dc's) to have a 
public IP address.  Even with ACL and security, I am very uncomfortable with 
having my DC's be "visible" on the 'net.  From past experience of scanning my 
firewall logs, I know that a lot of times, hackers (or script kiddies) just use 
a range of public IP's to scan for vulnerabilities.

Am I being unduly alarmist in my concern?  Do other organizations attach a 
public IP to their LDAP servers?
Thanks for any opinions you can give me.  I have no problem going back to the 
people involved and saying ' I was wrong.'  OTOH, I also have no problem 
telling them no way, you need to come up with a work around.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com

with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~

~   ~



---

To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/

or send an email to listmana...@lyris.sunbeltsoftware.com

with the body: unsubscribe ntsysadmin   
  
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: LDAP\DC with a public IP

[Brian Desmond]

This comes up every now and then. Before the various federation technologies 
became prevalent it was a lot more common, but now not so much. Generally what 
you do is publish the LDAPS or GC/S port with an ACL that restricts source IPs. 
If the app can't failover between a couple of names then you have to put the 
DCs behind a load balancer.

If you really don't want to do it (which I can understand), an alternative is 
an AD LDS instance with bind proxies to your AD. Publish LDAPS from AD LDS and 
that will get you the desired effect.

Thanks,
Brian Desmond
br...@briandesmond.com

w - 312.625.1438 | c   - 312.731.3132

From: pdw1...@hotmail.com [mailto:pdw1...@hotmail.com]
Sent: Thursday, September 22, 2011 12:58 PM
To: NT System Admin Issues
Subject: LDAP\DC with a public IP

We are getting a new product to report variances.  It is web-based but using 
LDAP to authenticate users.  The way it works is that a person can log a 
variance anonymously  but then directors can use their AD credentials to log in 
and report their findings.
My issue is that they want my two LDAP servers (which are my dc's) to have a 
public IP address.  Even with ACL and security, I am very uncomfortable with 
having my DC's be "visible" on the 'net.  From past experience of scanning my 
firewall logs, I know that a lot of times, hackers (or script kiddies) just use 
a range of public IP's to scan for vulnerabilities.
Am I being unduly alarmist in my concern?  Do other organizations attach a 
public IP to their LDAP servers?
Thanks for any opinions you can give me.  I have no problem going back to the 
people involved and saying ' I was wrong.'  OTOH, I also have no problem 
telling them no way, you need to come up with a work around.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: LDAP\DC with a public IP

[Paul Hutchings]

Are you sure that's what they're asking, and that they aren't simply asking to 
have ldap access from some external IP address range which you'd provide via an 
inbound firewall rule with an ACL and NAT so that only their specific IP 
addresses can authenticate?

Not sure I'd be too comfortable with either, but the latter is much better than 
the former IMO.

From: pdw1...@hotmail.com [pdw1...@hotmail.com]
Sent: 22 September 2011 6:57 PM
To: NT System Admin Issues
Subject: LDAP\DC with a public IP

We are getting a new product to report variances.  It is web-based but using 
LDAP to authenticate users.  The way it works is that a person can log a 
variance anonymously  but then directors can use their AD credentials to log in 
and report their findings.
My issue is that they want my two LDAP servers (which are my dc's) to have a 
public IP address.  Even with ACL and security, I am very uncomfortable with 
having my DC's be "visible" on the 'net.  From past experience of scanning my 
firewall logs, I know that a lot of times, hackers (or script kiddies) just use 
a range of public IP's to scan for vulnerabilities.
Am I being unduly alarmist in my concern?  Do other organizations attach a 
public IP to their LDAP servers?
Thanks for any opinions you can give me.  I have no problem going back to the 
people involved and saying ' I was wrong.'  OTOH, I also have no problem 
telling them no way, you need to come up with a work around.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

--
MIRA Ltd

Watling Street, Nuneaton, Warwickshire, CV10 0TU, England
Registered in England and Wales No. 402570
VAT Registration  GB 100 1464 84

The contents of this e-mail are confidential and are solely for the use of the 
intended recipient.  If you receive this e-mail in error, please delete it and 
notify us either by e-mail, telephone or fax.  You should not copy, forward or 
otherwise disclose the content of the e-mail as this is prohibited.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: LDAP\DC with a public IP

[Al Lilianstrom]

Is the "new product" cloud based or internal? If internal I can't see why you 
would need your DCs/LDAP servers to be available to the public internet. If 
cloud based just open up to the IP of the server in the cloud to allow 
authentication.

And insist on LDAP over SSL.

al

--
Al Lilianstrom
CD/LSC/SOS/ES
lilst...@fnal.gov

From: pdw1...@hotmail.com [mailto:pdw1...@hotmail.com]
Sent: Thursday, September 22, 2011 12:58 PM
To: NT System Admin Issues
Subject: LDAP\DC with a public IP

We are getting a new product to report variances.  It is web-based but using 
LDAP to authenticate users.  The way it works is that a person can log a 
variance anonymously  but then directors can use their AD credentials to log in 
and report their findings.
My issue is that they want my two LDAP servers (which are my dc's) to have a 
public IP address.  Even with ACL and security, I am very uncomfortable with 
having my DC's be "visible" on the 'net.  From past experience of scanning my 
firewall logs, I know that a lot of times, hackers (or script kiddies) just use 
a range of public IP's to scan for vulnerabilities.
Am I being unduly alarmist in my concern?  Do other organizations attach a 
public IP to their LDAP servers?
Thanks for any opinions you can give me.  I have no problem going back to the 
people involved and saying ' I was wrong.'  OTOH, I also have no problem 
telling them no way, you need to come up with a work around.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: LDAP\DC with a public IP

[Richard Stovall]

Out of curiosity, can you tell us the name of the product?

On Thu, Sep 22, 2011 at 1:57 PM,  wrote:

>  We are getting a new product to report variances.  It is web-based but
> using LDAP to authenticate users.  The way it works is that a person can log
> a variance anonymously  but then directors can use their AD credentials to
> log in and report their findings.
> My issue is that they want my two LDAP servers (which are my dc's) to have
> a public IP address.  Even with ACL and security, I am very uncomfortable
> with having my DC's be "visible" on the 'net.  From past experience of
> scanning my firewall logs, I know that a lot of times, hackers (or script
> kiddies) just use a range of public IP's to scan for vulnerabilities.
> Am I being unduly alarmist in my concern?  Do other organizations attach a
> public IP to their LDAP servers?
> Thanks for any opinions you can give me.  I have no problem going back to
> the people involved and saying ' I was wrong.'  OTOH, I also have no problem
> telling them no way, you need to come up with a work around.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: LDAP\DC with a public IP

[Kurt Buff]

On Thu, Sep 22, 2011 at 10:57,   wrote:
> We are getting a new product to report variances.  It is web-based but using
> LDAP to authenticate users.  The way it works is that a person can log a
> variance anonymously  but then directors can use their AD credentials to log
> in and report their findings.
> My issue is that they want my two LDAP servers (which are my dc's) to have a
> public IP address.  Even with ACL and security, I am very uncomfortable with
> having my DC's be "visible" on the 'net.  From past experience of scanning
> my firewall logs, I know that a lot of times, hackers (or script kiddies)
> just use a range of public IP's to scan for vulnerabilities.
> Am I being unduly alarmist in my concern?  Do other organizations attach a
> public IP to their LDAP servers?
> Thanks for any opinions you can give me.  I have no problem going back to
> the people involved and saying ' I was wrong.'  OTOH, I also have no problem
> telling them no way, you need to come up with a work around.

I don't think you're out of line in your concerns.

I'd take a look at ADFS, or some similar technology.

Having said that, I don't have any experience with this kind of thing,
and would also advise you to do the appropriate research before taking
my word that ADFS will solve your problem.


Kurt

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

LDAP\DC with a public IP

[pdw1914]

We are getting a new product to report variances.  It is web-based but using 
LDAP to authenticate users.  The way it works is that a person can log a 
variance anonymously  but then directors can use their AD credentials to log in 
and report their findings.
My issue is that they want my two LDAP servers (which are my dc's) to have a 
public IP address.  Even with ACL and security, I am very uncomfortable with 
having my DC's be "visible" on the 'net.  From past experience of scanning my 
firewall logs, I know that a lot of times, hackers (or script kiddies) just use 
a range of public IP's to scan for vulnerabilities.
Am I being unduly alarmist in my concern?  Do other organizations attach a 
public IP to their LDAP servers?
Thanks for any opinions you can give me.  I have no problem going back to the 
people involved and saying ' I was wrong.'  OTOH, I also have no problem 
telling them no way, you need to come up with a work around.
  
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Public time sources

[Kurt Buff]

us.pool.ntp.org

On Thu, Sep 22, 2011 at 08:05, Tom Miller  wrote:
> Folks,
>
> I am reconfiguring my time providers for my AD servers.  What are you using
> for your public time sources?
>
> Thanks
> Tom
>
> Confidentiality Notice: This e-mail message, including attachments, is for
> the sole use of the intended recipient(s) and may contain confidential and
> privileged information. Any unauthorized review, use, disclosure, or
> distribution is prohibited. If you are not the intended recipient, please
> contact the sender by reply e-mail and destroy all copies of the original
> message.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Public time sources

[Steven Peck]

Our network team has a multiple time sources.  All of our WIndows Systems
are pointed at the DC's and the PDC uses the in house network routers as the
time source.  The UNIX system uses them as well.  This way all of our
systems are consistent with each other.

On Thu, Sep 22, 2011 at 9:51 AM, Guyer, Don  wrote:

