RE: Macs and vunerabilities

[James Hill]

Let's come back in a year or two and see what they think of their decision then.

I can't get my head around making a change like this only to run Windows(via 
Citrix or whatever) on it anyway.

-Original Message-
From: Ken Schaefer [mailto:k...@adopenstatic.com] 
Sent: Tuesday, 18 October 2011 12:53 PM
To: NT System Admin Issues
Subject: RE: Macs and vunerabilities

When I said "it doesn't matter", I'm speaking to the technical points - not the 
commercials, legals, occupational health and safety etc. concerns.

FWIW, this bank is already offering this in Aus:
http://www.theaustralian.com.au/australian-it/suncorp-goes-byo-in-hardware-as-staff-are-encouraged-to-plug-in-their-devices/story-e6frgakx-1226029655986

Given their size (16,000 employees), I'm sure they've done their due diligence.

Cheers
Ken

-Original Message-
From: Alan Davies [mailto:adav...@cls-services.com]
Sent: Monday, 17 October 2011 11:30 PM
To: NT System Admin Issues
Subject: RE: Macs and vunerabilities

Not true - you take on liability as an employer.  You may protect the rest of 
your network to some extent with the example below, but it doesn't change your 
liability.  And I'd still want a VPN in front of RDS/Citrix rather than direct 
access - you wouldn't put your Citrix servers direct on the Internet ...



a

-Original Message-
From: Ken Schaefer [mailto:k...@adopenstatic.com]
Sent: 17 October 2011 16:28
To: NT System Admin Issues
Subject: RE: Macs and vunerabilities

You could provide all corporate services via VDI (RDS or Citrix). With other 
isolation techniques, it doesn't really matter what the end users bring in. 
Also have some policies for end-users to follow (e.g.
installing AV - that can be managed centrally without them having to be part of 
a domain).

There's at least one mid-tier bank in Aus doing this very thing
(Suncorp-Metway)

Cheers
Ken


WARNING:
The information in this email and any attachments is confidential and may be 
legally privileged.

If you are not the named addressee, you must not use, copy or disclose this 
email (including any attachments) or the information in it save to the named 
addressee nor take any action in reliance on it. If you receive this email or 
any attachments in error, please notify the sender immediately and then delete 
the same and any copies.

"CLS Services Ltd × Registered in England No 4132704 × Registered Office: 
Exchange Tower × One Harbour Exchange Square × London E14 9GE"


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Free Partition recovery tool

[Jon Harris]

That was the one I was trying to think of!  Thank you both.

Jon

On Mon, Oct 17, 2011 at 10:48 PM, Ben Scott  wrote:

> On Mon, Oct 17, 2011 at 10:32 PM, Jon Harris  wrote:
> > Looking on Google that are thousands of partition recovery tools, some
> even
> > for free.  Not many though.  I have a USB thumb drive that the partition
> was
> > deleted.  What is a good tool to use that is free if possible to recover
> the
> > data?
>
>   gpart is a Linux tool, available on various rescue CDs, that might
> do it.  It guesses partition tables using various methods.
>
> -- Ben
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Free Partition recovery tool

[Joseph L. Casale]

Testdisk, http://www.cgsecurity.org/wiki/TestDisk

Just had an Adaptec snap server exporting a myriad of iscis targets to esxi, 
linux and windows machines with everything from xfs to ntfs partitions shit the 
bed.

Got it all back by mounting the external arrays on an old HP with the sas card 
yanked I out of the dead chassis.

From: Jon Harris [mailto:jk.har...@gmail.com]
Sent: Monday, October 17, 2011 8:33 PM
To: NT System Admin Issues
Subject: Free Partition recovery tool

Looking on Google that are thousands of partition recovery tools, some even for 
free.  Not many though.  I have a USB thumb drive that the partition was 
deleted.  What is a good tool to use that is free if possible to recover the 
data?

Thanks for your recommendations,

Jon

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Macs and vunerabilities

[Ken Schaefer]

When I said "it doesn't matter", I'm speaking to the technical points - not the 
commercials, legals, occupational health and safety etc. concerns.

FWIW, this bank is already offering this in Aus:
http://www.theaustralian.com.au/australian-it/suncorp-goes-byo-in-hardware-as-staff-are-encouraged-to-plug-in-their-devices/story-e6frgakx-1226029655986

Given their size (16,000 employees), I'm sure they've done their due diligence.

Cheers
Ken

-Original Message-
From: Alan Davies [mailto:adav...@cls-services.com] 
Sent: Monday, 17 October 2011 11:30 PM
To: NT System Admin Issues
Subject: RE: Macs and vunerabilities

Not true - you take on liability as an employer.  You may protect the rest of 
your network to some extent with the example below, but it doesn't change your 
liability.  And I'd still want a VPN in front of RDS/Citrix rather than direct 
access - you wouldn't put your Citrix servers direct on the Internet ...



a

-Original Message-
From: Ken Schaefer [mailto:k...@adopenstatic.com]
Sent: 17 October 2011 16:28
To: NT System Admin Issues
Subject: RE: Macs and vunerabilities

You could provide all corporate services via VDI (RDS or Citrix). With other 
isolation techniques, it doesn't really matter what the end users bring in. 
Also have some policies for end-users to follow (e.g.
installing AV - that can be managed centrally without them having to be part of 
a domain).

There's at least one mid-tier bank in Aus doing this very thing
(Suncorp-Metway)

Cheers
Ken


WARNING:
The information in this email and any attachments is confidential and may be 
legally privileged.

If you are not the named addressee, you must not use, copy or disclose this 
email (including any attachments) or the information in it save to the named 
addressee nor take any action in reliance on it. If you receive this email or 
any attachments in error, please notify the sender immediately and then delete 
the same and any copies.

"CLS Services Ltd × Registered in England No 4132704 × Registered Office: 
Exchange Tower × One Harbour Exchange Square × London E14 9GE"


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Free Partition recovery tool

[Ben Scott]

On Mon, Oct 17, 2011 at 10:32 PM, Jon Harris  wrote:
> Looking on Google that are thousands of partition recovery tools, some even
> for free.  Not many though.  I have a USB thumb drive that the partition was
> deleted.  What is a good tool to use that is free if possible to recover the
> data?

  gpart is a Linux tool, available on various rescue CDs, that might
do it.  It guesses partition tables using various methods.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Dell.com down

[Lists - Level Five]

I actually noticed this earlier today in Florida, I was looking up a dozen
servers id tags, and it stopped giving me the warranty info, and then a few
more later it couldn't give the original config page ... so I left for the
day :)


-Original Message-
From: Charlie Kaiser [mailto:charl...@golden-eagle.org] 
Sent: Monday, October 17, 2011 8:44 PM
To: NT System Admin Issues
Subject: RE: Dell.com down

Back up here...

***
Charlie Kaiser
charl...@golden-eagle.org
Kingman, AZ
***  


> -Original Message-
> From: Devin Meade [mailto:devin.me...@gmail.com]
> Sent: Monday, October 17, 2011 3:27 PM
> To: NT System Admin Issues
> Subject: Dell.com down
> 
> Hmm ... I can't get to www.dell.com on multiple computers with 
> different
ISP's.  Seems it
> not available in the Oklahoma City area.  Anyone else see this?  Maybe
they run
> blackberries :-/.
> 
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
> 
> ---
> To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin



~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: San recommendations

[Lists - Level Five]

Nexenta?  

 

From: Greg Sweers [mailto:gswe...@acts360.com] 
Sent: Monday, October 17, 2011 9:02 PM
To: NT System Admin Issues
Subject: San recommendations

 

Recommendations..

 

Need about 12TB, ability to scale up, ISCSI for SQL/Exchange, Dedupe at the
block level, Don't need replication at the moment.

 

Got a quote on an EQ box, anyone else throw out recommendations.

 

Thx

 

Greg Sweers

CEO

  ACTS360.com

P.O. Box 1193

Brandon, FL  33509

813-657-0849 Office

813-758-6850 Cell

813-341-1270 Fax

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Dell.com down

[Charlie Kaiser]

Back up here...

***
Charlie Kaiser
charl...@golden-eagle.org
Kingman, AZ
***  


> -Original Message-
> From: Devin Meade [mailto:devin.me...@gmail.com]
> Sent: Monday, October 17, 2011 3:27 PM
> To: NT System Admin Issues
> Subject: Dell.com down
> 
> Hmm ... I can't get to www.dell.com on multiple computers with different
ISP's.  Seems it
> not available in the Oklahoma City area.  Anyone else see this?  Maybe
they run
> blackberries :-/.
> 
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
> 
> ---
> To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Dell.com down

[David]

Up in Oregon.



On Mon, Oct 17, 2011 at 3:30 PM, Greg Olson  wrote:

> It's dead Jim
>
> -Original Message-
> From: Charlie Kaiser [mailto:charl...@golden-eagle.org]
> Sent: Monday, October 17, 2011 3:30 PM
> To: NT System Admin Issues
> Subject: RE: Dell.com down
>
> Same here. Support.dell.com not available...
>
> ***
> Charlie Kaiser
> charl...@golden-eagle.org
> Kingman, AZ
> ***
>
>
> > -Original Message-
> > From: Devin Meade [mailto:devin.me...@gmail.com]
> > Sent: Monday, October 17, 2011 3:27 PM
> > To: NT System Admin Issues
> > Subject: Dell.com down
> >
> > Hmm ... I can't get to www.dell.com on multiple computers with
> > different
> ISP's.  Seems it
> > not available in the Oklahoma City area.  Anyone else see this?  Maybe
> they run
> > blackberries :-/.
> >
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
> >   ~
> >
> > ---
> > To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> > or send an email to listmana...@lyris.sunbeltsoftware.com
> > with the body: unsubscribe ntsysadmin
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <
> http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>


-- 
David

_

My short term goal is to make it through the day.
My long term goal is to string a bunch of short term goals together.
*
*

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Dell.com down

[Sean Martin]

Works in Anchorage AK.

- Sean

On Mon, Oct 17, 2011 at 3:47 PM, John C Owen wrote:

>  It’s up here in Londonderry, NH Verizon FIOS
>
> ** **
>
> *From:* Jonathan Link [mailto:jonathan.l...@gmail.com]
> *Sent:* Monday, October 17, 2011 6:38 PM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Dell.com down
>
>   ** **
>
> It's up here/now (Charleston, WV/SuddenLink cable).
>
>
>
>  
>
> On Mon, Oct 17, 2011 at 6:32 PM, Devin Meade 
> wrote:
>
> Okay, let see my choices: (1) fight this or (2) go play football with my
> son and team.  Hmmm .. pick this up tomorrow!
>
> On Mon, Oct 17, 2011 at 5:30 PM, Greg Olson 
> wrote:
>
> It's dead Jim
>
>
> -Original Message-
> From: Charlie Kaiser [mailto:charl...@golden-eagle.org]
>
> Sent: Monday, October 17, 2011 3:30 PM
> To: NT System Admin Issues
>
> Subject: RE: Dell.com down
>
> Same here. Support.dell.com  not available...
>
> ***
> Charlie Kaiser
> charl...@golden-eagle.org
> Kingman, AZ
> ***
>
>
> > -Original Message-
>
> > From: Devin Meade [mailto:devin.me...@gmail.com]
> > Sent: Monday, October 17, 2011 3:27 PM
> > To: NT System Admin Issues
> > Subject: Dell.com down
> >
> > Hmm ... I can't get to www.dell.com on multiple computers with
> > different
> ISP's.  Seems it
> > not available in the Oklahoma City area.  Anyone else see this?  Maybe
> they run
> > blackberries :-/.
> >
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
> >   ~
> >
> > ---
> > To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> > or send an email to listmana...@lyris.sunbeltsoftware.com
> > with the body: unsubscribe ntsysadmin
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <
> http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>  ** **
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ** **
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Dell.com down

[John C Owen]

It's up here in Londonderry, NH Verizon FIOS

From: Jonathan Link [mailto:jonathan.l...@gmail.com]
Sent: Monday, October 17, 2011 6:38 PM
To: NT System Admin Issues
Subject: Re: Dell.com down

It's up here/now (Charleston, WV/SuddenLink cable).



On Mon, Oct 17, 2011 at 6:32 PM, Devin Meade 
mailto:devin.me...@gmail.com>> wrote:
Okay, let see my choices: (1) fight this or (2) go play football with my son 
and team.  Hmmm .. pick this up tomorrow!
On Mon, Oct 17, 2011 at 5:30 PM, Greg Olson 
mailto:gol...@markettools.com>> wrote:
It's dead Jim

-Original Message-
From: Charlie Kaiser 
[mailto:charl...@golden-eagle.org]
Sent: Monday, October 17, 2011 3:30 PM
To: NT System Admin Issues
Subject: RE: Dell.com down

Same here. Support.dell.com not available...

***
Charlie Kaiser
charl...@golden-eagle.org
Kingman, AZ
***


> -Original Message-
> From: Devin Meade [mailto:devin.me...@gmail.com]
> Sent: Monday, October 17, 2011 3:27 PM
> To: NT System Admin Issues
> Subject: Dell.com down
>
> Hmm ... I can't get to www.dell.com on multiple 
> computers with
> different
ISP's.  Seems it
> not available in the Oklahoma City area.  Anyone else see this?  Maybe
they run
> blackberries :-/.
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>   ~
>
> ---
> To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to 
> listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin



~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: WireShark analysis for pay

[Kurt Buff]

Ack.

Never mind.

I thought those folks did analysis for a living, but I was wrong. They
just provide tools for others to do so.

Kurt

On Mon, Oct 17, 2011 at 15:20, Webster  wrote:
> Don't see how that helps with analyzing the Wireshark trace files they 
> currently have?
>
>
> Carl Webster
>
> Consultant and Citrix Technology Professional
>
> http://www.CarlWebster.com
>
> 
> From: Kurt Buff [kurt.b...@gmail.com]
> Sent: Monday, October 17, 2011 5:10 PM
> To: NT System Admin Issues
> Subject: Re: WireShark analysis for pay
>
> Ttry this:
> http://appliance.cloudshark.org/about-cloudshark.html
>
> On Mon, Oct 17, 2011 at 14:34, Webster  wrote:
>> Have a customer with Wyse zero client devices.  They are constantly getting
>> "ICA Connection Reset by Peer".  According to Google, this issue seems to
>> occur only with Wyse thin clients.  This customer has a Wyse maintenance
>> contract but Wyse appears to not be concerned with fixing this issue for
>> this customer on their devices.
>>
>> Customer has followed Wyse's instructions and obtained Wireshark traces on
>> three devices having this connection issue.  Since Wyse appears to not care
>> to resolve the issue, the customer has asked me to see if I can find someone
>> who could analyze the Wireshark traces (for pay) and see if they could
>> possibly find what the culprit may be.  The users are having this connection
>> reset issue continually and as you can image the users and the IT staff
>> would like this resolved promptly.
>>
>> If you are experienced at reading Wireshark traces and would like to make
>> some money while doing so, contact me off list.  webs...@carlwebster.com
>>
>> Thanks
>>
>>
>> Carl Webster
>>
>> Consultant and Citrix Technology Professional
>>
>> http://www.CarlWebster.com
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Dell.com down

[Jonathan Link]

It's up here/now (Charleston, WV/SuddenLink cable).



On Mon, Oct 17, 2011 at 6:32 PM, Devin Meade  wrote:

> Okay, let see my choices: (1) fight this or (2) go play football with my
> son and team.  Hmmm .. pick this up tomorrow!
>
>  On Mon, Oct 17, 2011 at 5:30 PM, Greg Olson wrote:
>
>> It's dead Jim
>>
>> -Original Message-
>> From: Charlie Kaiser [mailto:charl...@golden-eagle.org]
>> Sent: Monday, October 17, 2011 3:30 PM
>> To: NT System Admin Issues
>>   Subject: RE: Dell.com down
>>
>> Same here. Support.dell.com  not available...
>>
>> ***
>> Charlie Kaiser
>> charl...@golden-eagle.org
>> Kingman, AZ
>> ***
>>
>>
>> > -Original Message-
>>  > From: Devin Meade [mailto:devin.me...@gmail.com]
>> > Sent: Monday, October 17, 2011 3:27 PM
>> > To: NT System Admin Issues
>> > Subject: Dell.com down
>> >
>> > Hmm ... I can't get to www.dell.com on multiple computers with
>> > different
>> ISP's.  Seems it
>> > not available in the Oklahoma City area.  Anyone else see this?  Maybe
>> they run
>> > blackberries :-/.
>> >
>> >
>> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>> >   ~
>> >
>> > ---
>> > To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> > or send an email to listmana...@lyris.sunbeltsoftware.com
>> > with the body: unsubscribe ntsysadmin
>>
>>
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <
>> http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Dell.com down

[Devin Meade]

Okay, let see my choices: (1) fight this or (2) go play football with my son
and team.  Hmmm .. pick this up tomorrow!

On Mon, Oct 17, 2011 at 5:30 PM, Greg Olson  wrote:

> It's dead Jim
>
> -Original Message-
> From: Charlie Kaiser [mailto:charl...@golden-eagle.org]
> Sent: Monday, October 17, 2011 3:30 PM
> To: NT System Admin Issues
> Subject: RE: Dell.com down
>
> Same here. Support.dell.com not available...
>
> ***
> Charlie Kaiser
> charl...@golden-eagle.org
> Kingman, AZ
> ***
>
>
> > -Original Message-
> > From: Devin Meade [mailto:devin.me...@gmail.com]
> > Sent: Monday, October 17, 2011 3:27 PM
> > To: NT System Admin Issues
> > Subject: Dell.com down
> >
> > Hmm ... I can't get to www.dell.com on multiple computers with
> > different
> ISP's.  Seems it
> > not available in the Oklahoma City area.  Anyone else see this?  Maybe
> they run
> > blackberries :-/.
> >
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
> >   ~
> >
> > ---
> > To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> > or send an email to listmana...@lyris.sunbeltsoftware.com
> > with the body: unsubscribe ntsysadmin
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <
> http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Dell.com down

[Hugo Hernandez]

I tried getting to the site here with two different carriers and the site is 
not loading.  Orange County, CA

Hugo Hernandez
IT Manager

FUTURE ADS LLC

* E-mail: h...@futureads.com
The information contained in this email message is PRIVILEGED AND CONFIDENTIAL 
INFORMATION intended only for the use of the individual or entity it was 
directly addressed to. If the reader of this message is not the intended 
recipient, you are hereby notified that any dissemination, distribution or copy 
of this communication is strictly prohibited. If you have received this 
communication in error, please immediately notify us by email. Thank you.

From: Devin Meade [mailto:devin.me...@gmail.com]
Sent: Monday, October 17, 2011 3:27 PM
To: NT System Admin Issues
Subject: Dell.com down

Hmm ... I can't get to www.dell.com on multiple computers 
with different ISP's.  Seems it not available in the Oklahoma City area.  
Anyone else see this?  Maybe they run blackberries :-/.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Dell.com down

[Greg Olson]

It's dead Jim

-Original Message-
From: Charlie Kaiser [mailto:charl...@golden-eagle.org] 
Sent: Monday, October 17, 2011 3:30 PM
To: NT System Admin Issues
Subject: RE: Dell.com down

Same here. Support.dell.com not available...

***
Charlie Kaiser
charl...@golden-eagle.org
Kingman, AZ
***  


> -Original Message-
> From: Devin Meade [mailto:devin.me...@gmail.com]
> Sent: Monday, October 17, 2011 3:27 PM
> To: NT System Admin Issues
> Subject: Dell.com down
> 
> Hmm ... I can't get to www.dell.com on multiple computers with 
> different
ISP's.  Seems it
> not available in the Oklahoma City area.  Anyone else see this?  Maybe
they run
> blackberries :-/.
> 
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
> 
> ---
> To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin



~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Dell.com down

[Charlie Kaiser]

Same here. Support.dell.com not available...

***
Charlie Kaiser
charl...@golden-eagle.org
Kingman, AZ
***  


> -Original Message-
> From: Devin Meade [mailto:devin.me...@gmail.com]
> Sent: Monday, October 17, 2011 3:27 PM
> To: NT System Admin Issues
> Subject: Dell.com down
> 
> Hmm ... I can't get to www.dell.com on multiple computers with different
ISP's.  Seems it
> not available in the Oklahoma City area.  Anyone else see this?  Maybe
they run
> blackberries :-/.
> 
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
> 
> ---
> To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Dell.com down

[Devin Meade]

Hmm ... I can't get to www.dell.com on multiple computers with different
ISP's.  Seems it not available in the Oklahoma City area.  Anyone else see
this?  Maybe they run blackberries :-/.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: WireShark analysis for pay

[Webster]

Don't see how that helps with analyzing the Wireshark trace files they 
currently have?

 
Carl Webster

Consultant and Citrix Technology Professional

http://www.CarlWebster.com


From: Kurt Buff [kurt.b...@gmail.com]
Sent: Monday, October 17, 2011 5:10 PM
To: NT System Admin Issues
Subject: Re: WireShark analysis for pay

Ttry this:
http://appliance.cloudshark.org/about-cloudshark.html

On Mon, Oct 17, 2011 at 14:34, Webster  wrote:
> Have a customer with Wyse zero client devices.  They are constantly getting
> "ICA Connection Reset by Peer".  According to Google, this issue seems to
> occur only with Wyse thin clients.  This customer has a Wyse maintenance
> contract but Wyse appears to not be concerned with fixing this issue for
> this customer on their devices.
>
> Customer has followed Wyse's instructions and obtained Wireshark traces on
> three devices having this connection issue.  Since Wyse appears to not care
> to resolve the issue, the customer has asked me to see if I can find someone
> who could analyze the Wireshark traces (for pay) and see if they could
> possibly find what the culprit may be.  The users are having this connection
> reset issue continually and as you can image the users and the IT staff
> would like this resolved promptly.
>
> If you are experienced at reading Wireshark traces and would like to make
> some money while doing so, contact me off list.  webs...@carlwebster.com
>
> Thanks
>
>
> Carl Webster
>
> Consultant and Citrix Technology Professional
>
> http://www.CarlWebster.com
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: WireShark analysis for pay

[Webster]

Not that we can find or that Wyse will tell us about.  It also appears that 
after the end of the business day the errors go away.  Which makes me think 
these devices are extremely sensitive to bandwidth availability.  Not being a 
Packet Head, I have suggested they move the Wyse devices into their own VLAN 
(easy to say for someone who has no idea of what is involved in my suggestion). 
 They have no problem with testing my suggestion.

Thanks



Carl Webster

Consultant and Citrix Technology Professional

http://www.CarlWebster.com


From: Micheal Espinola Jr [michealespin...@gmail.com]
Sent: Monday, October 17, 2011 5:08 PM
To: NT System Admin Issues
Subject: Re: WireShark analysis for pay

Pardon my inexperience with these devices, but are there no timeout settings to 
tweak?

--
Espi





On Mon, Oct 17, 2011 at 2:34 PM, Webster 
mailto:webs...@carlwebster.com>> wrote:
Have a customer with Wyse zero client devices.  They are constantly getting 
"ICA Connection Reset by Peer".  According to Google, this issue seems to occur 
only with Wyse thin clients.  This customer has a Wyse maintenance contract but 
Wyse appears to not be concerned with fixing this issue for this customer on 
their devices.

Customer has followed Wyse's instructions and obtained Wireshark traces on 
three devices having this connection issue.  Since Wyse appears to not care to 
resolve the issue, the customer has asked me to see if I can find someone who 
could analyze the Wireshark traces (for pay) and see if they could possibly 
find what the culprit may be.  The users are having this connection reset issue 
continually and as you can image the users and the IT staff would like this 
resolved promptly.

If you are experienced at reading Wireshark traces and would like to make some 
money while doing so, contact me off list.  
webs...@carlwebster.com

Thanks



Carl Webster

Consultant and Citrix Technology Professional

http://www.CarlWebster.com

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: WireShark analysis for pay

[Kurt Buff]

Ttry this:
http://appliance.cloudshark.org/about-cloudshark.html

On Mon, Oct 17, 2011 at 14:34, Webster  wrote:
> Have a customer with Wyse zero client devices.  They are constantly getting
> "ICA Connection Reset by Peer".  According to Google, this issue seems to
> occur only with Wyse thin clients.  This customer has a Wyse maintenance
> contract but Wyse appears to not be concerned with fixing this issue for
> this customer on their devices.
>
> Customer has followed Wyse's instructions and obtained Wireshark traces on
> three devices having this connection issue.  Since Wyse appears to not care
> to resolve the issue, the customer has asked me to see if I can find someone
> who could analyze the Wireshark traces (for pay) and see if they could
> possibly find what the culprit may be.  The users are having this connection
> reset issue continually and as you can image the users and the IT staff
> would like this resolved promptly.
>
> If you are experienced at reading Wireshark traces and would like to make
> some money while doing so, contact me off list.  webs...@carlwebster.com
>
> Thanks
>
>
> Carl Webster
>
> Consultant and Citrix Technology Professional
>
> http://www.CarlWebster.com
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: WireShark analysis for pay

[Micheal Espinola Jr]

Pardon my inexperience with these devices, but are there no timeout settings
to tweak?

--
Espi





On Mon, Oct 17, 2011 at 2:34 PM, Webster  wrote:

>  Have a customer with Wyse zero client devices.  They are constantly
> getting "ICA Connection Reset by Peer".  According to Google, this issue
> seems to occur only with Wyse thin clients.  This customer has a Wyse
> maintenance contract but Wyse appears to not be concerned with fixing this
> issue for this customer on their devices.
>
> Customer has followed Wyse's instructions and obtained Wireshark traces on
> three devices having this connection issue.  Since Wyse appears to not care
> to resolve the issue, the customer has asked me to see if I can find someone
> who could analyze the Wireshark traces (for pay) and see if they could
> possibly find what the culprit may be.  The users are having this connection
> reset issue continually and as you can image the users and the IT staff
> would like this resolved promptly.
>
> If you are experienced at reading Wireshark traces and would like to make
> some money while doing so, contact me off list.  webs...@carlwebster.com
>
> Thanks
>
>
>   Carl Webster
>
> Consultant and Citrix Technology Professional
>
> http://www.CarlWebster.com 
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Lync server

[David Lum]

Since I found too many oddities I am creating two new VM's of our DC's and will 
try again tomorrow.