> ……..and they’re only concerned about having clocks synchronized during
> hockey season……
>
> ** **
>
> **waiting**
>
> ** **
>
> *Don Guyer*
>
> Windows Systems Engineer
>
> RIM Operations Engineering Distributed – A Team, Tier 2
>
> Enterprise Technology Group
>
> *Fiserv*
>
> don.gu...@fiserv.com
>
> Office: 1-800-523-7282 x 1673
>
> Fax: 610-233-0404
>
> www.fiserv.com
>
> [image: Description: Frog Signature]
>
> ** **
>
> *From:* James Kerr [mailto:cluster...@gmail.com]
> *Sent:* Thursday, September 22, 2011 12:33 PM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Public time sources
>
> ** **
>
> We just use the US pool because I don't trust that aggressor nation to the
> north.
>
> James
>
> On Thu, Sep 22, 2011 at 11:39 AM, John Cook  wrote:***
> *
>
> We use the north America pool. 
>
>  
>
> *From:* Ben Schorr [mailto:b...@rolandschorr.com]
> *Sent:* Thursday, September 22, 2011 11:08 AM
>
>
> *To:* NT System Admin Issues
>
> *Subject:* RE: Public time sources
>
>  
>
> Pool.ntp.org.
>
> You can use one of the regional sub-domains if you want (
> north-america.pool.ntp.org is one I think) but I just don’t want to type
> that much. J
>
> Ben M. Schorr
>
> Roland Schorr & Tower
>
> www.rolandschorr.com | www.officeforlawyers.com | Twitter: @bschorr
>
>  
>
> *From:* Tom Miller [mailto:tmil...@hnncsb.org]
> *Sent:* Thursday, September 22, 2011 8:06
>
> *To:* NT System Admin Issues
> *Subject:* Public time sources
>
>  
>
> Folks,
>
>  
>
> I am reconfiguring my time providers for my AD servers.  What are you using
> for your public time sources?  
>
>  
>
> Thanks
>
> Tom
>
>  
>
> Confidentiality Notice: This e-mail message, including attachments, is for
> the sole use of the intended recipient(s) and may contain confidential and
> privileged information. Any unauthorized review, use, disclosure, or
> distribution is prohibited. If you are not the intended recipient, please
> contact the sender by reply e-mail and destroy all copies of the original
> message. 
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>
>
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ** **
> --
>
> CONFIDENTIALITY STATEMENT: The information transmitted, or contained or
> attached to or with this Notice is intended only for the person or entity to
> which it is addressed and may contain Protected Health Information (PHI),
> confidential and/or privileged material. Any review, transmission,
> dissemination, or other use of, and taking any action in reliance upon this
> information by persons or entities other than the intended recipient without
> the express written consent of the sender are prohibited. This information
> may be protected by the Health Insurance Portability and Accountability Act
> of 1996 (HIPAA), and other Federal and Florida laws. Improper or
> unauthorized use or disclosure of this information could result in civil
> and/or criminal penalties.
> Consider the environment. Please don't print this e-mail unless you really
> need to.
>
> This email and any attached files are confidential and intended solely for
> the intended recipient(s). If you are not the named recipient you should not
> read, distribute, copy or alter this email. Any views or opinions expressed
> in this email are those of the author and do not represent those of the
> company. Warning: Although precautions have been taken to make sure no
> viruses are present in this email, the company cannot accept responsibility
> for any loss or damage that arise from the use of this email or attachments.
> 
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ** **
>
> ~ Finally, powerful endpo

RE: Public time sources

[Guyer, Don]

and they're only concerned about having clocks synchronized
during hockey season..

 

*waiting*

 

Don Guyer

Windows Systems Engineer

RIM Operations Engineering Distributed - A Team, Tier 2

Enterprise Technology Group

Fiserv

don.gu...@fiserv.com

Office: 1-800-523-7282 x 1673

Fax: 610-233-0404

www.fiserv.com  

 

 

From: James Kerr [mailto:cluster...@gmail.com] 
Sent: Thursday, September 22, 2011 12:33 PM
To: NT System Admin Issues
Subject: Re: Public time sources

 

We just use the US pool because I don't trust that aggressor nation to
the north.

James

On Thu, Sep 22, 2011 at 11:39 AM, John Cook  wrote:

We use the north America pool. 

 

From: Ben Schorr [mailto:b...@rolandschorr.com] 
Sent: Thursday, September 22, 2011 11:08 AM


To: NT System Admin Issues

Subject: RE: Public time sources

 

Pool.ntp.org.

You can use one of the regional sub-domains if you want (
north-america.pool.ntp.org is one I think) but I just don't want to type
that much. J

Ben M. Schorr

Roland Schorr & Tower

www.rolandschorr.com | www.officeforlawyers.com | Twitter: @bschorr

 

From: Tom Miller [mailto:tmil...@hnncsb.org] 
Sent: Thursday, September 22, 2011 8:06
To: NT System Admin Issues
Subject: Public time sources

 

Folks,

 

I am reconfiguring my time providers for my AD servers.  What are you
using for your public time sources?  

 

Thanks

Tom

 

Confidentiality Notice: This e-mail message, including attachments, is
for the sole use of the intended recipient(s) and may contain
confidential and privileged information. Any unauthorized review, use,
disclosure, or distribution is prohibited. If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all
copies of the original message. 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~


~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 



CONFIDENTIALITY STATEMENT: The information transmitted, or contained or
attached to or with this Notice is intended only for the person or
entity to which it is addressed and may contain Protected Health
Information (PHI), confidential and/or privileged material. Any review,
transmission, dissemination, or other use of, and taking any action in
reliance upon this information by persons or entities other than the
intended recipient without the express written consent of the sender are
prohibited. This information may be protected by the Health Insurance
Portability and Accountability Act of 1996 (HIPAA), and other Federal
and Florida laws. Improper or unauthorized use or disclosure of this
information could result in civil and/or criminal penalties.
Consider the environment. Please don't print this e-mail unless you
really need to.

This email and any attached files are confidential and intended solely
for the intended recipient(s). If you are not the named recipient you
should not read, distribute, copy or alter this email. Any views or
opinions expressed in this email are those of the author and do not
represent those of the company. Warning: Although precautions have been
taken to make sure no viruses are present in this email, the company
cannot accept responsibility for any loss or damage that arise from the
use of this email or attachments.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

RE: Public time sources

[David Lum]

It's really just geometry and knowing how fast light travels :-). Resolution is 
kinda important too...

Easier said than done of course, I mean computers are just flipping zeros and 
ones...sequence is kinda important too...

Dave

-Original Message-
From: Webster [mailto:webs...@carlwebster.com] 
Sent: Thursday, September 22, 2011 9:26 AM
To: NT System Admin Issues
Subject: RE: Public time sources

My son was a real rocket scientist for the USAF and did a bunch of work on the 
GPS satellites.  He told me if I ever had a spare 168 hours, he could explain 
in detail how GPS, GPS tracking, GPS time and GPS orbits really worked!  Never 
have taken him up on the offer.

Carl Webster
Consultant and Citrix Technology Professional http://www.CarlWebster.com

> -Original Message-
> From: Ben Scott [mailto:mailvor...@gmail.com]
> Subject: Re: Public time sources
> 
> On Thu, Sep 22, 2011 at 11:59 AM, Paul Hutchings 
>  wrote:
> > With my tinfoil hat on, do they take any steps to ensure the 
> > accuracy of your time if you choose to join the pool?
> 
>   The ntp.org pools consist of thousands of autonomous donor systems.
> Your level of assurance is proportional to the number of servers you 
> associate with.  Want a higher level of assurance?  Use more servers.
> Anyone lying to you will quickly be seen as out-of-sync and discarded.
>  At least, that's the way Delaware NTP works; I can't speak to 
> Microsoft's implementation.
> 
>   One can also use GPS as a highly-accurate time source (sub-second 
> accuracy).  I'm told implementation cost can be under $100.  So that's 
> an option for the truly demanding.  (GPS depends on time sync (each 
> satellite has an on-board atomic clock), so by definition any GPS 
> receiver has highly- accurate time.  Not all of them expose it in a 
> useful fashion, though.)


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Network Scanner Recommendation

[Jonathan Link]

How you take us is irrelevant.
On Thu, Sep 22, 2011 at 12:28 PM, James Kerr  wrote:

> Well, they have an existing SOHO flatbed, maybe they can use that just for
> DLs or I can get a couple of the mini scanners we use in our medical dept.
> for DLs and insurance cards and hook them up directly to their desktops.
> It's only money. Looks like I'm going to order the Scansnap N1800, cost is
> $1500. I take the NT sys-hiveminds recommendations seriously.
>
> James
>
>
> On Thu, Sep 22, 2011 at 12:18 PM, Ben Scott  wrote:
>
>> On Thu, Sep 22, 2011 at 11:44 AM, James Kerr 
>> wrote:
>> > One more question about the scansnap. Can it scan a drivers license?
>>
>>   Your cost just went up again.
>>
>> -- Ben
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Public time sources

[James Kerr]

We just use the US pool because I don't trust that aggressor nation to the
north.

James

On Thu, Sep 22, 2011 at 11:39 AM, John Cook  wrote:

> 
>
> We use the north America pool. 
>
> ** **
>
> *From:* Ben Schorr [mailto:b...@rolandschorr.com]
> *Sent:* Thursday, September 22, 2011 11:08 AM
>
> *To:* NT System Admin Issues
> *Subject:* RE: Public time sources
>
>  ** **
>
> Pool.ntp.org.
>
> You can use one of the regional sub-domains if you want (
> north-america.pool.ntp.org is one I think) but I just don’t want to type
> that much. J
>
> Ben M. Schorr
>
> Roland Schorr & Tower
>
> www.rolandschorr.com | www.officeforlawyers.com | Twitter: @bschorr
>
> ** **
>
> *From:* Tom Miller [mailto:tmil...@hnncsb.org]
> *Sent:* Thursday, September 22, 2011 8:06
> *To:* NT System Admin Issues
> *Subject:* Public time sources
>
> ** **
>
> Folks,
>
>  
>
> I am reconfiguring my time providers for my AD servers.  What are you using
> for your public time sources?  
>
>  
>
> Thanks
>
> Tom
>
> ** **
>
> Confidentiality Notice: This e-mail message, including attachments, is for
> the sole use of the intended recipient(s) and may contain confidential and
> privileged information. Any unauthorized review, use, disclosure, or
> distribution is prohibited. If you are not the intended recipient, please
> contact the sender by reply e-mail and destroy all copies of the original
> message. 
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> --
> CONFIDENTIALITY STATEMENT: The information transmitted, or contained or
> attached to or with this Notice is intended only for the person or entity to
> which it is addressed and may contain Protected Health Information (PHI),
> confidential and/or privileged material. Any review, transmission,
> dissemination, or other use of, and taking any action in reliance upon this
> information by persons or entities other than the intended recipient without
> the express written consent of the sender are prohibited. This information
> may be protected by the Health Insurance Portability and Accountability Act
> of 1996 (HIPAA), and other Federal and Florida laws. Improper or
> unauthorized use or disclosure of this information could result in civil
> and/or criminal penalties.
> Consider the environment. Please don't print this e-mail unless you really
> need to.
>
> This email and any attached files are confidential and intended solely for
> the intended recipient(s). If you are not the named recipient you should not
> read, distribute, copy or alter this email. Any views or opinions expressed
> in this email are those of the author and do not represent those of the
> company. Warning: Although precautions have been taken to make sure no
> viruses are present in this email, the company cannot accept responsibility
> for any loss or damage that arise from the use of this email or attachments.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Network Scanner Recommendation

[James Kerr]

Well, they have an existing SOHO flatbed, maybe they can use that just for
DLs or I can get a couple of the mini scanners we use in our medical dept.
for DLs and insurance cards and hook them up directly to their desktops.
It's only money. Looks like I'm going to order the Scansnap N1800, cost is
$1500. I take the NT sys-hiveminds recommendations seriously.

James

On Thu, Sep 22, 2011 at 12:18 PM, Ben Scott  wrote:

> On Thu, Sep 22, 2011 at 11:44 AM, James Kerr  wrote:
> > One more question about the scansnap. Can it scan a drivers license?
>
>   Your cost just went up again.
>
> -- Ben
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: IT: How to Tell Remotely what Service Pack (Office, and Windows) remote PC is running

[Erik Goldoff]

surprised no one went old school and recommended PSINFO  :)

On Wed, Sep 21, 2011 at 7:18 PM, Michael B. Smith wrote:

>  Yes, it can be done; but it’s a bit more challenging.
>
> ** **
>
> You have to be able to interrogate the remote system. That requires that
> either “remote management” be enabled in the client firewall, or that the
> “remote registry” service be enabled and its exception enabled in the client
> firewall.
>
> ** **
>
> Regards,
>
> ** **
>
> Michael B. Smith
>
> Consultant and Exchange MVP
>
> http://TheEssentialExchange.com 
>
> ** **
>
> *From:* Todd Lemmiksoo [mailto:tlemmik...@gmail.com]
> *Sent:* Wednesday, September 21, 2011 7:15 PM
> *To:* NT System Admin Issues
> *Subject:* Re: IT: How to Tell Remotely what Service Pack (Office, and
> Windows) remote PC is running
>
> ** **
>
> Can you do this to find the Outlook version (and sp) for each PC in the
> domain. I have been using Exmon to find the user, Outlook version and Ip
> address.
>
> Todd Lemmiksoo
>
> On Wed, Sep 21, 2011 at 2:31 PM, Michael B. Smith 
> wrote:
>
> Oh – if you really want CSV, use adfind. It has the “-csv” switch.
>
>  
>
> Regards,
>
>  
>
> Michael B. Smith
>
> Consultant and Exchange MVP
>
> http://TheEssentialExchange.com 
>
>  
>
> *From:* Michael B. Smith [mailto:mich...@smithcons.com]
> *Sent:* Wednesday, September 21, 2011 3:29 PM
>
>
> *To:* NT System Admin Issues
> *Subject:* RE: IT: How to Tell Remotely what Service Pack (Office, and
> Windows) remote PC is running
>
>  
>
> You don’t need PowerShell to do the query.
>
>  
>
> dsquery * domainroot -filter objectCategory=computer -attr Name Location
> OperatingSystem OperatingSystemServicePack
>
>  
>
> Doing Excel is never easy. PowerShell would line-for-line match vbscript
> for the Excel code.
>
>  
>
> Regards,
>
>  
>
> Michael B. Smith
>
> Consultant and Exchange MVP
>
> http://TheEssentialExchange.com 
>
>  
>
> *From:* Webster [mailto:webs...@carlwebster.com]
> *Sent:* Wednesday, September 21, 2011 3:10 PM
> *To:* NT System Admin Issues
> *Subject:* RE: IT: How to Tell Remotely what Service Pack (Office, and
> Windows) remote PC is running
>
>  
>
> Now for St. MBS to show us how to accomplish the same thing in PowerShell
> in 5 lines or less. J
>
>  
>
> Carl Webster
>
> Consultant and Citrix Technology Professional
>
> http://www.CarlWebster.com 
>
>  
>
>  
>
> *From:* Guyer, Don [mailto:don.gu...@fiserv.com]
> *Subject:* RE: IT: How to Tell Remotely what Service Pack (Office, and
> Windows) remote PC is running
>
>  
>
> Script for O/S and SP. Just enter your domain info:
>
>  
>
> ---
>
>  
>
> On Error GoTo 0
>
> Const ADS_SCOPE_SUBTREE = 2
>
>  
>
> Set objConnection = CreateObject("ADODB.Connection")
>
> Set objCommand =   CreateObject("ADODB.Command")
>
> objConnection.Provider = "ADSDSOObject"
>
> objConnection.Open "Active Directory Provider"
>
>  
>
> 'your LDAP Query here
>
> strLDAPQuery = "LDAP://DC=domain,DC=com"
>
>  
>
> 'get the working path of the script
>
> strScriptPath = replace(wscript.scriptfullname,wscript.scriptname,"")
>
>  
>
> 'Create Excel workbook
>
>Set objXL = wscript.CreateObject("Excel.Application")
>
>objXL.Visible = True
>
>objXL.WorkBooks.Add
>
>  
>
> 'Specify the file to write
>
> outputFile = strScriptPath & "Computer Accounts.xls"
>
>  
>
> 'tell what row to start writing retrieved data to
>
> icount = 2
>
>  
>
> Set objCOmmand.ActiveConnection = objConnection
>
>  
>
> objCommand.CommandText = _
>
> "Select Name, Location, operatingSystem, operatingSystemServicePack
> from '" & strLDAPQuery &  "' Where objectClass='computer'"  
>
> objCommand.Properties("Page Size") = 1000
>
> objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE 
>
> Set objRecordSet = objCommand.Execute
>
>  
>
> objRecordSet.MoveFirst
>
>objXL.ActiveSheet.Range("A1:D1").ColumnWidth = 20
>
>ObjXL.ActiveSheet.Cells(1,1).Value = "Computer Name"
>
>ObjXL.ActiveSheet.Cells(1,2).Value = "Location"
>
>ObjXL.ActiveSheet.Cells(1,3).Value = "Operating System Version"
>
>ObjXL.ActiveSheet.Cells(1,4).Value = "Service Pack"
>
>objXL.Range("A1:E1").Select
>
>objXL.Selection.Font.Bold = True
>
>objXL.Selection.Interior.ColorIndex = 1
>
>objXL.Selection.Interior.Pattern = 1 'xlSolid
>
>objXL.Selection.Font.ColorIndex = 2 
>
>  
>
>  
>
> Do Until objRecordSet.EOF 
>
> On Error GoTo 0
>
>'If
> InStr(LC

RE: Public time sources

[Webster]

My son was a real rocket scientist for the USAF and did a bunch of work on the 
GPS satellites.  He told me if I ever had a spare 168 hours, he could explain 
in detail how GPS, GPS tracking, GPS time and GPS orbits really worked!  Never 
have taken him up on the offer.

Carl Webster
Consultant and Citrix Technology Professional
http://www.CarlWebster.com

> -Original Message-
> From: Ben Scott [mailto:mailvor...@gmail.com]
> Subject: Re: Public time sources
> 
> On Thu, Sep 22, 2011 at 11:59 AM, Paul Hutchings
>  wrote:
> > With my tinfoil hat on, do they take any steps to ensure the accuracy
> > of your time if you choose to join the pool?
> 
>   The ntp.org pools consist of thousands of autonomous donor systems.
> Your level of assurance is proportional to the number of servers you
> associate with.  Want a higher level of assurance?  Use more servers.
> Anyone lying to you will quickly be seen as out-of-sync and discarded.
>  At least, that's the way Delaware NTP works; I can't speak to Microsoft's
> implementation.
> 
>   One can also use GPS as a highly-accurate time source (sub-second
> accuracy).  I'm told implementation cost can be under $100.  So that's an
> option for the truly demanding.  (GPS depends on time sync (each satellite
> has an on-board atomic clock), so by definition any GPS receiver has highly-
> accurate time.  Not all of them expose it in a useful fashion, though.)


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Public time sources

[Paul Hutchings]

Thanks Ben, that makes a lot of sense as to how a "rogue" server couldn't cause 
any chaos (I'm not an expert in NTP, I just bang in several reputable servers 
and let the OS sort it out).

Paul

From: Ben Scott [mailvor...@gmail.com]
Sent: 22 September 2011 5:17 PM
To: NT System Admin Issues
Subject: Re: Public time sources

On Thu, Sep 22, 2011 at 11:59 AM, Paul Hutchings
 wrote:
> With my tinfoil hat on, do they take any steps to ensure the accuracy of
> your time if you choose to join the pool?

  The ntp.org pools consist of thousands of autonomous donor systems.
Your level of assurance is proportional to the number of servers you
associate with.  Want a higher level of assurance?  Use more servers.
Anyone lying to you will quickly be seen as out-of-sync and discarded.
 At least, that's the way Delaware NTP works; I can't speak to
Microsoft's implementation.

  One can also use GPS as a highly-accurate time source (sub-second
accuracy).  I'm told implementation cost can be under $100.  So that's
an option for the truly demanding.  (GPS depends on time sync (each
satellite has an on-board atomic clock), so by definition any GPS
receiver has highly-accurate time.  Not all of them expose it in a
useful fashion, though.)


-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

--
MIRA Ltd

Watling Street, Nuneaton, Warwickshire, CV10 0TU, England
Registered in England and Wales No. 402570
VAT Registration  GB 100 1464 84

The contents of this e-mail are confidential and are solely for the use of the 
intended recipient.  If you receive this e-mail in error, please delete it and 
notify us either by e-mail, telephone or fax.  You should not copy, forward or 
otherwise disclose the content of the e-mail as this is prohibited.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Network Scanner Recommendation

[Ben Scott]

On Thu, Sep 22, 2011 at 11:44 AM, James Kerr  wrote:
> One more question about the scansnap. Can it scan a drivers license?

  Your cost just went up again.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Public time sources

[Ben Scott]

On Thu, Sep 22, 2011 at 11:59 AM, Paul Hutchings
 wrote:
> With my tinfoil hat on, do they take any steps to ensure the accuracy of
> your time if you choose to join the pool?

  The ntp.org pools consist of thousands of autonomous donor systems.
Your level of assurance is proportional to the number of servers you
associate with.  Want a higher level of assurance?  Use more servers.
Anyone lying to you will quickly be seen as out-of-sync and discarded.
 At least, that's the way Delaware NTP works; I can't speak to
Microsoft's implementation.

  One can also use GPS as a highly-accurate time source (sub-second
accuracy).  I'm told implementation cost can be under $100.  So that's
an option for the truly demanding.  (GPS depends on time sync (each
satellite has an on-board atomic clock), so by definition any GPS
receiver has highly-accurate time.  Not all of them expose it in a
useful fashion, though.)


-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Public time sources

[Ben Scott]

On Thu, Sep 22, 2011 at 11:05 AM, Tom Miller  wrote:
> I am reconfiguring my time providers for my AD servers.  What are you using
> for your public time sources?

  I've got my PDC Emulator configured to get its time from our
in-house Linux server running the reference implementation of NTP.
That Linux box is configured to sync to multiple pool.ntp.org servers:

server us.pool.ntp.org
server us.pool.ntp.org
server us.pool.ntp.org
server time.windows.com

  I list the same name three times because I'm running an older NTP
release which doesn't support the "pool" directive (which does the
same thing and better).

  I threw time.windows.com in there as a further diversity measure.

  By using multiple diverse time sources, NTP can better detect and
compensate for network latency and drift.  Accuracies within a few
seconds of "atomic" time are achievable this way.

  Microsoft's documentation on the Windows time service isn't clear on
if/how it handles multiple upstream NTP servers, and given MSKB 939322
I figured I wasn't likely to get an answer, and I already had NTP
configured on *nix, so that's the route I chose.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Public time sources

[John Cook]

You get a full refund.
John W. Cook
Systems Administrator
Partnership for Strong Families

From: Paul Hutchings [mailto:paul.hutchi...@mira.co.uk]
Sent: Thursday, September 22, 2011 11:59 AM
To: NT System Admin Issues 
Subject: RE: Public time sources

With my tinfoil hat on, do they take any steps to ensure the accuracy of your 
time if you choose to join the pool?