From: Brian Desmond [mailto:br...@briandesmond.com]
Sent: Friday, October 14, 2011 8:07 PM
To: NT System Admin Issues
Subject: RE: Lync server

Having the schema master in a subdomain is fine. It sounds to me like you have 
a global catalog or trust problem, though. If you login with a user in the root 
domain (in schema admins), is it in your token?

Have you done a metadata cleanup of the missing DCs? If you connect to the 
child domain DC with LDP, is isGlobalCatalogReady==TRUE?

Thanks,
Brian Desmond
br...@briandesmond.com

w - 312.625.1438 | c   - 312.731.3132

From: David Lum [mailto:david@nwea.org]
Sent: Friday, October 14, 2011 9:12 PM
To: NT System Admin Issues
Subject: RE: Lync server

Ok here's something: Checking this out while ROOTDC1 is in the root of the 
forest, the schema master is actually SUBDOMAINDC1 (seems weird). I have VMs of 
ROOTDC1 and SUBDOMAINDC1 but neither od the "DC2" servers.

Roles:
Schema master: SUBDOMAINDC1
Domain naming master: ROOTDC1
RID: ROOTDC1 (for root), SUBDOMAINDC1 for subdomain)
PDC: ROOTDC1 (for root), SUBDOMAINDC1 for subdomain)
Infrastructure: ROOTDC2 (for root), SUBDOMAINDC2 (for subdomain)
GC: ROOTDC1, SUBDOMAINDC1

Where do I look to fix my issue?

Dave

From: David Lum [mailto:david@nwea.org]
Sent: Friday, October 14, 2011 6:57 PM
To: NT System Admin Issues
Subject: RE: Lync server

OK That's firggin' weird, I just learned of whoami as a Win command yesterday.

And doing that...no, I am not! In my sandbox I have cloned 2 of our 4 
production DC's - one is a forest root machine and the other is a subdomain DC. 
Am I possibly missing a critical role master?

Dave

From: Brian Desmond 
[mailto:br...@briandesmond.com]
Sent: Friday, October 14, 2011 5:04 PM
To: NT System Admin Issues
Subject: RE: Lync server

IF you run whoami /groups, is it listed?

Thanks,
Brian Desmond
br...@briandesmond.com

w - 312.625.1438 | c   - 312.731.3132

From: David Lum [mailto:david@nwea.org]
Sent: Friday, October 14, 2011 3:56 PM
To: NT System Admin Issues
Subject: Lync server

I am trying to install a Lync server in a sandbox with some DC's. When I run 
the deployment wizard and try to extend the schema it tells me it can't 
complete the command because I am not in the schema admins groupoohh, but I 
am!

One slight twist is I am using an account from subdomain.nwea.org that is in 
schema admins group in nwea.org, but as that account is in schema admins it 
shouldn't matter.

Anyone run into this? It gives me this message when I run "prepare Active 
Directory for Lync server
http://www.ocspedia.com/fe/Install_Microsoft_Lync_Server_2010.aspx?ArticleID=103
David Lum
Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ 

RE: Help with PS script?

[Michael B. Smith]

That'll do it!

Sent from my HTC Tilt™ 2, a Windows® phone from AT&T


From: Damien Solodow 
Sent: Monday, October 17, 2011 5:23 PM
To: NT System Admin Issues 
Subject: RE: Help with PS script?

I’m an idjit.
The problem is that the machines in question don’t have DCOM enabled. No DCOM, 
no remote WMI.

DAMIEN SOLODOW
Systems Engineer
317.447.6033 (office)
317.447.6014 (fax)
HARRISON COLLEGE

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Monday, October 17, 2011 5:07 PM
To: NT System Admin Issues
Subject: RE: Help with PS script?

Is it consistently the same computers? If so, you need to look at the 
permissions on the objects...

Sent from my HTC Tilt™ 2, a Windows® phone from AT&T

From: Damien Solodow 
Sent: Monday, October 17, 2011 4:36 PM
To: NT System Admin Issues 
Subject: RE: Help with PS script?
Ok, one more weird thing. I’ve got it getting a list of computers via 
get-adcomputer to run against, and most of the computers it’s fine one. But a 
number of them return an access denied during the foreach-object.

However, if I modify the filter to run against some of the machines reporting 
access denied, they return fine.

Here is the current script:
Import-Module ActiveDirectory
$adminaccount = Get-Credential
Get-ADComputer -Filter {OperatingSystem -Like "Windows *Server*"} -SearchBase 
"DC=domain,DC=local" |
ForEach-Object -process {
Get-WmiObject -class Win32_ComputerSystem -ComputerName $_.Name -Credential 
$adminAccount |
Select-Object `
@{l='ComputerName';e={$_.__Server.ToString()}},`
@{l='Manufacturer';e={$_.Manufacturer.ToString()}},`
@{l='Model';e={$_.Model.ToString()}},`
@{l='Operating System';e={(Get-WmiObject -class Win32_OperatingSystem 
-ComputerName $_.Name -Credential $adminAccount | Select-Object -expand 
Caption).ToString()}}} |
Export-Csv -Path "c:\users\public\documents\ServerInfo.csv" -NoTypeInformation

DAMIEN SOLODOW
Systems Engineer
317.447.6033 (office)
317.447.6014 (fax)
HARRISON COLLEGE

From: Damien Solodow [mailto:damien.solo...@harrison.edu]
Sent: Monday, October 17, 2011 3:53 PM
To: NT System Admin Issues
Subject: RE: Help with PS script?

Doh!
Thanks much. I didn’t know about the .tostring() trick.

DAMIEN SOLODOW
Systems Engineer
317.447.6033 (office)
317.447.6014 (fax)
HARRISON COLLEGE

From: Michael B. Smith 
[mailto:mich...@smithcons.com]
Sent: Monday, October 17, 2011 3:49 PM
To: NT System Admin Issues
Subject: RE: Help with PS script?

Change the format-table to select-object.

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Damien Solodow 
[mailto:damien.solo...@harrison.edu]
Sent: Monday, October 17, 2011 3:39 PM
To: NT System Admin Issues
Subject: RE: Help with PS script?

Hmmm… I added | Export-CSV –path file.csv to it and it ran successfully.
However, the resulting CSV looks like this:
ClassId2e4f51ef21dd47e99d3c952918aff9cd

pageHeaderEntry

pageFooterEntry

autosizeInfo

shapeInfo

groupingEntry

033ecb2bc07a4d43b5ef94ed5a35d280

Microsoft.PowerShell.Commands.Internal.Format.TableHeaderInfo

9e210fe47d09416682b841769c78b8a3

27c87ef9bbda4f709f6b4002fa4af63c

4ec4f0187cb04f4cb6973460dfe252df

cf522b78d86c486691226b40aa69e95c




DAMIEN SOLODOW
Systems Engineer
317.447.6033 (office)
317.447.6014 (fax)
HARRISON COLLEGE

From: Michael B. Smith 
[mailto:mich...@smithcons.com]
Sent: Monday, October 17, 2011 3:32 PM
To: NT System Admin Issues
Subject: RE: Help with PS script?

Don’t overthink it.

$adminAccount = Get-Credential
$ServerName = “string”
Get-WmiObject -class Win32_ComputerSystem -ComputerName $ServerName -Credential 
$adminAccount |
Format-Table `
@{l='ComputerName';e={$_.__Server.ToString()}},`
@{l='Manufacturer';e={$_.Manufacturer.ToString()}},`
@{l='Model';e={$_.Model.ToString()}},`
@{l='Operating System';e={(Get-WmiObject -class Win32_OperatingSystem 
-ComputerName $ServerName -Credential $adminAccount | Select-Object -expand 
Caption).ToString()}} -AutoSize

You should be able to pipe that to export-csv (perhaps minus the autosize – I 
didn’t test it).

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Damien Solodow 
[mailto:damien.solo...@harrison.edu]
Sent: Monday, October 17, 2011 1:44 PM
To: NT System Admin Issues
Subject: Help with PS script?

I’m trying to make a Powershell script to get a list of computer objects from 
AD, and query some AD properties from them and export to a CSV.
The part I have working does the queries and exports the data I want to a 
table. The export-csv is giving me grief, and I think it’s because I need to 
convert the data to strings to export them out.

I think after the get-adcomputer I need to do a foreach-object to run the 
script block for each, but I’m having a brain fart.

Her

RE: Macs and vunerabilities

[David Lum]

Something like that, among other things.

From: Dean Cunningham [mailto:dean.cunning...@gmail.com]
Sent: Monday, October 17, 2011 1:59 PM
To: NT System Admin Issues
Subject: Re: Macs and vunerabilities

 :) I can see this thread spinning out of control in terms of how bright users 
are .. or not..
I see your concern as how do I manage these devcies in the rare event a LUser 
runs some malware on it inadvertently?
On Tue, Oct 18, 2011 at 3:55 AM, David Lum 
mailto:david@nwea.org>> wrote:
Right, but that doesn't change my level of concern :)

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Help with PS script?

[Damien Solodow]

I'm an idjit.
The problem is that the machines in question don't have DCOM enabled. No DCOM, 
no remote WMI.

DAMIEN SOLODOW
Systems Engineer
317.447.6033 (office)
317.447.6014 (fax)
HARRISON COLLEGE

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Monday, October 17, 2011 5:07 PM
To: NT System Admin Issues
Subject: RE: Help with PS script?

Is it consistently the same computers? If so, you need to look at the 
permissions on the objects...

Sent from my HTC Tilt(tm) 2, a Windows(r) phone from AT&T

From: Damien Solodow 
Sent: Monday, October 17, 2011 4:36 PM
To: NT System Admin Issues 
Subject: RE: Help with PS script?
Ok, one more weird thing. I've got it getting a list of computers via 
get-adcomputer to run against, and most of the computers it's fine one. But a 
number of them return an access denied during the foreach-object.

However, if I modify the filter to run against some of the machines reporting 
access denied, they return fine.

Here is the current script:
Import-Module ActiveDirectory
$adminaccount = Get-Credential
Get-ADComputer -Filter {OperatingSystem -Like "Windows *Server*"} -SearchBase 
"DC=domain,DC=local" |
ForEach-Object -process {
Get-WmiObject -class Win32_ComputerSystem -ComputerName $_.Name -Credential 
$adminAccount |
Select-Object `
@{l='ComputerName';e={$_.__Server.ToString()}},`
@{l='Manufacturer';e={$_.Manufacturer.ToString()}},`
@{l='Model';e={$_.Model.ToString()}},`
@{l='Operating System';e={(Get-WmiObject -class Win32_OperatingSystem 
-ComputerName $_.Name -Credential $adminAccount | Select-Object -expand 
Caption).ToString()}}} |
Export-Csv -Path "c:\users\public\documents\ServerInfo.csv" -NoTypeInformation

DAMIEN SOLODOW
Systems Engineer
317.447.6033 (office)
317.447.6014 (fax)
HARRISON COLLEGE

From: Damien Solodow [mailto:damien.solo...@harrison.edu]
Sent: Monday, October 17, 2011 3:53 PM
To: NT System Admin Issues
Subject: RE: Help with PS script?

Doh!
Thanks much. I didn't know about the .tostring() trick.

DAMIEN SOLODOW
Systems Engineer
317.447.6033 (office)
317.447.6014 (fax)
HARRISON COLLEGE

From: Michael B. Smith 
[mailto:mich...@smithcons.com]
Sent: Monday, October 17, 2011 3:49 PM
To: NT System Admin Issues
Subject: RE: Help with PS script?

Change the format-table to select-object.

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Damien Solodow 
[mailto:damien.solo...@harrison.edu]
Sent: Monday, October 17, 2011 3:39 PM
To: NT System Admin Issues
Subject: RE: Help with PS script?

Hmmm... I added | Export-CSV -path file.csv to it and it ran successfully.
However, the resulting CSV looks like this:
ClassId2e4f51ef21dd47e99d3c952918aff9cd

pageHeaderEntry

pageFooterEntry

autosizeInfo

shapeInfo

groupingEntry

033ecb2bc07a4d43b5ef94ed5a35d280

Microsoft.PowerShell.Commands.Internal.Format.TableHeaderInfo

9e210fe47d09416682b841769c78b8a3

27c87ef9bbda4f709f6b4002fa4af63c

4ec4f0187cb04f4cb6973460dfe252df

cf522b78d86c486691226b40aa69e95c




DAMIEN SOLODOW
Systems Engineer
317.447.6033 (office)
317.447.6014 (fax)
HARRISON COLLEGE

From: Michael B. Smith 
[mailto:mich...@smithcons.com]
Sent: Monday, October 17, 2011 3:32 PM
To: NT System Admin Issues
Subject: RE: Help with PS script?

Don't overthink it.

$adminAccount = Get-Credential
$ServerName = "string"
Get-WmiObject -class Win32_ComputerSystem -ComputerName $ServerName -Credential 
$adminAccount |
Format-Table `
@{l='ComputerName';e={$_.__Server.ToString()}},`
@{l='Manufacturer';e={$_.Manufacturer.ToString()}},`
@{l='Model';e={$_.Model.ToString()}},`
@{l='Operating System';e={(Get-WmiObject -class Win32_OperatingSystem 
-ComputerName $ServerName -Credential $adminAccount | Select-Object -expand 
Caption).ToString()}} -AutoSize

You should be able to pipe that to export-csv (perhaps minus the autosize - I 
didn't test it).

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Damien Solodow 
[mailto:damien.solo...@harrison.edu]
Sent: Monday, October 17, 2011 1:44 PM
To: NT System Admin Issues
Subject: Help with PS script?

I'm trying to make a Powershell script to get a list of computer objects from 
AD, and query some AD properties from them and export to a CSV.
The part I have working does the queries and exports the data I want to a 
table. The export-csv is giving me grief, and I think it's because I need to 
convert the data to strings to export them out.

I think after the get-adcomputer I need to do a foreach-object to run the 
script block for each, but I'm having a brain fart.

Here's the part I have for the WMI info I need:

$adminAccount = Get-Credential
$ServerName = "string"
Get-WmiObject -class Win32_ComputerSystem -ComputerName $ServerName -Credential 
$adminAccount |
Format-Table `
@{l='Com

RE: Macs and vunerabilities

[Matthew W. Ross]

I recommend you join the Mac Enterprise mailing list, located here:

http://lists.psu.edu/archives/macenterprise.html

And I recommend you start reading the Mac OS X Server documentation, here:

http://www.apple.com/macosx/server/resources/documentation.html


--Matt Ross
Ephrata School District


- Original Message -
From: David Lum
[mailto:david@nwea.org]
To: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com]
Sent: Mon, 17 Oct 2011
14:17:00 -0700
Subject: RE: Macs and vunerabilities


> OK you've sold me (well, you and a few hours of Google-Fu), I just put in a
> request for Mac mini server and ARD.
> 
> -Original Message-
> From: Matthew W. Ross [mailto:mr...@ephrataschools.org] 
> Sent: Monday, October 17, 2011 2:14 PM
> To: NT System Admin Issues
> Subject: RE: Macs and vunerabilities
> 
> According to Apple Remote Desktop, we have 175 macs. That's teacher and
> student macs in the elementary classrooms, as well as a mac lab at one of
> the middle schools.
> 
> According to 'net view' we have about 650 PCs.
> 
> 
> --Matt Ross
> Ephrata School District
> 
> 
> - Original Message -
> From: David Lum
> [mailto:david@nwea.org]
> To: NT System Admin Issues
> [mailto:ntsysadmin@lyris.sunbelt-software.com]
> Sent: Mon, 17 Oct 2011
> 14:01:01 -0700
> Subject: RE: Macs and vunerabilities
> 
> 
> > How many Mac's and 'Doze OS are you guys managing with these? 
> > 
> > -Original Message-
> > From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
> > Sent: Monday, October 17, 2011 1:44 PM
> > To: NT System Admin Issues
> > Subject: RE: Macs and vunerabilities
> > 
> > Unfortunately, no. I wish we did.
> > 
> > And yes, there is a lot on our plates. That is one reason having 
> > resources like this list is so valuable to us.
> > 
> > 
> > --Matt Ross
> > Ephrata School District
> > 
> > 
> > - Original Message -
> > From: David Lum
> > [mailto:david@nwea.org]
> > To: NT System Admin Issues
> > [mailto:ntsysadmin@lyris.sunbelt-software.com]
> > Sent: Mon, 17 Oct 2011
> > 12:39:44 -0700
> > Subject: RE: Macs and vunerabilities
> > 
> > 
> > > In this environment do you have a "Mac SE" and a "Windows SE", or 
> > > does the same person manage both? Seems to be adding quite a bit to 
> > > one's
> > plate.
> > > 
> > > -Original Message-
> > > From: David Lum [mailto:david@nwea.org]
> > > Sent: Monday, October 17, 2011 9:07 AM
> > > To: NT System Admin Issues
> > > Subject: RE: Macs and vunerabilities
> > > 
> > > Thanks for all this information Matt, it's greatly appreciated!!
> > > 
> > > -Original Message-
> > > From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
> > > Sent: Monday, October 17, 2011 8:57 AM
> > > To: NT System Admin Issues
> > > Subject: RE: Macs and vunerabilities
> > > 
> > > You are correct, many of these things you cannot do from a Active
> > Directory.
> > > There may be a few tricks you can use to force some of these (login 
> > > scripts, remote ssh, etc.) but I'm sure you're more interested in 
> > > something a little more centralized.
> > > 
> > > If you want the Apple solution, check out Open Directory and Apple 
> > > Remote Desktop.
> > > 
> > > Open Directory is a component of Mac OS X Server, and it is Apple's 
> > > attempt at a directory service ala Active Directory, but for Macs. 
> > > If you do go this route, I recommend joining the Macs to both your 
> > > Active Directory and the Open directory at the same time. Have your 
> > > user's login using their AD credentials, while the Macs get their 
> > > settings from OD. This is what's know in the mac IT circles as the 
> > > "Golden
> > Triangle".
> > > 
> > > Apple Remote Desktop is, at first glance, your basic remote desktop app.
> > > But, it's also your software deployment suite and your software
> inventory.
> > > (As an aside, I wish there was an equivalent to Apple Remote Desktop 
> > > for windows PCs. Perhaps there is, but not without a per-client 
> > > cost.) Have a .pkg that needs to be installed? Install it silently 
> > > on every computer you can see online. Need it installed on offline
> computers?
> > > Set up ARD to do it automatically when it sees the Macs are seen on 
> > > the
> > network.
> > > 
> > > These solutions are fairly inexpensive, thanks to the aggressive 
> > > price drops by apple. You need a Mac running Lion (Costs depend on 
> > > weather you have this already and could be $0), the Lion Server 
> > > update from apple ($49.99) and optionally Apple Remote Desktop 
> > > ($79.99, unlimited
> > clients).
> > > 
> > > If you don't want to go with the Apple provided solution, there are 
> > > other methods of making this work. Check out Puppet from Puppet Labs 
> > > and ADmitMac from Thursby.
> > > 
> > > ---
> > > 
> > > Now that that's said, we here have not moved to Mac OS X Lion (10.7). 
> > > As of their most recent patch, it appears they have finally resolved 
> > > some of their active directo

RE: Macs and vunerabilities

[David Lum]

OK you've sold me (well, you and a few hours of Google-Fu), I just put in a 
request for Mac mini server and ARD.

-Original Message-
From: Matthew W. Ross [mailto:mr...@ephrataschools.org] 
Sent: Monday, October 17, 2011 2:14 PM
To: NT System Admin Issues
Subject: RE: Macs and vunerabilities

According to Apple Remote Desktop, we have 175 macs. That's teacher and student 
macs in the elementary classrooms, as well as a mac lab at one of the middle 
schools.

According to 'net view' we have about 650 PCs.


--Matt Ross
Ephrata School District


- Original Message -
From: David Lum
[mailto:david@nwea.org]
To: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com]
Sent: Mon, 17 Oct 2011
14:01:01 -0700
Subject: RE: Macs and vunerabilities


> How many Mac's and 'Doze OS are you guys managing with these? 
> 
> -Original Message-
> From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
> Sent: Monday, October 17, 2011 1:44 PM
> To: NT System Admin Issues
> Subject: RE: Macs and vunerabilities
> 
> Unfortunately, no. I wish we did.
> 
> And yes, there is a lot on our plates. That is one reason having 
> resources like this list is so valuable to us.
> 
> 
> --Matt Ross
> Ephrata School District
> 
> 
> - Original Message -
> From: David Lum
> [mailto:david@nwea.org]
> To: NT System Admin Issues
> [mailto:ntsysadmin@lyris.sunbelt-software.com]
> Sent: Mon, 17 Oct 2011
> 12:39:44 -0700
> Subject: RE: Macs and vunerabilities
> 
> 
> > In this environment do you have a "Mac SE" and a "Windows SE", or 
> > does the same person manage both? Seems to be adding quite a bit to 
> > one's
> plate.
> > 
> > -Original Message-
> > From: David Lum [mailto:david@nwea.org]
> > Sent: Monday, October 17, 2011 9:07 AM
> > To: NT System Admin Issues
> > Subject: RE: Macs and vunerabilities
> > 
> > Thanks for all this information Matt, it's greatly appreciated!!
> > 
> > -Original Message-
> > From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
> > Sent: Monday, October 17, 2011 8:57 AM
> > To: NT System Admin Issues
> > Subject: RE: Macs and vunerabilities
> > 
> > You are correct, many of these things you cannot do from a Active
> Directory.
> > There may be a few tricks you can use to force some of these (login 
> > scripts, remote ssh, etc.) but I'm sure you're more interested in 
> > something a little more centralized.
> > 
> > If you want the Apple solution, check out Open Directory and Apple 
> > Remote Desktop.
> > 
> > Open Directory is a component of Mac OS X Server, and it is Apple's 
> > attempt at a directory service ala Active Directory, but for Macs. 
> > If you do go this route, I recommend joining the Macs to both your 
> > Active Directory and the Open directory at the same time. Have your 
> > user's login using their AD credentials, while the Macs get their 
> > settings from OD. This is what's know in the mac IT circles as the 
> > "Golden
> Triangle".
> > 
> > Apple Remote Desktop is, at first glance, your basic remote desktop app.
> > But, it's also your software deployment suite and your software inventory.
> > (As an aside, I wish there was an equivalent to Apple Remote Desktop 
> > for windows PCs. Perhaps there is, but not without a per-client 
> > cost.) Have a .pkg that needs to be installed? Install it silently 
> > on every computer you can see online. Need it installed on offline 
> > computers?
> > Set up ARD to do it automatically when it sees the Macs are seen on 
> > the
> network.
> > 
> > These solutions are fairly inexpensive, thanks to the aggressive 
> > price drops by apple. You need a Mac running Lion (Costs depend on 
> > weather you have this already and could be $0), the Lion Server 
> > update from apple ($49.99) and optionally Apple Remote Desktop 
> > ($79.99, unlimited
> clients).
> > 
> > If you don't want to go with the Apple provided solution, there are 
> > other methods of making this work. Check out Puppet from Puppet Labs 
> > and ADmitMac from Thursby.
> > 
> > ---
> > 
> > Now that that's said, we here have not moved to Mac OS X Lion (10.7). 
> > As of their most recent patch, it appears they have finally resolved 
> > some of their active directory integration issues. We as a district 
> > are moving away from Macs, simply because of their initial costs are
> difficult to bear.
> > Supporting a Mac's software is easy. Supporting the hardware can be 
> > a nightmare.
> > 
> > I hope some of this information is useful to you.
> > 
> > 
> > --Matt Ross
> > Ephrata School District
> > 
> > 
> > - Original Message -
> > From: David Lum
> > [mailto:david@nwea.org]
> > To: NT System Admin Issues
> > [mailto:ntsysadmin@lyris.sunbelt-software.com]
> > Sent: Mon, 17 Oct 2011
> > 08:16:43 -0700
> > Subject: RE: Macs and vunerabilities
> > 
> > 
> > > My concern is all the above. As currently implemented, Mac's on 
> > > our network are no different than users home Windows laptops being 
> > 

RE: Macs and vunerabilities

[Matthew W. Ross]

According to Apple Remote Desktop, we have 175 macs. That's teacher and student 
macs in the elementary classrooms, as well as a mac lab at one of the middle 
schools.

According to 'net view' we have about 650 PCs.