From: Damien Solodow [damien.solo...@harrison.edu]
Sent: 22 September 2011 4:07 PM
To: NT System Admin Issues
Subject: RE: Public time sources

I like 0.us.pool.ntp.org

DAMIEN SOLODOW
Systems Engineer
317.447.6033 (office)
317.447.6014 (fax)
HARRISON COLLEGE

From: Tom Miller [mailto:tmil...@hnncsb.org]
Sent: Thursday, September 22, 2011 11:06 AM
To: NT System Admin Issues
Subject: Public time sources

Folks,

I am reconfiguring my time providers for my AD servers.  What are you using for 
your public time sources?

Thanks
Tom


Confidentiality Notice: This e-mail message, including attachments, is for the 
sole use of the intended recipient(s) and may contain confidential and 
privileged information. Any unauthorized review, use, disclosure, or 
distribution is prohibited. If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


MIRA Ltd

Watling Street, Nuneaton, Warwickshire, CV10 0TU, England
Registered in England and Wales No. 402570
VAT Registration � GB� 100 1464 84

The contents of this e-mail are confidential and are solely for the use of the 
intended recipient. � If you receive this e-mail in error, please delete it and 
notify us either by e-mail, telephone or fax. � You should not copy, forward or 
otherwise disclose the content of the e-mail as this is prohibited.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


CONFIDENTIALITY STATEMENT: The information transmitted, or contained or 
attached to or with this Notice is intended only for the person or entity to 
which it is addressed and may contain Protected Health Information (PHI), 
confidential and/or privileged material. Any review, transmission, 
dissemination, or other use of, and taking any action in reliance upon this 
information by persons or entities other than the intended recipient without 
the express written consent of the sender are prohibited. This information may 
be protected by the Health Insurance Portability and Accountability Act of 1996 
(HIPAA), and other Federal and Florida laws. Improper or unauthorized use or 
disclosure of this information could result in civil and/or criminal penalties.
Consider the environment. Please don't print this e-mail unless you really need 
to.

This email and any attached files are confidential and intended solely for the 
intended recipient(s). If you are not the named recipient you should not read, 
distribute, copy or alter this email. Any views or opinions expressed in this 
email are those of the author and do not represent those of the company. 
Warning: Although precautions have been taken to make sure no viruses are 
present in this email, the company cannot accept responsibility for any loss or 
damage that arise from the use of this email or attachments.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Public time sources

[Paul Hutchings]

With my tinfoil hat on, do they take any steps to ensure the accuracy of your 
time if you choose to join the pool?

From: Damien Solodow [damien.solo...@harrison.edu]
Sent: 22 September 2011 4:07 PM
To: NT System Admin Issues
Subject: RE: Public time sources

I like 0.us.pool.ntp.org

DAMIEN SOLODOW
Systems Engineer
317.447.6033 (office)
317.447.6014 (fax)
HARRISON COLLEGE

From: Tom Miller [mailto:tmil...@hnncsb.org]
Sent: Thursday, September 22, 2011 11:06 AM
To: NT System Admin Issues
Subject: Public time sources

Folks,

I am reconfiguring my time providers for my AD servers.  What are you using for 
your public time sources?

Thanks
Tom


Confidentiality Notice: This e-mail message, including attachments, is for the 
sole use of the intended recipient(s) and may contain confidential and 
privileged information. Any unauthorized review, use, disclosure, or 
distribution is prohibited. If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

--
MIRA Ltd

Watling Street, Nuneaton, Warwickshire, CV10 0TU, England
Registered in England and Wales No. 402570
VAT Registration  GB 100 1464 84

The contents of this e-mail are confidential and are solely for the use of the 
intended recipient.  If you receive this e-mail in error, please delete it and 
notify us either by e-mail, telephone or fax.  You should not copy, forward or 
otherwise disclose the content of the e-mail as this is prohibited.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Network Scanner Recommendation

[Jonathan Link]

We've never tried.  Speculating, I'd say no or not easily, since it's sheet
fed.
For something like that you need some flatbed capability, too...and that's
out of my experience zone.



On Thu, Sep 22, 2011 at 11:44 AM, James Kerr  wrote:

> One more question about the scansnap. Can it scan a drivers license?
>
> James
>
>
> On Thu, Sep 22, 2011 at 8:30 AM, James Kerr  wrote:
>
>> That director should be on my office today so i'll talk to him and see if
>> they can cover that cost in the programs budget.
>>
>> Thanks guys,
>>
>> James
>>
>> On Wed, Sep 21, 2011 at 6:22 PM, Lists - Level Five 
>> wrote:
>>
>>> James I work with a scanning/cloud vendor in Miami and all they use is
>>> Fujitsus from the lower end to the high capacity, nothing else. The company
>>> swears by them…
>>>
>>> ** **
>>>
>>> *From:* James Kerr [mailto:cluster...@gmail.com]
>>> *Sent:* Wednesday, September 21, 2011 4:41 PM
>>>
>>> *To:* NT System Admin Issues
>>> *Subject:* Re: Network Scanner Recommendation
>>>
>>> ** **
>>>
>>> Listen, did you smell that?
>>>
>>> On Wed, Sep 21, 2011 at 3:41 PM, Jonathan Link 
>>> wrote:
>>>
>>> I wrote it, too. :-)
>>>
>>> When you asked the question I wrote that it was doing this out of the
>>> box, intiially, and it freaked me out a bit.
>>>
>>> On Wed, Sep 21, 2011 at 3:34 PM, James Kerr 
>>> wrote:
>>>
>>> Oh, I didn't hear you then.
>>>
>>> ** **
>>>
>>> On Wed, Sep 21, 2011 at 3:03 PM, Jonathan Link 
>>> wrote:
>>>
>>> I thought I said I know it does this...
>>>
>>> :-)
>>>
>>> On Wed, Sep 21, 2011 at 2:54 PM, James Kerr 
>>> wrote:
>>>
>>> Cool. I'll call fujitsu and ask them about the one pdf per page
>>> requirement.
>>>
>>> ** **
>>>
>>> On Wed, Sep 21, 2011 at 2:33 PM, Jonathan Link 
>>> wrote:
>>>
>>>
>>> http://www.cdw.com/shop/products/Fujitsu-Scansnap-network-fi-6010n-i-scanner/1912903.aspx
>>> 
>>>
>>> This is the same model as what I have. It's come down about $1,000, IIRC.
>>> 
>>>
>>> It has a high duty cycle, which was a high priority for us.  My boss
>>> wanted to go the $1,000 scanner route, but I pointed out the distinct
>>> possibility that it would probably require a greater interval of service,
>>> and my argument was set.  Thankfully, spending the extra $$$ has paid off
>>> well.  It scans both sides of a sheet at the same time, discarding empty
>>> pages.
>>>
>>>  
>>>
>>> I did not pay for a service contract on it, my boss and I thought the
>>> gamble was worth it.  She gambles on things like this, and tends to be
>>> lucky.  Since I got the scanner I wanted, I didn't push the service
>>> contract.
>>>
>>>  
>>>
>>>  
>>>
>>>  
>>>
>>>  
>>>
>>> On Wed, Sep 21, 2011 at 2:20 PM, James Kerr 
>>> wrote:
>>>
>>> Jonathan, do you know if the Fujitsus have the ability to scan each page
>>> as a single pdf? I can always go to the powers that be and tell them that
>>> this is what they need and why and see what they want to do. Currently they
>>> are using an HP Officejet M1210 that was given to us by the county for that
>>> program but I imagine it won't last long, as its scanning all day long.*
>>> ***
>>>
>>> On Wed, Sep 21, 2011 at 1:56 PM, Jonathan Link 
>>> wrote:
>>>
>>> Yeah, to be blunt, that budget is unrealistic.
>>>
>>>  
>>>
>>> I hated spending as much as I did on the Fuji, at the time.  However, I
>>> have not messed with it since I set it up.  Since the people who use it are
>>> all chargeable, saving them time is money well spent.  And the use case is
>>> similar, this was put in place to augment scanning capability, since the
>>> MFPs are so congested.
>>>
>>>
>>>
>>>  
>>>
>>> On Wed, Sep 21, 2011 at 1:44 PM, James Kerr 
>>> wrote:
>>>
>>> I should have mentioned the budget is under $1k. A copier is not an
>>> option. We actually have copiers that can do this but in this case we need
>>> something small that a small group of users can use without having to be
>>> around the very busy copiers. I have found one that will do everything I
>>> need but doesn't have good reviews, the HP Scanjet N6350.
>>>
>>> On Wed, Sep 21, 2011 at 10:25 AM, Jonathan Link 
>>> wrote:
>>>
>>> Budget?
>>>
>>> Three years ago purchased a Fujitsu Fi-6010N.  It has worked very well
>>> for us.  It is a secondary scanner (mostly use MFP devices), but it has
>>> scanned well over 50,000 pages without any need for service.  
>>>
>>> I have a kit to replace some parts that are worn out.  I bought it around
>>> the 50,000 page mark, which is the recommended service interval, but have
>>> not had any complaints or problems reported, so I haven't used the kit, yet.
>>> 
>>>
>>> You can get service contracts for it, too.
>>>
>>>  
>>>
>>> I think we spent ~$3,000 for it.
>>>
>>>
>>>  
>>>
>>> On Wed, Sep 21, 2011 at 10:20 AM, James Kerr 
>>> wrote:
>>>
>>> Heh guys,
>>>
>>> I need to get a network scanner that can scan to a network sha

Re: Network Scanner Recommendation

[James Kerr]

One more question about the scansnap. Can it scan a drivers license?

James

On Thu, Sep 22, 2011 at 8:30 AM, James Kerr  wrote:

> That director should be on my office today so i'll talk to him and see if
> they can cover that cost in the programs budget.
>
> Thanks guys,
>
> James
>
> On Wed, Sep 21, 2011 at 6:22 PM, Lists - Level Five wrote:
>
>> James I work with a scanning/cloud vendor in Miami and all they use is
>> Fujitsus from the lower end to the high capacity, nothing else. The company
>> swears by them…
>>
>> ** **
>>
>> *From:* James Kerr [mailto:cluster...@gmail.com]
>> *Sent:* Wednesday, September 21, 2011 4:41 PM
>>
>> *To:* NT System Admin Issues
>> *Subject:* Re: Network Scanner Recommendation
>>
>> ** **
>>
>> Listen, did you smell that?
>>
>> On Wed, Sep 21, 2011 at 3:41 PM, Jonathan Link 
>> wrote:
>>
>> I wrote it, too. :-)
>>
>> When you asked the question I wrote that it was doing this out of the box,
>> intiially, and it freaked me out a bit.
>>
>> On Wed, Sep 21, 2011 at 3:34 PM, James Kerr  wrote:
>> 
>>
>> Oh, I didn't hear you then.
>>
>> ** **
>>
>> On Wed, Sep 21, 2011 at 3:03 PM, Jonathan Link 
>> wrote:
>>
>> I thought I said I know it does this...
>>
>> :-)
>>
>> On Wed, Sep 21, 2011 at 2:54 PM, James Kerr  wrote:
>> 
>>
>> Cool. I'll call fujitsu and ask them about the one pdf per page
>> requirement.
>>
>> ** **
>>
>> On Wed, Sep 21, 2011 at 2:33 PM, Jonathan Link 
>> wrote:
>>
>>
>> http://www.cdw.com/shop/products/Fujitsu-Scansnap-network-fi-6010n-i-scanner/1912903.aspx
>> 
>>
>> This is the same model as what I have. It's come down about $1,000, IIRC.
>> 
>>
>> It has a high duty cycle, which was a high priority for us.  My boss
>> wanted to go the $1,000 scanner route, but I pointed out the distinct
>> possibility that it would probably require a greater interval of service,
>> and my argument was set.  Thankfully, spending the extra $$$ has paid off
>> well.  It scans both sides of a sheet at the same time, discarding empty
>> pages.
>>
>>  
>>
>> I did not pay for a service contract on it, my boss and I thought the
>> gamble was worth it.  She gambles on things like this, and tends to be
>> lucky.  Since I got the scanner I wanted, I didn't push the service
>> contract.
>>
>>  
>>
>>  
>>
>>  
>>
>>  
>>
>> On Wed, Sep 21, 2011 at 2:20 PM, James Kerr  wrote:
>> 
>>
>> Jonathan, do you know if the Fujitsus have the ability to scan each page
>> as a single pdf? I can always go to the powers that be and tell them that
>> this is what they need and why and see what they want to do. Currently they
>> are using an HP Officejet M1210 that was given to us by the county for that
>> program but I imagine it won't last long, as its scanning all day long.**
>> **
>>
>> On Wed, Sep 21, 2011 at 1:56 PM, Jonathan Link 
>> wrote:
>>
>> Yeah, to be blunt, that budget is unrealistic.
>>
>>  
>>
>> I hated spending as much as I did on the Fuji, at the time.  However, I
>> have not messed with it since I set it up.  Since the people who use it are
>> all chargeable, saving them time is money well spent.  And the use case is
>> similar, this was put in place to augment scanning capability, since the
>> MFPs are so congested.
>>
>>
>>
>>  
>>
>> On Wed, Sep 21, 2011 at 1:44 PM, James Kerr  wrote:
>> 
>>
>> I should have mentioned the budget is under $1k. A copier is not an
>> option. We actually have copiers that can do this but in this case we need
>> something small that a small group of users can use without having to be
>> around the very busy copiers. I have found one that will do everything I
>> need but doesn't have good reviews, the HP Scanjet N6350.
>>
>> On Wed, Sep 21, 2011 at 10:25 AM, Jonathan Link 
>> wrote:
>>
>> Budget?
>>
>> Three years ago purchased a Fujitsu Fi-6010N.  It has worked very well for
>> us.  It is a secondary scanner (mostly use MFP devices), but it has scanned
>> well over 50,000 pages without any need for service.  
>>
>> I have a kit to replace some parts that are worn out.  I bought it around
>> the 50,000 page mark, which is the recommended service interval, but have
>> not had any complaints or problems reported, so I haven't used the kit, yet.
>> 
>>
>> You can get service contracts for it, too.
>>
>>  
>>
>> I think we spent ~$3,000 for it.
>>
>>
>>  
>>
>> On Wed, Sep 21, 2011 at 10:20 AM, James Kerr 
>> wrote:
>>
>> Heh guys,
>>
>> I need to get a network scanner that can scan to a network share and (this
>> is important) scan a stack of paper and create a separate pdf for each page.
>> It also needs to not be a SOHO device, something that can handle a decent
>> volume and that I can get a service contract with. Anyone have any ideas?
>>
>> Thanks,
>>
>> James
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>>
>>
>> ~ 

RE: Public time sources

[John Cook]

We use the north America pool.

From: Ben Schorr [mailto:b...@rolandschorr.com]
Sent: Thursday, September 22, 2011 11:08 AM
To: NT System Admin Issues
Subject: RE: Public time sources

Pool.ntp.org.
You can use one of the regional sub-domains if you want 
(north-america.pool.ntp.org is one I think) but I just don't want to type that 
much. :)
Ben M. Schorr
Roland Schorr & Tower
www.rolandschorr.com | 
www.officeforlawyers.com | Twitter: @bschorr

From: Tom Miller [mailto:tmil...@hnncsb.org]
Sent: Thursday, September 22, 2011 8:06
To: NT System Admin Issues
Subject: Public time sources

Folks,

I am reconfiguring my time providers for my AD servers.  What are you using for 
your public time sources?

Thanks
Tom


Confidentiality Notice: This e-mail message, including attachments, is for the 
sole use of the intended recipient(s) and may contain confidential and 
privileged information. Any unauthorized review, use, disclosure, or 
distribution is prohibited. If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


CONFIDENTIALITY STATEMENT: The information transmitted, or contained or 
attached to or with this Notice is intended only for the person or entity to 
which it is addressed and may contain Protected Health Information (PHI), 
confidential and/or privileged material. Any review, transmission, 
dissemination, or other use of, and taking any action in reliance upon this 
information by persons or entities other than the intended recipient without 
the express written consent of the sender are prohibited. This information may 
be protected by the Health Insurance Portability and Accountability Act of 1996 
(HIPAA), and other Federal and Florida laws. Improper or unauthorized use or 
disclosure of this information could result in civil and/or criminal penalties.
Consider the environment. Please don't print this e-mail unless you really need 
to.

This email and any attached files are confidential and intended solely for the 
intended recipient(s). If you are not the named recipient you should not read, 
distribute, copy or alter this email. Any views or opinions expressed in this 
email are those of the author and do not represent those of the company. 
Warning: Although precautions have been taken to make sure no viruses are 
present in this email, the company cannot accept responsibility for any loss or 
damage that arise from the use of this email or attachments.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: SSL hack

[Ben Scott]

  Typo correction:

On Thu, Sep 22, 2011 at 11:00 AM, Ben Scott  wrote:
> C2. C1 constructs a URL that is just long enough to push all but the
> first byte of the cookie

... out of the first SSL block.

  (Forgot to finish typing my thought there.)

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Public time sources

[James Kerr]

We use us.pool.ntp.org


On Thu, Sep 22, 2011 at 11:11 AM, Andrew S. Baker  wrote:

> +1
>
> * *
>
> *ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of
> Technology for the SMB market…
>
> *
>
>
>
> On Thu, Sep 22, 2011 at 11:07 AM, Ben Schorr wrote:
>
>> 
>>
>> Pool.ntp.org.
>>
>> You can use one of the regional sub-domains if you want (
>> north-america.pool.ntp.org is one I think) but I just don’t want to type
>> that much. J
>>
>> Ben M. Schorr
>>
>> Roland Schorr & Tower
>>
>> www.rolandschorr.com | www.officeforlawyers.com | Twitter: @bschorr
>>
>> ** **
>>
>> *From:* Tom Miller [mailto:tmil...@hnncsb.org]
>> *Sent:* Thursday, September 22, 2011 8:06
>>
>>
>> *To:* NT System Admin Issues
>> *Subject:* Public time sources
>>
>> ** **
>>
>> Folks,
>>
>>  
>>
>> I am reconfiguring my time providers for my AD servers.  What are you
>> using for your public time sources?  
>>
>>  
>>
>> Thanks
>>
>> Tom
>>
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Public time sources

[Andrew S. Baker]

+1

* *

*ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of
Technology for the SMB market…

*



On Thu, Sep 22, 2011 at 11:07 AM, Ben Schorr  wrote:

> 
>
> Pool.ntp.org.
>
> You can use one of the regional sub-domains if you want (
> north-america.pool.ntp.org is one I think) but I just don’t want to type
> that much. J
>
> Ben M. Schorr
>
> Roland Schorr & Tower
>
> www.rolandschorr.com | www.officeforlawyers.com | Twitter: @bschorr
>
> ** **
>
> *From:* Tom Miller [mailto:tmil...@hnncsb.org]
> *Sent:* Thursday, September 22, 2011 8:06
>
> *To:* NT System Admin Issues
> *Subject:* Public time sources
>
> ** **
>
> Folks,
>
>  
>
> I am reconfiguring my time providers for my AD servers.  What are you using
> for your public time sources?  
>
>  
>
> Thanks
>
> Tom
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Public time sources

[Webster]

north-america.pool.ntp.org.
Carl Webster
Consultant and Citrix Technology Professional
http://www.CarlWebster.com

From: Tom Miller [mailto:tmil...@hnncsb.org]
Subject: Public time sources

Folks,

I am reconfiguring my time providers for my AD servers.  What are you using for 
your public time sources?


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: SSL hack

[Guyer, Don]

I appreciate that explanation.


Don Guyer
Windows Systems Engineer
RIM Operations Engineering Distributed - A Team, Tier 2
Enterprise Technology Group
Fiserv
don.gu...@fiserv.com
Office: 1-800-523-7282 x 1673
Fax: 610-233-0404
www.fiserv.com


-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com] 
Sent: Thursday, September 22, 2011 11:01 AM
To: NT System Admin Issues
Subject: Re: SSL hack

On Thu, Sep 22, 2011 at 9:11 AM, Guyer, Don 
wrote:
> I don't even pretend to be a security expert by any means, I find this
article confusing.

  Most likely, the author of the article was confused, too.  The tech
press is something akin to blind men describing an elephant.
Additionally, even original information is limited right now (they
haven't given their presentation yet).

> It seems to be a high vulnerability, but when I read the sentence "It 
> has long been theorized that attackers can manipulate the process to 
> make educated guesses about the contents of the plaintext blocks."

  I've seen differing analyses so I'm not really sure, but this is one
that makes the most sense to me:

  The attack uses JavaScript injection (browser compromise) and a packet
sniffer (compromise of the network medium) to force a chosen-plaintext,
which can then be used to recover other plaintext from the SSL
ciphertext.  No man-in-the-middle is needed, although that may be a
force-multiplier.

A1. SSL is a chained block cipher.  Bytes on the wire are sent in
ciphered blocks, where each block's key is dependent on the previous
block.

B1. The user browses to a site like PayPal using SSL.  They authenticate
using their credentials.

B2. PayPal gives them an HTTP cookie containing some very large random
data.  This data serves to authenticate their login session.  The cookie
is a temporary shared secret granting access to their user account.

B3. The cookie from B2 is protected by SSL on the wire, and thus should
be secure against sniffing.

B4. The cookie is marked as "secure" in the browser's cookie jar, and
thus won't be given to non-SSL pages.

C1. The attack injects some JavaScript into the browser somehow.

C2. C1 constructs a URL that is just long enough to push all but the
first byte of the cookie

C3. C1 forces the browser to request C2 from the SSL site.

C4. The attack sniffs C3 from the wire.

C5. The attack now has a know-plaintext (the URL) and a single unknown
byte -- the first byte of the B2 cookie.

C6. The attack does crypto magic on C5, benefiting from the
known-plaintext, to decrypt the first byte of the B2 cookie.

C7. The attack repeats C2 through C6, shortening the URL each time, to
decrypt the rest of the cookie one byte at a time.

B5. After C7 is done, the attack now has the entire B2 authentication
cookie, and can masquerade as the user.

(from http://news.ycombinator.com/item?id=3016175)

  There may be scenarios other than B (auth cookie recovery) which could
also use the technique in C to gain valuable plaintext.  Or not; I
dunno.