--Matt Ross
Ephrata School District


- Original Message -
From: David Lum
[mailto:david@nwea.org]
To: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com]
Sent: Mon, 17 Oct 2011
14:01:01 -0700
Subject: RE: Macs and vunerabilities


> How many Mac's and 'Doze OS are you guys managing with these? 
> 
> -Original Message-
> From: Matthew W. Ross [mailto:mr...@ephrataschools.org] 
> Sent: Monday, October 17, 2011 1:44 PM
> To: NT System Admin Issues
> Subject: RE: Macs and vunerabilities
> 
> Unfortunately, no. I wish we did.
> 
> And yes, there is a lot on our plates. That is one reason having resources
> like this list is so valuable to us.
> 
> 
> --Matt Ross
> Ephrata School District
> 
> 
> - Original Message -
> From: David Lum
> [mailto:david@nwea.org]
> To: NT System Admin Issues
> [mailto:ntsysadmin@lyris.sunbelt-software.com]
> Sent: Mon, 17 Oct 2011
> 12:39:44 -0700
> Subject: RE: Macs and vunerabilities
> 
> 
> > In this environment do you have a "Mac SE" and a "Windows SE", or does 
> > the same person manage both? Seems to be adding quite a bit to one's
> plate.
> > 
> > -Original Message-
> > From: David Lum [mailto:david@nwea.org]
> > Sent: Monday, October 17, 2011 9:07 AM
> > To: NT System Admin Issues
> > Subject: RE: Macs and vunerabilities
> > 
> > Thanks for all this information Matt, it's greatly appreciated!!
> > 
> > -Original Message-
> > From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
> > Sent: Monday, October 17, 2011 8:57 AM
> > To: NT System Admin Issues
> > Subject: RE: Macs and vunerabilities
> > 
> > You are correct, many of these things you cannot do from a Active
> Directory.
> > There may be a few tricks you can use to force some of these (login 
> > scripts, remote ssh, etc.) but I'm sure you're more interested in 
> > something a little more centralized.
> > 
> > If you want the Apple solution, check out Open Directory and Apple 
> > Remote Desktop.
> > 
> > Open Directory is a component of Mac OS X Server, and it is Apple's 
> > attempt at a directory service ala Active Directory, but for Macs. If 
> > you do go this route, I recommend joining the Macs to both your Active 
> > Directory and the Open directory at the same time. Have your user's 
> > login using their AD credentials, while the Macs get their settings 
> > from OD. This is what's know in the mac IT circles as the "Golden
> Triangle".
> > 
> > Apple Remote Desktop is, at first glance, your basic remote desktop app.
> > But, it's also your software deployment suite and your software inventory.
> > (As an aside, I wish there was an equivalent to Apple Remote Desktop 
> > for windows PCs. Perhaps there is, but not without a per-client cost.) 
> > Have a .pkg that needs to be installed? Install it silently on every 
> > computer you can see online. Need it installed on offline computers? 
> > Set up ARD to do it automatically when it sees the Macs are seen on the
> network.
> > 
> > These solutions are fairly inexpensive, thanks to the aggressive price 
> > drops by apple. You need a Mac running Lion (Costs depend on weather 
> > you have this already and could be $0), the Lion Server update from 
> > apple ($49.99) and optionally Apple Remote Desktop ($79.99, unlimited
> clients).
> > 
> > If you don't want to go with the Apple provided solution, there are 
> > other methods of making this work. Check out Puppet from Puppet Labs 
> > and ADmitMac from Thursby.
> > 
> > ---
> > 
> > Now that that's said, we here have not moved to Mac OS X Lion (10.7). 
> > As of their most recent patch, it appears they have finally resolved 
> > some of their active directory integration issues. We as a district 
> > are moving away from Macs, simply because of their initial costs are
> difficult to bear.
> > Supporting a Mac's software is easy. Supporting the hardware can be a 
> > nightmare.
> > 
> > I hope some of this information is useful to you.
> > 
> > 
> > --Matt Ross
> > Ephrata School District
> > 
> > 
> > - Original Message -
> > From: David Lum
> > [mailto:david@nwea.org]
> > To: NT System Admin Issues
> > [mailto:ntsysadmin@lyris.sunbelt-software.com]
> > Sent: Mon, 17 Oct 2011
> > 08:16:43 -0700
> > Subject: RE: Macs and vunerabilities
> > 
> > 
> > > My concern is all the above. As currently implemented, Mac's on our 
> > > network are no different than users home Windows laptops being 
> > > allowed to directly connect to our network. I can't imagine anyone 
> > > here would say "go ahead and hook your home laptop directly to my 
> > > LAN and don't bother joining to the domain".
> > > 
> > > I can't audit what's on them for software license compliance 
> > > reporting I can't apply GPO's (autoconfigure wireles

RE: Help with PS script?

[Michael B. Smith]

Is it consistently the same computers? If so, you need to look at the 
permissions on the objects...

Sent from my HTC Tilt™ 2, a Windows® phone from AT&T


From: Damien Solodow 
Sent: Monday, October 17, 2011 4:36 PM
To: NT System Admin Issues 
Subject: RE: Help with PS script?

Ok, one more weird thing. I’ve got it getting a list of computers via 
get-adcomputer to run against, and most of the computers it’s fine one. But a 
number of them return an access denied during the foreach-object.

However, if I modify the filter to run against some of the machines reporting 
access denied, they return fine.

Here is the current script:
Import-Module ActiveDirectory
$adminaccount = Get-Credential
Get-ADComputer -Filter {OperatingSystem -Like "Windows *Server*"} -SearchBase 
"DC=domain,DC=local" |
ForEach-Object -process {
Get-WmiObject -class Win32_ComputerSystem -ComputerName $_.Name -Credential 
$adminAccount |
Select-Object `
@{l='ComputerName';e={$_.__Server.ToString()}},`
@{l='Manufacturer';e={$_.Manufacturer.ToString()}},`
@{l='Model';e={$_.Model.ToString()}},`
@{l='Operating System';e={(Get-WmiObject -class Win32_OperatingSystem 
-ComputerName $_.Name -Credential $adminAccount | Select-Object -expand 
Caption).ToString()}}} |
Export-Csv -Path "c:\users\public\documents\ServerInfo.csv" -NoTypeInformation

DAMIEN SOLODOW
Systems Engineer
317.447.6033 (office)
317.447.6014 (fax)
HARRISON COLLEGE

From: Damien Solodow [mailto:damien.solo...@harrison.edu]
Sent: Monday, October 17, 2011 3:53 PM
To: NT System Admin Issues
Subject: RE: Help with PS script?

Doh!
Thanks much. I didn’t know about the .tostring() trick.

DAMIEN SOLODOW
Systems Engineer
317.447.6033 (office)
317.447.6014 (fax)
HARRISON COLLEGE

From: Michael B. Smith 
[mailto:mich...@smithcons.com]
Sent: Monday, October 17, 2011 3:49 PM
To: NT System Admin Issues
Subject: RE: Help with PS script?

Change the format-table to select-object.

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Damien Solodow 
[mailto:damien.solo...@harrison.edu]
Sent: Monday, October 17, 2011 3:39 PM
To: NT System Admin Issues
Subject: RE: Help with PS script?

Hmmm… I added | Export-CSV –path file.csv to it and it ran successfully.
However, the resulting CSV looks like this:
ClassId2e4f51ef21dd47e99d3c952918aff9cd

pageHeaderEntry

pageFooterEntry

autosizeInfo

shapeInfo

groupingEntry

033ecb2bc07a4d43b5ef94ed5a35d280

Microsoft.PowerShell.Commands.Internal.Format.TableHeaderInfo

9e210fe47d09416682b841769c78b8a3

27c87ef9bbda4f709f6b4002fa4af63c

4ec4f0187cb04f4cb6973460dfe252df

cf522b78d86c486691226b40aa69e95c




DAMIEN SOLODOW
Systems Engineer
317.447.6033 (office)
317.447.6014 (fax)
HARRISON COLLEGE

From: Michael B. Smith 
[mailto:mich...@smithcons.com]
Sent: Monday, October 17, 2011 3:32 PM
To: NT System Admin Issues
Subject: RE: Help with PS script?

Don’t overthink it.

$adminAccount = Get-Credential
$ServerName = “string”
Get-WmiObject -class Win32_ComputerSystem -ComputerName $ServerName -Credential 
$adminAccount |
Format-Table `
@{l='ComputerName';e={$_.__Server.ToString()}},`
@{l='Manufacturer';e={$_.Manufacturer.ToString()}},`
@{l='Model';e={$_.Model.ToString()}},`
@{l='Operating System';e={(Get-WmiObject -class Win32_OperatingSystem 
-ComputerName $ServerName -Credential $adminAccount | Select-Object -expand 
Caption).ToString()}} -AutoSize

You should be able to pipe that to export-csv (perhaps minus the autosize – I 
didn’t test it).

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Damien Solodow 
[mailto:damien.solo...@harrison.edu]
Sent: Monday, October 17, 2011 1:44 PM
To: NT System Admin Issues
Subject: Help with PS script?

I’m trying to make a Powershell script to get a list of computer objects from 
AD, and query some AD properties from them and export to a CSV.
The part I have working does the queries and exports the data I want to a 
table. The export-csv is giving me grief, and I think it’s because I need to 
convert the data to strings to export them out.

I think after the get-adcomputer I need to do a foreach-object to run the 
script block for each, but I’m having a brain fart.

Here’s the part I have for the WMI info I need:

$adminAccount = Get-Credential
$ServerName = “string”
Get-WmiObject -class Win32_ComputerSystem -ComputerName $ServerName -Credential 
$adminAccount |
Format-Table `
@{l='ComputerName';e={$_.__Server}},`
@{l='Manufacturer';e={$_.Manufacturer}},`
@{l='Model';e={$_.Model}},`
@{l='Operating System';e={Get-WmiObject -class Win32_OperatingSystem 
-ComputerName $ServerName -Credential $adminAccount | Select-Object -expand 
Caption}} -AutoSize

DAMIEN SOLODOW
Systems Engineer
317.447.6033 (office)
317.447.6014 (fax)
HARRISON COLLEGE
500

RE: Macs and vunerabilities

[David Lum]

How many Mac's and 'Doze OS are you guys managing with these? 

-Original Message-
From: Matthew W. Ross [mailto:mr...@ephrataschools.org] 
Sent: Monday, October 17, 2011 1:44 PM
To: NT System Admin Issues
Subject: RE: Macs and vunerabilities

Unfortunately, no. I wish we did.

And yes, there is a lot on our plates. That is one reason having resources like 
this list is so valuable to us.


--Matt Ross
Ephrata School District


- Original Message -
From: David Lum
[mailto:david@nwea.org]
To: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com]
Sent: Mon, 17 Oct 2011
12:39:44 -0700
Subject: RE: Macs and vunerabilities


> In this environment do you have a "Mac SE" and a "Windows SE", or does 
> the same person manage both? Seems to be adding quite a bit to one's plate.
> 
> -Original Message-
> From: David Lum [mailto:david@nwea.org]
> Sent: Monday, October 17, 2011 9:07 AM
> To: NT System Admin Issues
> Subject: RE: Macs and vunerabilities
> 
> Thanks for all this information Matt, it's greatly appreciated!!
> 
> -Original Message-
> From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
> Sent: Monday, October 17, 2011 8:57 AM
> To: NT System Admin Issues
> Subject: RE: Macs and vunerabilities
> 
> You are correct, many of these things you cannot do from a Active Directory.
> There may be a few tricks you can use to force some of these (login 
> scripts, remote ssh, etc.) but I'm sure you're more interested in 
> something a little more centralized.
> 
> If you want the Apple solution, check out Open Directory and Apple 
> Remote Desktop.
> 
> Open Directory is a component of Mac OS X Server, and it is Apple's 
> attempt at a directory service ala Active Directory, but for Macs. If 
> you do go this route, I recommend joining the Macs to both your Active 
> Directory and the Open directory at the same time. Have your user's 
> login using their AD credentials, while the Macs get their settings 
> from OD. This is what's know in the mac IT circles as the "Golden Triangle".
> 
> Apple Remote Desktop is, at first glance, your basic remote desktop app.
> But, it's also your software deployment suite and your software inventory.
> (As an aside, I wish there was an equivalent to Apple Remote Desktop 
> for windows PCs. Perhaps there is, but not without a per-client cost.) 
> Have a .pkg that needs to be installed? Install it silently on every 
> computer you can see online. Need it installed on offline computers? 
> Set up ARD to do it automatically when it sees the Macs are seen on the 
> network.
> 
> These solutions are fairly inexpensive, thanks to the aggressive price 
> drops by apple. You need a Mac running Lion (Costs depend on weather 
> you have this already and could be $0), the Lion Server update from 
> apple ($49.99) and optionally Apple Remote Desktop ($79.99, unlimited 
> clients).
> 
> If you don't want to go with the Apple provided solution, there are 
> other methods of making this work. Check out Puppet from Puppet Labs 
> and ADmitMac from Thursby.
> 
> ---
> 
> Now that that's said, we here have not moved to Mac OS X Lion (10.7). 
> As of their most recent patch, it appears they have finally resolved 
> some of their active directory integration issues. We as a district 
> are moving away from Macs, simply because of their initial costs are 
> difficult to bear.
> Supporting a Mac's software is easy. Supporting the hardware can be a 
> nightmare.
> 
> I hope some of this information is useful to you.
> 
> 
> --Matt Ross
> Ephrata School District
> 
> 
> - Original Message -
> From: David Lum
> [mailto:david@nwea.org]
> To: NT System Admin Issues
> [mailto:ntsysadmin@lyris.sunbelt-software.com]
> Sent: Mon, 17 Oct 2011
> 08:16:43 -0700
> Subject: RE: Macs and vunerabilities
> 
> 
> > My concern is all the above. As currently implemented, Mac's on our 
> > network are no different than users home Windows laptops being 
> > allowed to directly connect to our network. I can't imagine anyone 
> > here would say "go ahead and hook your home laptop directly to my 
> > LAN and don't bother joining to the domain".
> > 
> > I can't audit what's on them for software license compliance 
> > reporting I can't apply GPO's (autoconfigure wireless, browser 
> > settings/favorites,
> > etc)
> > I can't remotely deploy software (via GPO or SMS) I can't enforce 
> > anti-virus I can't patch Flash, Java, etc
> > 
> > Dave
> > 
> > -Original Message-
> > From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
> > Sent: Monday, October 17, 2011 8:07 AM
> > To: NT System Admin Issues
> > Subject: RE: Macs and vunerabilities
> > 
> > David, from what direction are your concerns coming from?
> > 
> > Are you concerned how to patch the macs?
> > Are you concerned about antivirus?
> > Are you concerned about controlling what the Macs are allowed to do?
> > 
> > I'm just trying to understand, and perhaps help.
> > 
> > 
> > --Matt Ross
> > 

Re: Macs and vunerabilities

[Dean Cunningham]

 J I can see this thread spinning out of control in terms of how bright
users are .. or not..
I see your concern as how do I manage these devcies in the rare event a
LUser runs some malware on it inadvertently?

On Tue, Oct 18, 2011 at 3:55 AM, David Lum  wrote:

>  Right, but that doesn’t change my level of concern J
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Macs and vunerabilities

[John C Owen]

I have a copy of Win95 Rev 1 on 13 floppies :)



-Original Message-
From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
Sent: Monday, October 17, 2011 4:44 PM
To: NT System Admin Issues
Subject: Re: Macs and vunerabilities



HA!



I think I still have a copy of Windows 98 SE somewhere around here...





--Matt Ross

Ephrata School District





- Original Message -

From: Bill Humphries

[mailto:nt...@hedgedigger.com]

To: NT System Admin Issues

[mailto:ntsysadmin@lyris.sunbelt-software.com]

Sent: Mon, 17 Oct 2011

13:00:24 -0700

Subject: Re: Macs and vunerabilities





> I have a Mac SE in my attic.  I think it needs a harddrive.  i hope i

> still have the system 7 OS floppies.

>

> Bill

>

>

> David Lum wrote:

> > In this environment do you have a "Mac SE" and a "Windows SE", or

> > does the

> same person manage both? Seems to be adding quite a bit to one's plate.

> >

> > -Original Message-

> > From: David Lum 
> > [mailto:david@nwea.org]

> > Sent: Monday, October 17, 2011 9:07 AM

> > To: NT System Admin Issues

> > Subject: RE: Macs and vunerabilities

> >

> > Thanks for all this information Matt, it's greatly appreciated!!

> >

> > -Original Message-

> > From: Matthew W. Ross 
> > [mailto:mr...@ephrataschools.org]

> > Sent: Monday, October 17, 2011 8:57 AM

> > To: NT System Admin Issues

> > Subject: RE: Macs and vunerabilities

> >

> > You are correct, many of these things you cannot do from a Active

> Directory. There may be a few tricks you can use to force some of

> these (login scripts, remote ssh, etc.) but I'm sure you're more

> interested in something a little more centralized.

> >

> > If you want the Apple solution, check out Open Directory and Apple

> > Remote

> Desktop.

> >

> > Open Directory is a component of Mac OS X Server, and it is Apple's

> attempt at a directory service ala Active Directory, but for Macs. If

> you do go this route, I recommend joining the Macs to both your Active

> Directory and the Open directory at the same time. Have your user's

> login using their AD credentials, while the Macs get their settings

> from OD. This is what's know in the mac IT circles as the "Golden Triangle".

> >

> > Apple Remote Desktop is, at first glance, your basic remote desktop app.

> But, it's also your software deployment suite and your software inventory.

> (As an aside, I wish there was an equivalent to Apple Remote Desktop

> for windows PCs. Perhaps there is, but not without a per-client cost.)

> Have a .pkg that needs to be installed? Install it silently on every

> computer you can see online. Need it installed on offline computers?

> Set up ARD to do it automatically when it sees the Macs are seen on the 
> network.

> >

> > These solutions are fairly inexpensive, thanks to the aggressive

> > price

> drops by apple. You need a Mac running Lion (Costs depend on weather

> you have this already and could be $0), the Lion Server update from

> apple

> ($49.99) and optionally Apple Remote Desktop ($79.99, unlimited clients).

> >

> > If you don't want to go with the Apple provided solution, there are

> > other

> methods of making this work. Check out Puppet from Puppet Labs and

> ADmitMac from Thursby.

> >

> > ---

> >

> > Now that that's said, we here have not moved to Mac OS X Lion

> > (10.7). As

> of their most recent patch, it appears they have finally resolved some

> of their active directory integration issues. We as a district are

> moving away from Macs, simply because of their initial costs are difficult to 
> bear.

> Supporting a Mac's software is easy. Supporting the hardware can be a

> nightmare.

> >

> > I hope some of this information is useful to you.

> >

> >

> > --Matt Ross

> > Ephrata School District

> >

> >

> > - Original Message -

> > From: David Lum

> > [mailto:david@nwea.org]

> > To: NT System Admin Issues

> > [mailto:ntsysadmin@lyris.sunbelt-software.com]

> > Sent: Mon, 17 Oct 2011

> > 08:16:43 -0700

> > Subject: RE: Macs and vunerabilities

> >

> >

> >

> >> My concern is all the above. As currently implemented, Mac's on our

> >> network are no different than users home Windows laptops being

> >> allowed to directly connect to our network. I can't imagine anyone

> >> here would say "go ahead and hook your home laptop directly to my

> >> LAN and don't bother joining to the domain".

> >>

> >> I can't audit what's on them for software license compliance

> >> reporting I can't apply GPO's (autoconfigure wireless, browser

> >> settings/favorites,

> >> etc)

> >> I can't remotely deploy software (via GPO or SMS) I can't enforce

> >> anti-virus I can't patch Flash, Java, etc

Re: Macs and vunerabilities

[Matthew W. Ross]

HA!

I think I still have a copy of Windows 98 SE somewhere around here...


--Matt Ross
Ephrata School District


- Original Message -
From: Bill Humphries
[mailto:nt...@hedgedigger.com]
To: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com]
Sent: Mon, 17 Oct 2011
13:00:24 -0700
Subject: Re: Macs and vunerabilities


> I have a Mac SE in my attic.  I think it needs a harddrive.  i hope i 
> still have the system 7 OS floppies.
> 
> Bill
> 
> 
> David Lum wrote:
> > In this environment do you have a "Mac SE" and a "Windows SE", or does the
> same person manage both? Seems to be adding quite a bit to one's plate.
> >
> > -Original Message-
> > From: David Lum [mailto:david@nwea.org] 
> > Sent: Monday, October 17, 2011 9:07 AM
> > To: NT System Admin Issues
> > Subject: RE: Macs and vunerabilities
> >
> > Thanks for all this information Matt, it's greatly appreciated!!
> >
> > -Original Message-
> > From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
> > Sent: Monday, October 17, 2011 8:57 AM
> > To: NT System Admin Issues
> > Subject: RE: Macs and vunerabilities
> >
> > You are correct, many of these things you cannot do from a Active
> Directory. There may be a few tricks you can use to force some of these
> (login scripts, remote ssh, etc.) but I'm sure you're more interested in
> something a little more centralized.
> >
> > If you want the Apple solution, check out Open Directory and Apple Remote
> Desktop.
> >
> > Open Directory is a component of Mac OS X Server, and it is Apple's
> attempt at a directory service ala Active Directory, but for Macs. If you do
> go this route, I recommend joining the Macs to both your Active Directory
> and the Open directory at the same time. Have your user's login using their
> AD credentials, while the Macs get their settings from OD. This is what's
> know in the mac IT circles as the "Golden Triangle".
> >
> > Apple Remote Desktop is, at first glance, your basic remote desktop app.
> But, it's also your software deployment suite and your software inventory.
> (As an aside, I wish there was an equivalent to Apple Remote Desktop for
> windows PCs. Perhaps there is, but not without a per-client cost.) Have a
> .pkg that needs to be installed? Install it silently on every computer you
> can see online. Need it installed on offline computers? Set up ARD to do it
> automatically when it sees the Macs are seen on the network.
> >
> > These solutions are fairly inexpensive, thanks to the aggressive price
> drops by apple. You need a Mac running Lion (Costs depend on weather you
> have this already and could be $0), the Lion Server update from apple
> ($49.99) and optionally Apple Remote Desktop ($79.99, unlimited clients).
> >
> > If you don't want to go with the Apple provided solution, there are other
> methods of making this work. Check out Puppet from Puppet Labs and ADmitMac
> from Thursby.
> >
> > ---
> >
> > Now that that's said, we here have not moved to Mac OS X Lion (10.7). As
> of their most recent patch, it appears they have finally resolved some of
> their active directory integration issues. We as a district are moving away
> from Macs, simply because of their initial costs are difficult to bear.
> Supporting a Mac's software is easy. Supporting the hardware can be a
> nightmare.
> >
> > I hope some of this information is useful to you.
> >
> >
> > --Matt Ross
> > Ephrata School District
> >
> >
> > - Original Message -
> > From: David Lum
> > [mailto:david@nwea.org]
> > To: NT System Admin Issues
> > [mailto:ntsysadmin@lyris.sunbelt-software.com]
> > Sent: Mon, 17 Oct 2011
> > 08:16:43 -0700
> > Subject: RE: Macs and vunerabilities
> >
> >
> >   
> >> My concern is all the above. As currently implemented, Mac's on our 
> >> network are no different than users home Windows laptops being allowed 
> >> to directly connect to our network. I can't imagine anyone here would 
> >> say "go ahead and hook your home laptop directly to my LAN and don't 
> >> bother joining to the domain".
> >>
> >> I can't audit what's on them for software license compliance reporting 
> >> I can't apply GPO's (autoconfigure wireless, browser 
> >> settings/favorites,
> >> etc)
> >> I can't remotely deploy software (via GPO or SMS) I can't enforce 
> >> anti-virus I can't patch Flash, Java, etc
> >>
> >> Dave
> >>
> >> -Original Message-
> >> From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
> >> Sent: Monday, October 17, 2011 8:07 AM
> >> To: NT System Admin Issues
> >> Subject: RE: Macs and vunerabilities
> >>
> >> David, from what direction are your concerns coming from?
> >>
> >> Are you concerned how to patch the macs?
> >> Are you concerned about antivirus?
> >> Are you concerned about controlling what the Macs are allowed to do?
> >>
> >> I'm just trying to understand, and perhaps help.
> >>
> >>
> >> --Matt Ross
> >> Ephrata School District
> >>
> >>
> >> - Original Message -
> >> From: David Lum

RE: Macs and vunerabilities

[Matthew W. Ross]

Unfortunately, no. I wish we did.

And yes, there is a lot on our plates. That is one reason having resources like 
this list is so valuable to us.


--Matt Ross
Ephrata School District


- Original Message -
From: David Lum
[mailto:david@nwea.org]
To: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com]
Sent: Mon, 17 Oct 2011
12:39:44 -0700
Subject: RE: Macs and vunerabilities


> In this environment do you have a "Mac SE" and a "Windows SE", or does the
> same person manage both? Seems to be adding quite a bit to one's plate.
> 
> -Original Message-
> From: David Lum [mailto:david@nwea.org] 
> Sent: Monday, October 17, 2011 9:07 AM
> To: NT System Admin Issues
> Subject: RE: Macs and vunerabilities
> 
> Thanks for all this information Matt, it's greatly appreciated!!
> 
> -Original Message-
> From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
> Sent: Monday, October 17, 2011 8:57 AM
> To: NT System Admin Issues
> Subject: RE: Macs and vunerabilities
> 
> You are correct, many of these things you cannot do from a Active Directory.
> There may be a few tricks you can use to force some of these (login scripts,
> remote ssh, etc.) but I'm sure you're more interested in something a little
> more centralized.
> 
> If you want the Apple solution, check out Open Directory and Apple Remote
> Desktop.
> 
> Open Directory is a component of Mac OS X Server, and it is Apple's attempt
> at a directory service ala Active Directory, but for Macs. If you do go this
> route, I recommend joining the Macs to both your Active Directory and the
> Open directory at the same time. Have your user's login using their AD
> credentials, while the Macs get their settings from OD. This is what's know
> in the mac IT circles as the "Golden Triangle".
> 
> Apple Remote Desktop is, at first glance, your basic remote desktop app.
> But, it's also your software deployment suite and your software inventory.
> (As an aside, I wish there was an equivalent to Apple Remote Desktop for
> windows PCs. Perhaps there is, but not without a per-client cost.) Have a
> .pkg that needs to be installed? Install it silently on every computer you
> can see online. Need it installed on offline computers? Set up ARD to do it
> automatically when it sees the Macs are seen on the network.
> 
> These solutions are fairly inexpensive, thanks to the aggressive price drops
> by apple. You need a Mac running Lion (Costs depend on weather you have this
> already and could be $0), the Lion Server update from apple ($49.99) and
> optionally Apple Remote Desktop ($79.99, unlimited clients).
> 
> If you don't want to go with the Apple provided solution, there are other
> methods of making this work. Check out Puppet from Puppet Labs and ADmitMac
> from Thursby.
> 
> ---
> 
> Now that that's said, we here have not moved to Mac OS X Lion (10.7). As of
> their most recent patch, it appears they have finally resolved some of their
> active directory integration issues. We as a district are moving away from
> Macs, simply because of their initial costs are difficult to bear.
> Supporting a Mac's software is easy. Supporting the hardware can be a
> nightmare.
> 
> I hope some of this information is useful to you.
> 
> 
> --Matt Ross
> Ephrata School District
> 
> 
> - Original Message -
> From: David Lum
> [mailto:david@nwea.org]
> To: NT System Admin Issues
> [mailto:ntsysadmin@lyris.sunbelt-software.com]
> Sent: Mon, 17 Oct 2011
> 08:16:43 -0700
> Subject: RE: Macs and vunerabilities
> 
> 
> > My concern is all the above. As currently implemented, Mac's on our 
> > network are no different than users home Windows laptops being allowed 
> > to directly connect to our network. I can't imagine anyone here would 
> > say "go ahead and hook your home laptop directly to my LAN and don't 
> > bother joining to the domain".
> > 
> > I can't audit what's on them for software license compliance reporting 
> > I can't apply GPO's (autoconfigure wireless, browser 
> > settings/favorites,
> > etc)
> > I can't remotely deploy software (via GPO or SMS) I can't enforce 
> > anti-virus I can't patch Flash, Java, etc
> > 
> > Dave
> > 
> > -Original Message-
> > From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
> > Sent: Monday, October 17, 2011 8:07 AM
> > To: NT System Admin Issues
> > Subject: RE: Macs and vunerabilities
> > 
> > David, from what direction are your concerns coming from?
> > 
> > Are you concerned how to patch the macs?
> > Are you concerned about antivirus?
> > Are you concerned about controlling what the Macs are allowed to do?
> > 
> > I'm just trying to understand, and perhaps help.
> > 
> > 
> > --Matt Ross
> > Ephrata School District
> > 
> > 
> > - Original Message -
> > From: David Lum
> > [mailto:david@nwea.org]
> > To: NT System Admin Issues
> > [mailto:ntsysadmin@lyris.sunbelt-software.com]
> > Sent: Thu, 13 Oct 2011
> > 15:01:20 -0700
> > Subject: RE: Macs and vunerabil

RE: Help with PS script?