  Again, I'm waiting for the full release, and good trusted third-party
analysis, before I really react.  I know enough about crypto to
understand a good analysis, but not enough to do it on my own.  There
are very likely aspects of this I'm not seeing.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Public time sources

[Ben Schorr]

Pool.ntp.org.

You can use one of the regional sub-domains if you want
(north-america.pool.ntp.org is one I think) but I just don't want to
type that much. J

Ben M. Schorr

Roland Schorr & Tower

www.rolandschorr.com | www.officeforlawyers.com | Twitter: @bschorr

 

From: Tom Miller [mailto:tmil...@hnncsb.org] 
Sent: Thursday, September 22, 2011 8:06
To: NT System Admin Issues
Subject: Public time sources

 

Folks,

 

I am reconfiguring my time providers for my AD servers.  What are you
using for your public time sources?  

 

Thanks

Tom

 

Confidentiality Notice: This e-mail message, including attachments, is
for the sole use of the intended recipient(s) and may contain
confidential and privileged information. Any unauthorized review, use,
disclosure, or distribution is prohibited. If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all
copies of the original message. 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Public time sources

[Damien Solodow]

I like 0.us.pool.ntp.org

DAMIEN SOLODOW
Systems Engineer
317.447.6033 (office)
317.447.6014 (fax)
HARRISON COLLEGE

From: Tom Miller [mailto:tmil...@hnncsb.org]
Sent: Thursday, September 22, 2011 11:06 AM
To: NT System Admin Issues
Subject: Public time sources

Folks,

I am reconfiguring my time providers for my AD servers.  What are you using for 
your public time sources?

Thanks
Tom


Confidentiality Notice: This e-mail message, including attachments, is for the 
sole use of the intended recipient(s) and may contain confidential and 
privileged information. Any unauthorized review, use, disclosure, or 
distribution is prohibited. If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Public time sources

[Tom Miller]

Folks,
 
I am reconfiguring my time providers for my AD servers.  What are you using for 
your public time sources?  
 
Thanks
Tom

Confidentiality Notice:  This e-mail message, including attachments, is for the 
sole use of the intended recipient(s) and may contain confidential and 
privileged information.  Any unauthorized review, use, disclosure, or 
distribution is prohibited.  If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: SSL hack

[Ben Scott]

On Thu, Sep 22, 2011 at 9:11 AM, Guyer, Don  wrote:
> I don’t even pretend to be a security expert by any means, I find this 
> article confusing…..

  Most likely, the author of the article was confused, too.  The tech
press is something akin to blind men describing an elephant.
Additionally, even original information is limited right now (they
haven't given their presentation yet).

> It seems to be a high vulnerability, but when I read the sentence “It has 
> long been theorized
> that attackers can manipulate the process to make educated guesses about the 
> contents
> of the plaintext blocks.”

  I've seen differing analyses so I'm not really sure, but this is one
that makes the most sense to me:

  The attack uses JavaScript injection (browser compromise) and a
packet sniffer (compromise of the network medium) to force a
chosen-plaintext, which can then be used to recover other plaintext
from the SSL ciphertext.  No man-in-the-middle is needed, although
that may be a force-multiplier.

A1. SSL is a chained block cipher.  Bytes on the wire are sent in
ciphered blocks, where each block's key is dependent on the previous
block.

B1. The user browses to a site like PayPal using SSL.  They
authenticate using their credentials.

B2. PayPal gives them an HTTP cookie containing some very large random
data.  This data serves to authenticate their login session.  The
cookie is a temporary shared secret granting access to their user
account.

B3. The cookie from B2 is protected by SSL on the wire, and thus
should be secure against sniffing.

B4. The cookie is marked as "secure" in the browser's cookie jar, and
thus won't be given to non-SSL pages.

C1. The attack injects some JavaScript into the browser somehow.

C2. C1 constructs a URL that is just long enough to push all but the
first byte of the cookie

C3. C1 forces the browser to request C2 from the SSL site.

C4. The attack sniffs C3 from the wire.

C5. The attack now has a know-plaintext (the URL) and a single unknown
byte -- the first byte of the B2 cookie.

C6. The attack does crypto magic on C5, benefiting from the
known-plaintext, to decrypt the first byte of the B2 cookie.

C7. The attack repeats C2 through C6, shortening the URL each time, to
decrypt the rest of the cookie one byte at a time.

B5. After C7 is done, the attack now has the entire B2 authentication
cookie, and can masquerade as the user.

(from http://news.ycombinator.com/item?id=3016175)

  There may be scenarios other than B (auth cookie recovery) which
could also use the technique in C to gain valuable plaintext.  Or not;
I dunno.

  Again, I'm waiting for the full release, and good trusted
third-party analysis, before I really react.  I know enough about
crypto to understand a good analysis, but not enough to do it on my
own.  There are very likely aspects of this I'm not seeing.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Remote Desktop App recommendation?

[Daniel Rodriguez]

The Wyse product does have an setting when you configure your connection for
the RD Gateway Server. Now, this is on my Dell Streak 7 which is an Android
based device. I would suggest that you go to the Wyse Pocket Cloud web page
and see if that is also an option for the iPad version.

Oh, and for grins, I have tried using the Dolphin Browser and was able to
login to our RD Website. But, when getting to the next screen, I couldn't
see anything, even though there should have been some icons on that screen.
Didn't get any errors. Besides that ActiveX Control should already be
included on XP SP3. If you are getting an error when trying to access your
RD Website, and it says that you need that ActiveX Control, it just may not
be Enabled.

Daniel

On Thu, Sep 22, 2011 at 10:34 AM, Richard Stovall  wrote:

> I can't speak to whether the Wyse product can remote in through an RD
> Gateway server.  Regarding the RD web site, we don't use it at all.  I just
> distribute RDP files to the users who need them and they run them directly
> without ever going to a web site in a browser.
>
> On Thu, Sep 22, 2011 at 10:26 AM, David Lum  wrote:
>
>>  So you’re saying Wyse Pocket cloud will let an iPad connect to Remote
>> Desktop gateway?
>>
>> ** **
>>
>> In related news, how can you get an internet-based system to get to the RD
>> Gateway without using RDS Web server? Just yesterday I was requested to see
>> if a Mac can connect to our RDS farm, but my understanding was Mac OS and
>> related non-MS stuff can’t use RDS Web since it requires ActiveX.
>>
>> ** **
>>
>> Dave
>>
>> ** **
>>
>> *From:* Daniel Rodriguez [mailto:drod...@gmail.com]
>> *Sent:* Thursday, September 22, 2011 7:22 AM
>>
>> *To:* NT System Admin Issues
>> *Subject:* Re: Remote Desktop App recommendation?
>>
>>   ** **
>>
>> Also, too, on the Wyse product, you can zoom in, or reduce, the screen.
>> That way, if it looks too small, you can zoom in closer just to see a
>> portion of the screen. If it wasn't for that, everything would be too small.
>>
>> 
>>
>> On Thu, Sep 22, 2011 at 10:12 AM, Ralph Smith 
>> wrote:
>>
>> I used the Mochasoft app to remote to my Win 7 PC as a test and found it
>> to be usable screen size wise, but my eyes ain’t what they used to be so I
>> don’t think I’d be able to work like that consistently for any length of
>> time. 
>>
>> Thanks for the recommendation and tip for Wyse.
>>
>>  
>>
>> *From:* Daniel Rodriguez [mailto:drod...@gmail.com]
>> *Sent:* Thursday, September 22, 2011 9:44 AM
>> *To:* NT System Admin Issues
>> *Subject:* Re: Remote Desktop App recommendation?
>>
>>  
>>
>> I am using Wyse Pocket cloud. Very solid product. But don't get confused.
>> Wyse gives you the option to load a software agent on your computer,
>> laptop/desktop, You don't have to install it. I use it on my Dell Streak 7
>> and am able to do all that you specified, though a bigger screen would
>> definitely help.
>>
>> Daniel
>>
>> On Thu, Sep 22, 2011 at 9:37 AM, Ralph Smith 
>> wrote:
>>
>> It seems like I saw this asked and answered here before but I can’t find
>> the thread:
>>
>> Anybody using a Remote Desktop app for iPad 2 that you can recommend that
>> works with Windows Server 2003, 2008 R2 and Remote Desktop Gateway?
>>
>>  
>>
>> My CEO was just issued an iPad through another agency for which she serves
>> on the board, and she wants to use it this way.  This is the first time I’ve
>> actually touched an iPad.  I downloaded the free Remote Desktop Lite, but
>> apparently Mochasofts’s remote desktop products can’t be used with Windows
>> Servers.  Read a bunch of reviews and am considering trying either Antecea
>> Easy Connect or Wyse PocketCloud, but there’s a lot of choices and am hoping
>> to get a trusted recommendation from the list.
>>
>>  
>>
>> Thanks,
>>
>>  
>>
>> Ralph
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>>  
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>> ** **
>>
>> ~ Finally, powe

Re: Remote Desktop App recommendation?

[Richard Stovall]

I can't speak to whether the Wyse product can remote in through an RD
Gateway server.  Regarding the RD web site, we don't use it at all.  I just
distribute RDP files to the users who need them and they run them directly
without ever going to a web site in a browser.

On Thu, Sep 22, 2011 at 10:26 AM, David Lum  wrote:

>  So you’re saying Wyse Pocket cloud will let an iPad connect to Remote
> Desktop gateway?
>
> ** **
>
> In related news, how can you get an internet-based system to get to the RD
> Gateway without using RDS Web server? Just yesterday I was requested to see
> if a Mac can connect to our RDS farm, but my understanding was Mac OS and
> related non-MS stuff can’t use RDS Web since it requires ActiveX.
>
> ** **
>
> Dave
>
> ** **
>
> *From:* Daniel Rodriguez [mailto:drod...@gmail.com]
> *Sent:* Thursday, September 22, 2011 7:22 AM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Remote Desktop App recommendation?
>
>   ** **
>
> Also, too, on the Wyse product, you can zoom in, or reduce, the screen.
> That way, if it looks too small, you can zoom in closer just to see a
> portion of the screen. If it wasn't for that, everything would be too small.
>
> 
>
> On Thu, Sep 22, 2011 at 10:12 AM, Ralph Smith 
> wrote:
>
> I used the Mochasoft app to remote to my Win 7 PC as a test and found it to
> be usable screen size wise, but my eyes ain’t what they used to be so I
> don’t think I’d be able to work like that consistently for any length of
> time. 
>
> Thanks for the recommendation and tip for Wyse.
>
>  
>
> *From:* Daniel Rodriguez [mailto:drod...@gmail.com]
> *Sent:* Thursday, September 22, 2011 9:44 AM
> *To:* NT System Admin Issues
> *Subject:* Re: Remote Desktop App recommendation?
>
>  
>
> I am using Wyse Pocket cloud. Very solid product. But don't get confused.
> Wyse gives you the option to load a software agent on your computer,
> laptop/desktop, You don't have to install it. I use it on my Dell Streak 7
> and am able to do all that you specified, though a bigger screen would
> definitely help.
>
> Daniel
>
> On Thu, Sep 22, 2011 at 9:37 AM, Ralph Smith 
> wrote:
>
> It seems like I saw this asked and answered here before but I can’t find
> the thread:
>
> Anybody using a Remote Desktop app for iPad 2 that you can recommend that
> works with Windows Server 2003, 2008 R2 and Remote Desktop Gateway?
>
>  
>
> My CEO was just issued an iPad through another agency for which she serves
> on the board, and she wants to use it this way.  This is the first time I’ve
> actually touched an iPad.  I downloaded the free Remote Desktop Lite, but
> apparently Mochasofts’s remote desktop products can’t be used with Windows
> Servers.  Read a bunch of reviews and am considering trying either Antecea
> Easy Connect or Wyse PocketCloud, but there’s a lot of choices and am hoping
> to get a trusted recommendation from the list.
>
>  
>
> Thanks,
>
>  
>
> Ralph
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>  
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ** **
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.c

Re: Remote Desktop App recommendation?