[Damien Solodow]

Ok, one more weird thing. I've got it getting a list of computers via 
get-adcomputer to run against, and most of the computers it's fine one. But a 
number of them return an access denied during the foreach-object.

However, if I modify the filter to run against some of the machines reporting 
access denied, they return fine.

Here is the current script:
Import-Module ActiveDirectory
$adminaccount = Get-Credential
Get-ADComputer -Filter {OperatingSystem -Like "Windows *Server*"} -SearchBase 
"DC=domain,DC=local" |
ForEach-Object -process {
Get-WmiObject -class Win32_ComputerSystem -ComputerName $_.Name -Credential 
$adminAccount |
Select-Object `
@{l='ComputerName';e={$_.__Server.ToString()}},`
@{l='Manufacturer';e={$_.Manufacturer.ToString()}},`
@{l='Model';e={$_.Model.ToString()}},`
@{l='Operating System';e={(Get-WmiObject -class Win32_OperatingSystem 
-ComputerName $_.Name -Credential $adminAccount | Select-Object -expand 
Caption).ToString()}}} |
Export-Csv -Path "c:\users\public\documents\ServerInfo.csv" -NoTypeInformation

DAMIEN SOLODOW
Systems Engineer
317.447.6033 (office)
317.447.6014 (fax)
HARRISON COLLEGE

From: Damien Solodow [mailto:damien.solo...@harrison.edu]
Sent: Monday, October 17, 2011 3:53 PM
To: NT System Admin Issues
Subject: RE: Help with PS script?

Doh!
Thanks much. I didn't know about the .tostring() trick.

DAMIEN SOLODOW
Systems Engineer
317.447.6033 (office)
317.447.6014 (fax)
HARRISON COLLEGE

From: Michael B. Smith 
[mailto:mich...@smithcons.com]
Sent: Monday, October 17, 2011 3:49 PM
To: NT System Admin Issues
Subject: RE: Help with PS script?

Change the format-table to select-object.

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Damien Solodow 
[mailto:damien.solo...@harrison.edu]
Sent: Monday, October 17, 2011 3:39 PM
To: NT System Admin Issues
Subject: RE: Help with PS script?

Hmmm... I added | Export-CSV -path file.csv to it and it ran successfully.
However, the resulting CSV looks like this:
ClassId2e4f51ef21dd47e99d3c952918aff9cd

pageHeaderEntry

pageFooterEntry

autosizeInfo

shapeInfo

groupingEntry

033ecb2bc07a4d43b5ef94ed5a35d280

Microsoft.PowerShell.Commands.Internal.Format.TableHeaderInfo

9e210fe47d09416682b841769c78b8a3

27c87ef9bbda4f709f6b4002fa4af63c

4ec4f0187cb04f4cb6973460dfe252df

cf522b78d86c486691226b40aa69e95c




DAMIEN SOLODOW
Systems Engineer
317.447.6033 (office)
317.447.6014 (fax)
HARRISON COLLEGE

From: Michael B. Smith 
[mailto:mich...@smithcons.com]
Sent: Monday, October 17, 2011 3:32 PM
To: NT System Admin Issues
Subject: RE: Help with PS script?

Don't overthink it.

$adminAccount = Get-Credential
$ServerName = "string"
Get-WmiObject -class Win32_ComputerSystem -ComputerName $ServerName -Credential 
$adminAccount |
Format-Table `
@{l='ComputerName';e={$_.__Server.ToString()}},`
@{l='Manufacturer';e={$_.Manufacturer.ToString()}},`
@{l='Model';e={$_.Model.ToString()}},`
@{l='Operating System';e={(Get-WmiObject -class Win32_OperatingSystem 
-ComputerName $ServerName -Credential $adminAccount | Select-Object -expand 
Caption).ToString()}} -AutoSize

You should be able to pipe that to export-csv (perhaps minus the autosize - I 
didn't test it).

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Damien Solodow 
[mailto:damien.solo...@harrison.edu]
Sent: Monday, October 17, 2011 1:44 PM
To: NT System Admin Issues
Subject: Help with PS script?

I'm trying to make a Powershell script to get a list of computer objects from 
AD, and query some AD properties from them and export to a CSV.
The part I have working does the queries and exports the data I want to a 
table. The export-csv is giving me grief, and I think it's because I need to 
convert the data to strings to export them out.

I think after the get-adcomputer I need to do a foreach-object to run the 
script block for each, but I'm having a brain fart.

Here's the part I have for the WMI info I need:

$adminAccount = Get-Credential
$ServerName = "string"
Get-WmiObject -class Win32_ComputerSystem -ComputerName $ServerName -Credential 
$adminAccount |
Format-Table `
@{l='ComputerName';e={$_.__Server}},`
@{l='Manufacturer';e={$_.Manufacturer}},`
@{l='Model';e={$_.Model}},`
@{l='Operating System';e={Get-WmiObject -class Win32_OperatingSystem 
-ComputerName $ServerName -Credential $adminAccount | Select-Object -expand 
Caption}} -AutoSize

DAMIEN SOLODOW
Systems Engineer
317.447.6033 (office)
317.447.6014 (fax)
HARRISON COLLEGE
500 North Meridian St
Suite 500
Indianapolis, IN 46204-1213
www.harrison.edu


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/r

Re: Macs and vunerabilities

[Bill Humphries]

I have a Mac SE in my attic.  I think it needs a harddrive.  i hope i 
still have the system 7 OS floppies.


Bill


David Lum wrote:

In this environment do you have a "Mac SE" and a "Windows SE", or does the same 
person manage both? Seems to be adding quite a bit to one's plate.

-Original Message-
From: David Lum [mailto:david@nwea.org] 
Sent: Monday, October 17, 2011 9:07 AM

To: NT System Admin Issues
Subject: RE: Macs and vunerabilities

Thanks for all this information Matt, it's greatly appreciated!!

-Original Message-
From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
Sent: Monday, October 17, 2011 8:57 AM
To: NT System Admin Issues
Subject: RE: Macs and vunerabilities

You are correct, many of these things you cannot do from a Active Directory. 
There may be a few tricks you can use to force some of these (login scripts, 
remote ssh, etc.) but I'm sure you're more interested in something a little 
more centralized.

If you want the Apple solution, check out Open Directory and Apple Remote 
Desktop.

Open Directory is a component of Mac OS X Server, and it is Apple's attempt at a 
directory service ala Active Directory, but for Macs. If you do go this route, I 
recommend joining the Macs to both your Active Directory and the Open directory at the 
same time. Have your user's login using their AD credentials, while the Macs get their 
settings from OD. This is what's know in the mac IT circles as the "Golden 
Triangle".

Apple Remote Desktop is, at first glance, your basic remote desktop app. But, 
it's also your software deployment suite and your software inventory. (As an 
aside, I wish there was an equivalent to Apple Remote Desktop for windows PCs. 
Perhaps there is, but not without a per-client cost.) Have a .pkg that needs to 
be installed? Install it silently on every computer you can see online. Need it 
installed on offline computers? Set up ARD to do it automatically when it sees 
the Macs are seen on the network.

These solutions are fairly inexpensive, thanks to the aggressive price drops by 
apple. You need a Mac running Lion (Costs depend on weather you have this 
already and could be $0), the Lion Server update from apple ($49.99) and 
optionally Apple Remote Desktop ($79.99, unlimited clients).

If you don't want to go with the Apple provided solution, there are other 
methods of making this work. Check out Puppet from Puppet Labs and ADmitMac 
from Thursby.

---

Now that that's said, we here have not moved to Mac OS X Lion (10.7). As of 
their most recent patch, it appears they have finally resolved some of their 
active directory integration issues. We as a district are moving away from 
Macs, simply because of their initial costs are difficult to bear. Supporting a 
Mac's software is easy. Supporting the hardware can be a nightmare.

I hope some of this information is useful to you.


--Matt Ross
Ephrata School District


- Original Message -
From: David Lum
[mailto:david@nwea.org]
To: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com]
Sent: Mon, 17 Oct 2011
08:16:43 -0700
Subject: RE: Macs and vunerabilities


  
My concern is all the above. As currently implemented, Mac's on our 
network are no different than users home Windows laptops being allowed 
to directly connect to our network. I can't imagine anyone here would 
say "go ahead and hook your home laptop directly to my LAN and don't 
bother joining to the domain".


I can't audit what's on them for software license compliance reporting 
I can't apply GPO's (autoconfigure wireless, browser 
settings/favorites,

etc)
I can't remotely deploy software (via GPO or SMS) I can't enforce 
anti-virus I can't patch Flash, Java, etc


Dave

-Original Message-
From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
Sent: Monday, October 17, 2011 8:07 AM
To: NT System Admin Issues
Subject: RE: Macs and vunerabilities

David, from what direction are your concerns coming from?

Are you concerned how to patch the macs?
Are you concerned about antivirus?
Are you concerned about controlling what the Macs are allowed to do?

I'm just trying to understand, and perhaps help.


--Matt Ross
Ephrata School District


- Original Message -
From: David Lum
[mailto:david@nwea.org]
To: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com]
Sent: Thu, 13 Oct 2011
15:01:20 -0700
Subject: RE: Macs and vunerabilities



Well, we're getting a Mac invasion here and there is zero apparent 
concern for managing these things or worrying about vulnerabilities.
To get to AD resources they're standing up Win7 VM's but doing as 
much work as possible on the native MacOS.


They can get to the Internet, file shares, printers, e-mail, etc on 
native Mac but I just have alarms going off in my head "unmanaged 
machines with no idea what intellectual property is on them".


Dave

From: kz2...@googlemail.com [mailto:kz2...@googlemail.com]
Sent: Thursday, October 13, 2011 2:4

RE: Help with PS script?

[Damien Solodow]

Doh!
Thanks much. I didn't know about the .tostring() trick.

DAMIEN SOLODOW
Systems Engineer
317.447.6033 (office)
317.447.6014 (fax)
HARRISON COLLEGE

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Monday, October 17, 2011 3:49 PM
To: NT System Admin Issues
Subject: RE: Help with PS script?

Change the format-table to select-object.

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Damien Solodow 
[mailto:damien.solo...@harrison.edu]
Sent: Monday, October 17, 2011 3:39 PM
To: NT System Admin Issues
Subject: RE: Help with PS script?

Hmmm... I added | Export-CSV -path file.csv to it and it ran successfully.
However, the resulting CSV looks like this:
ClassId2e4f51ef21dd47e99d3c952918aff9cd

pageHeaderEntry

pageFooterEntry

autosizeInfo

shapeInfo

groupingEntry

033ecb2bc07a4d43b5ef94ed5a35d280

Microsoft.PowerShell.Commands.Internal.Format.TableHeaderInfo

9e210fe47d09416682b841769c78b8a3

27c87ef9bbda4f709f6b4002fa4af63c

4ec4f0187cb04f4cb6973460dfe252df

cf522b78d86c486691226b40aa69e95c




DAMIEN SOLODOW
Systems Engineer
317.447.6033 (office)
317.447.6014 (fax)
HARRISON COLLEGE

From: Michael B. Smith 
[mailto:mich...@smithcons.com]
Sent: Monday, October 17, 2011 3:32 PM
To: NT System Admin Issues
Subject: RE: Help with PS script?

Don't overthink it.

$adminAccount = Get-Credential
$ServerName = "string"
Get-WmiObject -class Win32_ComputerSystem -ComputerName $ServerName -Credential 
$adminAccount |
Format-Table `
@{l='ComputerName';e={$_.__Server.ToString()}},`
@{l='Manufacturer';e={$_.Manufacturer.ToString()}},`
@{l='Model';e={$_.Model.ToString()}},`
@{l='Operating System';e={(Get-WmiObject -class Win32_OperatingSystem 
-ComputerName $ServerName -Credential $adminAccount | Select-Object -expand 
Caption).ToString()}} -AutoSize

You should be able to pipe that to export-csv (perhaps minus the autosize - I 
didn't test it).

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Damien Solodow 
[mailto:damien.solo...@harrison.edu]
Sent: Monday, October 17, 2011 1:44 PM
To: NT System Admin Issues
Subject: Help with PS script?

I'm trying to make a Powershell script to get a list of computer objects from 
AD, and query some AD properties from them and export to a CSV.
The part I have working does the queries and exports the data I want to a 
table. The export-csv is giving me grief, and I think it's because I need to 
convert the data to strings to export them out.

I think after the get-adcomputer I need to do a foreach-object to run the 
script block for each, but I'm having a brain fart.

Here's the part I have for the WMI info I need:

$adminAccount = Get-Credential
$ServerName = "string"
Get-WmiObject -class Win32_ComputerSystem -ComputerName $ServerName -Credential 
$adminAccount |
Format-Table `
@{l='ComputerName';e={$_.__Server}},`
@{l='Manufacturer';e={$_.Manufacturer}},`
@{l='Model';e={$_.Model}},`
@{l='Operating System';e={Get-WmiObject -class Win32_OperatingSystem 
-ComputerName $ServerName -Credential $adminAccount | Select-Object -expand 
Caption}} -AutoSize

DAMIEN SOLODOW
Systems Engineer
317.447.6033 (office)
317.447.6014 (fax)
HARRISON COLLEGE
500 North Meridian St
Suite 500
Indianapolis, IN 46204-1213
www.harrison.edu


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ 

RE: Help with PS script?

[Michael B. Smith]

Change the format-table to select-object.

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Damien Solodow [mailto:damien.solo...@harrison.edu]
Sent: Monday, October 17, 2011 3:39 PM
To: NT System Admin Issues
Subject: RE: Help with PS script?

Hmmm... I added | Export-CSV -path file.csv to it and it ran successfully.
However, the resulting CSV looks like this:
ClassId2e4f51ef21dd47e99d3c952918aff9cd

pageHeaderEntry

pageFooterEntry

autosizeInfo

shapeInfo

groupingEntry

033ecb2bc07a4d43b5ef94ed5a35d280

Microsoft.PowerShell.Commands.Internal.Format.TableHeaderInfo

9e210fe47d09416682b841769c78b8a3

27c87ef9bbda4f709f6b4002fa4af63c

4ec4f0187cb04f4cb6973460dfe252df

cf522b78d86c486691226b40aa69e95c




DAMIEN SOLODOW
Systems Engineer
317.447.6033 (office)
317.447.6014 (fax)
HARRISON COLLEGE

From: Michael B. Smith 
[mailto:mich...@smithcons.com]
Sent: Monday, October 17, 2011 3:32 PM
To: NT System Admin Issues
Subject: RE: Help with PS script?

Don't overthink it.

$adminAccount = Get-Credential
$ServerName = "string"
Get-WmiObject -class Win32_ComputerSystem -ComputerName $ServerName -Credential 
$adminAccount |
Format-Table `
@{l='ComputerName';e={$_.__Server.ToString()}},`
@{l='Manufacturer';e={$_.Manufacturer.ToString()}},`
@{l='Model';e={$_.Model.ToString()}},`
@{l='Operating System';e={(Get-WmiObject -class Win32_OperatingSystem 
-ComputerName $ServerName -Credential $adminAccount | Select-Object -expand 
Caption).ToString()}} -AutoSize

You should be able to pipe that to export-csv (perhaps minus the autosize - I 
didn't test it).

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Damien Solodow 
[mailto:damien.solo...@harrison.edu]
Sent: Monday, October 17, 2011 1:44 PM
To: NT System Admin Issues
Subject: Help with PS script?

I'm trying to make a Powershell script to get a list of computer objects from 
AD, and query some AD properties from them and export to a CSV.
The part I have working does the queries and exports the data I want to a 
table. The export-csv is giving me grief, and I think it's because I need to 
convert the data to strings to export them out.

I think after the get-adcomputer I need to do a foreach-object to run the 
script block for each, but I'm having a brain fart.

Here's the part I have for the WMI info I need:

$adminAccount = Get-Credential
$ServerName = "string"
Get-WmiObject -class Win32_ComputerSystem -ComputerName $ServerName -Credential 
$adminAccount |
Format-Table `
@{l='ComputerName';e={$_.__Server}},`
@{l='Manufacturer';e={$_.Manufacturer}},`
@{l='Model';e={$_.Model}},`
@{l='Operating System';e={Get-WmiObject -class Win32_OperatingSystem 
-ComputerName $ServerName -Credential $adminAccount | Select-Object -expand 
Caption}} -AutoSize

DAMIEN SOLODOW
Systems Engineer
317.447.6033 (office)
317.447.6014 (fax)
HARRISON COLLEGE
500 North Meridian St
Suite 500
Indianapolis, IN 46204-1213
www.harrison.edu


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Macs and vunerabilities

[David Lum]

In this environment do you have a "Mac SE" and a "Windows SE", or does the same 
person manage both? Seems to be adding quite a bit to one's plate.

-Original Message-
From: David Lum [mailto:david@nwea.org] 
Sent: Monday, October 17, 2011 9:07 AM
To: NT System Admin Issues
Subject: RE: Macs and vunerabilities

Thanks for all this information Matt, it's greatly appreciated!!

-Original Message-
From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
Sent: Monday, October 17, 2011 8:57 AM
To: NT System Admin Issues
Subject: RE: Macs and vunerabilities

You are correct, many of these things you cannot do from a Active Directory. 
There may be a few tricks you can use to force some of these (login scripts, 
remote ssh, etc.) but I'm sure you're more interested in something a little 
more centralized.

If you want the Apple solution, check out Open Directory and Apple Remote 
Desktop.

Open Directory is a component of Mac OS X Server, and it is Apple's attempt at 
a directory service ala Active Directory, but for Macs. If you do go this 
route, I recommend joining the Macs to both your Active Directory and the Open 
directory at the same time. Have your user's login using their AD credentials, 
while the Macs get their settings from OD. This is what's know in the mac IT 
circles as the "Golden Triangle".

Apple Remote Desktop is, at first glance, your basic remote desktop app. But, 
it's also your software deployment suite and your software inventory. (As an 
aside, I wish there was an equivalent to Apple Remote Desktop for windows PCs. 
Perhaps there is, but not without a per-client cost.) Have a .pkg that needs to 
be installed? Install it silently on every computer you can see online. Need it 
installed on offline computers? Set up ARD to do it automatically when it sees 
the Macs are seen on the network.

These solutions are fairly inexpensive, thanks to the aggressive price drops by 
apple. You need a Mac running Lion (Costs depend on weather you have this 
already and could be $0), the Lion Server update from apple ($49.99) and 
optionally Apple Remote Desktop ($79.99, unlimited clients).

If you don't want to go with the Apple provided solution, there are other 
methods of making this work. Check out Puppet from Puppet Labs and ADmitMac 
from Thursby.

---

Now that that's said, we here have not moved to Mac OS X Lion (10.7). As of 
their most recent patch, it appears they have finally resolved some of their 
active directory integration issues. We as a district are moving away from 
Macs, simply because of their initial costs are difficult to bear. Supporting a 
Mac's software is easy. Supporting the hardware can be a nightmare.

I hope some of this information is useful to you.


--Matt Ross
Ephrata School District


- Original Message -
From: David Lum
[mailto:david@nwea.org]
To: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com]
Sent: Mon, 17 Oct 2011
08:16:43 -0700
Subject: RE: Macs and vunerabilities


> My concern is all the above. As currently implemented, Mac's on our 
> network are no different than users home Windows laptops being allowed 
> to directly connect to our network. I can't imagine anyone here would 
> say "go ahead and hook your home laptop directly to my LAN and don't 
> bother joining to the domain".
> 
> I can't audit what's on them for software license compliance reporting 
> I can't apply GPO's (autoconfigure wireless, browser 
> settings/favorites,
> etc)
> I can't remotely deploy software (via GPO or SMS) I can't enforce 
> anti-virus I can't patch Flash, Java, etc
> 
> Dave
> 
> -Original Message-
> From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
> Sent: Monday, October 17, 2011 8:07 AM
> To: NT System Admin Issues
> Subject: RE: Macs and vunerabilities
> 
> David, from what direction are your concerns coming from?
> 
> Are you concerned how to patch the macs?
> Are you concerned about antivirus?
> Are you concerned about controlling what the Macs are allowed to do?
> 
> I'm just trying to understand, and perhaps help.
> 
> 
> --Matt Ross
> Ephrata School District
> 
> 
> - Original Message -
> From: David Lum
> [mailto:david@nwea.org]
> To: NT System Admin Issues
> [mailto:ntsysadmin@lyris.sunbelt-software.com]
> Sent: Thu, 13 Oct 2011
> 15:01:20 -0700
> Subject: RE: Macs and vunerabilities
> 
> 
> > Well, we're getting a Mac invasion here and there is zero apparent 
> > concern for managing these things or worrying about vulnerabilities.
> > To get to AD resources they're standing up Win7 VM's but doing as 
> > much work as possible on the native MacOS.
> > 
> > They can get to the Internet, file shares, printers, e-mail, etc on 
> > native Mac but I just have alarms going off in my head "unmanaged 
> > machines with no idea what intellectual property is on them".
> > 
> > Dave
> > 
> > From: kz2...@googlemail.com [mailto:kz2...@googlemail.com]
> > Sent: Thursday, October 13, 2011 2:49 PM
> > 

RE: Help with PS script?

[Damien Solodow]

Hmmm... I added | Export-CSV -path file.csv to it and it ran successfully.
However, the resulting CSV looks like this:
ClassId2e4f51ef21dd47e99d3c952918aff9cd

pageHeaderEntry

pageFooterEntry

autosizeInfo

shapeInfo

groupingEntry

033ecb2bc07a4d43b5ef94ed5a35d280

Microsoft.PowerShell.Commands.Internal.Format.TableHeaderInfo

9e210fe47d09416682b841769c78b8a3

27c87ef9bbda4f709f6b4002fa4af63c

4ec4f0187cb04f4cb6973460dfe252df

cf522b78d86c486691226b40aa69e95c




DAMIEN SOLODOW
Systems Engineer
317.447.6033 (office)
317.447.6014 (fax)
HARRISON COLLEGE

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Monday, October 17, 2011 3:32 PM
To: NT System Admin Issues
Subject: RE: Help with PS script?

Don't overthink it.

$adminAccount = Get-Credential
$ServerName = "string"
Get-WmiObject -class Win32_ComputerSystem -ComputerName $ServerName -Credential 
$adminAccount |
Format-Table `
@{l='ComputerName';e={$_.__Server.ToString()}},`
@{l='Manufacturer';e={$_.Manufacturer.ToString()}},`
@{l='Model';e={$_.Model.ToString()}},`
@{l='Operating System';e={(Get-WmiObject -class Win32_OperatingSystem 
-ComputerName $ServerName -Credential $adminAccount | Select-Object -expand 
Caption).ToString()}} -AutoSize

You should be able to pipe that to export-csv (perhaps minus the autosize - I 
didn't test it).

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Damien Solodow 
[mailto:damien.solo...@harrison.edu]
Sent: Monday, October 17, 2011 1:44 PM
To: NT System Admin Issues
Subject: Help with PS script?

I'm trying to make a Powershell script to get a list of computer objects from 
AD, and query some AD properties from them and export to a CSV.
The part I have working does the queries and exports the data I want to a 
table. The export-csv is giving me grief, and I think it's because I need to 
convert the data to strings to export them out.

I think after the get-adcomputer I need to do a foreach-object to run the 
script block for each, but I'm having a brain fart.

Here's the part I have for the WMI info I need:

$adminAccount = Get-Credential
$ServerName = "string"
Get-WmiObject -class Win32_ComputerSystem -ComputerName $ServerName -Credential 
$adminAccount |
Format-Table `
@{l='ComputerName';e={$_.__Server}},`
@{l='Manufacturer';e={$_.Manufacturer}},`
@{l='Model';e={$_.Model}},`
@{l='Operating System';e={Get-WmiObject -class Win32_OperatingSystem 
-ComputerName $ServerName -Credential $adminAccount | Select-Object -expand 
Caption}} -AutoSize

DAMIEN SOLODOW
Systems Engineer
317.447.6033 (office)
317.447.6014 (fax)
HARRISON COLLEGE
500 North Meridian St
Suite 500
Indianapolis, IN 46204-1213
www.harrison.edu


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Help with PS script?

[Michael B. Smith]

Don't overthink it.

$adminAccount = Get-Credential
$ServerName = "string"
Get-WmiObject -class Win32_ComputerSystem -ComputerName $ServerName -Credential 
$adminAccount |
Format-Table `
@{l='ComputerName';e={$_.__Server.ToString()}},`
@{l='Manufacturer';e={$_.Manufacturer.ToString()}},`
@{l='Model';e={$_.Model.ToString()}},`
@{l='Operating System';e={(Get-WmiObject -class Win32_OperatingSystem 
-ComputerName $ServerName -Credential $adminAccount | Select-Object -expand 
Caption).ToString()}} -AutoSize

You should be able to pipe that to export-csv (perhaps minus the autosize - I 
didn't test it).

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Damien Solodow [mailto:damien.solo...@harrison.edu]
Sent: Monday, October 17, 2011 1:44 PM
To: NT System Admin Issues
Subject: Help with PS script?

I'm trying to make a Powershell script to get a list of computer objects from 
AD, and query some AD properties from them and export to a CSV.
The part I have working does the queries and exports the data I want to a 
table. The export-csv is giving me grief, and I think it's because I need to 
convert the data to strings to export them out.

I think after the get-adcomputer I need to do a foreach-object to run the 
script block for each, but I'm having a brain fart.

Here's the part I have for the WMI info I need:

$adminAccount = Get-Credential
$ServerName = "string"
Get-WmiObject -class Win32_ComputerSystem -ComputerName $ServerName -Credential 
$adminAccount |
Format-Table `
@{l='ComputerName';e={$_.__Server}},`
@{l='Manufacturer';e={$_.Manufacturer}},`
@{l='Model';e={$_.Model}},`
@{l='Operating System';e={Get-WmiObject -class Win32_OperatingSystem 
-ComputerName $ServerName -Credential $adminAccount | Select-Object -expand 
Caption}} -AutoSize

DAMIEN SOLODOW
Systems Engineer
317.447.6033 (office)
317.447.6014 (fax)
HARRISON COLLEGE
500 North Meridian St
Suite 500
Indianapolis, IN 46204-1213
www.harrison.edu


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: video surveillance software recommendations

[Cameron]

Late to the game, but we use the Aimetis Symphony software here and it works
pretty well for us.
www.aimetis.com




On Mon, Oct 3, 2011 at 10:33 PM, Ben Scott  wrote:

> On Mon, Oct 3, 2011 at 4:10 PM, Thomas Mullins 
> wrote:
> > Does anyone have a recommendation for some video surveillance software?
>
>  I can tell you *not* to buy anything from Honeywell or from Stanley
> Convergent Security.
>
>  Beyond that, I dunno.  Let me know if you find something good, so
> far it's been turtles all the way down here...
>
> -- Ben
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Macs and vunerabilities

[Matthew W. Ross]

I do not know the current state of Apple's enterprise support. We tend to 
support ourselves, here.

Previously, we had apple's AppleCare support, which is an additional support 
package. We had it on our two XServes, which we had to use for one of them. 
Apple was quite capable of supporting us, providing troubleshooting and 
replacement parts. We also had a "server update" plan, which provided us with 
updates for 3 years of Mac OS X Server.

Also, we have used their support on a few macs that were not user serviceable. 
While under the AppleCare, they will send out a technician. We don't live near 
any support, so our technician came over a 1.5 hour drive to replace a 
harddrive in a flat panel iMac. Since we were in our AppleCare support, the fix 
was free.

Now we tend to do most of our repairs ourselves, as we no longer have 
AppleCare. I recommend Mac Pros (not cheap) if you want the easiest-to-repair 
Macs. Mac mini's are not bad at all, once you figure out how to pull the guts 
out. The current Flat Panel iMacs require suction cups to remove the front 
glass from the magnets that hold it on... and no, I haven't tried that one yet.

See the suction cups in use here: 
http://www.ifixit.com/Guide/Installing-iMac-Intel-21-5-Inch-EMC-2428-Hard-Drive-Replacement/5954/1


--Matt Ross
Ephrata School District


- Original Message -
From: Bill Humphries
[mailto:nt...@hedgedigger.com]
To: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com]
Sent: Mon, 17 Oct 2011
11:18:05 -0700
Subject: Re: Macs and vunerabilities


> My only complaint with the Xserve was the one year warranty. That is 
> ridiculous in the enterprise world.  and of course apple support isn't 
> enterprise level like you expect with hp or dell.
> 
> Matthew W. Ross wrote:
> > You are incorrect.
> >
> > Mac OS X Server never went away. There were fears it might, but not in
> this iteration of Mac OS X.
> >
> > The Apple XServe (a 1U, enterprise focused physical server) was canceled.
> Too bad, too... as it was an excellent piece of hardware. (We are fortunate
> to have one, and it runs like a champ.)
> >
> > Apple's suggested replacement is the Mac Mini server... Yeah, you read
> that right. They argue that the costs of running a highly redundant, fault
> tolerant server is more expensive than running two regular macs. And they
> might be right, if the server version of the mini wasn't $999.
> >
> > But remember, you can run Lion Server on any lion capable mac. Safe some
> dough, buy a regular mac mini. (Or run it on a older, capable Mac you
> already have.)
> >
> >
> > --Matt Ross
> > Ephrata School District
> >
> >
> > - Original Message -
> > From: Kennedy, Jim
> > [mailto:kennedy...@elyriaschools.org]
> > To: NT System Admin Issues
> > [mailto:ntsysadmin@lyris.sunbelt-software.com]
> > Sent: Mon, 17 Oct 2011
> > 09:24:02 -0700
> > Subject: RE: Macs and vunerabilities
> >
> >
> >   
> >> Open Directory is part of OS X Server and thus discontinued? Or have I
> got
> >> wrong?
> >>
> >>
> >> -Original Message-
> >> From: Matthew W. Ross [mailto:mr...@ephrataschools.org] 
> >> Sent: Monday, October 17, 2011 11:57 AM
> >> To: NT System Admin Issues
> >> Subject: RE: Macs and vunerabilities
> >>
> >> If you want the Apple solution, check out Open Directory 
> >>
> >>
> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> >> ~   ~
> >>
> >> ---
> >> To manage subscriptions click here:
> >> http://lyris.sunbelt-software.com/read/my_forums/
> >> or send an email to listmana...@lyris.sunbeltsoftware.com
> >> with the body: unsubscribe ntsysadmin
> >>
> >>
> >> 
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> > ~   ~
> >
> > ---
> > To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> > or send an email to listmana...@lyris.sunbeltsoftware.com
> > with the body: unsubscribe ntsysadmin
> >
> >
> >   
> 
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
> 
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
> 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Macs and vunerabilities

[Bill Humphries]

My only complaint with the Xserve was the one year warranty. That is 
ridiculous in the enterprise world.  and of course apple support isn't 
enterprise level like you expect with hp or dell.


Matthew W. Ross wrote:

You are incorrect.

Mac OS X Server never went away. There were fears it might, but not in this 
iteration of Mac OS X.

The Apple XServe (a 1U, enterprise focused physical server) was canceled. Too 
bad, too... as it was an excellent piece of hardware. (We are fortunate to have 
one, and it runs like a champ.)

Apple's suggested replacement is the Mac Mini server... Yeah, you read that 
right. They argue that the costs of running a highly redundant, fault tolerant 
server is more expensive than running two regular macs. And they might be 
right, if the server version of the mini wasn't $999.

But remember, you can run Lion Server on any lion capable mac. Safe some dough, 
buy a regular mac mini. (Or run it on a older, capable Mac you already have.)


--Matt Ross
Ephrata School District


- Original Message -
From: Kennedy, Jim
[mailto:kennedy...@elyriaschools.org]
To: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com]
Sent: Mon, 17 Oct 2011
09:24:02 -0700
Subject: RE: Macs and vunerabilities


  

Open Directory is part of OS X Server and thus discontinued? Or have I got
wrong?


-Original Message-
From: Matthew W. Ross [mailto:mr...@ephrataschools.org] 
Sent: Monday, October 17, 2011 11:57 AM

To: NT System Admin Issues
Subject: RE: Macs and vunerabilities

If you want the Apple solution, check out Open Directory 



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


  



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Lync server

[Ben Scott]

On Mon, Oct 17, 2011 at 11:52 AM, Michael B. Smith
 wrote:
>> Ben you are money. Looks like my ROOTDC ...
>
> I can assure you – Brian looks nothing like Ben.

  Brian also knows a lot more about AD than I do.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Flexera to acquire Wise...

[Ben Scott]

On Mon, Oct 17, 2011 at 11:31 AM, Rod Trent  wrote:
> http://myitforum.com/myitforumwp/2011/10/17/flexera-installshield-acquiring-wiseone-product-to-rule-them-all/

  UNWISE

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Macs and vunerabilities

[Bill Humphries]

Yeah, rather than throwing up a wall to keep them out, the better energy 
is spent finding out how to support them in your infrastructure. 

Binding the machine's to Active Directory is easy and painless. You will 
need tools to replace things you do with GPO's, but Mathew gives a 
really good place to start.


Bill


Matthew W. Ross wrote:

You are correct, many of these things you cannot do from a Active Directory. 
There may be a few tricks you can use to force some of these (login scripts, 
remote ssh, etc.) but I'm sure you're more interested in something a little 
more centralized.

If you want the Apple solution, check out Open Directory and Apple Remote 
Desktop.

Open Directory is a component of Mac OS X Server, and it is Apple's attempt at a 
directory service ala Active Directory, but for Macs. If you do go this route, I 
recommend joining the Macs to both your Active Directory and the Open directory at the 
same time. Have your user's login using their AD credentials, while the Macs get their 
settings from OD. This is what's know in the mac IT circles as the "Golden 
Triangle".

Apple Remote Desktop is, at first glance, your basic remote desktop app. But, 
it's also your software deployment suite and your software inventory. (As an 
aside, I wish there was an equivalent to Apple Remote Desktop for windows PCs. 
Perhaps there is, but not without a per-client cost.) Have a .pkg that needs to 
be installed? Install it silently on every computer you can see online. Need it 
installed on offline computers? Set up ARD to do it automatically when it sees 
the Macs are seen on the network.

These solutions are fairly inexpensive, thanks to the aggressive price drops by 
apple. You need a Mac running Lion (Costs depend on weather you have this 
already and could be $0), the Lion Server update from apple ($49.99) and 
optionally Apple Remote Desktop ($79.99, unlimited clients).

If you don't want to go with the Apple provided solution, there are other 
methods of making this work. Check out Puppet from Puppet Labs and ADmitMac 
from Thursby.

---

Now that that's said, we here have not moved to Mac OS X Lion (10.7). As of 
their most recent patch, it appears they have finally resolved some of their 
active directory integration issues. We as a district are moving away from 
Macs, simply because of their initial costs are difficult to bear. Supporting a 
Mac's software is easy. Supporting the hardware can be a nightmare.

I hope some of this information is useful to you.


--Matt Ross
Ephrata School District


- Original Message -
From: David Lum
[mailto:david@nwea.org]
To: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com]
Sent: Mon, 17 Oct 2011
08:16:43 -0700
Subject: RE: Macs and vunerabilities


  

My concern is all the above. As currently implemented, Mac's on our network
are no different than users home Windows laptops being allowed to directly
connect to our network. I can't imagine anyone here would say "go ahead and
hook your home laptop directly to my LAN and don't bother joining to the
domain".

I can't audit what's on them for software license compliance reporting
I can't apply GPO's (autoconfigure wireless, browser settings/favorites,
etc)
I can't remotely deploy software (via GPO or SMS)
I can't enforce anti-virus
I can't patch Flash, Java, etc

Dave

-Original Message-
From: Matthew W. Ross [mailto:mr...@ephrataschools.org] 
Sent: Monday, October 17, 2011 8:07 AM

To: NT System Admin Issues
Subject: RE: Macs and vunerabilities

David, from what direction are your concerns coming from?

Are you concerned how to patch the macs?
Are you concerned about antivirus?
Are you concerned about controlling what the Macs are allowed to do?

I'm just trying to understand, and perhaps help.


--Matt Ross
Ephrata School District


- Original Message -
From: David Lum
[mailto:david@nwea.org]
To: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com]
Sent: Thu, 13 Oct 2011
15:01:20 -0700
Subject: RE: Macs and vunerabilities



Well, we're getting a Mac invasion here and there is zero apparent 
concern for managing these things or worrying about vulnerabilities. 
To get to AD resources they're standing up Win7 VM's but doing as much 
work as possible on the native MacOS.


They can get to the Internet, file shares, printers, e-mail, etc on 
native Mac but I just have alarms going off in my head "unmanaged 
machines with no idea what intellectual property is on them".


Dave

From: kz2...@googlemail.com [mailto:kz2...@googlemail.com]
Sent: Thursday, October 13, 2011 2:49 PM
To: NT System Admin Issues
Subject: Re: Macs and vunerabilities

I remember the big "mac virus" recently was socially engineered - but 
that's definitely the mac's biggest vulnerability. Given that mac 
users generally believe they are invulnerable, its an arguably bigger 
vector than the same one on a Windows system.


Sent from my POS BlackBerry wireless device, whic

Re: How you know some SE's aren't really in the Windows management space

[Ben Scott]

On Mon, Oct 17, 2011 at 9:39 AM, Ken Schaefer  wrote:
> For an AD Architect or Engineer (not necessarily AD Ops), I would expect:
> -  Knowledge of 3rd party products for management (QARS, QRMAD,
> NetIQ DRQ, NetIQ GPA etc.)

  In contrast, my career has been in smaller shops (so far), and I
don't know those products from XCOPY.  As Ken alludes to, job duties
vary.  In small places, you generally need to know a little about a
lot.  You have to wear many hats; the environment demands it.  In a
big organization, you'll have people who work in the same area all the
time, just as a matter of efficiency.  That also affords them the
opportunity to gain deeper knowledge.  Which is good, because larger
orgs tend to face problems of scale which don't trouble smaller shops.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Robocopy Help, please

[Kennedy, Jim]

Map the original servers drive to the destination server. Then WinDiff them. 
Check out the options, you can narrow the list down. It runs pretty fast on 
large directories.

http://support.microsoft.com/kb/159214


From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Monday, October 17, 2011 1:57 PM
To: NT System Admin Issues
Subject: Re: Robocopy Help, please

Then nothing is missing.

Trying to work with insufficient info is awkward.

Alternatively, if you control both the source and destination system, you 
should do a file compare (or, at the very least, a file directory output 
compare).


ASB

http://XeeMe.com/AndrewBaker

Harnessing the Advantages of Technology for the SMB market...



On Mon, Oct 17, 2011 at 1:33 PM, Sean Rector 
mailto:sean.rec...@vaopera.org>> wrote:
I don't know - the folks asking for files can't be bothered to tell me file 
names or locations.

Sean Rector, MCSE

From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Monday, October 17, 2011 12:38 PM

To: NT System Admin Issues
Subject: Re: Robocopy Help, please

Are the things you're allegedly missing showing up anywhere in the logs?
ASB

http://XeeMe.com/AndrewBaker

Harnessing the Advantages of Technology for the SMB market...


On Mon, Oct 17, 2011 at 12:31 PM, Sean Rector 
mailto:sean.rec...@vaopera.org>> wrote:
Hello All,

I searched through the archives and I didn't find what I am looking for.

New SAN Drive (S).  I've already moved 99% (thought it was all, but I'm getting 
reports that I missed some things).  It's a Server 2008 R2 File Server Cluster.

I am trying to figure out the best robocopy command line for copying all files 
(& their appropriate permissions) that don't exist in the target; multithreaded 
and verbose logging.

Robocopy "E:\path\path\path name\" "S:\path\path\path name\" /s /zb /dcopy:T 
/copyall /xct /xn /r:5 /v /log:S:\Log.txt /MT:128

Would the above be the best method?

Sean Rector, MCSE

Information Technology Manager
Virginia Opera Association

E-Mail: sean.rec...@vaopera.org
Phone:(757) 213-4548 (direct line)
{+}



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Robocopy Help, please

[Andrew S. Baker]

Then nothing is missing.

Trying to work with insufficient info is awkward.

Alternatively, if you control both the source and destination system, you
should do a file compare (or, at the very least, a file directory output
compare).



* *

*ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of
Technology for the SMB market…

*



On Mon, Oct 17, 2011 at 1:33 PM, Sean Rector wrote:

> I don’t know - the folks asking for files can’t be bothered to tell me file
> names or locations.
>
> ** **
>
> Sean Rector, MCSE
>
> ** **
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Sent:* Monday, October 17, 2011 12:38 PM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Robocopy Help, please
>
> ** **
>
> Are the things you're allegedly missing showing up anywhere in the logs?
> 
>
> *ASB*
>
> *http://XeeMe.com/AndrewBaker*
>
> *Harnessing the Advantages of Technology for the SMB market…*
>
>
>
> 
>
> On Mon, Oct 17, 2011 at 12:31 PM, Sean Rector 
> wrote:
>
> Hello All,
>
>  
>
> I searched through the archives and I didn’t find what I am looking for.**
> **
>
>  
>
> New SAN Drive (S).  I’ve already moved 99% (thought it was all, but I’m
> getting reports that I missed some things).  It’s a Server 2008 R2 File
> Server Cluster.
>
>  
>
> I am trying to figure out the best robocopy command line for copying all
> files (& their appropriate permissions) that don’t exist in the target;
> multithreaded and verbose logging.
>
>  
>
> Robocopy “E:\path\path\path name\” “S:\path\path\path name\” /s /zb
> /dcopy:T /copyall /xct /xn /r:5 /v /log:S:\Log.txt /MT:128
>
>  
>
> Would the above be the best method?
>
>  
>
> Sean Rector, MCSE
>
>  
>
> Information Technology Manager
> Virginia Opera Association 
>
> E-Mail: sean.rec...@vaopera.org
> Phone:(757) 213-4548 (direct line)
> {+}
>
>
> **
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Robocopy Help, please

[kz20fl]

No info - no resolution. Or at the very least get the helpdesk to help them 
"find" the info you need.

Sent from my POS BlackBerry  wireless device, which may wipe itself at any 
moment

-Original Message-
From: Sean Rector 
Date: Mon, 17 Oct 2011 13:33:04 
To: NT System Admin Issues
Reply-To: "NT System Admin Issues" 
Subject: RE: Robocopy Help, please

I don't know - the folks asking for files can't be bothered to tell me
file names or locations.

 

Sean Rector, MCSE

 

From: Andrew S. Baker [mailto:asbz...@gmail.com] 
Sent: Monday, October 17, 2011 12:38 PM
To: NT System Admin Issues
Subject: Re: Robocopy Help, please

 

Are the things you're allegedly missing showing up anywhere in the logs?


ASB

http://XeeMe.com/AndrewBaker

Harnessing the Advantages of Technology for the SMB market...





On Mon, Oct 17, 2011 at 12:31 PM, Sean Rector 
wrote:

Hello All,

 

I searched through the archives and I didn't find what I am looking for.

 

New SAN Drive (S).  I've already moved 99% (thought it was all, but I'm
getting reports that I missed some things).  It's a Server 2008 R2 File
Server Cluster.

 

I am trying to figure out the best robocopy command line for copying all
files (& their appropriate permissions) that don't exist in the target;
multithreaded and verbose logging.

 

Robocopy "E:\path\path\path name\" "S:\path\path\path name\" /s /zb
/dcopy:T /copyall /xct /xn /r:5 /v /log:S:\Log.txt /MT:128

 

Would the above be the best method?

 

Sean Rector, MCSE

 

Information Technology Manager
Virginia Opera Association 

E-Mail: sean.rec...@vaopera.org 

Phone:(757) 213-4548   (direct line)
{+}

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


Tickets and Subscriptions On Sale Now!
Aida | Hansel And Gretel | Orph?e | The Mikado
Visit us online at www.VaOpera.org or call 1-866-OPERA-VA

Experience the Beauty, Power & Passion of Virginia Opera.

This e-mail and any attached files are confidential and intended solely for the 
intended recipient(s). Unless otherwise specified, persons unnamed as 
recipients may not read, distribute, copy or alter this e-mail. Any views or 
opinions expressed in this e-mail belong to the author and may not necessarily 
represent those of Virginia Opera. Although precautions have been taken to 
ensure no viruses are present, Virginia Opera cannot accept responsibility for 
any loss or damage that may arise from the use of this e-mail or attachments.
{*}
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Robocopy Help, please

[Kennedy, Jim]

I think it might help if you make them tell you. Could get lucky and find a 
common theme among the missing files.

From: David Lum [mailto:david@nwea.org]
Sent: Monday, October 17, 2011 1:40 PM
To: NT System Admin Issues
Subject: RE: Robocopy Help, please

I love when that happens. Not.

From: Sean Rector 
[mailto:sean.rec...@vaopera.org]
Sent: Monday, October 17, 2011 10:33 AM
To: NT System Admin Issues
Subject: RE: Robocopy Help, please

I don't know - the folks asking for files can't be bothered to tell me file 
names or locations.

Sean Rector, MCSE

From: Andrew S. Baker 
[mailto:asbz...@gmail.com]
Sent: Monday, October 17, 2011 12:38 PM
To: NT System Admin Issues
Subject: Re: Robocopy Help, please

Are the things you're allegedly missing showing up anywhere in the logs?
ASB

http://XeeMe.com/AndrewBaker

Harnessing the Advantages of Technology for the SMB market...


On Mon, Oct 17, 2011 at 12:31 PM, Sean Rector 
mailto:sean.rec...@vaopera.org>> wrote:
Hello All,

I searched through the archives and I didn't find what I am looking for.

New SAN Drive (S).  I've already moved 99% (thought it was all, but I'm getting 
reports that I missed some things).  It's a Server 2008 R2 File Server Cluster.

I am trying to figure out the best robocopy command line for copying all files 
(& their appropriate permissions) that don't exist in the target; multithreaded 
and verbose logging.

Robocopy "E:\path\path\path name\" "S:\path\path\path name\" /s /zb /dcopy:T 
/copyall /xct /xn /r:5 /v /log:S:\Log.txt /MT:128

Would the above be the best method?

Sean Rector, MCSE

Information Technology Manager
Virginia Opera Association

E-Mail: sean.rec...@vaopera.org
Phone:(757) 213-4548 (direct line)
{+}



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Tickets and Subscriptions On Sale Now!
Aida | Hansel And Gretel | Orphée | The Mikado
Visit us online at www.VaOpera.org or call 
1-866-OPERA-VA

Experience the Beauty, Power & Passion of Virginia Opera.



This e-mail and any attached files are confidential and intended solely for the 
intended recipient(s). Unless otherwise specified, persons unnamed as 
recipients may not read, distribute, copy or alter this e-mail. Any views or 
opinions expressed in this e-mail belong to the author and may not necessarily 
represent those of Virginia Opera. Although precautions have been taken to 
ensure no viruses are present, Virginia Opera cannot accept responsibility for 
any loss or damage that may arise from the use of this e-mail or attachments.

{*}

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Robocopy Help, please

[Jonathan Link]

Snafu.

On Mon, Oct 17, 2011 at 1:40 PM, David Lum  wrote:

> I love when that happens. Not.
>
> ** **
>
> *From:* Sean Rector [mailto:sean.rec...@vaopera.org]
> *Sent:* Monday, October 17, 2011 10:33 AM
>
> *To:* NT System Admin Issues
> *Subject:* RE: Robocopy Help, please
>
> ** **
>
> I don’t know - the folks asking for files can’t be bothered to tell me file
> names or locations.
>
> ** **
>
> Sean Rector, MCSE
>
> ** **
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Sent:* Monday, October 17, 2011 12:38 PM
> *To:* NT System Admin Issues
> *Subject:* Re: Robocopy Help, please
>
> ** **
>
> Are the things you're allegedly missing showing up anywhere in the logs?
> 
>
> *ASB*
>
> *http://XeeMe.com/AndrewBaker*
>
> *Harnessing the Advantages of Technology for the SMB market…*
>
> ** **
>
> On Mon, Oct 17, 2011 at 12:31 PM, Sean Rector 
> wrote:
>
> Hello All,
>
>  
>
> I searched through the archives and I didn’t find what I am looking for.**
> **
>
>  
>
> New SAN Drive (S).  I’ve already moved 99% (thought it was all, but I’m
> getting reports that I missed some things).  It’s a Server 2008 R2 File
> Server Cluster.
>
>  
>
> I am trying to figure out the best robocopy command line for copying all
> files (& their appropriate permissions) that don’t exist in the target;
> multithreaded and verbose logging.
>
>  
>
> Robocopy “E:\path\path\path name\” “S:\path\path\path name\” /s /zb
> /dcopy:T /copyall /xct /xn /r:5 /v /log:S:\Log.txt /MT:128
>
>  
>
> Would the above be the best method?
>
>  
>
> Sean Rector, MCSE
>
>  
>
> Information Technology Manager
> Virginia Opera Association 
>
> E-Mail: sean.rec...@vaopera.org
> Phone:(757) 213-4548 (direct line)
> {+}
>
> ** **
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> Tickets and Subscriptions *On Sale Now!*
> Aida | Hansel And Gretel | Orphée | The Mikado
> *Visit us online at www.VaOpera.org  or call
> 1-866-OPERA-VA*
>
> *Experience the Beauty, Power & Passion of Virginia Opera.*
> --
>
> This e-mail and any attached files are confidential and intended solely for
> the intended recipient(s). Unless otherwise specified, persons unnamed as
> recipients may not read, distribute, copy or alter this e-mail. Any views or
> opinions expressed in this e-mail belong to the author and may not
> necessarily represent those of Virginia Opera. Although precautions have
> been taken to ensure no viruses are present, Virginia Opera cannot accept
> responsibility for any loss or damage that may arise from the use of this
> e-mail or attachments.
>
> {*}
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Robocopy Help, please

[David Lum]

I love when that happens. Not.

From: Sean Rector [mailto:sean.rec...@vaopera.org]
Sent: Monday, October 17, 2011 10:33 AM
To: NT System Admin Issues
Subject: RE: Robocopy Help, please

I don't know - the folks asking for files can't be bothered to tell me file 
names or locations.

Sean Rector, MCSE

From: Andrew S. Baker 
[mailto:asbz...@gmail.com]
Sent: Monday, October 17, 2011 12:38 PM
To: NT System Admin Issues
Subject: Re: Robocopy Help, please

Are the things you're allegedly missing showing up anywhere in the logs?
ASB

http://XeeMe.com/AndrewBaker

Harnessing the Advantages of Technology for the SMB market...


On Mon, Oct 17, 2011 at 12:31 PM, Sean Rector 
mailto:sean.rec...@vaopera.org>> wrote:
Hello All,

I searched through the archives and I didn't find what I am looking for.

New SAN Drive (S).  I've already moved 99% (thought it was all, but I'm getting 
reports that I missed some things).  It's a Server 2008 R2 File Server Cluster.

I am trying to figure out the best robocopy command line for copying all files 
(& their appropriate permissions) that don't exist in the target; multithreaded 
and verbose logging.

Robocopy "E:\path\path\path name\" "S:\path\path\path name\" /s /zb /dcopy:T 
/copyall /xct /xn /r:5 /v /log:S:\Log.txt /MT:128

Would the above be the best method?

Sean Rector, MCSE

Information Technology Manager
Virginia Opera Association

E-Mail: sean.rec...@vaopera.org
Phone:(757) 213-4548 (direct line)
{+}



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Tickets and Subscriptions On Sale Now!
Aida | Hansel And Gretel | Orphée | The Mikado
Visit us online at www.VaOpera.org or call 
1-866-OPERA-VA

Experience the Beauty, Power & Passion of Virginia Opera.



This e-mail and any attached files are confidential and intended solely for the 
intended recipient(s). Unless otherwise specified, persons unnamed as 
recipients may not read, distribute, copy or alter this e-mail. Any views or 
opinions expressed in this e-mail belong to the author and may not necessarily 
represent those of Virginia Opera. Although precautions have been taken to 
ensure no viruses are present, Virginia Opera cannot accept responsibility for 
any loss or damage that may arise from the use of this e-mail or attachments.

{*}

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Robocopy Help, please

[Sean Rector]

I don't know - the folks asking for files can't be bothered to tell me
file names or locations.