[Steve Ens]

I think I use logmein Ignition...again, you have to install part of it on
the computer you want to control...but it works well.

On Thu, Sep 22, 2011 at 8:37 AM, Ralph Smith wrote:

> It seems like I saw this asked and answered here before but I can’t find
> the thread:
>
> Anybody using a Remote Desktop app for iPad 2 that you can recommend that
> works with Windows Server 2003, 2008 R2 and Remote Desktop Gateway?
>
> ** **
>
> My CEO was just issued an iPad through another agency for which she serves
> on the board, and she wants to use it this way.  This is the first time I’ve
> actually touched an iPad.  I downloaded the free Remote Desktop Lite, but
> apparently Mochasofts’s remote desktop products can’t be used with Windows
> Servers.  Read a bunch of reviews and am considering trying either Antecea
> Easy Connect or Wyse PocketCloud, but there’s a lot of choices and am hoping
> to get a trusted recommendation from the list.
>
> ** **
>
> Thanks,
>
> ** **
>
> Ralph
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Remote Desktop App recommendation?

[David Lum]

So you’re saying Wyse Pocket cloud will let an iPad connect to Remote Desktop 
gateway?

In related news, how can you get an internet-based system to get to the RD 
Gateway without using RDS Web server? Just yesterday I was requested to see if 
a Mac can connect to our RDS farm, but my understanding was Mac OS and related 
non-MS stuff can’t use RDS Web since it requires ActiveX.

Dave

From: Daniel Rodriguez [mailto:drod...@gmail.com]
Sent: Thursday, September 22, 2011 7:22 AM
To: NT System Admin Issues
Subject: Re: Remote Desktop App recommendation?

Also, too, on the Wyse product, you can zoom in, or reduce, the screen. That 
way, if it looks too small, you can zoom in closer just to see a portion of the 
screen. If it wasn't for that, everything would be too small.

On Thu, Sep 22, 2011 at 10:12 AM, Ralph Smith 
mailto:m...@gatewayindustries.org>> wrote:
I used the Mochasoft app to remote to my Win 7 PC as a test and found it to be 
usable screen size wise, but my eyes ain’t what they used to be so I don’t 
think I’d be able to work like that consistently for any length of time.
Thanks for the recommendation and tip for Wyse.

From: Daniel Rodriguez [mailto:drod...@gmail.com]
Sent: Thursday, September 22, 2011 9:44 AM
To: NT System Admin Issues
Subject: Re: Remote Desktop App recommendation?

I am using Wyse Pocket cloud. Very solid product. But don't get confused. Wyse 
gives you the option to load a software agent on your computer, laptop/desktop, 
You don't have to install it. I use it on my Dell Streak 7 and am able to do 
all that you specified, though a bigger screen would definitely help.

Daniel
On Thu, Sep 22, 2011 at 9:37 AM, Ralph Smith 
mailto:m...@gatewayindustries.org>> wrote:
It seems like I saw this asked and answered here before but I can’t find the 
thread:
Anybody using a Remote Desktop app for iPad 2 that you can recommend that works 
with Windows Server 2003, 2008 R2 and Remote Desktop Gateway?

My CEO was just issued an iPad through another agency for which she serves on 
the board, and she wants to use it this way.  This is the first time I’ve 
actually touched an iPad.  I downloaded the free Remote Desktop Lite, but 
apparently Mochasofts’s remote desktop products can’t be used with Windows 
Servers.  Read a bunch of reviews and am considering trying either Antecea Easy 
Connect or Wyse PocketCloud, but there’s a lot of choices and am hoping to get 
a trusted recommendation from the list.

Thanks,

Ralph

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Remote Desktop App recommendation?

[Daniel Rodriguez]

Also, too, on the Wyse product, you can zoom in, or reduce, the screen. That
way, if it looks too small, you can zoom in closer just to see a portion of
the screen. If it wasn't for that, everything would be too small.


On Thu, Sep 22, 2011 at 10:12 AM, Ralph Smith wrote:

> I used the Mochasoft app to remote to my Win 7 PC as a test and found it to
> be usable screen size wise, but my eyes ain’t what they used to be so I
> don’t think I’d be able to work like that consistently for any length of
> time. 
>
> Thanks for the recommendation and tip for Wyse.
>
> ** **
>
> *From:* Daniel Rodriguez [mailto:drod...@gmail.com]
> *Sent:* Thursday, September 22, 2011 9:44 AM
> *To:* NT System Admin Issues
> *Subject:* Re: Remote Desktop App recommendation?
>
> ** **
>
> I am using Wyse Pocket cloud. Very solid product. But don't get confused.
> Wyse gives you the option to load a software agent on your computer,
> laptop/desktop, You don't have to install it. I use it on my Dell Streak 7
> and am able to do all that you specified, though a bigger screen would
> definitely help.
>
> Daniel
>
> On Thu, Sep 22, 2011 at 9:37 AM, Ralph Smith 
> wrote:
>
> It seems like I saw this asked and answered here before but I can’t find
> the thread:
>
> Anybody using a Remote Desktop app for iPad 2 that you can recommend that
> works with Windows Server 2003, 2008 R2 and Remote Desktop Gateway?
>
>  
>
> My CEO was just issued an iPad through another agency for which she serves
> on the board, and she wants to use it this way.  This is the first time I’ve
> actually touched an iPad.  I downloaded the free Remote Desktop Lite, but
> apparently Mochasofts’s remote desktop products can’t be used with Windows
> Servers.  Read a bunch of reviews and am considering trying either Antecea
> Easy Connect or Wyse PocketCloud, but there’s a lot of choices and am hoping
> to get a trusted recommendation from the list.
>
>  
>
> Thanks,
>
>  
>
> Ralph
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ** **
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Remote Desktop App recommendation?

[Ralph Smith]

I used the Mochasoft app to remote to my Win 7 PC as a test and found it to be 
usable screen size wise, but my eyes ain’t what they used to be so I don’t 
think I’d be able to work like that consistently for any length of time. 

Thanks for the recommendation and tip for Wyse.

 

From: Daniel Rodriguez [mailto:drod...@gmail.com] 
Sent: Thursday, September 22, 2011 9:44 AM
To: NT System Admin Issues
Subject: Re: Remote Desktop App recommendation?

 

I am using Wyse Pocket cloud. Very solid product. But don't get confused. Wyse 
gives you the option to load a software agent on your computer, laptop/desktop, 
You don't have to install it. I use it on my Dell Streak 7 and am able to do 
all that you specified, though a bigger screen would definitely help.

Daniel

On Thu, Sep 22, 2011 at 9:37 AM, Ralph Smith  wrote:

It seems like I saw this asked and answered here before but I can’t find the 
thread:

Anybody using a Remote Desktop app for iPad 2 that you can recommend that works 
with Windows Server 2003, 2008 R2 and Remote Desktop Gateway?

 

My CEO was just issued an iPad through another agency for which she serves on 
the board, and she wants to use it this way.  This is the first time I’ve 
actually touched an iPad.  I downloaded the free Remote Desktop Lite, but 
apparently Mochasofts’s remote desktop products can’t be used with Windows 
Servers.  Read a bunch of reviews and am considering trying either Antecea Easy 
Connect or Wyse PocketCloud, but there’s a lot of choices and am hoping to get 
a trusted recommendation from the list.

 

Thanks,

 

Ralph

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Solved: Windows/Exchange/Networking routing question

[Maglinger, Paul]

Okay, we got this working.  We were able to set up a static route on both sides 
to get this to work.

On one side:

#route add 10.111.101.0 mask 255.255.255.0 10.121.100.254 metric 1 -p

On the other:

#route add 10.121.101.0 mask 255.255.255.0 10.111.100.254 metric 1 -p

Should've occurred to us earlier.

-Original Message-

Windows 2003 DC, migrating from Exchange 2003 to 2010.  Setting up DAGs
and wanting to separate out the replication traffic from the rest of the
stuff.  We have 3 mailbox servers, two of which are at our site, the
other is at another site.  We can only have one gateway per server and
are trying to figure out how to get the replication traffic from A to B.

Site A Mailbox Server A data NIC - 10.111.100.1
Site A Mailbox Server A replication NIC - 10.111.101.30
24 bit SNM, 10.111.100.254 GW

Site A Mailbox Server B data NIC - 10.111.100.2
Site A Mailbox Server B replication NIC - 10.111.101.31
24 bit SNM, 10.111.100.254 GW

Site B Mailbox Server C data NIC - 10.121.100.3
Site B Mailbox Server C replication NIC - 10.121.101.32
24 bit SNM, 10.121.100.254 GW

-Paul

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Remote Desktop App recommendation?

[Daniel Rodriguez]

I am using Wyse Pocket cloud. Very solid product. But don't get confused.
Wyse gives you the option to load a software agent on your computer,
laptop/desktop, You don't have to install it. I use it on my Dell Streak 7
and am able to do all that you specified, though a bigger screen would
definitely help.

Daniel

On Thu, Sep 22, 2011 at 9:37 AM, Ralph Smith wrote:

> It seems like I saw this asked and answered here before but I can’t find
> the thread:
>
> Anybody using a Remote Desktop app for iPad 2 that you can recommend that
> works with Windows Server 2003, 2008 R2 and Remote Desktop Gateway?
>
> ** **
>
> My CEO was just issued an iPad through another agency for which she serves
> on the board, and she wants to use it this way.  This is the first time I’ve
> actually touched an iPad.  I downloaded the free Remote Desktop Lite, but
> apparently Mochasofts’s remote desktop products can’t be used with Windows
> Servers.  Read a bunch of reviews and am considering trying either Antecea
> Easy Connect or Wyse PocketCloud, but there’s a lot of choices and am hoping
> to get a trusted recommendation from the list.
>
> ** **
>
> Thanks,
>
> ** **
>
> Ralph
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Remote Desktop App recommendation?

[Ralph Smith]

It seems like I saw this asked and answered here before but I can't find
the thread:

Anybody using a Remote Desktop app for iPad 2 that you can recommend
that works with Windows Server 2003, 2008 R2 and Remote Desktop Gateway?

 

My CEO was just issued an iPad through another agency for which she
serves on the board, and she wants to use it this way.  This is the
first time I've actually touched an iPad.  I downloaded the free Remote
Desktop Lite, but apparently Mochasofts's remote desktop products can't
be used with Windows Servers.  Read a bunch of reviews and am
considering trying either Antecea Easy Connect or Wyse PocketCloud, but
there's a lot of choices and am hoping to get a trusted recommendation
from the list.

 

Thanks,

 

Ralph


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: SSL hack

[Guyer, Don]

I don't even pretend to be a security expert by any means, I find this
article confusing.

It seems to be a high vulnerability, but when I read the sentence "It
has long been theorized that attackers can manipulate the process to
make educated guesses about the contents of the plaintext blocks." What
exactly are they saying here? Are these blocks originally encrypted? If
so, once they manage to decrypt them, how do they make these "educated
guesses"? Does it take minutes/hours/days to come up with a correct
guess?

Don Guyer

Windows Systems Engineer

RIM Operations Engineering Distributed - A Team, Tier 2

Enterprise Technology Group

Fiserv

don.gu...@fiserv.com

Office: 1-800-523-7282 x 1673

Fax: 610-233-0404

www.fiserv.com  

 

 

From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Thursday, September 22, 2011 8:13 AM
To: NT System Admin Issues
Subject: RE: SSL hack

 

+1 this does not require MITM from what I have read and heard. Its
Javascript that performs the  role of the malicious actor and its
payload, which unfortunately, most browsers have on for web sites they
do business with to function, which also leaves the door up for
malware/spyware,. Drive by downloads. 

 

Z

 

Edward E. Ziots

CISSP, Network +, Security +

Security Engineer

Lifespan Organization

Email:ezi...@lifespan.org

Cell:401-639-3505

 

 

From: Erik Goldoff [mailto:egold...@gmail.com] 
Sent: Wednesday, September 21, 2011 10:25 AM
To: NT System Admin Issues
Subject: Re: SSL hack

 

cross check your source ... my sources show this does NOT require MITM,
just sniffing proximity, and client side soft(mal)ware injection, which
individually proves not to be difficult, just requires a bit of
coordination for both parts now.

On Wed, Sep 21, 2011 at 10:11 AM, Kennedy, Jim <
kennedy...@elyriaschools.org> wrote:

Ok, I have some insight on this one from a very trusted source.

 

1)  It requires a successful man in the middle attack which is not
that easy to do with SSL and it requires you to be on the same subnet as
the victim or the SSL host.

2)  The attack has been around for years, the only thing new here is
that someone sort of built a tool to do it and is getting press
coverage.

3)  Very low risk.

4)  Part of the exploit will be killed very quickly now that it has
gone public.

 

I am putting my SSL certs back in now.

 

From: Andrew S. Baker [mailto:asbz...@gmail.com] 
Sent: Wednesday, September 21, 2011 10:00 AM
To: NT System Admin Issues
Subject: Re: SSL hack

 

LOL


ASB

http://XeeMe.com/AndrewBaker

Harnessing the Advantages of Technology for the SMB market...

 

On Wed, Sep 21, 2011 at 8:39 AM, Kennedy, Jim <
kennedy...@elyriaschools.org> wrote:

I removed all my SSL certs, so they can't hack them. Just running
straight http, let's see them beat that!

 

From: Jonathan Link [mailto:jonathan.l...@gmail.com] 
Sent: Wednesday, September 21, 2011 8:39 AM
To: NT System Admin Issues
Subject: Re: SSL hack

 

I think everyone is cowering in their foxholes right now...

On Wed, Sep 21, 2011 at 8:33 AM, Erik Goldoff 
wrote:

H, looks like something I posted yesterday ... maybe you'll get more
response.



 

On Wed, Sep 21, 2011 at 8:30 AM, Steven M. Caesare <
scaes...@caesare.com> wrote:

Interesting, and potentially significant: 
http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/

 

-sc

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog!
~


~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyr

Re: Network Scanner Recommendation

[James Kerr]

That director should be on my office today so i'll talk to him and see if
they can cover that cost in the programs budget.

Thanks guys,

James

On Wed, Sep 21, 2011 at 6:22 PM, Lists - Level Five wrote:

> James I work with a scanning/cloud vendor in Miami and all they use is
> Fujitsus from the lower end to the high capacity, nothing else. The company
> swears by them…
>
> ** **
>
> *From:* James Kerr [mailto:cluster...@gmail.com]
> *Sent:* Wednesday, September 21, 2011 4:41 PM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Network Scanner Recommendation
>
> ** **
>
> Listen, did you smell that?
>
> On Wed, Sep 21, 2011 at 3:41 PM, Jonathan Link 
> wrote:
>
> I wrote it, too. :-)
>
> When you asked the question I wrote that it was doing this out of the box,
> intiially, and it freaked me out a bit.
>
> On Wed, Sep 21, 2011 at 3:34 PM, James Kerr  wrote:*
> ***
>
> Oh, I didn't hear you then.
>
> ** **
>
> On Wed, Sep 21, 2011 at 3:03 PM, Jonathan Link 
> wrote:
>
> I thought I said I know it does this...
>
> :-)
>
> On Wed, Sep 21, 2011 at 2:54 PM, James Kerr  wrote:*
> ***
>
> Cool. I'll call fujitsu and ask them about the one pdf per page
> requirement.
>
> ** **
>
> On Wed, Sep 21, 2011 at 2:33 PM, Jonathan Link 
> wrote:
>
>
> http://www.cdw.com/shop/products/Fujitsu-Scansnap-network-fi-6010n-i-scanner/1912903.aspx
> 
>
> This is the same model as what I have. It's come down about $1,000, IIRC.*
> ***
>
> It has a high duty cycle, which was a high priority for us.  My boss wanted
> to go the $1,000 scanner route, but I pointed out the distinct possibility
> that it would probably require a greater interval of service, and my
> argument was set.  Thankfully, spending the extra $$$ has paid off well.  It
> scans both sides of a sheet at the same time, discarding empty pages.
>
>  
>
> I did not pay for a service contract on it, my boss and I thought the
> gamble was worth it.  She gambles on things like this, and tends to be
> lucky.  Since I got the scanner I wanted, I didn't push the service
> contract.
>
>  
>
>  
>
>  
>
>  
>
> On Wed, Sep 21, 2011 at 2:20 PM, James Kerr  wrote:*
> ***
>
> Jonathan, do you know if the Fujitsus have the ability to scan each page as
> a single pdf? I can always go to the powers that be and tell them that this
> is what they need and why and see what they want to do. Currently they are
> using an HP Officejet M1210 that was given to us by the county for that
> program but I imagine it won't last long, as its scanning all day long.***
> *
>
> On Wed, Sep 21, 2011 at 1:56 PM, Jonathan Link 
> wrote:
>
> Yeah, to be blunt, that budget is unrealistic.
>
>  
>
> I hated spending as much as I did on the Fuji, at the time.  However, I
> have not messed with it since I set it up.  Since the people who use it are
> all chargeable, saving them time is money well spent.  And the use case is
> similar, this was put in place to augment scanning capability, since the
> MFPs are so congested.
>
>
>
>  
>
> On Wed, Sep 21, 2011 at 1:44 PM, James Kerr  wrote:*
> ***
>
> I should have mentioned the budget is under $1k. A copier is not an option.
> We actually have copiers that can do this but in this case we need something
> small that a small group of users can use without having to be around the
> very busy copiers. I have found one that will do everything I need but
> doesn't have good reviews, the HP Scanjet N6350.
>
> On Wed, Sep 21, 2011 at 10:25 AM, Jonathan Link 
> wrote:
>
> Budget?
>
> Three years ago purchased a Fujitsu Fi-6010N.  It has worked very well for
> us.  It is a secondary scanner (mostly use MFP devices), but it has scanned
> well over 50,000 pages without any need for service.  
>
> I have a kit to replace some parts that are worn out.  I bought it around
> the 50,000 page mark, which is the recommended service interval, but have
> not had any complaints or problems reported, so I haven't used the kit, yet.
> 
>
> You can get service contracts for it, too.
>
>  
>
> I think we spent ~$3,000 for it.
>
>
>  
>
> On Wed, Sep 21, 2011 at 10:20 AM, James Kerr  wrote:
> 
>
> Heh guys,
>
> I need to get a network scanner that can scan to a network share and (this
> is important) scan a stack of paper and create a separate pdf for each page.
> It also needs to not be a SOHO device, something that can handle a decent
> volume and that I can get a service contract with. Anyone have any ideas?
>
> Thanks,
>
> James
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>
>
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ** **
>
> ~ Finally, powerful endpoint security that ISN'T a resource

RE: SSL hack

[Ziots, Edward]

+1 this does not require MITM from what I have read and heard. Its
Javascript that performs the  role of the malicious actor and its
payload, which unfortunately, most browsers have on for web sites they
do business with to function, which also leaves the door up for
malware/spyware,. Drive by downloads. 

 

Z

 

Edward E. Ziots

CISSP, Network +, Security +

Security Engineer

Lifespan Organization

Email:ezi...@lifespan.org

Cell:401-639-3505

 

 

From: Erik Goldoff [mailto:egold...@gmail.com] 
Sent: Wednesday, September 21, 2011 10:25 AM
To: NT System Admin Issues
Subject: Re: SSL hack

 

cross check your source ... my sources show this does NOT require MITM,
just sniffing proximity, and client side soft(mal)ware injection, which
individually proves not to be difficult, just requires a bit of
coordination for both parts now.

On Wed, Sep 21, 2011 at 10:11 AM, Kennedy, Jim <
kennedy...@elyriaschools.org> wrote:

Ok, I have some insight on this one from a very trusted source.

 

1)  It requires a successful man in the middle attack which is not
that easy to do with SSL and it requires you to be on the same subnet as
the victim or the SSL host.

2)  The attack has been around for years, the only thing new here is
that someone sort of built a tool to do it and is getting press
coverage.

3)  Very low risk.

4)  Part of the exploit will be killed very quickly now that it has
gone public.

 

I am putting my SSL certs back in now.

 

From: Andrew S. Baker [mailto:asbz...@gmail.com] 
Sent: Wednesday, September 21, 2011 10:00 AM
To: NT System Admin Issues
Subject: Re: SSL hack

 

LOL


ASB

http://XeeMe.com/AndrewBaker

Harnessing the Advantages of Technology for the SMB market...

 

On Wed, Sep 21, 2011 at 8:39 AM, Kennedy, Jim <
kennedy...@elyriaschools.org> wrote:

I removed all my SSL certs, so they can't hack them. Just running
straight http, let's see them beat that!

 

From: Jonathan Link [mailto:jonathan.l...@gmail.com] 
Sent: Wednesday, September 21, 2011 8:39 AM
To: NT System Admin Issues
Subject: Re: SSL hack

 

I think everyone is cowering in their foxholes right now...

On Wed, Sep 21, 2011 at 8:33 AM, Erik Goldoff 
wrote:

H, looks like something I posted yesterday ... maybe you'll get more
response.



 

On Wed, Sep 21, 2011 at 8:30 AM, Steven M. Caesare <
scaes...@caesare.com> wrote:

Interesting, and potentially significant: 
http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/

 

-sc

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog!
~


~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To