 

Sean Rector, MCSE

 

From: Andrew S. Baker [mailto:asbz...@gmail.com] 
Sent: Monday, October 17, 2011 12:38 PM
To: NT System Admin Issues
Subject: Re: Robocopy Help, please

 

Are the things you're allegedly missing showing up anywhere in the logs?


ASB

http://XeeMe.com/AndrewBaker

Harnessing the Advantages of Technology for the SMB market...





On Mon, Oct 17, 2011 at 12:31 PM, Sean Rector 
wrote:

Hello All,

 

I searched through the archives and I didn't find what I am looking for.

 

New SAN Drive (S).  I've already moved 99% (thought it was all, but I'm
getting reports that I missed some things).  It's a Server 2008 R2 File
Server Cluster.

 

I am trying to figure out the best robocopy command line for copying all
files (& their appropriate permissions) that don't exist in the target;
multithreaded and verbose logging.

 

Robocopy "E:\path\path\path name\" "S:\path\path\path name\" /s /zb
/dcopy:T /copyall /xct /xn /r:5 /v /log:S:\Log.txt /MT:128

 

Would the above be the best method?

 

Sean Rector, MCSE

 

Information Technology Manager
Virginia Opera Association 

E-Mail: sean.rec...@vaopera.org 

Phone:(757) 213-4548   (direct line)
{+}

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


Tickets and Subscriptions On Sale Now!
Aida | Hansel And Gretel | Orph?e | The Mikado
Visit us online at www.VaOpera.org or call 1-866-OPERA-VA

Experience the Beauty, Power & Passion of Virginia Opera.

This e-mail and any attached files are confidential and intended solely for the 
intended recipient(s). Unless otherwise specified, persons unnamed as 
recipients may not read, distribute, copy or alter this e-mail. Any views or 
opinions expressed in this e-mail belong to the author and may not necessarily 
represent those of Virginia Opera. Although precautions have been taken to 
ensure no viruses are present, Virginia Opera cannot accept responsibility for 
any loss or damage that may arise from the use of this e-mail or attachments.
{*}
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Robocopy Help, please

[Paul Hutchings]

I usually use this command to do an entire drive:

ROBOCOPY source dest: /MIR /COPYALL /MT /ZB /R:1 /W:1 /TEE /NP /TIMFIX /XD 
"$RECYCLE.BIN" "RECYCLER" "SIS Common Store" "System Volume Information" 
/LOG:c:\temp\robocopy.log

I don't know of a way to just log skips/errors though.

From: Sean Rector [sean.rec...@vaopera.org]
Sent: 17 October 2011 5:31 PM
To: NT System Admin Issues
Subject: Robocopy Help, please

Hello All,

I searched through the archives and I didn’t find what I am looking for.

New SAN Drive (S).  I’ve already moved 99% (thought it was all, but I’m getting 
reports that I missed some things).  It’s a Server 2008 R2 File Server Cluster.

I am trying to figure out the best robocopy command line for copying all files 
(& their appropriate permissions) that don’t exist in the target; multithreaded 
and verbose logging.

Robocopy “E:\path\path\path name\” “S:\path\path\path name\” /s /zb /dcopy:T 
/copyall /xct /xn /r:5 /v /log:S:\Log.txt /MT:128

Would the above be the best method?

Sean Rector, MCSE

Information Technology Manager
Virginia Opera Association

E-Mail: sean.rec...@vaopera.org
Phone:(757) 213-4548 (direct line)
{+}

Tickets and Subscriptions On Sale Now!
Aida | Hansel And Gretel | Orphée | The Mikado
Visit us online at www.VaOpera.org or call 
1-866-OPERA-VA

Experience the Beauty, Power & Passion of Virginia Opera.



This e-mail and any attached files are confidential and intended solely for the 
intended recipient(s). Unless otherwise specified, persons unnamed as 
recipients may not read, distribute, copy or alter this e-mail. Any views or 
opinions expressed in this e-mail belong to the author and may not necessarily 
represent those of Virginia Opera. Although precautions have been taken to 
ensure no viruses are present, Virginia Opera cannot accept responsibility for 
any loss or damage that may arise from the use of this e-mail or attachments.

{*}

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

--
MIRA Ltd

Watling Street, Nuneaton, Warwickshire, CV10 0TU, England
Registered in England and Wales No. 402570
VAT Registration  GB 100 1464 84

The contents of this e-mail are confidential and are solely for the use of the 
intended recipient.  If you receive this e-mail in error, please delete it and 
notify us either by e-mail, telephone or fax.  You should not copy, forward or 
otherwise disclose the content of the e-mail as this is prohibited.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Robocopy Help, please

[Andrew S. Baker]

Are the things you're allegedly missing showing up anywhere in the logs?

* *

*ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of
Technology for the SMB market…

*



On Mon, Oct 17, 2011 at 12:31 PM, Sean Rector wrote:

> Hello All,
>
> ** **
>
> I searched through the archives and I didn’t find what I am looking for.**
> **
>
> ** **
>
> New SAN Drive (S).  I’ve already moved 99% (thought it was all, but I’m
> getting reports that I missed some things).  It’s a Server 2008 R2 File
> Server Cluster.
>
> ** **
>
> I am trying to figure out the best robocopy command line for copying all
> files (& their appropriate permissions) that don’t exist in the target;
> multithreaded and verbose logging.
>
> ** **
>
> Robocopy “E:\path\path\path name\” “S:\path\path\path name\” /s /zb
> /dcopy:T /copyall /xct /xn /r:5 /v /log:S:\Log.txt /MT:128
>
> ** **
>
> Would the above be the best method?
>
> ** **
>
> Sean Rector, MCSE
>
> ** **
> Information Technology Manager
> Virginia Opera Association**
>
>  E-Mail: sean.rec...@vaopera.org
> Phone:(757) 213-4548 (direct line)
> {+}
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Macs and vunerabilities

[Kennedy, Jim]

Got it, tyvm.

-Original Message-
From: Matthew W. Ross [mailto:mr...@ephrataschools.org] 
Sent: Monday, October 17, 2011 12:35 PM
To: NT System Admin Issues
Subject: RE: Macs and vunerabilities

You are incorrect.

Mac OS X Server never went away. There were fears it might, but not in this 
iteration of Mac OS X.

The Apple XServe (a 1U, enterprise focused physical server) was canceled. Too 
bad, too... as it was an excellent piece of hardware. (We are fortunate to have 
one, and it runs like a champ.)

Apple's suggested replacement is the Mac Mini server... Yeah, you read that 
right. They argue that the costs of running a highly redundant, fault tolerant 
server is more expensive than running two regular macs. And they might be 
right, if the server version of the mini wasn't $999.

But remember, you can run Lion Server on any lion capable mac. Safe some dough, 
buy a regular mac mini. (Or run it on a older, capable Mac you already have.)


--Matt Ross
Ephrata School District


- Original Message -
From: Kennedy, Jim
[mailto:kennedy...@elyriaschools.org]
To: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com]
Sent: Mon, 17 Oct 2011
09:24:02 -0700
Subject: RE: Macs and vunerabilities


> 
> 
> Open Directory is part of OS X Server and thus discontinued? Or have I got
> wrong?
> 
> 
> -Original Message-
> From: Matthew W. Ross [mailto:mr...@ephrataschools.org] 
> Sent: Monday, October 17, 2011 11:57 AM
> To: NT System Admin Issues
> Subject: RE: Macs and vunerabilities
> 
> If you want the Apple solution, check out Open Directory 
> 
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
> 
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
> 
> 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Macs and vunerabilities

[Matthew W. Ross]

You are incorrect.

Mac OS X Server never went away. There were fears it might, but not in this 
iteration of Mac OS X.

The Apple XServe (a 1U, enterprise focused physical server) was canceled. Too 
bad, too... as it was an excellent piece of hardware. (We are fortunate to have 
one, and it runs like a champ.)

Apple's suggested replacement is the Mac Mini server... Yeah, you read that 
right. They argue that the costs of running a highly redundant, fault tolerant 
server is more expensive than running two regular macs. And they might be 
right, if the server version of the mini wasn't $999.

But remember, you can run Lion Server on any lion capable mac. Safe some dough, 
buy a regular mac mini. (Or run it on a older, capable Mac you already have.)


--Matt Ross
Ephrata School District


- Original Message -
From: Kennedy, Jim
[mailto:kennedy...@elyriaschools.org]
To: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com]
Sent: Mon, 17 Oct 2011
09:24:02 -0700
Subject: RE: Macs and vunerabilities


> 
> 
> Open Directory is part of OS X Server and thus discontinued? Or have I got
> wrong?
> 
> 
> -Original Message-
> From: Matthew W. Ross [mailto:mr...@ephrataschools.org] 
> Sent: Monday, October 17, 2011 11:57 AM
> To: NT System Admin Issues
> Subject: RE: Macs and vunerabilities
> 
> If you want the Apple solution, check out Open Directory 
> 
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
> 
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
> 
> 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Macs and vunerabilities

[Kennedy, Jim]

Open Directory is part of OS X Server and thus discontinued? Or have I got 
wrong?


-Original Message-
From: Matthew W. Ross [mailto:mr...@ephrataschools.org] 
Sent: Monday, October 17, 2011 11:57 AM
To: NT System Admin Issues
Subject: RE: Macs and vunerabilities

If you want the Apple solution, check out Open Directory 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Macs and vunerabilities

[Matthew W. Ross]

You can set most of the setting on a Mac centrally, if they are bound to an 
Open Directory server. I do not see a setting to block applications from being 
launched, though.


--Matt Ross
Ephrata School District


- Original Message -
From: Ben M. Schorr
[mailto:b...@rolandschorr.com]
To: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com]
Sent: Mon, 17 Oct 2011
08:42:21 -0700
Subject: RE: Macs and vunerabilities


> Can you set the parental controls centrally or do you have to walk around to
> every Mac and configure them individually?
> 
> Ben M. Schorr
> Chief Executive Officer
> __
> Roland Schorr & Tower
> www.rolandschorr.com
> 
> From: S Powell [mailto:powe...@gmail.com]
> Sent: Thursday, October 13, 2011 16:33
> To: NT System Admin Issues
> Subject: Re: Macs and vunerabilities
> 
> I know that many people on this list use GPO to whitelist apps in windows,
> you can do the same on a mac with parental controls.
> 
> We have a few, laptops and iMacs; and while they are only used by admins, we
> have had normal users using them in the past.  we have used Sophos and
> ClamXAV, but for the most part simply limiting the users from running as
> admin goes a long way.
>  MacDefender required admin credentials to install.
> 
> 
> 
> 
> 
> 
> -
> Who'd you rather be, the Beatles or the Rolling Stones?
> 
> On Thu, Oct 13, 2011 at 15:41, Steven Peck
> mailto:sep...@gmail.com>> wrote:
> The most recent big one was the Mac Defender.
> http://en.wikipedia.org/wiki/Mac_Defender
> 
> Apple's initial response was 'head inthe ground'.  Due to outrage they did
> eventually provide a fix.
> 
> QUOTE
> According to Sophos, by May 24, there had been sixty thousand calls to
> AppleCare technical support about
> Mac Defender-related
> issues,[16]
> and Ed Bott of ZDNet reports that the
> number of calls to AppleCare increased in volume due to Mac Defender, and
> that a majority of the calls now pertain to Mac
> Defender.[17]
> AppleCare employees have been told not to assist callers in removing the
> software.[18]
> Specifically, support employees have been told not to instruct callers on
> how to use Force Quit and Activity Monitor to stop Mac Defender, as well as
> not to direct callers to any discussions pertaining to the problems caused
> by Mac
> Defender.[16]
> An anonymous AppleCare support employee said that Apple instituted the
> policy in order to prevent users from relying on technical support instead
> of anti-virus
> programs.[18]
> /QUOTE
> 
> While I don't see it in the wikipedia article, I believe that Russian law
> enforcement raided a company where they provided services using this and a
> variety of other programs to exploit systems and information stolen from
> them.
> 
> While in this case and it's varients these are primarily trojan based, with
> no enterprise monitoring or reporting capabilities you have no way of
> knowing if this is in your environment or not.
> 
> On Thu, Oct 13, 2011 at 3:01 PM, David Lum
> mailto:david@nwea.org>> wrote:
> Well, we're getting a Mac invasion here and there is zero apparent concern
> for managing these things or worrying about vulnerabilities. To get to AD
> resources they're standing up Win7 VM's but doing as much work as possible
> on the native MacOS.
> 
> They can get to the Internet, file shares, printers, e-mail, etc on native
> Mac but I just have alarms going off in my head "unmanaged machines with no
> idea what intellectual property is on them".
> 
> Dave
> 
> From: kz2...@googlemail.com
> [mailto:kz2...@googlemail.com]
> Sent: Thursday, October 13, 2011 2:49 PM
> 
> To: NT System Admin Issues
> Subject: Re: Macs and vunerabilities
> 
> I remember the big "mac virus" recently was socially engineered - but that's
> definitely the mac's biggest vulnerability. Given that mac users generally
> believe they are invulnerable, its an arguably bigger vector than the same
> one on a Windows system.
> 
> Sent from my POS BlackBerry wireless device, which may wipe itself at any
> moment
> 
> 
> From: David Lum mailto:david@nwea.org>>
> Date: Thu, 13 Oct 2011 21:45:39 +
> To: NT System Admin
> Issuesmailto:ntsysadmin@lyris.sunbelt-software.com>>
> ReplyTo: "NT System Admin Issues"
> mailto:ntsysadmin@lyris.sunbelt-software.com>>
> Subject: Macs and vunerabilities
> 
> Does anyone have a link to an article or two that 

RE: Macs and vunerabilities

[David Lum]

Thanks for all this information Matt, it's greatly appreciated!!

-Original Message-
From: Matthew W. Ross [mailto:mr...@ephrataschools.org] 
Sent: Monday, October 17, 2011 8:57 AM
To: NT System Admin Issues
Subject: RE: Macs and vunerabilities

You are correct, many of these things you cannot do from a Active Directory. 
There may be a few tricks you can use to force some of these (login scripts, 
remote ssh, etc.) but I'm sure you're more interested in something a little 
more centralized.

If you want the Apple solution, check out Open Directory and Apple Remote 
Desktop.

Open Directory is a component of Mac OS X Server, and it is Apple's attempt at 
a directory service ala Active Directory, but for Macs. If you do go this 
route, I recommend joining the Macs to both your Active Directory and the Open 
directory at the same time. Have your user's login using their AD credentials, 
while the Macs get their settings from OD. This is what's know in the mac IT 
circles as the "Golden Triangle".

Apple Remote Desktop is, at first glance, your basic remote desktop app. But, 
it's also your software deployment suite and your software inventory. (As an 
aside, I wish there was an equivalent to Apple Remote Desktop for windows PCs. 
Perhaps there is, but not without a per-client cost.) Have a .pkg that needs to 
be installed? Install it silently on every computer you can see online. Need it 
installed on offline computers? Set up ARD to do it automatically when it sees 
the Macs are seen on the network.

These solutions are fairly inexpensive, thanks to the aggressive price drops by 
apple. You need a Mac running Lion (Costs depend on weather you have this 
already and could be $0), the Lion Server update from apple ($49.99) and 
optionally Apple Remote Desktop ($79.99, unlimited clients).

If you don't want to go with the Apple provided solution, there are other 
methods of making this work. Check out Puppet from Puppet Labs and ADmitMac 
from Thursby.

---

Now that that's said, we here have not moved to Mac OS X Lion (10.7). As of 
their most recent patch, it appears they have finally resolved some of their 
active directory integration issues. We as a district are moving away from 
Macs, simply because of their initial costs are difficult to bear. Supporting a 
Mac's software is easy. Supporting the hardware can be a nightmare.

I hope some of this information is useful to you.


--Matt Ross
Ephrata School District


- Original Message -
From: David Lum
[mailto:david@nwea.org]
To: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com]
Sent: Mon, 17 Oct 2011
08:16:43 -0700
Subject: RE: Macs and vunerabilities


> My concern is all the above. As currently implemented, Mac's on our 
> network are no different than users home Windows laptops being allowed 
> to directly connect to our network. I can't imagine anyone here would 
> say "go ahead and hook your home laptop directly to my LAN and don't 
> bother joining to the domain".
> 
> I can't audit what's on them for software license compliance reporting 
> I can't apply GPO's (autoconfigure wireless, browser 
> settings/favorites,
> etc)
> I can't remotely deploy software (via GPO or SMS) I can't enforce 
> anti-virus I can't patch Flash, Java, etc
> 
> Dave
> 
> -Original Message-
> From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
> Sent: Monday, October 17, 2011 8:07 AM
> To: NT System Admin Issues
> Subject: RE: Macs and vunerabilities
> 
> David, from what direction are your concerns coming from?
> 
> Are you concerned how to patch the macs?
> Are you concerned about antivirus?
> Are you concerned about controlling what the Macs are allowed to do?
> 
> I'm just trying to understand, and perhaps help.
> 
> 
> --Matt Ross
> Ephrata School District
> 
> 
> - Original Message -
> From: David Lum
> [mailto:david@nwea.org]
> To: NT System Admin Issues
> [mailto:ntsysadmin@lyris.sunbelt-software.com]
> Sent: Thu, 13 Oct 2011
> 15:01:20 -0700
> Subject: RE: Macs and vunerabilities
> 
> 
> > Well, we're getting a Mac invasion here and there is zero apparent 
> > concern for managing these things or worrying about vulnerabilities.
> > To get to AD resources they're standing up Win7 VM's but doing as 
> > much work as possible on the native MacOS.
> > 
> > They can get to the Internet, file shares, printers, e-mail, etc on 
> > native Mac but I just have alarms going off in my head "unmanaged 
> > machines with no idea what intellectual property is on them".
> > 
> > Dave
> > 
> > From: kz2...@googlemail.com [mailto:kz2...@googlemail.com]
> > Sent: Thursday, October 13, 2011 2:49 PM
> > To: NT System Admin Issues
> > Subject: Re: Macs and vunerabilities
> > 
> > I remember the big "mac virus" recently was socially engineered - 
> > but that's definitely the mac's biggest vulnerability. Given that 
> > mac users generally believe they are invulnerable, its an arguably 
> > bigger vector than the same one o

RE: Lync server

[David Lum]

LOL - oopsie! Sorry Brian and Ben.

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Monday, October 17, 2011 8:52 AM
To: NT System Admin Issues
Subject: RE: Lync server

I can assure you - Brian looks nothing like Ben.

:)

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: David Lum [mailto:david@nwea.org]
Sent: Monday, October 17, 2011 9:45 AM
To: NT System Admin Issues
Subject: RE: Lync server

Ben you are money. Looks like my ROOTDC and SUBDOMAINDC in my virtual world 
aren't fully communicating. They can ping by IP but not name, so name 
resolution troubleshooting ensues..

From: Brian Desmond 
[mailto:br...@briandesmond.com]
Sent: Friday, October 14, 2011 8:07 PM
To: NT System Admin Issues
Subject: RE: Lync server

Having the schema master in a subdomain is fine. It sounds to me like you have 
a global catalog or trust problem, though. If you login with a user in the root 
domain (in schema admins), is it in your token?

Have you done a metadata cleanup of the missing DCs? If you connect to the 
child domain DC with LDP, is isGlobalCatalogReady==TRUE?

Thanks,
Brian Desmond
br...@briandesmond.com

w - 312.625.1438 | c   - 312.731.3132

From: David Lum [mailto:david@nwea.org]
Sent: Friday, October 14, 2011 9:12 PM
To: NT System Admin Issues
Subject: RE: Lync server

Ok here's something: Checking this out while ROOTDC1 is in the root of the 
forest, the schema master is actually SUBDOMAINDC1 (seems weird). I have VMs of 
ROOTDC1 and SUBDOMAINDC1 but neither od the "DC2" servers.

Roles:
Schema master: SUBDOMAINDC1
Domain naming master: ROOTDC1
RID: ROOTDC1 (for root), SUBDOMAINDC1 for subdomain)
PDC: ROOTDC1 (for root), SUBDOMAINDC1 for subdomain)
Infrastructure: ROOTDC2 (for root), SUBDOMAINDC2 (for subdomain)
GC: ROOTDC1, SUBDOMAINDC1

Where do I look to fix my issue?

Dave

From: David Lum [mailto:david@nwea.org]
Sent: Friday, October 14, 2011 6:57 PM
To: NT System Admin Issues
Subject: RE: Lync server

OK That's firggin' weird, I just learned of whoami as a Win command yesterday.

And doing that...no, I am not! In my sandbox I have cloned 2 of our 4 
production DC's - one is a forest root machine and the other is a subdomain DC. 
Am I possibly missing a critical role master?

Dave

From: Brian Desmond 
[mailto:br...@briandesmond.com]
Sent: Friday, October 14, 2011 5:04 PM
To: NT System Admin Issues
Subject: RE: Lync server

IF you run whoami /groups, is it listed?

Thanks,
Brian Desmond
br...@briandesmond.com

w - 312.625.1438 | c   - 312.731.3132

From: David Lum [mailto:david@nwea.org]
Sent: Friday, October 14, 2011 3:56 PM
To: NT System Admin Issues
Subject: Lync server

I am trying to install a Lync server in a sandbox with some DC's. When I run 
the deployment wizard and try to extend the schema it tells me it can't 
complete the command because I am not in the schema admins groupoohh, but I 
am!

One slight twist is I am using an account from subdomain.nwea.org that is in 
schema admins group in nwea.org, but as that account is in schema admins it 
shouldn't matter.

Anyone run into this? It gives me this message when I run "prepare Active 
Directory for Lync server
http://www.ocspedia.com/fe/Install_Microsoft_Lync_Server_2010.aspx?ArticleID=103
David Lum
Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/

RE: Macs and vunerabilities

[Matthew W. Ross]

You are correct, many of these things you cannot do from a Active Directory. 
There may be a few tricks you can use to force some of these (login scripts, 
remote ssh, etc.) but I'm sure you're more interested in something a little 
more centralized.

If you want the Apple solution, check out Open Directory and Apple Remote 
Desktop.

Open Directory is a component of Mac OS X Server, and it is Apple's attempt at 
a directory service ala Active Directory, but for Macs. If you do go this 
route, I recommend joining the Macs to both your Active Directory and the Open 
directory at the same time. Have your user's login using their AD credentials, 
while the Macs get their settings from OD. This is what's know in the mac IT 
circles as the "Golden Triangle".

Apple Remote Desktop is, at first glance, your basic remote desktop app. But, 
it's also your software deployment suite and your software inventory. (As an 
aside, I wish there was an equivalent to Apple Remote Desktop for windows PCs. 
Perhaps there is, but not without a per-client cost.) Have a .pkg that needs to 
be installed? Install it silently on every computer you can see online. Need it 
installed on offline computers? Set up ARD to do it automatically when it sees 
the Macs are seen on the network.

These solutions are fairly inexpensive, thanks to the aggressive price drops by 
apple. You need a Mac running Lion (Costs depend on weather you have this 
already and could be $0), the Lion Server update from apple ($49.99) and 
optionally Apple Remote Desktop ($79.99, unlimited clients).

If you don't want to go with the Apple provided solution, there are other 
methods of making this work. Check out Puppet from Puppet Labs and ADmitMac 
from Thursby.

---

Now that that's said, we here have not moved to Mac OS X Lion (10.7). As of 
their most recent patch, it appears they have finally resolved some of their 
active directory integration issues. We as a district are moving away from 
Macs, simply because of their initial costs are difficult to bear. Supporting a 
Mac's software is easy. Supporting the hardware can be a nightmare.

I hope some of this information is useful to you.


--Matt Ross
Ephrata School District


- Original Message -
From: David Lum
[mailto:david@nwea.org]
To: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com]
Sent: Mon, 17 Oct 2011
08:16:43 -0700
Subject: RE: Macs and vunerabilities


> My concern is all the above. As currently implemented, Mac's on our network
> are no different than users home Windows laptops being allowed to directly
> connect to our network. I can't imagine anyone here would say "go ahead and
> hook your home laptop directly to my LAN and don't bother joining to the
> domain".
> 
> I can't audit what's on them for software license compliance reporting
> I can't apply GPO's (autoconfigure wireless, browser settings/favorites,
> etc)
> I can't remotely deploy software (via GPO or SMS)
> I can't enforce anti-virus
> I can't patch Flash, Java, etc
> 
> Dave
> 
> -Original Message-
> From: Matthew W. Ross [mailto:mr...@ephrataschools.org] 
> Sent: Monday, October 17, 2011 8:07 AM
> To: NT System Admin Issues
> Subject: RE: Macs and vunerabilities
> 
> David, from what direction are your concerns coming from?
> 
> Are you concerned how to patch the macs?
> Are you concerned about antivirus?
> Are you concerned about controlling what the Macs are allowed to do?
> 
> I'm just trying to understand, and perhaps help.
> 
> 
> --Matt Ross
> Ephrata School District
> 
> 
> - Original Message -
> From: David Lum
> [mailto:david@nwea.org]
> To: NT System Admin Issues
> [mailto:ntsysadmin@lyris.sunbelt-software.com]
> Sent: Thu, 13 Oct 2011
> 15:01:20 -0700
> Subject: RE: Macs and vunerabilities
> 
> 
> > Well, we're getting a Mac invasion here and there is zero apparent 
> > concern for managing these things or worrying about vulnerabilities. 
> > To get to AD resources they're standing up Win7 VM's but doing as much 
> > work as possible on the native MacOS.
> > 
> > They can get to the Internet, file shares, printers, e-mail, etc on 
> > native Mac but I just have alarms going off in my head "unmanaged 
> > machines with no idea what intellectual property is on them".
> > 
> > Dave
> > 
> > From: kz2...@googlemail.com [mailto:kz2...@googlemail.com]
> > Sent: Thursday, October 13, 2011 2:49 PM
> > To: NT System Admin Issues
> > Subject: Re: Macs and vunerabilities
> > 
> > I remember the big "mac virus" recently was socially engineered - but 
> > that's definitely the mac's biggest vulnerability. Given that mac 
> > users generally believe they are invulnerable, its an arguably bigger 
> > vector than the same one on a Windows system.
> > 
> > Sent from my POS BlackBerry wireless device, which may wipe itself at 
> > any moment
> > 
> > 
> > From: David Lum mailto:david@nwea.org>>
> > Date: Thu, 13 Oct 2011 21:45:39 +
> > To: NT S

RE: Lync server

[Michael B. Smith]

I can assure you - Brian looks nothing like Ben.

:)

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: David Lum [mailto:david@nwea.org]
Sent: Monday, October 17, 2011 9:45 AM
To: NT System Admin Issues
Subject: RE: Lync server

Ben you are money. Looks like my ROOTDC and SUBDOMAINDC in my virtual world 
aren't fully communicating. They can ping by IP but not name, so name 
resolution troubleshooting ensues..

From: Brian Desmond 
[mailto:br...@briandesmond.com]
Sent: Friday, October 14, 2011 8:07 PM
To: NT System Admin Issues
Subject: RE: Lync server

Having the schema master in a subdomain is fine. It sounds to me like you have 
a global catalog or trust problem, though. If you login with a user in the root 
domain (in schema admins), is it in your token?

Have you done a metadata cleanup of the missing DCs? If you connect to the 
child domain DC with LDP, is isGlobalCatalogReady==TRUE?

Thanks,
Brian Desmond
br...@briandesmond.com

w - 312.625.1438 | c   - 312.731.3132

From: David Lum [mailto:david@nwea.org]
Sent: Friday, October 14, 2011 9:12 PM
To: NT System Admin Issues
Subject: RE: Lync server

Ok here's something: Checking this out while ROOTDC1 is in the root of the 
forest, the schema master is actually SUBDOMAINDC1 (seems weird). I have VMs of 
ROOTDC1 and SUBDOMAINDC1 but neither od the "DC2" servers.

Roles:
Schema master: SUBDOMAINDC1
Domain naming master: ROOTDC1
RID: ROOTDC1 (for root), SUBDOMAINDC1 for subdomain)
PDC: ROOTDC1 (for root), SUBDOMAINDC1 for subdomain)
Infrastructure: ROOTDC2 (for root), SUBDOMAINDC2 (for subdomain)
GC: ROOTDC1, SUBDOMAINDC1

Where do I look to fix my issue?

Dave

From: David Lum [mailto:david@nwea.org]
Sent: Friday, October 14, 2011 6:57 PM
To: NT System Admin Issues
Subject: RE: Lync server

OK That's firggin' weird, I just learned of whoami as a Win command yesterday.

And doing that...no, I am not! In my sandbox I have cloned 2 of our 4 
production DC's - one is a forest root machine and the other is a subdomain DC. 
Am I possibly missing a critical role master?

Dave

From: Brian Desmond 
[mailto:br...@briandesmond.com]
Sent: Friday, October 14, 2011 5:04 PM
To: NT System Admin Issues
Subject: RE: Lync server

IF you run whoami /groups, is it listed?

Thanks,
Brian Desmond
br...@briandesmond.com

w - 312.625.1438 | c   - 312.731.3132

From: David Lum [mailto:david@nwea.org]
Sent: Friday, October 14, 2011 3:56 PM
To: NT System Admin Issues
Subject: Lync server

I am trying to install a Lync server in a sandbox with some DC's. When I run 
the deployment wizard and try to extend the schema it tells me it can't 
complete the command because I am not in the schema admins groupoohh, but I 
am!

One slight twist is I am using an account from subdomain.nwea.org that is in 
schema admins group in nwea.org, but as that account is in schema admins it 
shouldn't matter.

Anyone run into this? It gives me this message when I run "prepare Active 
Directory for Lync server
http://www.ocspedia.com/fe/Install_Microsoft_Lync_Server_2010.aspx?ArticleID=103
David Lum
Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ 

Re: Flexera to acquire Wise...

[Andrew S. Baker]

Sigh.

* *

*ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of
Technology for the SMB market…

*



On Mon, Oct 17, 2011 at 11:45 AM, Michael B. Smith wrote:

>  
>
> ** **
>
> Regards,
>
> ** **
>
> Michael B. Smith
>
> Consultant and Exchange MVP
>
> http://TheEssentialExchange.com
>
> ** **
>
> *From:* Rod Trent [mailto:rodtr...@myitforum.com]
> *Sent:* Monday, October 17, 2011 11:32 AM
>
> *To:* NT System Admin Issues
> *Subject:* Flexera to acquire Wise...
>
>  ** **
>
> Did you guys hear about this yet?
>
> ** **
>
>
> http://myitforum.com/myitforumwp/2011/10/17/flexera-installshield-acquiring-wiseone-product-to-rule-them-all/
> 
>
> ** **
>
> I know there was some discussion recently about Wise, but looks like
> end-of-life is November 7th…
>
> ** **
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Flexera to acquire Wise...

[Michael B. Smith]

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Rod Trent [mailto:rodtr...@myitforum.com]
Sent: Monday, October 17, 2011 11:32 AM
To: NT System Admin Issues
Subject: Flexera to acquire Wise...

Did you guys hear about this yet?

http://myitforum.com/myitforumwp/2011/10/17/flexera-installshield-acquiring-wiseone-product-to-rule-them-all/

I know there was some discussion recently about Wise, but looks like 
end-of-life is November 7th...


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Macs and vunerabilities

[Ben M. Schorr]

Can you set the parental controls centrally or do you have to walk around to 
every Mac and configure them individually?

Ben M. Schorr
Chief Executive Officer
__
Roland Schorr & Tower
www.rolandschorr.com

From: S Powell [mailto:powe...@gmail.com]
Sent: Thursday, October 13, 2011 16:33
To: NT System Admin Issues
Subject: Re: Macs and vunerabilities

I know that many people on this list use GPO to whitelist apps in windows, you 
can do the same on a mac with parental controls.

We have a few, laptops and iMacs; and while they are only used by admins, we 
have had normal users using them in the past.  we have used Sophos and ClamXAV, 
but for the most part simply limiting the users from running as admin goes a 
long way.
 MacDefender required admin credentials to install.






-
Who'd you rather be, the Beatles or the Rolling Stones?

On Thu, Oct 13, 2011 at 15:41, Steven Peck 
mailto:sep...@gmail.com>> wrote:
The most recent big one was the Mac Defender.
http://en.wikipedia.org/wiki/Mac_Defender

Apple's initial response was 'head inthe ground'.  Due to outrage they did 
eventually provide a fix.

QUOTE
According to Sophos, by May 24, there had been sixty thousand calls to 
AppleCare technical support about Mac 
Defender-related 
issues,[16]
 and Ed Bott of ZDNet reports that the 
number of calls to AppleCare increased in volume due to Mac Defender, and that 
a majority of the calls now pertain to Mac 
Defender.[17] 
AppleCare employees have been told not to assist callers in removing the 
software.[18]
 Specifically, support employees have been told not to instruct callers on how 
to use Force Quit and Activity Monitor to stop Mac Defender, as well as not to 
direct callers to any discussions pertaining to the problems caused by Mac 
Defender.[16]
 An anonymous AppleCare support employee said that Apple instituted the policy 
in order to prevent users from relying on technical support instead of 
anti-virus 
programs.[18]
/QUOTE

While I don't see it in the wikipedia article, I believe that Russian law 
enforcement raided a company where they provided services using this and a 
variety of other programs to exploit systems and information stolen from them.

While in this case and it's varients these are primarily trojan based, with no 
enterprise monitoring or reporting capabilities you have no way of knowing if 
this is in your environment or not.

On Thu, Oct 13, 2011 at 3:01 PM, David Lum 
mailto:david@nwea.org>> wrote:
Well, we're getting a Mac invasion here and there is zero apparent concern for 
managing these things or worrying about vulnerabilities. To get to AD resources 
they're standing up Win7 VM's but doing as much work as possible on the native 
MacOS.

They can get to the Internet, file shares, printers, e-mail, etc on native Mac 
but I just have alarms going off in my head "unmanaged machines with no idea 
what intellectual property is on them".

Dave

From: kz2...@googlemail.com 
[mailto:kz2...@googlemail.com]
Sent: Thursday, October 13, 2011 2:49 PM

To: NT System Admin Issues
Subject: Re: Macs and vunerabilities

I remember the big "mac virus" recently was socially engineered - but that's 
definitely the mac's biggest vulnerability. Given that mac users generally 
believe they are invulnerable, its an arguably bigger vector than the same one 
on a Windows system.

Sent from my POS BlackBerry wireless device, which may wipe itself at any moment


From: David Lum mailto:david@nwea.org>>
Date: Thu, 13 Oct 2011 21:45:39 +
To: NT System Admin 
Issuesmailto:ntsysadmin@lyris.sunbelt-software.com>>
ReplyTo: "NT System Admin Issues" 
mailto:ntsysadmin@lyris.sunbelt-software.com>>
Subject: Macs and vunerabilities

Does anyone have a link to an article or two that shows vulnerabilities that 
have actually been exploited? Preferably not a random blog post...
David Lum
Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 
503.267.9764


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! 

Re: Flexera to acquire Wise...

[Pete Howard]

Never good news when Symnatec acquires a product you like. Wait, look what they 
did with ... ummm nvm



From: Rod Trent 
To: NT System Admin Issues 
Sent: Monday, October 17, 2011 11:31 AM
Subject: Flexera to acquire Wise...


Did you guys hear about this yet?
 
http://myitforum.com/myitforumwp/2011/10/17/flexera-installshield-acquiring-wiseone-product-to-rule-them-all/
 
 
I know there was some discussion recently about Wise, but looks like 
end-of-life is November 7th…
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Macs and vunerabilities

[Alan Davies]

Not true - you take on liability as an employer.  You may protect the
rest of your network to some extent with the example below, but it
doesn't change your liability.  And I'd still want a VPN in front of
RDS/Citrix rather than direct access - you wouldn't put your Citrix
servers direct on the Internet ...



a

-Original Message-
From: Ken Schaefer [mailto:k...@adopenstatic.com] 
Sent: 17 October 2011 16:28
To: NT System Admin Issues
Subject: RE: Macs and vunerabilities

You could provide all corporate services via VDI (RDS or Citrix). With
other isolation techniques, it doesn't really matter what the end users
bring in. Also have some policies for end-users to follow (e.g.
installing AV - that can be managed centrally without them having to be
part of a domain).

There's at least one mid-tier bank in Aus doing this very thing
(Suncorp-Metway)

Cheers
Ken


WARNING:
The information in this email and any attachments is confidential and may be 
legally privileged.

If you are not the named addressee, you must not use, copy or disclose this 
email (including any attachments) or the information in it save to the named 
addressee nor take any action in reliance on it. If you receive this email or 
any attachments in error, please notify the sender immediately and then delete 
the same and any copies.

"CLS Services Ltd × Registered in England No 4132704 × Registered Office: 
Exchange Tower × One Harbour Exchange Square × London E14 9GE"


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Macs and vunerabilities

[David Lum]

I like this, but what does it take to get a Mac to be able to use RDS (which we 
do already have) - just RDP protocol support right? How can I get them to hit 
RDS from the Internet without VPN?

-Original Message-
From: Ken Schaefer [mailto:k...@adopenstatic.com] 
Sent: Monday, October 17, 2011 8:28 AM
To: NT System Admin Issues
Subject: RE: Macs and vunerabilities

You could provide all corporate services via VDI (RDS or Citrix). With other 
isolation techniques, it doesn't really matter what the end users bring in. 
Also have some policies for end-users to follow (e.g. installing AV - that can 
be managed centrally without them having to be part of a domain).

There's at least one mid-tier bank in Aus doing this very thing (Suncorp-Metway)

Cheers
Ken

-Original Message-
From: David Lum [mailto:david@nwea.org]
Sent: Monday, 17 October 2011 11:17 PM
To: NT System Admin Issues
Subject: RE: Macs and vunerabilities

My concern is all the above. As currently implemented, Mac's on our network are 
no different than users home Windows laptops being allowed to directly connect 
to our network. I can't imagine anyone here would say "go ahead and hook your 
home laptop directly to my LAN and don't bother joining to the domain".

I can't audit what's on them for software license compliance reporting I can't 
apply GPO's (autoconfigure wireless, browser settings/favorites, etc) I can't 
remotely deploy software (via GPO or SMS) I can't enforce anti-virus I can't 
patch Flash, Java, etc

Dave

-Original Message-
From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
Sent: Monday, October 17, 2011 8:07 AM
To: NT System Admin Issues
Subject: RE: Macs and vunerabilities

David, from what direction are your concerns coming from?

Are you concerned how to patch the macs?
Are you concerned about antivirus?
Are you concerned about controlling what the Macs are allowed to do?

I'm just trying to understand, and perhaps help.


--Matt Ross
Ephrata School District


- Original Message -
From: David Lum
[mailto:david@nwea.org]
To: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com]
Sent: Thu, 13 Oct 2011
15:01:20 -0700
Subject: RE: Macs and vunerabilities


> Well, we're getting a Mac invasion here and there is zero apparent 
> concern for managing these things or worrying about vulnerabilities.
> To get to AD resources they're standing up Win7 VM's but doing as much 
> work as possible on the native MacOS.
> 
> They can get to the Internet, file shares, printers, e-mail, etc on 
> native Mac but I just have alarms going off in my head "unmanaged 
> machines with no idea what intellectual property is on them".
> 
> Dave
> 
> From: kz2...@googlemail.com [mailto:kz2...@googlemail.com]
> Sent: Thursday, October 13, 2011 2:49 PM
> To: NT System Admin Issues
> Subject: Re: Macs and vunerabilities
> 
> I remember the big "mac virus" recently was socially engineered - but 
> that's definitely the mac's biggest vulnerability. Given that mac 
> users generally believe they are invulnerable, its an arguably bigger 
> vector than the same one on a Windows system.
> 
> Sent from my POS BlackBerry wireless device, which may wipe itself at 
> any moment
> 
> 
> From: David Lum mailto:david@nwea.org>>
> Date: Thu, 13 Oct 2011 21:45:39 +
> To: NT System Admin
> Issuesmailto:ntsysadmin@lyris.s
> unbelt-software.com>>
> ReplyTo: "NT System Admin Issues"
> mailto:ntsysadmin@lyris.sunbelt
> -software.com>>
> Subject: Macs and vunerabilities
> 
> Does anyone have a link to an article or two that shows 
> vulnerabilities that have actually been exploited? Preferably not a random 
> blog post...
> David Lum
> Systems Engineer // NWEATM
> Office 503.548.5229 // Cell (voice/text) 503.267.9764
> 
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
> 
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to
> listmana...@lyris.sunbeltsoftware.com software.com>
> with the body: unsubscribe ntsysadmin
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
> 
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to
> listmana...@lyris.sunbeltsoftware.com software.com>
> with the body: unsubscribe ntsysadmin
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
> 
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource h

Flexera to acquire Wise...

[Rod Trent]

Did you guys hear about this yet?

 

http://myitforum.com/myitforumwp/2011/10/17/flexera-installshield-acquiring-
wiseone-product-to-rule-them-all/ 

 

I know there was some discussion recently about Wise, but looks like
end-of-life is November 7th.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Macs and vunerabilities

[Ken Schaefer]

You could provide all corporate services via VDI (RDS or Citrix). With other 
isolation techniques, it doesn't really matter what the end users bring in. 
Also have some policies for end-users to follow (e.g. installing AV - that can 
be managed centrally without them having to be part of a domain).

There's at least one mid-tier bank in Aus doing this very thing (Suncorp-Metway)

Cheers
Ken

-Original Message-
From: David Lum [mailto:david@nwea.org] 
Sent: Monday, 17 October 2011 11:17 PM
To: NT System Admin Issues
Subject: RE: Macs and vunerabilities

My concern is all the above. As currently implemented, Mac's on our network are 
no different than users home Windows laptops being allowed to directly connect 
to our network. I can't imagine anyone here would say "go ahead and hook your 
home laptop directly to my LAN and don't bother joining to the domain".

I can't audit what's on them for software license compliance reporting I can't 
apply GPO's (autoconfigure wireless, browser settings/favorites, etc) I can't 
remotely deploy software (via GPO or SMS) I can't enforce anti-virus I can't 
patch Flash, Java, etc

Dave

-Original Message-
From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
Sent: Monday, October 17, 2011 8:07 AM
To: NT System Admin Issues
Subject: RE: Macs and vunerabilities

David, from what direction are your concerns coming from?

Are you concerned how to patch the macs?
Are you concerned about antivirus?
Are you concerned about controlling what the Macs are allowed to do?

I'm just trying to understand, and perhaps help.


--Matt Ross
Ephrata School District


- Original Message -
From: David Lum
[mailto:david@nwea.org]
To: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com]
Sent: Thu, 13 Oct 2011
15:01:20 -0700
Subject: RE: Macs and vunerabilities


> Well, we're getting a Mac invasion here and there is zero apparent 
> concern for managing these things or worrying about vulnerabilities.
> To get to AD resources they're standing up Win7 VM's but doing as much 
> work as possible on the native MacOS.
> 
> They can get to the Internet, file shares, printers, e-mail, etc on 
> native Mac but I just have alarms going off in my head "unmanaged 
> machines with no idea what intellectual property is on them".
> 
> Dave
> 
> From: kz2...@googlemail.com [mailto:kz2...@googlemail.com]
> Sent: Thursday, October 13, 2011 2:49 PM
> To: NT System Admin Issues
> Subject: Re: Macs and vunerabilities
> 
> I remember the big "mac virus" recently was socially engineered - but 
> that's definitely the mac's biggest vulnerability. Given that mac 
> users generally believe they are invulnerable, its an arguably bigger 
> vector than the same one on a Windows system.
> 
> Sent from my POS BlackBerry wireless device, which may wipe itself at 
> any moment
> 
> 
> From: David Lum mailto:david@nwea.org>>
> Date: Thu, 13 Oct 2011 21:45:39 +
> To: NT System Admin
> Issuesmailto:ntsysadmin@lyris.s
> unbelt-software.com>>
> ReplyTo: "NT System Admin Issues"
> mailto:ntsysadmin@lyris.sunbelt
> -software.com>>
> Subject: Macs and vunerabilities
> 
> Does anyone have a link to an article or two that shows 
> vulnerabilities that have actually been exploited? Preferably not a random 
> blog post...
> David Lum
> Systems Engineer // NWEATM
> Office 503.548.5229 // Cell (voice/text) 503.267.9764
> 
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
> 
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to
> listmana...@lyris.sunbeltsoftware.com software.com>
> with the body: unsubscribe ntsysadmin
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
> 
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to
> listmana...@lyris.sunbeltsoftware.com software.com>
> with the body: unsubscribe ntsysadmin
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
> 
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 

RE: Macs and vunerabilities

[David Lum]

My concern is all the above. As currently implemented, Mac's on our network are 
no different than users home Windows laptops being allowed to directly connect 
to our network. I can't imagine anyone here would say "go ahead and hook your 
home laptop directly to my LAN and don't bother joining to the domain".

I can't audit what's on them for software license compliance reporting
I can't apply GPO's (autoconfigure wireless, browser settings/favorites, etc)
I can't remotely deploy software (via GPO or SMS)
I can't enforce anti-virus
I can't patch Flash, Java, etc

Dave

-Original Message-
From: Matthew W. Ross [mailto:mr...@ephrataschools.org] 
Sent: Monday, October 17, 2011 8:07 AM
To: NT System Admin Issues
Subject: RE: Macs and vunerabilities

David, from what direction are your concerns coming from?

Are you concerned how to patch the macs?
Are you concerned about antivirus?
Are you concerned about controlling what the Macs are allowed to do?

I'm just trying to understand, and perhaps help.


--Matt Ross
Ephrata School District


- Original Message -
From: David Lum
[mailto:david@nwea.org]
To: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com]
Sent: Thu, 13 Oct 2011
15:01:20 -0700
Subject: RE: Macs and vunerabilities


> Well, we're getting a Mac invasion here and there is zero apparent 
> concern for managing these things or worrying about vulnerabilities. 
> To get to AD resources they're standing up Win7 VM's but doing as much 
> work as possible on the native MacOS.
> 
> They can get to the Internet, file shares, printers, e-mail, etc on 
> native Mac but I just have alarms going off in my head "unmanaged 
> machines with no idea what intellectual property is on them".
> 
> Dave
> 
> From: kz2...@googlemail.com [mailto:kz2...@googlemail.com]
> Sent: Thursday, October 13, 2011 2:49 PM
> To: NT System Admin Issues
> Subject: Re: Macs and vunerabilities
> 
> I remember the big "mac virus" recently was socially engineered - but 
> that's definitely the mac's biggest vulnerability. Given that mac 
> users generally believe they are invulnerable, its an arguably bigger 
> vector than the same one on a Windows system.
> 
> Sent from my POS BlackBerry wireless device, which may wipe itself at 
> any moment
> 
> 
> From: David Lum mailto:david@nwea.org>>
> Date: Thu, 13 Oct 2011 21:45:39 +
> To: NT System Admin
> Issuesmailto:ntsysadmin@lyris.s
> unbelt-software.com>>
> ReplyTo: "NT System Admin Issues"
> mailto:ntsysadmin@lyris.sunbelt
> -software.com>>
> Subject: Macs and vunerabilities
> 
> Does anyone have a link to an article or two that shows 
> vulnerabilities that have actually been exploited? Preferably not a random 
> blog post...
> David Lum
> Systems Engineer // NWEATM
> Office 503.548.5229 // Cell (voice/text) 503.267.9764
> 
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
> 
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to
> listmana...@lyris.sunbeltsoftware.com software.com>
> with the body: unsubscribe ntsysadmin
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
> 
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to
> listmana...@lyris.sunbeltsoftware.com software.com>
> with the body: unsubscribe ntsysadmin
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
> 
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Macs and vunerabilities

[Matthew W. Ross]

David, from what direction are your concerns coming from?

Are you concerned how to patch the macs?
Are you concerned about antivirus?
Are you concerned about controlling what the Macs are allowed to do?

I'm just trying to understand, and perhaps help.


--Matt Ross
Ephrata School District


- Original Message -
From: David Lum
[mailto:david@nwea.org]
To: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com]
Sent: Thu, 13 Oct 2011
15:01:20 -0700
Subject: RE: Macs and vunerabilities


> Well, we're getting a Mac invasion here and there is zero apparent concern
> for managing these things or worrying about vulnerabilities. To get to AD
> resources they're standing up Win7 VM's but doing as much work as possible
> on the native MacOS.
> 
> They can get to the Internet, file shares, printers, e-mail, etc on native
> Mac but I just have alarms going off in my head "unmanaged machines with no
> idea what intellectual property is on them".
> 
> Dave
> 
> From: kz2...@googlemail.com [mailto:kz2...@googlemail.com]
> Sent: Thursday, October 13, 2011 2:49 PM
> To: NT System Admin Issues
> Subject: Re: Macs and vunerabilities
> 
> I remember the big "mac virus" recently was socially engineered - but that's
> definitely the mac's biggest vulnerability. Given that mac users generally
> believe they are invulnerable, its an arguably bigger vector than the same
> one on a Windows system.
> 
> Sent from my POS BlackBerry wireless device, which may wipe itself at any
> moment
> 
> 
> From: David Lum mailto:david@nwea.org>>
> Date: Thu, 13 Oct 2011 21:45:39 +
> To: NT System Admin
> Issuesmailto:ntsysadmin@lyris.sunbelt-software.com>>
> ReplyTo: "NT System Admin Issues"
> mailto:ntsysadmin@lyris.sunbelt-software.com>>
> Subject: Macs and vunerabilities
> 
> Does anyone have a link to an article or two that shows vulnerabilities that
> have actually been exploited? Preferably not a random blog post...
> David Lum
> Systems Engineer // NWEATM
> Office 503.548.5229 // Cell (voice/text) 503.267.9764
> 
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
> 
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to
> listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
> 
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to
> listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
> 
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Macs and vunerabilities

[David Lum]

Right, but that doesn't change my level of concern :)

From: Dean Cunningham [mailto:dean.cunning...@gmail.com]
Sent: Sunday, October 16, 2011 3:01 PM
To: NT System Admin Issues
Subject: Re: Macs and vunerabilities

In fairness to macs , it is usually the user that gets exploited and not the 
mac.

there is a file that resides on a mac (supplied/updated by apple)
very basic malware support
http://support.apple.com/kb/HT4657
On Sat, Oct 15, 2011 at 1:55 AM, David Lum 
mailto:david@nwea.org>> wrote:
This in particular won't work because all I get is "these things rarely get 
exploited".


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: How you know some SE's aren't really in the Windows management space

[David Lum]

I think we’re in agreement. We were a smaller shop that rapidly grew into a big 
one (5 years ago we had 230 employees, now we’re double that) and many of our 
“wearers of many hats” have morphed into specialists. I’m trying to pull some 
of those specialists out of being DA because they were initially DA only 
because nobody here knew how to delegate access so they’d always defaulted to 
“make ‘em domain admin…and anybody we hire in their group make them DA too”

From: Ken Schaefer [mailto:k...@adopenstatic.com]
Sent: Monday, October 17, 2011 6:40 AM
To: NT System Admin Issues
Subject: RE: How you know some SE's aren't really in the Windows management 
space

For an AD Architect or Engineer (not necessarily AD Ops), I would expect:

-  Detailed knowledge of AD (e.g. Chris’ points as a starting point)

-  Knowledge of 3rd party products for management (QARS, QRMAD, NetIQ 
DRQ, NetIQ GPA etc.)

-  Knowledge of Microsoft add-ons

-  Integration knowledge (monitoring: SCOM / BMC Patrol / Tivoli, plus 
ID management products like ILM, HP Orchestrator, plus virtualisation 
technologies like Hyper-V and VMWare)

-  Backup products (Microsoft, Symantec etc.)

-  Best practises for test/UAT/production environment setup, as well as 
DR and HA design

Cheers
Ken

From: Ken Schaefer 
[mailto:k...@adopenstatic.com]
Sent: Monday, 17 October 2011 9:35 PM
To: NT System Admin Issues
Subject: RE: How you know some SE's aren't really in the Windows management 
space

I would not necessarily expect a DA to know what Shavlik is – that is for 
security/patch management folks IMHO

If you work in a small/med sized org, then there will be people who wear many 
hats. But in larger orgs it’s simply not the case. Our DAs know a lot about AD, 
and probably little about Exchange, or Remedy, or Source Safe, or Load Runner, 
or SecureID, or ControlM, or Hyper-V, or Netbackup, or WAIX, or SharePoint, or 
any of the other billion pieces of software we have. Whether you call our DAs 
system engineers or not, I’m not sure.

Cheers
Ken

From: David Lum [mailto:david@nwea.org]
Sent: Monday, 17 October 2011 9:24 PM
To: NT System Admin Issues
Subject: RE: How you know some SE's aren't really in the Windows management 
space

This thread started though discussing if someone is qualified to be a Domain 
Admin, not weather they deserve to be SE’s or not. In general a person 
qualified to be a Domain Admin is likely qualified to be titled as an SE, but 
not all SE’s are qualified to be Domain Admin’s.

I would expect a DA to know most of the answers to Christopher’s questions. I’d 
wager of the 7 DA’s we have here that other than Group Policy they would fail 
Q’s about AD. The curious thing is while they’d most likely admit to now being 
proficient in AD they are reluctant to give up that privilege.


From: Ken Schaefer 
[mailto:k...@adopenstatic.com]
Sent: Monday, October 17, 2011 6:19 AM
To: NT System Admin Issues
Subject: RE: How you know some SE's aren't really in the Windows management 
space

Sure. But there are backup guys that need to back up Windows servers, but their 
backend backup infrastructure isn’t Windows.

And even amongst Windows SEs there are plenty of specialists. Unless they claim 
to be AD guys, I wouldn’t expect them to know what adminSDHolder is.

Cheers
Ken

From: Christopher Bodnar 
[mailto:christopher_bod...@glic.com]
Sent: Monday, 17 October 2011 8:24 PM
To: NT System Admin Issues
Subject: RE: How you know some SE's aren't really in the Windows management 
space

I definitely agree with that Ken, but since this is an NT list, my assumption 
was that we were focussing on Microsoft SEs. I could have been mistaken.


Chris Bodnar, MCSE, MCITP
Technical Support III
Distributed Systems Service Delivery - Intel Services
Guardian Life Insurance Company of America
Email: christopher_bod...@glic.com
Phone: 610-807-6459
Fax: 610-807-6003



From:Ken Schaefer mailto:k...@adopenstatic.com>>
To:"NT System Admin Issues" 
mailto:ntsysadmin@lyris.sunbelt-software.com>>
Date:10/16/2011 11:52 AM
Subject:RE: How you know some SE's aren't really in the Windows 
management space




The below is also pretty AD focussed. Unless the role is AD administration, I 
wouldn’t necessarily expect an SE to know the intricacies of the items below. 
Especially as the environment gets larger, you tend to have more specialised 
SEs – we have a file/print SE team, a desktop build team, an SCCM SE team etc. 
Likewise we have SEs who are backup specialists – I’m not expecting them to 
know much about FSMO roles – especially since most of our backup servers aren’t 
even Windows machines.

Cheers
Ken

From: Christopher Bodnar [mailto:christopher_bod...@g

RE: Lync server

[David Lum]

Ben you are money. Looks like my ROOTDC and SUBDOMAINDC in my virtual world 
aren't fully communicating. They can ping by IP but not name, so name 
resolution troubleshooting ensues..

From: Brian Desmond [mailto:br...@briandesmond.com]
Sent: Friday, October 14, 2011 8:07 PM
To: NT System Admin Issues
Subject: RE: Lync server

Having the schema master in a subdomain is fine. It sounds to me like you have 
a global catalog or trust problem, though. If you login with a user in the root 
domain (in schema admins), is it in your token?

Have you done a metadata cleanup of the missing DCs? If you connect to the 
child domain DC with LDP, is isGlobalCatalogReady==TRUE?

Thanks,
Brian Desmond
br...@briandesmond.com

w - 312.625.1438 | c   - 312.731.3132

From: David Lum [mailto:david@nwea.org]
Sent: Friday, October 14, 2011 9:12 PM
To: NT System Admin Issues
Subject: RE: Lync server

Ok here's something: Checking this out while ROOTDC1 is in the root of the 
forest, the schema master is actually SUBDOMAINDC1 (seems weird). I have VMs of 
ROOTDC1 and SUBDOMAINDC1 but neither od the "DC2" servers.

Roles:
Schema master: SUBDOMAINDC1
Domain naming master: ROOTDC1
RID: ROOTDC1 (for root), SUBDOMAINDC1 for subdomain)
PDC: ROOTDC1 (for root), SUBDOMAINDC1 for subdomain)
Infrastructure: ROOTDC2 (for root), SUBDOMAINDC2 (for subdomain)
GC: ROOTDC1, SUBDOMAINDC1

Where do I look to fix my issue?

Dave

From: David Lum [mailto:david@nwea.org]
Sent: Friday, October 14, 2011 6:57 PM
To: NT System Admin Issues
Subject: RE: Lync server

OK That's firggin' weird, I just learned of whoami as a Win command yesterday.

And doing that...no, I am not! In my sandbox I have cloned 2 of our 4 
production DC's - one is a forest root machine and the other is a subdomain DC. 
Am I possibly missing a critical role master?

Dave

From: Brian Desmond 
[mailto:br...@briandesmond.com]
Sent: Friday, October 14, 2011 5:04 PM
To: NT System Admin Issues
Subject: RE: Lync server

IF you run whoami /groups, is it listed?

Thanks,
Brian Desmond
br...@briandesmond.com

w - 312.625.1438 | c   - 312.731.3132

From: David Lum [mailto:david@nwea.org]
Sent: Friday, October 14, 2011 3:56 PM
To: NT System Admin Issues
Subject: Lync server

I am trying to install a Lync server in a sandbox with some DC's. When I run 
the deployment wizard and try to extend the schema it tells me it can't 
complete the command because I am not in the schema admins groupoohh, but I 
am!

One slight twist is I am using an account from subdomain.nwea.org that is in 
schema admins group in nwea.org, but as that account is in schema admins it 
shouldn't matter.

Anyone run into this? It gives me this message when I run "prepare Active 
Directory for Lync server
http://www.ocspedia.com/fe/Install_Microsoft_Lync_Server_2010.aspx?ArticleID=103
David Lum
Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endp

RE: How you know some SE's aren't really in the Windows management space

[Ken Schaefer]

For an AD Architect or Engineer (not necessarily AD Ops), I would expect:

-  Detailed knowledge of AD (e.g. Chris’ points as a starting point)

-  Knowledge of 3rd party products for management (QARS, QRMAD, NetIQ 
DRQ, NetIQ GPA etc.)

-  Knowledge of Microsoft add-ons

-  Integration knowledge (monitoring: SCOM / BMC Patrol / Tivoli, plus 
ID management products like ILM, HP Orchestrator, plus virtualisation 
technologies like Hyper-V and VMWare)

-  Backup products (Microsoft, Symantec etc.)

-  Best practises for test/UAT/production environment setup, as well as 
DR and HA design

Cheers
Ken

From: Ken Schaefer [mailto:k...@adopenstatic.com]
Sent: Monday, 17 October 2011 9:35 PM
To: NT System Admin Issues
Subject: RE: How you know some SE's aren't really in the Windows management 
space

I would not necessarily expect a DA to know what Shavlik is – that is for 
security/patch management folks IMHO

If you work in a small/med sized org, then there will be people who wear many 
hats. But in larger orgs it’s simply not the case. Our DAs know a lot about AD, 
and probably little about Exchange, or Remedy, or Source Safe, or Load Runner, 
or SecureID, or ControlM, or Hyper-V, or Netbackup, or WAIX, or SharePoint, or 
any of the other billion pieces of software we have. Whether you call our DAs 
system engineers or not, I’m not sure.

Cheers
Ken

From: David Lum [mailto:david@nwea.org]
Sent: Monday, 17 October 2011 9:24 PM
To: NT System Admin Issues
Subject: RE: How you know some SE's aren't really in the Windows management 
space

This thread started though discussing if someone is qualified to be a Domain 
Admin, not weather they deserve to be SE’s or not. In general a person 
qualified to be a Domain Admin is likely qualified to be titled as an SE, but 
not all SE’s are qualified to be Domain Admin’s.

I would expect a DA to know most of the answers to Christopher’s questions. I’d 
wager of the 7 DA’s we have here that other than Group Policy they would fail 
Q’s about AD. The curious thing is while they’d most likely admit to now being 
proficient in AD they are reluctant to give up that privilege.


From: Ken Schaefer 
[mailto:k...@adopenstatic.com]
Sent: Monday, October 17, 2011 6:19 AM
To: NT System Admin Issues
Subject: RE: How you know some SE's aren't really in the Windows management 
space

Sure. But there are backup guys that need to back up Windows servers, but their 
backend backup infrastructure isn’t Windows.

And even amongst Windows SEs there are plenty of specialists. Unless they claim 
to be AD guys, I wouldn’t expect them to know what adminSDHolder is.

Cheers
Ken

From: Christopher Bodnar 
[mailto:christopher_bod...@glic.com]
Sent: Monday, 17 October 2011 8:24 PM
To: NT System Admin Issues
Subject: RE: How you know some SE's aren't really in the Windows management 
space

I definitely agree with that Ken, but since this is an NT list, my assumption 
was that we were focussing on Microsoft SEs. I could have been mistaken.


Chris Bodnar, MCSE, MCITP
Technical Support III
Distributed Systems Service Delivery - Intel Services
Guardian Life Insurance Company of America
Email: christopher_bod...@glic.com
Phone: 610-807-6459
Fax: 610-807-6003



From:Ken Schaefer mailto:k...@adopenstatic.com>>
To:"NT System Admin Issues" 
mailto:ntsysadmin@lyris.sunbelt-software.com>>
Date:10/16/2011 11:52 AM
Subject:RE: How you know some SE's aren't really in the Windows 
management space




The below is also pretty AD focussed. Unless the role is AD administration, I 
wouldn’t necessarily expect an SE to know the intricacies of the items below. 
Especially as the environment gets larger, you tend to have more specialised 
SEs – we have a file/print SE team, a desktop build team, an SCCM SE team etc. 
Likewise we have SEs who are backup specialists – I’m not expecting them to 
know much about FSMO roles – especially since most of our backup servers aren’t 
even Windows machines.

Cheers
Ken

From: Christopher Bodnar [mailto:christopher_bod...@glic.com]
Sent: Saturday, 15 October 2011 4:50 AM
To: NT System Admin Issues
Subject: RE: How you know some SE's aren't really in the Windows management 
space

+1 on Ken's reply.

I think a better judge of an SE would be related to AD or Windows in general. 
So something like this would be a more telling sign:

Group Policy? What's that?
PowerShell skills?
AdminSDHolder?
FSMO roles?
InterSite replication?

By the way, I've just finished up interviewing quite a few people for our 
Technical Support II positions (basically a Jr. Systems Engineer) and very few 
of these people had any clue what these things are. Many of these candidates 
had 10-15 years of experience.



Chris Bodnar, MCSE, MCITP
Techni

RE: How you know some SE's aren't really in the Windows management space

[Ken Schaefer]

I would not necessarily expect a DA to know what Shavlik is – that is for 
security/patch management folks IMHO

If you work in a small/med sized org, then there will be people who wear many 
hats. But in larger orgs it’s simply not the case. Our DAs know a lot about AD, 
and probably little about Exchange, or Remedy, or Source Safe, or Load Runner, 
or SecureID, or ControlM, or Hyper-V, or Netbackup, or WAIX, or SharePoint, or 
any of the other billion pieces of software we have. Whether you call our DAs 
system engineers or not, I’m not sure.

Cheers
Ken

From: David Lum [mailto:david@nwea.org]
Sent: Monday, 17 October 2011 9:24 PM
To: NT System Admin Issues
Subject: RE: How you know some SE's aren't really in the Windows management 
space

This thread started though discussing if someone is qualified to be a Domain 
Admin, not weather they deserve to be SE’s or not. In general a person 
qualified to be a Domain Admin is likely qualified to be titled as an SE, but 
not all SE’s are qualified to be Domain Admin’s.

I would expect a DA to know most of the answers to Christopher’s questions. I’d 
wager of the 7 DA’s we have here that other than Group Policy they would fail 
Q’s about AD. The curious thing is while they’d most likely admit to now being 
proficient in AD they are reluctant to give up that privilege.


From: Ken Schaefer 
[mailto:k...@adopenstatic.com]
Sent: Monday, October 17, 2011 6:19 AM
To: NT System Admin Issues
Subject: RE: How you know some SE's aren't really in the Windows management 
space

Sure. But there are backup guys that need to back up Windows servers, but their 
backend backup infrastructure isn’t Windows.

And even amongst Windows SEs there are plenty of specialists. Unless they claim 
to be AD guys, I wouldn’t expect them to know what adminSDHolder is.

Cheers
Ken

From: Christopher Bodnar 
[mailto:christopher_bod...@glic.com]
Sent: Monday, 17 October 2011 8:24 PM
To: NT System Admin Issues
Subject: RE: How you know some SE's aren't really in the Windows management 
space

I definitely agree with that Ken, but since this is an NT list, my assumption 
was that we were focussing on Microsoft SEs. I could have been mistaken.


Chris Bodnar, MCSE, MCITP
Technical Support III
Distributed Systems Service Delivery - Intel Services
Guardian Life Insurance Company of America
Email: christopher_bod...@glic.com
Phone: 610-807-6459
Fax: 610-807-6003



From:Ken Schaefer mailto:k...@adopenstatic.com>>
To:"NT System Admin Issues" 
mailto:ntsysadmin@lyris.sunbelt-software.com>>
Date:10/16/2011 11:52 AM
Subject:RE: How you know some SE's aren't really in the Windows 
management space




The below is also pretty AD focussed. Unless the role is AD administration, I 
wouldn’t necessarily expect an SE to know the intricacies of the items below. 
Especially as the environment gets larger, you tend to have more specialised 
SEs – we have a file/print SE team, a desktop build team, an SCCM SE team etc. 
Likewise we have SEs who are backup specialists – I’m not expecting them to 
know much about FSMO roles – especially since most of our backup servers aren’t 
even Windows machines.

Cheers
Ken

From: Christopher Bodnar [mailto:christopher_bod...@glic.com]
Sent: Saturday, 15 October 2011 4:50 AM
To: NT System Admin Issues
Subject: RE: How you know some SE's aren't really in the Windows management 
space

+1 on Ken's reply.

I think a better judge of an SE would be related to AD or Windows in general. 
So something like this would be a more telling sign:

Group Policy? What's that?
PowerShell skills?
AdminSDHolder?
FSMO roles?
InterSite replication?

By the way, I've just finished up interviewing quite a few people for our 
Technical Support II positions (basically a Jr. Systems Engineer) and very few 
of these people had any clue what these things are. Many of these candidates 
had 10-15 years of experience.



Chris Bodnar, MCSE, MCITP
Technical Support III
Distributed Systems Service Delivery - Intel Services
Guardian Life Insurance Company of America
Email: christopher_bod...@glic.com
Phone: 610-807-6459
Fax: 610-807-6003



From:Ken Schaefer mailto:k...@adopenstatic.com>>
To:"NT System Admin Issues" 
mailto:ntsysadmin@lyris.sunbelt-software.com>>
Date:10/14/2011 04:30 PM
Subject:RE: How you know some SE's aren't really in the Windows 
management space






Why would a Domain Admin be, necessarily, expected to know about Shavlik? I’ve 
never seen Shavlik used in an enterprise environment (it’s Tivoli, Altiris and 
maybe SCCM), so if a DA comes from an enterprise environment Shavlik’s probably 
only something they might see in passing on a list/community like this one.

I’m sure there are plenty of products and v

RE: How you know some SE's aren't really in the Windows management space

[David Lum]

This thread started though discussing if someone is qualified to be a Domain 
Admin, not weather they deserve to be SE’s or not. In general a person 
qualified to be a Domain Admin is likely qualified to be titled as an SE, but 
not all SE’s are qualified to be Domain Admin’s.

I would expect a DA to know most of the answers to Christopher’s questions. I’d 
wager of the 7 DA’s we have here that other than Group Policy they would fail 
Q’s about AD. The curious thing is while they’d most likely admit to now being 
proficient in AD they are reluctant to give up that privilege.


From: Ken Schaefer [mailto:k...@adopenstatic.com]
Sent: Monday, October 17, 2011 6:19 AM
To: NT System Admin Issues
Subject: RE: How you know some SE's aren't really in the Windows management 
space

Sure. But there are backup guys that need to back up Windows servers, but their 
backend backup infrastructure isn’t Windows.

And even amongst Windows SEs there are plenty of specialists. Unless they claim 
to be AD guys, I wouldn’t expect them to know what adminSDHolder is.

Cheers
Ken

From: Christopher Bodnar 
[mailto:christopher_bod...@glic.com]
Sent: Monday, 17 October 2011 8:24 PM
To: NT System Admin Issues
Subject: RE: How you know some SE's aren't really in the Windows management 
space

I definitely agree with that Ken, but since this is an NT list, my assumption 
was that we were focussing on Microsoft SEs. I could have been mistaken.


Chris Bodnar, MCSE, MCITP
Technical Support III
Distributed Systems Service Delivery - Intel Services
Guardian Life Insurance Company of America
Email: christopher_bod...@glic.com
Phone: 610-807-6459
Fax: 610-807-6003



From:Ken Schaefer mailto:k...@adopenstatic.com>>
To:"NT System Admin Issues" 
mailto:ntsysadmin@lyris.sunbelt-software.com>>
Date:10/16/2011 11:52 AM
Subject:RE: How you know some SE's aren't really in the Windows 
management space




The below is also pretty AD focussed. Unless the role is AD administration, I 
wouldn’t necessarily expect an SE to know the intricacies of the items below. 
Especially as the environment gets larger, you tend to have more specialised 
SEs – we have a file/print SE team, a desktop build team, an SCCM SE team etc. 
Likewise we have SEs who are backup specialists – I’m not expecting them to 
know much about FSMO roles – especially since most of our backup servers aren’t 
even Windows machines.

Cheers
Ken

From: Christopher Bodnar [mailto:christopher_bod...@glic.com]
Sent: Saturday, 15 October 2011 4:50 AM
To: NT System Admin Issues
Subject: RE: How you know some SE's aren't really in the Windows management 
space

+1 on Ken's reply.

I think a better judge of an SE would be related to AD or Windows in general. 
So something like this would be a more telling sign:

Group Policy? What's that?
PowerShell skills?
AdminSDHolder?
FSMO roles?
InterSite replication?

By the way, I've just finished up interviewing quite a few people for our 
Technical Support II positions (basically a Jr. Systems Engineer) and very few 
of these people had any clue what these things are. Many of these candidates 
had 10-15 years of experience.



Chris Bodnar, MCSE, MCITP
Technical Support III
Distributed Systems Service Delivery - Intel Services
Guardian Life Insurance Company of America
Email: christopher_bod...@glic.com
Phone: 610-807-6459
Fax: 610-807-6003



From:Ken Schaefer mailto:k...@adopenstatic.com>>
To:"NT System Admin Issues" 
mailto:ntsysadmin@lyris.sunbelt-software.com>>
Date:10/14/2011 04:30 PM
Subject:RE: How you know some SE's aren't really in the Windows 
management space






Why would a Domain Admin be, necessarily, expected to know about Shavlik? I’ve 
never seen Shavlik used in an enterprise environment (it’s Tivoli, Altiris and 
maybe SCCM), so if a DA comes from an enterprise environment Shavlik’s probably 
only something they might see in passing on a list/community like this one.

I’m sure there are plenty of products and vendors that each one of us here have 
never heard of.

Cheers
Ken

From: David Lum [mailto:david@nwea.org]
Sent: Saturday, 15 October 2011 1:12 AM
To: NT System Admin Issues
Subject: How you know some SE's aren't really in the Windows management space

“What’s Shavlik? Never heard if it…”

And these folks are Domain Admins…
David Lum
Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764

~



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

--

RE: How you know some SE's aren't really in the Windows management space

[Ken Schaefer]

Sure. But there are backup guys that need to back up Windows servers, but their 
backend backup infrastructure isn’t Windows.

And even amongst Windows SEs there are plenty of specialists. Unless they claim 
to be AD guys, I wouldn’t expect them to know what adminSDHolder is.

Cheers
Ken

From: Christopher Bodnar [mailto:christopher_bod...@glic.com]
Sent: Monday, 17 October 2011 8:24 PM
To: NT System Admin Issues
Subject: RE: How you know some SE's aren't really in the Windows management 
space

I definitely agree with that Ken, but since this is an NT list, my assumption 
was that we were focussing on Microsoft SEs. I could have been mistaken.


Chris Bodnar, MCSE, MCITP
Technical Support III
Distributed Systems Service Delivery - Intel Services
Guardian Life Insurance Company of America
Email: christopher_bod...@glic.com
Phone: 610-807-6459
Fax: 610-807-6003



From:Ken Schaefer mailto:k...@adopenstatic.com>>
To:"NT System Admin Issues" 
mailto:ntsysadmin@lyris.sunbelt-software.com>>
Date:10/16/2011 11:52 AM
Subject:RE: How you know some SE's aren't really in the Windows 
management space




The below is also pretty AD focussed. Unless the role is AD administration, I 
wouldn’t necessarily expect an SE to know the intricacies of the items below. 
Especially as the environment gets larger, you tend to have more specialised 
SEs – we have a file/print SE team, a desktop build team, an SCCM SE team etc. 
Likewise we have SEs who are backup specialists – I’m not expecting them to 
know much about FSMO roles – especially since most of our backup servers aren’t 
even Windows machines.

Cheers
Ken

From: Christopher Bodnar [mailto:christopher_bod...@glic.com]
Sent: Saturday, 15 October 2011 4:50 AM
To: NT System Admin Issues
Subject: RE: How you know some SE's aren't really in the Windows management 
space

+1 on Ken's reply.

I think a better judge of an SE would be related to AD or Windows in general. 
So something like this would be a more telling sign:

Group Policy? What's that?
PowerShell skills?
AdminSDHolder?
FSMO roles?
InterSite replication?

By the way, I've just finished up interviewing quite a few people for our 
Technical Support II positions (basically a Jr. Systems Engineer) and very few 
of these people had any clue what these things are. Many of these candidates 
had 10-15 years of experience.



Chris Bodnar, MCSE, MCITP
Technical Support III
Distributed Systems Service Delivery - Intel Services
Guardian Life Insurance Company of America
Email: christopher_bod...@glic.com
Phone: 610-807-6459
Fax: 610-807-6003



From:Ken Schaefer mailto:k...@adopenstatic.com>>
To:"NT System Admin Issues" 
mailto:ntsysadmin@lyris.sunbelt-software.com>>
Date:10/14/2011 04:30 PM
Subject:RE: How you know some SE's aren't really in the Windows 
management space






Why would a Domain Admin be, necessarily, expected to know about Shavlik? I’ve 
never seen Shavlik used in an enterprise environment (it’s Tivoli, Altiris and 
maybe SCCM), so if a DA comes from an enterprise environment Shavlik’s probably 
only something they might see in passing on a list/community like this one.

I’m sure there are plenty of products and vendors that each one of us here have 
never heard of.

Cheers
Ken

From: David Lum [mailto:david@nwea.org]
Sent: Saturday, 15 October 2011 1:12 AM
To: NT System Admin Issues
Subject: How you know some SE's aren't really in the Windows management space

“What’s Shavlik? Never heard if it…”

And these folks are Domain Admins…
David Lum
Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764

~



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

- This message, and any attachments to 
it, may contain information that is privileged, confidential, and exempt from 
disclosure under applicable law. If the reader of this message is not the 
intended recipient, you are notified that any use, dissemination, distribution, 
copying, or communication of this message is strictly prohibited. If you have 
received this message in error, please notify the sender immediately by return 
e-mail and delete the message and any attachments. Thank you.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com

RE: How you know some SE's aren't really in the Windows management space

[Christopher Bodnar]

I definitely agree with that Ken, but since this is an NT list, my 
assumption was that we were focussing on Microsoft SEs. I could have been 
mistaken. 


Chris Bodnar, MCSE, MCITP
Technical Support III
Distributed Systems Service Delivery - Intel Services
Guardian Life Insurance Company of America
Email: christopher_bod...@glic.com
Phone: 610-807-6459
Fax: 610-807-6003



From:   Ken Schaefer 
To: "NT System Admin Issues" 
Date:   10/16/2011 11:52 AM
Subject:RE: How you know some SE's aren't really in the Windows 
management space



The below is also pretty AD focussed. Unless the role is AD 
administration, I wouldn’t necessarily expect an SE to know the 
intricacies of the items below. Especially as the environment gets larger, 
you tend to have more specialised SEs – we have a file/print SE team, a 
desktop build team, an SCCM SE team etc. Likewise we have SEs who are 
backup specialists – I’m not expecting them to know much about FSMO roles 
– especially since most of our backup servers aren’t even Windows 
machines.
 
Cheers
Ken
 
From: Christopher Bodnar [mailto:christopher_bod...@glic.com] 
Sent: Saturday, 15 October 2011 4:50 AM
To: NT System Admin Issues
Subject: RE: How you know some SE's aren't really in the Windows 
management space
 
+1 on Ken's reply. 

I think a better judge of an SE would be related to AD or Windows in 
general. So something like this would be a more telling sign: 

Group Policy? What's that? 
PowerShell skills? 
AdminSDHolder? 
FSMO roles? 
InterSite replication? 

By the way, I've just finished up interviewing quite a few people for our 
Technical Support II positions (basically a Jr. Systems Engineer) and very 
few of these people had any clue what these things are. Many of these 
candidates had 10-15 years of experience. 



Chris Bodnar, MCSE, MCITP
Technical Support III
Distributed Systems Service Delivery - Intel Services
Guardian Life Insurance Company of America
Email: christopher_bod...@glic.com
Phone: 610-807-6459
Fax: 610-807-6003 



From:Ken Schaefer  
To:"NT System Admin Issues"  
Date:10/14/2011 04:30 PM 
Subject:RE: How you know some SE's aren't really in the Windows 
management space 




Why would a Domain Admin be, necessarily, expected to know about Shavlik? 
I’ve never seen Shavlik used in an enterprise environment (it’s Tivoli, 
Altiris and maybe SCCM), so if a DA comes from an enterprise environment 
Shavlik’s probably only something they might see in passing on a 
list/community like this one. 
  
I’m sure there are plenty of products and vendors that each one of us here 
have never heard of. 
  
Cheers 
Ken 
  
From: David Lum [mailto:david@nwea.org] 
Sent: Saturday, 15 October 2011 1:12 AM
To: NT System Admin Issues
Subject: How you know some SE's aren't really in the Windows management 
space 
  
“What’s Shavlik? Never heard if it…” 
  
And these folks are Domain Admins… 
David Lum 
Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764 
~ 
 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin