Re: Stupid iPhone 4S Security Loophole

[Jonathan Link]

Fine disagree. It is a huge stretch to call something a design flaw if a
setting can be changed by the user. Not your first, though.

On Friday, November 11, 2011, Kurt Buff  wrote:
> I disagree. The reason I think it's a design flaw, IMO, is that
> settings with security implications should be set to the more secure
> setting by default. I suppose you could get all airy about it and say
> that their approach to design is flawed - that is, Apple seem to be in
> favor of ever feature turned on out of the box so that users are
> fooled into believing they don't have to make decisions.
>
> The basic stance should be: Turn off almost everything by default, and
> let the user choose to turn on what they want afterward.
>
> Microsoft is learning this lesson. Apple hasn't yet. OpenBSD has
> mastered this lesson, and FreeBSD pretty much has it down pat, too.
>
> I will say that I think that this particular issue isn't of
> Earth-shattering proportions, but it seems to be in line with Apple's
> general outlook...
>
> Kurt
>
> On Fri, Nov 11, 2011 at 15:56, Jonathan Link 
wrote:
>> No. It is user configurable.
>> At worst, Apple didn't disclose the security implications. Since it is a
>> consumer device I am unsurprised.
>> On Friday, November 11, 2011, Kurt Buff  wrote:
>>> that's not a bug, that's a design flaw.
>>>
>>> On Fri, Nov 11, 2011 at 14:40, Micheal Espinola Jr
>>>  wrote:
 Ah, but that's not a bug - its a feature.

 --
 Espi





 On Fri, Nov 11, 2011 at 2:15 PM, Stu Sjouwerman
 
 wrote:
>
> You may have missed this, but there is a hole in Siri, the much-touted
> iPhone 4S personal assistant. The default setting for the new A.I. is
> "On", which means that even when a user's phone is locked, anyone
> could pick it up, hold down the home button and tell Siri to send
> texts and emails. OUCH!
>
> There's an easy fix though, if you don't want Siri to work when the
> phone is locked, simply change the default setting from "Allow access
> to Siri when locked with a passcode" to "Off." Just make sure it's
done.
>
> Warm regards,
> Stu
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~   ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin
>>>
>>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>>> ~   ~
>>>
>>> ---
>>> To manage subscriptions click here:
>>> http://lyris.sunbelt-software.com/read/my_forums/
>>> or send an email to listmana...@lyris.sunbeltsoftware.com
>>> with the body: unsubscribe ntsysadmin
>>>
>>>
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Stupid iPhone 4S Security Loophole

[Kurt Buff]

I disagree. The reason I think it's a design flaw, IMO, is that
settings with security implications should be set to the more secure
setting by default. I suppose you could get all airy about it and say
that their approach to design is flawed - that is, Apple seem to be in
favor of ever feature turned on out of the box so that users are
fooled into believing they don't have to make decisions.

The basic stance should be: Turn off almost everything by default, and
let the user choose to turn on what they want afterward.

Microsoft is learning this lesson. Apple hasn't yet. OpenBSD has
mastered this lesson, and FreeBSD pretty much has it down pat, too.

I will say that I think that this particular issue isn't of
Earth-shattering proportions, but it seems to be in line with Apple's
general outlook...

Kurt

On Fri, Nov 11, 2011 at 15:56, Jonathan Link  wrote:
> No. It is user configurable.
> At worst, Apple didn't disclose the security implications. Since it is a
> consumer device I am unsurprised.
> On Friday, November 11, 2011, Kurt Buff  wrote:
>> that's not a bug, that's a design flaw.
>>
>> On Fri, Nov 11, 2011 at 14:40, Micheal Espinola Jr
>>  wrote:
>>> Ah, but that's not a bug - its a feature.
>>>
>>> --
>>> Espi
>>>
>>>
>>>
>>>
>>>
>>> On Fri, Nov 11, 2011 at 2:15 PM, Stu Sjouwerman
>>> 
>>> wrote:

 You may have missed this, but there is a hole in Siri, the much-touted
 iPhone 4S personal assistant. The default setting for the new A.I. is
 "On", which means that even when a user's phone is locked, anyone
 could pick it up, hold down the home button and tell Siri to send
 texts and emails. OUCH!

 There's an easy fix though, if you don't want Siri to work when the
 phone is locked, simply change the default setting from "Allow access
 to Siri when locked with a passcode" to "Off." Just make sure it's done.

 Warm regards,
 Stu


 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~   ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin

>>>
>>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>>> ~   ~
>>>
>>> ---
>>> To manage subscriptions click here:
>>> http://lyris.sunbelt-software.com/read/my_forums/
>>> or send an email to listmana...@lyris.sunbeltsoftware.com
>>> with the body: unsubscribe ntsysadmin
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Stupid iPhone 4S Security Loophole

[Micheal Espinola Jr]

But you'd think in this day and age it would be disabled by default - but
then again Apple isnt a real tech company; they are a user experience
company.

--
Espi





On Fri, Nov 11, 2011 at 3:56 PM, Jonathan Link wrote:

> No. It is user configurable.
> At worst, Apple didn't disclose the security implications. Since it is a
> consumer device I am unsurprised.
> On Friday, November 11, 2011, Kurt Buff  wrote:
> > that's not a bug, that's a design flaw.
> >
> > On Fri, Nov 11, 2011 at 14:40, Micheal Espinola Jr
> >  wrote:
> >> Ah, but that's not a bug - its a feature.
> >>
> >> --
> >> Espi
> >>
> >>
> >>
> >>
> >>
> >> On Fri, Nov 11, 2011 at 2:15 PM, Stu Sjouwerman <
> s...@sunbelt-software.com>
> >> wrote:
> >>>
> >>> You may have missed this, but there is a hole in Siri, the much-touted
> >>> iPhone 4S personal assistant. The default setting for the new A.I. is
> >>> "On", which means that even when a user's phone is locked, anyone
> >>> could pick it up, hold down the home button and tell Siri to send
> >>> texts and emails. OUCH!
> >>>
> >>> There's an easy fix though, if you don't want Siri to work when the
> >>> phone is locked, simply change the default setting from "Allow access
> >>> to Siri when locked with a passcode" to "Off." Just make sure it's
> done.
> >>>
> >>> Warm regards,
> >>> Stu
> >>>
> >>>
> >>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> >>> ~   ~
> >>>
> >>> ---
> >>> To manage subscriptions click here:
> >>> http://lyris.sunbelt-software.com/read/my_forums/
> >>> or send an email to listmana...@lyris.sunbeltsoftware.com
> >>> with the body: unsubscribe ntsysadmin
> >>>
> >>
> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> >> ~   ~
> >>
> >> ---
> >> To manage subscriptions click here:
> >> http://lyris.sunbelt-software.com/read/my_forums/
> >> or send an email to listmana...@lyris.sunbeltsoftware.com
> >> with the body: unsubscribe ntsysadmin
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> > ~   ~
> >
> > ---
> > To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> > or send an email to listmana...@lyris.sunbeltsoftware.com
> > with the body: unsubscribe ntsysadmin
> >
> >
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Antivirus Recommendations?

[Ray]

I'm not sure where the guy came from.  We pay for premium support, and our
TAM called him in. 

 

Wasn't my project.   

 

From: Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: Friday, November 11, 2011 4:45 PM
To: NT System Admin Issues
Subject: RE: Antivirus Recommendations?

 

Honestly, and I see this more and more - Microsoft Consulting Services (MCS)
is the wrong team to bring in.

 

If you are going to bring in a consultant, bring in a firm or subject matter
expert who KNOWS a particular topic. MCS rarely will.

 

There are a number of great solutions to dealing with the WMI problems that
you may see with SCCM. This is long covered well documented and there are
lots of companies (including mine, but that's just an example) who know how
to handle these issues.

 

Regards,

 

Michael B. Smith

Consultant and Exchange MVP

http://TheEssentialExchange.com

 

From: Ray [mailto:rz...@qwest.net] 
Sent: Friday, November 11, 2011 6:10 PM
To: NT System Admin Issues
Subject: RE: Antivirus Recommendations?

 

SCCM sucked for us bigtime, even after bringing in MS.  In our case, the
lack of standardization caused a whole lot of issues in the field.  IIRC,
SCCM counts on WMI, and we had all kinds of problems trying to get that to
work correctly on a lot of workstations.   

 

I think it's even mediocre at the one thing we really wanted - remote
administration.

 

From: Paul Hutchings [mailto:paul.hutchi...@mira.co.uk] 
Sent: Friday, November 11, 2011 5:46 AM
To: NT System Admin Issues
Subject: RE: Antivirus Recommendations?

 

A couple of consultant days and we'd be over the cost of any a/v licenses,
so I don't have many issues with not using sccm just yet as I figure diving
in and screwing it up will potentially cost us more.

 

It's annoying as I'd quite like to try it, but I don't want to lose several
days just to get to the point where I can do so.

From: Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: 11 November 2011 12:34
To: NT System Admin Issues
Subject: RE: Antivirus Recommendations?

 

There are one or two third parties that offer management for Forefront
without SCCM.

 

That being said, and I don't know how large your organization is, but you
may find it MUCH cheaper to pay a consultant to come in for a few days to
help you set up SCCM (just for patching) than to sign a license for a
different A/V.

 

Regards,

 

Michael B. Smith

Consultant and Exchange MVP

http://theessentialexchange.com/

  _  

From: Paul Hutchings [paul.hutchi...@mira.co.uk]
Sent: Friday, November 11, 2011 7:27 AM
To: NT System Admin Issues
Subject: RE: Antivirus Recommendations?

We actually have Forefront licenses via an MS agreement, I just don't think
I want to try and get my teeth into SCCM right now just to administer it (I
appreciate that SCCM does all manner of things but YKWIM, it's a bit of a
monster).

 

We do all the defence in depth stuff regards perimiter scanning, URL
blocking etc.

From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: 11 November 2011 12:20
To: NT System Admin Issues
Subject: Re: Antivirus Recommendations?

 

I haven't dealt much with AV over the last year, but I liked Vipre
Enterprise last time I did. However we did move from Symantec so anything
would probably have been a vast improvement.

 

I notice a lot of people are fans of the MS offerings now (Forefront,
Security Essentials, etc, don't know the exact current brand names). Truth
be known is that no AV can provide 100% coverage, and the ones that provide
advanced heuristic detection are usually the ones with the bigger
footprints. I'm personally a fan of coupling up your reactive AV with
something like AppLocker from MS, if you're an AD shop, and obviously some
good event log monitoring procedures. Defense-in-depth is usually the only
way to stay fairly safe.

 

YMMV, etc.

On 11 November 2011 12:11, Paul Hutchings  wrote:

Our Avira Antivir license is up for renewal in a couple of months.  Whilst
we've had no significant issues, I want to look at a couple of other options
so that even if we stay with Avira it's for the right technical reasons.

 

We have around 550 PC's, a mix of Windows XP, Windows Vista, Windows 7,
predominantly 32bit with some x64.

 

I'd be looking for a mixture of good centralised management (this almost
always seems to rule out many vendors) combined with low client footprint -
and something that is totally "hands off" from the end user perspective and
that "just works". 

 

Suggestions?

 

Thanks,

Paul

  _  

MIRA Ltd

 

Watling Street, Nuneaton, Warwickshire, CV10 0TU, England

Registered in England and Wales No. 402570

VAT Registration  GB 100 1464 84

 

The contents of this e-mail are confidential and are solely for the use of
the intended recipient.  If you receive this e-mail in error, please delete
it and notify us either by e-mail, telephone or fax.  You should not copy,
forward or otherwise disclose the content of the e-mail as this is
prohibited.

~ Fi

Re: Stupid iPhone 4S Security Loophole

[Jonathan Link]

No. It is user configurable.
At worst, Apple didn't disclose the security implications. Since it is a
consumer device I am unsurprised.
On Friday, November 11, 2011, Kurt Buff  wrote:
> that's not a bug, that's a design flaw.
>
> On Fri, Nov 11, 2011 at 14:40, Micheal Espinola Jr
>  wrote:
>> Ah, but that's not a bug - its a feature.
>>
>> --
>> Espi
>>
>>
>>
>>
>>
>> On Fri, Nov 11, 2011 at 2:15 PM, Stu Sjouwerman <
s...@sunbelt-software.com>
>> wrote:
>>>
>>> You may have missed this, but there is a hole in Siri, the much-touted
>>> iPhone 4S personal assistant. The default setting for the new A.I. is
>>> "On", which means that even when a user's phone is locked, anyone
>>> could pick it up, hold down the home button and tell Siri to send
>>> texts and emails. OUCH!
>>>
>>> There's an easy fix though, if you don't want Siri to work when the
>>> phone is locked, simply change the default setting from "Allow access
>>> to Siri when locked with a passcode" to "Off." Just make sure it's done.
>>>
>>> Warm regards,
>>> Stu
>>>
>>>
>>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>>> ~   ~
>>>
>>> ---
>>> To manage subscriptions click here:
>>> http://lyris.sunbelt-software.com/read/my_forums/
>>> or send an email to listmana...@lyris.sunbeltsoftware.com
>>> with the body: unsubscribe ntsysadmin
>>>
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Stupid iPhone 4S Security Loophole

[Kurt Buff]

that's not a bug, that's a design flaw.

On Fri, Nov 11, 2011 at 14:40, Micheal Espinola Jr
 wrote:
> Ah, but that's not a bug - its a feature.
>
> --
> Espi
>
>
>
>
>
> On Fri, Nov 11, 2011 at 2:15 PM, Stu Sjouwerman 
> wrote:
>>
>> You may have missed this, but there is a hole in Siri, the much-touted
>> iPhone 4S personal assistant. The default setting for the new A.I. is
>> "On", which means that even when a user's phone is locked, anyone
>> could pick it up, hold down the home button and tell Siri to send
>> texts and emails. OUCH!
>>
>> There's an easy fix though, if you don't want Siri to work when the
>> phone is locked, simply change the default setting from "Allow access
>> to Siri when locked with a passcode" to "Off." Just make sure it's done.
>>
>> Warm regards,
>> Stu
>>
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Antivirus Recommendations?

[Michael B. Smith]

Honestly, and I see this more and more - Microsoft Consulting Services (MCS) is 
the wrong team to bring in.

If you are going to bring in a consultant, bring in a firm or subject matter 
expert who KNOWS a particular topic. MCS rarely will.

There are a number of great solutions to dealing with the WMI problems that you 
may see with SCCM. This is long covered well documented and there are lots of 
companies (including mine, but that's just an example) who know how to handle 
these issues.

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Ray [mailto:rz...@qwest.net]
Sent: Friday, November 11, 2011 6:10 PM
To: NT System Admin Issues
Subject: RE: Antivirus Recommendations?

SCCM sucked for us bigtime, even after bringing in MS.  In our case, the lack 
of standardization caused a whole lot of issues in the field.  IIRC, SCCM 
counts on WMI, and we had all kinds of problems trying to get that to work 
correctly on a lot of workstations.

I think it's even mediocre at the one thing we really wanted - remote 
administration.

From: Paul Hutchings 
[mailto:paul.hutchi...@mira.co.uk]
Sent: Friday, November 11, 2011 5:46 AM
To: NT System Admin Issues
Subject: RE: Antivirus Recommendations?

A couple of consultant days and we'd be over the cost of any a/v licenses, so I 
don't have many issues with not using sccm just yet as I figure diving in and 
screwing it up will potentially cost us more.

It's annoying as I'd quite like to try it, but I don't want to lose several 
days just to get to the point where I can do so.
From: Michael B. Smith 
[mailto:mich...@smithcons.com]
Sent: 11 November 2011 12:34
To: NT System Admin Issues
Subject: RE: Antivirus Recommendations?


There are one or two third parties that offer management for Forefront without 
SCCM.



That being said, and I don't know how large your organization is, but you may 
find it MUCH cheaper to pay a consultant to come in for a few days to help you 
set up SCCM (just for patching) than to sign a license for a different A/V.


Regards,

Michael B. Smith
Consultant and Exchange MVP
http://theessentialexchange.com/

From: Paul Hutchings [paul.hutchi...@mira.co.uk]
Sent: Friday, November 11, 2011 7:27 AM
To: NT System Admin Issues
Subject: RE: Antivirus Recommendations?
We actually have Forefront licenses via an MS agreement, I just don't think I 
want to try and get my teeth into SCCM right now just to administer it (I 
appreciate that SCCM does all manner of things but YKWIM, it's a bit of a 
monster).

We do all the defence in depth stuff regards perimiter scanning, URL blocking 
etc.
From: James Rankin 
[mailto:kz2...@googlemail.com]
Sent: 11 November 2011 12:20
To: NT System Admin Issues
Subject: Re: Antivirus Recommendations?

I haven't dealt much with AV over the last year, but I liked Vipre Enterprise 
last time I did. However we did move from Symantec so anything would probably 
have been a vast improvement.

I notice a lot of people are fans of the MS offerings now (Forefront, Security 
Essentials, etc, don't know the exact current brand names). Truth be known is 
that no AV can provide 100% coverage, and the ones that provide advanced 
heuristic detection are usually the ones with the bigger footprints. I'm 
personally a fan of coupling up your reactive AV with something like AppLocker 
from MS, if you're an AD shop, and obviously some good event log monitoring 
procedures. Defense-in-depth is usually the only way to stay fairly safe.

YMMV, etc.
On 11 November 2011 12:11, Paul Hutchings 
mailto:paul.hutchi...@mira.co.uk>> wrote:
Our Avira Antivir license is up for renewal in a couple of months.  Whilst 
we've had no significant issues, I want to look at a couple of other options so 
that even if we stay with Avira it's for the right technical reasons.

We have around 550 PC's, a mix of Windows XP, Windows Vista, Windows 7, 
predominantly 32bit with some x64.

I'd be looking for a mixture of good centralised management (this almost always 
seems to rule out many vendors) combined with low client footprint - and 
something that is totally "hands off" from the end user perspective and that 
"just works".

Suggestions?

Thanks,
Paul

MIRA Ltd

Watling Street, Nuneaton, Warwickshire, CV10 0TU, England
Registered in England and Wales No. 402570
VAT Registration  GB 100 1464 84

The contents of this e-mail are confidential and are solely for the use of the 
intended recipient.  If you receive this e-mail in error, please delete it and 
notify us either by e-mail, telephone or fax.  You should not copy, forward or 
otherwise disclose the content of the e-mail as this is prohibited.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage

RE: Antivirus Recommendations?

[Ray]

We installed via script.  As soon as a machine joined the domain it
installs.   

 

From: pdw1...@hotmail.com [mailto:pdw1...@hotmail.com] 
Sent: Friday, November 11, 2011 10:10 AM
To: NT System Admin Issues
Subject: RE: Antivirus Recommendations?

 

We also went with Sophos a couple of years back.  I agree with what Jim says
except for easy deployment.  I find it to be bit of a pain.  Others may have
the same issue because I was talking to the Sophos salesman this morning and
he said version 10 coming out next month has a much better deployment
scheme.

Note to Jim:  I can't just type in a server or pc name like I did with
Vipre, I have to search by IP or search by domain, it brings up duplicate
names in the Unmanaged computers window.  And, what's worse, the many of the
computers in that window already have a\v on them.  

  _  

From: jholmg...@xlhealth.com
To: ntsysadmin@lyris.sunbelt-software.com
Subject: RE: Antivirus Recommendations?
Date: Fri, 11 Nov 2011 12:46:06 +

We went through this exercise about a 14 months ago.  We chose Sophos.   I
have not regretted it one bit.  Easy to deploy, centrally managed,
relatively small footprint.and best of all - it actually WORKS.

 

Jim

 

Jim Holmgren

Director of Technology Infrastructure

XLHealth Corporation

The Warehouse at Camden Yards

351 West Camden Street, Suite 100

Baltimore, MD 21201 

410.625.2200 (main)

443.524.8573 (direct)

443-506.2400 (cell)

  www.xlhealth.com

 

 

 

itente, y destruye cualquier copia existente del mensaje original.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Antivirus Recommendations?

[Ray]

SCCM sucked for us bigtime, even after bringing in MS.  In our case, the
lack of standardization caused a whole lot of issues in the field.  IIRC,
SCCM counts on WMI, and we had all kinds of problems trying to get that to
work correctly on a lot of workstations.   

 

I think it's even mediocre at the one thing we really wanted - remote
administration.

 

From: Paul Hutchings [mailto:paul.hutchi...@mira.co.uk] 
Sent: Friday, November 11, 2011 5:46 AM
To: NT System Admin Issues
Subject: RE: Antivirus Recommendations?

 

A couple of consultant days and we'd be over the cost of any a/v licenses,
so I don't have many issues with not using sccm just yet as I figure diving
in and screwing it up will potentially cost us more.

 

It's annoying as I'd quite like to try it, but I don't want to lose several
days just to get to the point where I can do so.

From: Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: 11 November 2011 12:34
To: NT System Admin Issues
Subject: RE: Antivirus Recommendations?

 

There are one or two third parties that offer management for Forefront
without SCCM.

 

That being said, and I don't know how large your organization is, but you
may find it MUCH cheaper to pay a consultant to come in for a few days to
help you set up SCCM (just for patching) than to sign a license for a
different A/V.

 

Regards,

 

Michael B. Smith

Consultant and Exchange MVP

http://theessentialexchange.com/

  _  

From: Paul Hutchings [paul.hutchi...@mira.co.uk]
Sent: Friday, November 11, 2011 7:27 AM
To: NT System Admin Issues
Subject: RE: Antivirus Recommendations?

We actually have Forefront licenses via an MS agreement, I just don't think
I want to try and get my teeth into SCCM right now just to administer it (I
appreciate that SCCM does all manner of things but YKWIM, it's a bit of a
monster).

 

We do all the defence in depth stuff regards perimiter scanning, URL
blocking etc.

From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: 11 November 2011 12:20
To: NT System Admin Issues
Subject: Re: Antivirus Recommendations?

 

I haven't dealt much with AV over the last year, but I liked Vipre
Enterprise last time I did. However we did move from Symantec so anything
would probably have been a vast improvement.

 

I notice a lot of people are fans of the MS offerings now (Forefront,
Security Essentials, etc, don't know the exact current brand names). Truth
be known is that no AV can provide 100% coverage, and the ones that provide
advanced heuristic detection are usually the ones with the bigger
footprints. I'm personally a fan of coupling up your reactive AV with
something like AppLocker from MS, if you're an AD shop, and obviously some
good event log monitoring procedures. Defense-in-depth is usually the only
way to stay fairly safe.

 

YMMV, etc.

On 11 November 2011 12:11, Paul Hutchings  wrote:

Our Avira Antivir license is up for renewal in a couple of months.  Whilst
we've had no significant issues, I want to look at a couple of other options
so that even if we stay with Avira it's for the right technical reasons.

 

We have around 550 PC's, a mix of Windows XP, Windows Vista, Windows 7,
predominantly 32bit with some x64.

 

I'd be looking for a mixture of good centralised management (this almost
always seems to rule out many vendors) combined with low client footprint -
and something that is totally "hands off" from the end user perspective and
that "just works". 

 

Suggestions?

 

Thanks,

Paul

  _  

MIRA Ltd

 

Watling Street, Nuneaton, Warwickshire, CV10 0TU, England

Registered in England and Wales No. 402570

VAT Registration  GB 100 1464 84

 

The contents of this e-mail are confidential and are solely for the use of
the intended recipient.  If you receive this e-mail in error, please delete
it and notify us either by e-mail, telephone or fax.  You should not copy,
forward or otherwise disclose the content of the e-mail as this is
prohibited.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin




-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question."

* IMPORTANT INFORMATION/DISCLAIMER *

This document should be read only by those persons to whom it is addressed.
If you have received this message it was obviously addressed to you and
therefore you can read it, even it we didn't mean to send it to you.
However, if the contents of this email make no sense whatsoever then you
probably were not the intended recipient, or, alternatively, you are a
mindless cretin; either way, you should immediately kill yourself 

RE: Stupid iPhone 4S Security Loophole

[Michael B. Smith]

Yes, it is.

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Micheal Espinola Jr [mailto:michealespin...@gmail.com]
Sent: Friday, November 11, 2011 5:40 PM
To: NT System Admin Issues
Subject: Re: Stupid iPhone 4S Security Loophole

Ah, but that's not a bug - its a feature.

--
Espi




On Fri, Nov 11, 2011 at 2:15 PM, Stu Sjouwerman 
mailto:s...@sunbelt-software.com>> wrote:
You may have missed this, but there is a hole in Siri, the much-touted
iPhone 4S personal assistant. The default setting for the new A.I. is
"On", which means that even when a user's phone is locked, anyone
could pick it up, hold down the home button and tell Siri to send
texts and emails. OUCH!

There's an easy fix though, if you don't want Siri to work when the
phone is locked, simply change the default setting from "Allow access
to Siri when locked with a passcode" to "Off." Just make sure it's done.

Warm regards,
Stu


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Antivirus Recommendations?

[Micheal Espinola Jr]

I would not be so hung up on good centralized management as I would be with
real-world performance.  Just works, and actually stops viruses?

Kaspersky.

--
Espi





On Fri, Nov 11, 2011 at 4:11 AM, Paul Hutchings
wrote:

>  Our Avira Antivir license is up for renewal in a couple of months.
> Whilst we’ve had no significant issues, I want to look at a couple of other
> options so that even if we stay with Avira it’s for the right technical
> reasons.
>
> ** **
>
> We have around 550 PC’s, a mix of Windows XP, Windows Vista, Windows 7,
> predominantly 32bit with some x64.
>
> ** **
>
> I’d be looking for a mixture of good centralised management (this almost
> always seems to rule out many vendors) combined with low client footprint –
> and something that is totally “hands off” from the end user perspective and
> that “just works”. 
>
> ** **
>
> Suggestions?
>
> ** **
>
> Thanks,
>
> Paul
>  --
> *MIRA Ltd*
>
> Watling Street, Nuneaton, Warwickshire, CV10 0TU, England
> Registered in England and Wales No. 402570
> VAT Registration  GB 100 1464 84
>
> The contents of this e-mail are confidential and are solely for the use of
> the intended recipient.  If you receive this e-mail in error, please delete
> it and notify us either by e-mail, telephone or fax.  You should not copy,
> forward or otherwise disclose the content of the e-mail as this is
> prohibited.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Stupid iPhone 4S Security Loophole

[Micheal Espinola Jr]

Ah, but that's not a bug - its a feature.

--
Espi





On Fri, Nov 11, 2011 at 2:15 PM, Stu Sjouwerman
wrote:

> You may have missed this, but there is a hole in Siri, the much-touted
> iPhone 4S personal assistant. The default setting for the new A.I. is
> "On", which means that even when a user's phone is locked, anyone
> could pick it up, hold down the home button and tell Siri to send
> texts and emails. OUCH!
>
> There's an easy fix though, if you don't want Siri to work when the
> phone is locked, simply change the default setting from "Allow access
> to Siri when locked with a passcode" to "Off." Just make sure it's done.
>
> Warm regards,
> Stu
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Antivirus Recommendations?

[Rankin, James R]

Application whitelisting combined with user training is a good policy too - 
note, I am an AppSense bigot, one of the biggest players in the application 
whitelisting sector


Sent from my SR-71 Blackbird

-Original Message-
From: Stu Sjouwerman 
Date: Fri, 11 Nov 2011 17:30:00 
To: NT System Admin Issues
Reply-To: "NT System Admin Issues" 
Subject: RE: Antivirus Recommendations?

Paul, as one of Sunbelt's founders, you can take this with the required 
grain(s) of salt for built-in bias.
Having said that though...

When you have more than a few dozen machines, the Admin console becomes a big 
deal. I would take
that as a heavily weighted part of the decision. VIPRE 5 just came out and 
admins love the console.
Otherwise, you need to look at effectiveness and then price. Virus Bulletin 
compares all of them
regularly, you want to be very high in the top right.
http://www.virusbtn.com/vb100/RAP/RAP-quadrant-Apr-Oct11-850.jpg

Last but not least, 45% of malware infections are caused by user interaction. 
In other words, they
get social engineered to click on a link, and thus bypass your AV and firewall 
in many cases.
Training your users really, really helps a lot to cut down on infections, and 
prevent bad guys from
penetrating the network. This is what I do at the moment, and I will send you a 
free email exposure
check that shows you how many emails of your are floating out there.

VIPRE, NOD32, Kaspersky and Sophos are all good products, but YMMV.

Warm regards,

Stu




From: Paul Hutchings [mailto:paul.hutchi...@mira.co.uk]
Sent: Friday, November 11, 2011 7:11 AM
To: NT System Admin Issues
Subject: Antivirus Recommendations?

Our Avira Antivir license is up for renewal in a couple of months.  Whilst 
we've had no significant issues, I want to look at a couple of other options so 
that even if we stay with Avira it's for the right technical reasons.

We have around 550 PC's, a mix of Windows XP, Windows Vista, Windows 7, 
predominantly 32bit with some x64.

I'd be looking for a mixture of good centralised management (this almost always 
seems to rule out many vendors) combined with low client footprint - and 
something that is totally "hands off" from the end user perspective and that 
"just works".

Suggestions?

Thanks,
Paul

MIRA Ltd

Watling Street, Nuneaton, Warwickshire, CV10 0TU, England
Registered in England and Wales No. 402570
VAT Registration  GB 100 1464 84

The contents of this e-mail are confidential and are solely for the use of the 
intended recipient.  If you receive this e-mail in error, please delete it and 
notify us either by e-mail, telephone or fax.  You should not copy, forward or 
otherwise disclose the content of the e-mail as this is prohibited.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Antivirus Recommendations?

[Stu Sjouwerman]

Paul, as one of Sunbelt's founders, you can take this with the required 
grain(s) of salt for built-in bias.
Having said that though...

When you have more than a few dozen machines, the Admin console becomes a big 
deal. I would take
that as a heavily weighted part of the decision. VIPRE 5 just came out and 
admins love the console.
Otherwise, you need to look at effectiveness and then price. Virus Bulletin 
compares all of them
regularly, you want to be very high in the top right.
http://www.virusbtn.com/vb100/RAP/RAP-quadrant-Apr-Oct11-850.jpg

Last but not least, 45% of malware infections are caused by user interaction. 
In other words, they
get social engineered to click on a link, and thus bypass your AV and firewall 
in many cases.
Training your users really, really helps a lot to cut down on infections, and 
prevent bad guys from
penetrating the network. This is what I do at the moment, and I will send you a 
free email exposure
check that shows you how many emails of your are floating out there.

VIPRE, NOD32, Kaspersky and Sophos are all good products, but YMMV.

Warm regards,

Stu




From: Paul Hutchings [mailto:paul.hutchi...@mira.co.uk]
Sent: Friday, November 11, 2011 7:11 AM
To: NT System Admin Issues
Subject: Antivirus Recommendations?

Our Avira Antivir license is up for renewal in a couple of months.  Whilst 
we've had no significant issues, I want to look at a couple of other options so 
that even if we stay with Avira it's for the right technical reasons.

We have around 550 PC's, a mix of Windows XP, Windows Vista, Windows 7, 
predominantly 32bit with some x64.

I'd be looking for a mixture of good centralised management (this almost always 
seems to rule out many vendors) combined with low client footprint - and 
something that is totally "hands off" from the end user perspective and that 
"just works".

Suggestions?

Thanks,
Paul

MIRA Ltd

Watling Street, Nuneaton, Warwickshire, CV10 0TU, England
Registered in England and Wales No. 402570
VAT Registration  GB 100 1464 84

The contents of this e-mail are confidential and are solely for the use of the 
intended recipient.  If you receive this e-mail in error, please delete it and 
notify us either by e-mail, telephone or fax.  You should not copy, forward or 
otherwise disclose the content of the e-mail as this is prohibited.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Stupid iPhone 4S Security Loophole

[Stu Sjouwerman]

You may have missed this, but there is a hole in Siri, the much-touted 
iPhone 4S personal assistant. The default setting for the new A.I. is 
"On", which means that even when a user's phone is locked, anyone 
could pick it up, hold down the home button and tell Siri to send 
texts and emails. OUCH!

There's an easy fix though, if you don't want Siri to work when the 
phone is locked, simply change the default setting from "Allow access 
to Siri when locked with a passcode" to "Off." Just make sure it's done.

Warm regards,  
Stu 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Server room cooling units

[Stu Sjouwerman]

We used Liebert at Sunbelt, but had regular outages with it, make sure that the 
company you buy from understand the concept of "preventive maintenance"

Warm regards,

Stu

From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org]
Sent: Thursday, November 10, 2011 11:04 AM
To: NT System Admin Issues
Subject: Server room cooling units


Greetings!

Currently, I have two HVAC bids regarding the expansion of our server room.  
(It will seem strange to have that room below 80 degrees, and I am not kidding 
with that number!).

We have two proposals and with two different units, both 15 tons.  One is by 
Stulz, and one is by Liebert.

Anyone care to offer their opinions/experiences/etc on the advantages one has 
over the other?

Thank you...
--
Richard D. McClary
Jr Infrastructure Architect, Information Technology Group
ASPCA(r)
1717 S. Philo Rd, Ste 36
Urbana, IL  61802


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: SIEM solutions

[Stu Sjouwerman]

Yeah, I would say Splunk would need to be on that shortlist a well.

Stu

From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Thursday, November 10, 2011 12:04 AM
To: NT System Admin Issues
Subject: Re: SIEM solutions

I've played with Nitro a little bit, and I'm familiar with LogRythm, although 
I've never deployed it.

Also consider TriGeo, Splunk Enterprise, and 
http://alienvault.com/products/unified-siem/siem

This is not a cheap category of product...
ASB

http://XeeMe.com/AndrewBaker

Harnessing the Advantages of Technology for the SMB market...



On Wed, Nov 9, 2011 at 1:34 PM, David Lum 
mailto:david@nwea.org>> wrote:
We are looking at some SIEM (Security Information and Event Management) 
solutions and are looking at products from the following vendors - does anyone 
here have a SIEM solution or experience and have anything to say about any of 
these?

ArcSight
RSA
LogRhythm
NitroSecurity
netForensics
elQnetworks
Prism Microsystems
Virtela

David Lum
Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 
503.267.9764


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: "Authenticated Users" List

[Steve Kradel]

Aye, it sounds like the problem is related to pushing the message to
the Exchange server in a non-authenticated context, rather than
anything to do with the user account itself.

--Steve

On Fri, Nov 11, 2011 at 3:43 PM, Michael B. Smith  wrote:
> I would look to see:
>
>
>
> [1] how is her account configured in Outlook
>
> [2] is she using POP/IMAP
>
> [3] if so, is she specifying credentials
>
> [4] if not, does the group have a list of valid senders attached to  it
>
>
>
> Regards,
>
>
>
> Michael B. Smith
>
> Consultant and Exchange MVP
>
> http://TheEssentialExchange.com
>
>
>
> From: Mark Boeck [mailto:netadmin...@gmail.com]
> Sent: Friday, November 11, 2011 3:36 PM
>
> To: NT System Admin Issues
> Subject: Re: "Authenticated Users" List
>
>
>
> Michael and Andrew -
>
>
>
> I have 1 user who, when she sends an email from her Outlook 2003 client to
> one group or another, she gets an NDR stating "can't be delivered" because
> she's not authenticated.  No one else has this issue.  Removing the "require
> authenticated sender" from the group on the Exchange 2010 sp 1 server
> "fixes" the problem.
>
>
>
> Thanks, gents.
>
> On Wed, Nov 9, 2011 at 3:11 PM, Mark Boeck  wrote:
>
> Greets.
>
>
>
> Other than using WHOAMI or GPRESULT against each user 1 at a time, how can I
> get a list of who is currently an "AUTHENTICATED USER" on my domain(s)?
>
>
>
> TIA!
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Creating an .ADM file

[Rankin, James R]

Yes GPP is the way forward for reg keys where there are no pre-created GPOs 
for. Login scripts, for AD environments, are much on the wane.

Sent from my SR-71 Blackbird

-Original Message-
From: "Kennedy, Jim" 
Date: Fri, 11 Nov 2011 16:24:14 
To: NT System Admin Issues
Reply-To: "NT System Admin Issues" 
Subject: RE: Creating an .ADM file

You can also just create the key on a test machine and import it from there via 
GPO.

Computer Configuration\Preferences\Registry and User 
Configuration\preferences\Windows Settings\Registry

From: David Lum [mailto:david@nwea.org]
Sent: Friday, November 11, 2011 3:54 PM
To: NT System Admin Issues
Subject: RE: Creating an .ADM file

Ok this is wy too cool. Like restricted groups, this is another trick I 
picked up that I will find amazingly useful, I *KNEW* there had to be a better 
way to manage the registry than .REG files via login script.

As Homer Simpson would sing "I am so smart, SMRT". Lol

Dave

From: David Lum [mailto:david@nwea.org]
Sent: Friday, November 11, 2011 11:56 AM
To: NT System Admin Issues
Subject: RE: Creating an .ADM file

You sir, are money! Thanks so much.

Once again I look brilliant! I typically use Notepad on this but apparently the 
source I used threw it off just enough.

From: Carl Houseman 
[mailto:c.house...@gmail.com]
Sent: Friday, November 11, 2011 8:30 AM
To: NT System Admin Issues
Subject: RE: Creating an .ADM file

Careful if cutting and pasting from the web, your double quotes may not be 
"real" double quotes.This is one of mine.  Notice the difference between 
the double quotes from mine compared to what you included in your mail message.

CLASS MACHINE
CATEGORY "System"
  CATEGORY "DLL Search Behavior"
EXPLAIN "LoadLibrary and LoadLibraryEx search path behavior."
POLICY "Global Search Path Behavior"
  KEYNAME "SYSTEM\CurrentControlSet\Control\Session Manager"
  EXPLAIN "Global LoadLibrary and LoadLibraryEx search path behavior."
  SUPPORTED "MSKB2264107 must be installed."
  PART "Search Policy" DROPDOWNLIST
VALUENAME CWDIllegalInDllSearch
  ITEMLIST
NAME "Legacy Behavior"VALUE NUMERIC 0 DEFAULT
NAME "Block WebDAV CWDs"  VALUE NUMERIC 1
NAME "Block WebDAV and UNC CWDs"  VALUE NUMERIC 2
NAME "No CWDs allowed"VALUE NUMERIC 4294967295
  END ITEMLIST
  END PART
END POLICY
  END CATEGORY
END CATEGORY

Carl

From: David Lum [mailto:david@nwea.org]
Sent: Friday, November 11, 2011 9:59 AM
To: NT System Admin Issues
Subject: Creating an .ADM file

Found an awesome article on rolling your own .ADM file
http://www.frickelsoft.net/blog/downloads/howto_admTemplates.pdf

However, I cannot figure out how to properly quote the "KEYNAME" field, and all 
the examples I find don't have a space in it
KEYNAME "SOFTWARE\JavaSoft\Java Update\Policy"

When I try and import this I get an "unexpected keyword'
Found: Update\policy
Expected; KEYNAME, CATEGORY, POLICY, END, EXPLAIN
David Lum
Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Creating an .ADM file

[Kennedy, Jim]

You can also just create the key on a test machine and import it from there via 
GPO.

Computer Configuration\Preferences\Registry and User 
Configuration\preferences\Windows Settings\Registry

From: David Lum [mailto:david@nwea.org]
Sent: Friday, November 11, 2011 3:54 PM
To: NT System Admin Issues
Subject: RE: Creating an .ADM file

Ok this is wy too cool. Like restricted groups, this is another trick I 
picked up that I will find amazingly useful, I *KNEW* there had to be a better 
way to manage the registry than .REG files via login script.

As Homer Simpson would sing "I am so smart, SMRT". Lol

Dave

From: David Lum [mailto:david@nwea.org]
Sent: Friday, November 11, 2011 11:56 AM
To: NT System Admin Issues
Subject: RE: Creating an .ADM file

You sir, are money! Thanks so much.

Once again I look brilliant! I typically use Notepad on this but apparently the 
source I used threw it off just enough.

From: Carl Houseman 
[mailto:c.house...@gmail.com]
Sent: Friday, November 11, 2011 8:30 AM
To: NT System Admin Issues
Subject: RE: Creating an .ADM file

Careful if cutting and pasting from the web, your double quotes may not be 
"real" double quotes.This is one of mine.  Notice the difference between 
the double quotes from mine compared to what you included in your mail message.

CLASS MACHINE
CATEGORY "System"
  CATEGORY "DLL Search Behavior"
EXPLAIN "LoadLibrary and LoadLibraryEx search path behavior."
POLICY "Global Search Path Behavior"
  KEYNAME "SYSTEM\CurrentControlSet\Control\Session Manager"
  EXPLAIN "Global LoadLibrary and LoadLibraryEx search path behavior."
  SUPPORTED "MSKB2264107 must be installed."
  PART "Search Policy" DROPDOWNLIST
VALUENAME CWDIllegalInDllSearch
  ITEMLIST
NAME "Legacy Behavior"VALUE NUMERIC 0 DEFAULT
NAME "Block WebDAV CWDs"  VALUE NUMERIC 1
NAME "Block WebDAV and UNC CWDs"  VALUE NUMERIC 2
NAME "No CWDs allowed"VALUE NUMERIC 4294967295
  END ITEMLIST
  END PART
END POLICY
  END CATEGORY
END CATEGORY

Carl

From: David Lum [mailto:david@nwea.org]
Sent: Friday, November 11, 2011 9:59 AM
To: NT System Admin Issues
Subject: Creating an .ADM file

Found an awesome article on rolling your own .ADM file
http://www.frickelsoft.net/blog/downloads/howto_admTemplates.pdf

However, I cannot figure out how to properly quote the "KEYNAME" field, and all 
the examples I find don't have a space in it
KEYNAME "SOFTWARE\JavaSoft\Java Update\Policy"

When I try and import this I get an "unexpected keyword'
Found: Update\policy
Expected; KEYNAME, CATEGORY, POLICY, END, EXPLAIN
David Lum
Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Creating an .ADM file

[David Lum]

Ok this is wy too cool. Like restricted groups, this is another trick I 
picked up that I will find amazingly useful, I *KNEW* there had to be a better 
way to manage the registry than .REG files via login script.

As Homer Simpson would sing "I am so smart, SMRT". Lol

Dave

From: David Lum [mailto:david@nwea.org]
Sent: Friday, November 11, 2011 11:56 AM
To: NT System Admin Issues
Subject: RE: Creating an .ADM file

You sir, are money! Thanks so much.

Once again I look brilliant! I typically use Notepad on this but apparently the 
source I used threw it off just enough.

From: Carl Houseman 
[mailto:c.house...@gmail.com]
Sent: Friday, November 11, 2011 8:30 AM
To: NT System Admin Issues
Subject: RE: Creating an .ADM file

Careful if cutting and pasting from the web, your double quotes may not be 
"real" double quotes.This is one of mine.  Notice the difference between 
the double quotes from mine compared to what you included in your mail message.

CLASS MACHINE
CATEGORY "System"
  CATEGORY "DLL Search Behavior"
EXPLAIN "LoadLibrary and LoadLibraryEx search path behavior."
POLICY "Global Search Path Behavior"
  KEYNAME "SYSTEM\CurrentControlSet\Control\Session Manager"
  EXPLAIN "Global LoadLibrary and LoadLibraryEx search path behavior."
  SUPPORTED "MSKB2264107 must be installed."
  PART "Search Policy" DROPDOWNLIST
VALUENAME CWDIllegalInDllSearch
  ITEMLIST
NAME "Legacy Behavior"VALUE NUMERIC 0 DEFAULT
NAME "Block WebDAV CWDs"  VALUE NUMERIC 1
NAME "Block WebDAV and UNC CWDs"  VALUE NUMERIC 2
NAME "No CWDs allowed"VALUE NUMERIC 4294967295
  END ITEMLIST
  END PART
END POLICY
  END CATEGORY
END CATEGORY

Carl

From: David Lum [mailto:david@nwea.org]
Sent: Friday, November 11, 2011 9:59 AM
To: NT System Admin Issues
Subject: Creating an .ADM file

Found an awesome article on rolling your own .ADM file
http://www.frickelsoft.net/blog/downloads/howto_admTemplates.pdf

However, I cannot figure out how to properly quote the "KEYNAME" field, and all 
the examples I find don't have a space in it
KEYNAME "SOFTWARE\JavaSoft\Java Update\Policy"

When I try and import this I get an "unexpected keyword'
Found: Update\policy
Expected; KEYNAME, CATEGORY, POLICY, END, EXPLAIN
David Lum
Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: "Authenticated Users" List

[Michael B. Smith]

I would look to see:

[1] how is her account configured in Outlook
[2] is she using POP/IMAP
[3] if so, is she specifying credentials
[4] if not, does the group have a list of valid senders attached to  it

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Mark Boeck [mailto:netadmin...@gmail.com]
Sent: Friday, November 11, 2011 3:36 PM
To: NT System Admin Issues
Subject: Re: "Authenticated Users" List

Michael and Andrew -

I have 1 user who, when she sends an email from her Outlook 2003 client to one 
group or another, she gets an NDR stating "can't be delivered" because she's 
not authenticated.  No one else has this issue.  Removing the "require 
authenticated sender" from the group on the Exchange 2010 sp 1 server "fixes" 
the problem.

Thanks, gents.
On Wed, Nov 9, 2011 at 3:11 PM, Mark Boeck 
mailto:netadmin...@gmail.com>> wrote:
Greets.

Other than using WHOAMI or GPRESULT against each user 1 at a time, how can I 
get a list of who is currently an "AUTHENTICATED USER" on my domain(s)?

TIA!


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: "Authenticated Users" List

[Mark Boeck]

Michael and Andrew -

I have 1 user who, when she sends an email from her Outlook 2003 client to
one group or another, she gets an NDR stating "can't be delivered" because
she's not authenticated.  No one else has this issue.  Removing the
"require authenticated sender" from the group on the Exchange 2010 sp 1
server "fixes" the problem.

Thanks, gents.

On Wed, Nov 9, 2011 at 3:11 PM, Mark Boeck  wrote:

> Greets.
>
> Other than using WHOAMI or GPRESULT against each user 1 at a time, how can
> I get a list of who is currently an "AUTHENTICATED USER" on my domain(s)?
>
> TIA!
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: iPhone user can still send emails after being disabled in AD

[Webster]

Hey, don't be messing with my tuba now! :)


Carl Webster (owner of a tuba mailing list and former pro tuba player)
Consultant and Citrix Technology Professional
http://www.CarlWebster.com


From: Damien Solodow [mailto:damien.solo...@harrison.edu]
Sent: Friday, November 11, 2011 1:46 PM
To: NT System Admin Issues
Subject: RE: iPhone user can still send emails after being disabled in AD

You can get a tuba and plate it..

DAMIEN SOLODOW
Systems Engineer
317.447.6033 (office)
317.447.6014 (fax)
HARRISON COLLEGE

From: Micheal Espinola Jr [mailto:michealespin...@gmail.com]
Sent: Friday, November 11, 2011 2:41 PM
To: NT System Admin Issues
Subject: Re: iPhone user can still send emails after being disabled in AD

I want a toilet made out of solid gold.

--
Espi

On Fri, Nov 11, 2011 at 11:34 AM, Damien Solodow 
mailto:damien.solo...@harrison.edu>> wrote:
You want a cmdlet extension agent.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Creating an .ADM file

[David Lum]

You sir, are money! Thanks so much.

Once again I look brilliant! I typically use Notepad on this but apparently the 
source I used threw it off just enough.

From: Carl Houseman [mailto:c.house...@gmail.com]
Sent: Friday, November 11, 2011 8:30 AM
To: NT System Admin Issues
Subject: RE: Creating an .ADM file

Careful if cutting and pasting from the web, your double quotes may not be 
"real" double quotes.This is one of mine.  Notice the difference between 
the double quotes from mine compared to what you included in your mail message.

CLASS MACHINE
CATEGORY "System"
  CATEGORY "DLL Search Behavior"
EXPLAIN "LoadLibrary and LoadLibraryEx search path behavior."
POLICY "Global Search Path Behavior"
  KEYNAME "SYSTEM\CurrentControlSet\Control\Session Manager"
  EXPLAIN "Global LoadLibrary and LoadLibraryEx search path behavior."
  SUPPORTED "MSKB2264107 must be installed."
  PART "Search Policy" DROPDOWNLIST
VALUENAME CWDIllegalInDllSearch
  ITEMLIST
NAME "Legacy Behavior"VALUE NUMERIC 0 DEFAULT
NAME "Block WebDAV CWDs"  VALUE NUMERIC 1
NAME "Block WebDAV and UNC CWDs"  VALUE NUMERIC 2
NAME "No CWDs allowed"VALUE NUMERIC 4294967295
  END ITEMLIST
  END PART
END POLICY
  END CATEGORY
END CATEGORY

Carl

From: David Lum [mailto:david@nwea.org]
Sent: Friday, November 11, 2011 9:59 AM
To: NT System Admin Issues
Subject: Creating an .ADM file

Found an awesome article on rolling your own .ADM file
http://www.frickelsoft.net/blog/downloads/howto_admTemplates.pdf

However, I cannot figure out how to properly quote the "KEYNAME" field, and all 
the examples I find don't have a space in it
KEYNAME "SOFTWARE\JavaSoft\Java Update\Policy"

When I try and import this I get an "unexpected keyword'
Found: Update\policy
Expected; KEYNAME, CATEGORY, POLICY, END, EXPLAIN
David Lum
Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Antivirus Recommendations?

[David Lum]

Definitely a YMMV. As stated in other AV threads, I run Vipre at two clients (7 
and 18 seats), Trend WorryFree at another (60 seats), and McAfee at %dayjob% 
(525 seats and counting). A year ago Vipre regularly ate Outlook.exe at one 
client

From: Joseph L. Casale [mailto:jcas...@activenetwerx.com]
Sent: Friday, November 11, 2011 8:11 AM
To: NT System Admin Issues
Subject: RE: Antivirus Recommendations?

Our Open Value gets us Forefront and we are reverting back when its convenient.

I'm typing this from my wkst that has SBAMsvc using 1.5 Gig?
I have trouble with false positives for files like svchost.exe, really?
I recently allowed vnc and yesterday it yanked it out of the recyclebin 
corrupting the bin and I lost everything in it? I thought I allowed it? It was 
running fine after I allowed it?
Their support has always been a problem for me the few times I have asked for 
help.
Their sales didn't seem to be organized what so ever.
The service crashes often on my vanilla 08r2 servers, I suspect this is 
typical, why else would a "recovery" service be needed (except if you don't 
know how to set recovery options for the service).

I don't know what to say, I have tried to like it, but I just don't think the 
quality is there.

Of course, ymmv...


From: David Lum [mailto:david@nwea.org]
Sent: Friday, November 11, 2011 8:51 AM
To: NT System Admin Issues
Subject: RE: Antivirus Recommendations?

I can tell you a former %nightjob% client went from Vipre (from when I managed 
them) to Security Essentials (new support shop) and they certainly get more 
malware than when they had Vipre.

It's not  because they're a former client as it's my wife's work so no "sour 
grapes" involved in my observation. My wife wishes they'd go back to Vipre...

Dave

From: Cameron 
[mailto:cameron.orl...@gmail.com]
Sent: Friday, November 11, 2011 7:14 AM
To: NT System Admin Issues
Subject: Re: Antivirus Recommendations?

I'm using Vipre here and like it. Centralized, easy management...ANDsupport 
is good! People that you can understand and are NOT reading from cue cards!
On Fri, Nov 11, 2011 at 9:26 AM, Jim Holmgren 
mailto:jholmg...@xlhealth.com>> wrote:
Still does require RPC - you also have to turn on Remote Registry service to 
deploy automagically on Win7 clients.  We built an SCCM package for client 
deployment rather than use the Sophos console.

On the positive side, it does an AWESOME job removing Symantec automatically.

Jim


Jim Holmgren
Director of Technology Infrastructure
XLHealth Corporation
The Warehouse at Camden Yards
351 West Camden Street, Suite 100
Baltimore, MD 21201
410.625.2200 (main)
443.524.8573 (direct)
443-506.2400 (cell)
www.xlhealth.com



From: Erik Goldoff [mailto:egold...@gmail.com]
Sent: Friday, November 11, 2011 9:18 AM

To: NT System Admin Issues
Subject: Re: Antivirus Recommendations?

don't know about now, but a few years back Sophos did depend on RPC for 
deployment from the console
On Fri, Nov 11, 2011 at 8:33 AM, Harry Singh 
mailto:hbo...@gmail.com>> wrote:

Looking at Sophos now and hope to migrate off SAV Q1 of next year. Not keen on 
delivering a/v over GPO, I'm hoping Sophos built-in delivery doesn't use SMB.


On Friday, November 11, 2011, Rod Trent 
mailto:rodtr...@myitforum.com>> wrote:
> Incidentally, Truesec has LMS which allows management of Forefront without 
> SCCM:
>
>
>
> http://lms.truesec.se/
>
>
>
> From: James Rankin 
> [mailto:kz2...@googlemail.com]
> Sent: Friday, November 11, 2011 8:06 AM
> To: NT System Admin Issues
> Subject: Re: Antivirus Recommendations?
>
>
>
> Oh right. That's a bit more slippery.
>
> On 11 November 2011 13:01, Michael B. Smith 
> mailto:mich...@smithcons.com>> wrote:
>
> No, you don't have to use SCCM to deploy, but SCCM provides the management of 
> it. if you install it managed, then you need SCCM (or my previously mentioned 
> third-party product). You can also install it unmanaged.
>
>
>
> Regards,
>
>
>
> Michael B. Smith
>
> Consultant and Exchange MVP
>
> http://theessentialexchange.com/
>
> 
>
> From: James Rankin [kz2...@googlemail.com]
>
> Sent: Friday, November 11, 2011 7:36 AM
>
> To: NT System Admin Issues
> Subject: Re: Antivirus Recommendations?
>
>
>
> SCCM to deploy it? Didn't realise that. Nasty.
>
>
>
> I'm still a fan of Vipre, and Trend's offering isn't too bad, although the 
> detection rates were not vastly impressive. I tend to look at things from a 
> XenApp/RDS point of view though so I may dismissing some products that would 
> be perfectly fine for you on a traditional fat client machine.
>
> On 11 November 2011 12:27, Paul Hutchings 
> mailto:paul.hutchi...@mira.co.uk>> wrote:
>
> We actually have Forefront licenses via an MS agreement, I just don't think I 
> want to try and get my teeth 

RE: iPhone user can still send emails after being disabled in AD

[Rod Trent]

Check your stocking.

 

From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] 
Sent: Friday, November 11, 2011 2:41 PM
To: NT System Admin Issues
Subject: Re: iPhone user can still send emails after being disabled in AD

 

I want a toilet made out of solid gold.

--
Espi

 

 





On Fri, Nov 11, 2011 at 11:34 AM, Damien Solodow
 wrote:

You want a cmdlet extension agent. 
-- 
Sent using BlackBerry 

 

From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] 
Sent: Friday, November 11, 2011 02:22 PM
To: NT System Admin Issues  

Subject: RE: iPhone user can still send emails after being disabled in AD 

 

What did you change so that a new mailbox is turned off by default? I ask
because 2010 is my next project and I would like to skin that cat.

 

From: Steven Peck [mailto:sep...@gmail.com] 
Sent: Friday, November 11, 2011 2:19 PM
To: NT System Admin Issues
Subject: Re: iPhone user can still send emails after being disabled in AD

 

We just reviewed the basic settings during the deployment and made changes
that were approrpriate fro our environment.  It wasn't that big a deal.

On Fri, Nov 11, 2011 at 10:59 AM, Mike Tavares 
wrote:

Its on by default in 2010 as well

 

From: Kennedy, Jim   

Sent: Friday, November 11, 2011 1:52 PM

To: NT System Admin Issues   

Subject: RE: iPhone user can still send emails after being disabled in AD

 

+1

 

Is it still turned on by default in 2010? If so that isn't a bug anymore,
that is negligence. Imnsho.

 

 

From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Friday, November 11, 2011 1:48 PM
To: NT System Admin Issues
Subject: Re: iPhone user can still send emails after being disabled in AD

 



the bug is that it's turned on by default, and requires effort to turn it
off.

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: iPhone user can still send emails after being disabled in AD

[Damien Solodow]

You can get a tuba and plate it..

DAMIEN SOLODOW
Systems Engineer
317.447.6033 (office)
317.447.6014 (fax)
HARRISON COLLEGE

From: Micheal Espinola Jr [mailto:michealespin...@gmail.com]
Sent: Friday, November 11, 2011 2:41 PM
To: NT System Admin Issues
Subject: Re: iPhone user can still send emails after being disabled in AD

I want a toilet made out of solid gold.

--
Espi




On Fri, Nov 11, 2011 at 11:34 AM, Damien Solodow 
mailto:damien.solo...@harrison.edu>> wrote:
You want a cmdlet extension agent.
--
Sent using BlackBerry


From: Kennedy, Jim 
[mailto:kennedy...@elyriaschools.org]
Sent: Friday, November 11, 2011 02:22 PM
To: NT System Admin Issues 
mailto:ntsysadmin@lyris.sunbelt-software.com>>
Subject: RE: iPhone user can still send emails after being disabled in AD

What did you change so that a new mailbox is turned off by default? I ask 
because 2010 is my next project and I would like to skin that cat.

From: Steven Peck [mailto:sep...@gmail.com]
Sent: Friday, November 11, 2011 2:19 PM
To: NT System Admin Issues
Subject: Re: iPhone user can still send emails after being disabled in AD

We just reviewed the basic settings during the deployment and made changes that 
were approrpriate fro our environment.  It wasn't that big a deal.
On Fri, Nov 11, 2011 at 10:59 AM, Mike Tavares 
mailto:miketava...@comcast.net>> wrote:
Its on by default in 2010 as well

From: Kennedy, Jim
Sent: Friday, November 11, 2011 1:52 PM
To: NT System Admin Issues
Subject: RE: iPhone user can still send emails after being disabled in AD

+1

Is it still turned on by default in 2010? If so that isn't a bug anymore, that 
is negligence. Imnsho.


From: Kurt Buff [mailto:kurt.b...@gmail.com]
Sent: Friday, November 11, 2011 1:48 PM
To: NT System Admin Issues
Subject: Re: iPhone user can still send emails after being disabled in AD



the bug is that it's turned on by default, and requires effort to turn it off.



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: iPhone user can still send emails after being disabled in AD

[Micheal Espinola Jr]

I want a toilet made out of solid gold.

--
Espi





On Fri, Nov 11, 2011 at 11:34 AM, Damien Solodow <
damien.solo...@harrison.edu> wrote:

>  You want a cmdlet extension agent.
> --
> Sent using BlackBerry
>
>
>  *From*: Kennedy, Jim [mailto:kennedy...@elyriaschools.org]
> *Sent*: Friday, November 11, 2011 02:22 PM
> *To*: NT System Admin Issues 
> *Subject*: RE: iPhone user can still send emails after being disabled in
> AD
>
>
> What did you change so that a new mailbox is turned off by default? I ask
> because 2010 is my next project and I would like to skin that cat.
>
> ** **
>
> *From:* Steven Peck [mailto:sep...@gmail.com]
> *Sent:* Friday, November 11, 2011 2:19 PM
> *To:* NT System Admin Issues
> *Subject:* Re: iPhone user can still send emails after being disabled in
> AD
>
> ** **
>
> We just reviewed the basic settings during the deployment and made changes
> that were approrpriate fro our environment.  It wasn't that big a deal.***
> *
>
> On Fri, Nov 11, 2011 at 10:59 AM, Mike Tavares 
> wrote:
>
> Its on by default in 2010 as well
>
>  
>
> *From:* Kennedy, Jim  
>
> *Sent:* Friday, November 11, 2011 1:52 PM
>
> *To:* NT System Admin Issues  
>
> *Subject:* RE: iPhone user can still send emails after being disabled in
> AD
>
>  
>
> +1
>
>  
>
> Is it still turned on by default in 2010? If so that isn’t a bug anymore,
> that is negligence. Imnsho.
>
>  
>
>  
>
> *From:* Kurt Buff [mailto:kurt.b...@gmail.com]
> *Sent:* Friday, November 11, 2011 1:48 PM
> *To:* NT System Admin Issues
> *Subject:* Re: iPhone user can still send emails after being disabled in
> AD
>
>  
>
>
>
> the bug is that it's turned on by default, and requires effort to turn it
> off.
>
>  
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ** **
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: iPhone user can still send emails after being disabled in AD

[Damien Solodow]

You want a cmdlet extension agent.
--
Sent using BlackBerry


From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org]
Sent: Friday, November 11, 2011 02:22 PM
To: NT System Admin Issues 
Subject: RE: iPhone user can still send emails after being disabled in AD

What did you change so that a new mailbox is turned off by default? I ask 
because 2010 is my next project and I would like to skin that cat.

From: Steven Peck [mailto:sep...@gmail.com]
Sent: Friday, November 11, 2011 2:19 PM
To: NT System Admin Issues
Subject: Re: iPhone user can still send emails after being disabled in AD

We just reviewed the basic settings during the deployment and made changes that 
were approrpriate fro our environment.  It wasn't that big a deal.
On Fri, Nov 11, 2011 at 10:59 AM, Mike Tavares 
mailto:miketava...@comcast.net>> wrote:
Its on by default in 2010 as well

From: Kennedy, Jim
Sent: Friday, November 11, 2011 1:52 PM
To: NT System Admin Issues
Subject: RE: iPhone user can still send emails after being disabled in AD

+1

Is it still turned on by default in 2010? If so that isn’t a bug anymore, that 
is negligence. Imnsho.


From: Kurt Buff [mailto:kurt.b...@gmail.com]
Sent: Friday, November 11, 2011 1:48 PM
To: NT System Admin Issues
Subject: Re: iPhone user can still send emails after being disabled in AD



the bug is that it's turned on by default, and requires effort to turn it off.



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: iPhone user can still send emails after being disabled in AD

[Kennedy, Jim]

What did you change so that a new mailbox is turned off by default? I ask 
because 2010 is my next project and I would like to skin that cat.

From: Steven Peck [mailto:sep...@gmail.com]
Sent: Friday, November 11, 2011 2:19 PM
To: NT System Admin Issues
Subject: Re: iPhone user can still send emails after being disabled in AD

We just reviewed the basic settings during the deployment and made changes that 
were approrpriate fro our environment.  It wasn't that big a deal.
On Fri, Nov 11, 2011 at 10:59 AM, Mike Tavares 
mailto:miketava...@comcast.net>> wrote:
Its on by default in 2010 as well

From: Kennedy, Jim
Sent: Friday, November 11, 2011 1:52 PM
To: NT System Admin Issues
Subject: RE: iPhone user can still send emails after being disabled in AD

+1

Is it still turned on by default in 2010? If so that isn't a bug anymore, that 
is negligence. Imnsho.


From: Kurt Buff [mailto:kurt.b...@gmail.com]
Sent: Friday, November 11, 2011 1:48 PM
To: NT System Admin Issues
Subject: Re: iPhone user can still send emails after being disabled in AD



the bug is that it's turned on by default, and requires effort to turn it off.



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: iPhone user can still send emails after being disabled in AD

[Steven Peck]

We just reviewed the basic settings during the deployment and made changes
that were approrpriate fro our environment.  It wasn't that big a deal.

On Fri, Nov 11, 2011 at 10:59 AM, Mike Tavares wrote:

>   Its on by default in 2010 as well
>
>  *From:* Kennedy, Jim 
> *Sent:* Friday, November 11, 2011 1:52 PM
> *To:* NT System Admin Issues 
> *Subject:* RE: iPhone user can still send emails after being disabled in
> AD
>
>
> +1
>
> 
>
> Is it still turned on by default in 2010? If so that isn’t a bug anymore,
> that is negligence. Imnsho.
>
> 
>
> 
>
> *From:* Kurt Buff [mailto:kurt.b...@gmail.com]
> *Sent:* Friday, November 11, 2011 1:48 PM
> *To:* NT System Admin Issues
> *Subject:* Re: iPhone user can still send emails after being disabled in
> AD
>
> 
>
>
>
> the bug is that it's turned on by default, and requires effort to turn it
> off.
>
> 
>
> 
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: iPhone user can still send emails after being disabled in AD

[Mike Tavares]

Its on by default in 2010 as well

From: Kennedy, Jim 
Sent: Friday, November 11, 2011 1:52 PM
To: NT System Admin Issues 
Subject: RE: iPhone user can still send emails after being disabled in AD

+1

 

Is it still turned on by default in 2010? If so that isn’t a bug anymore, that 
is negligence. Imnsho.

 

 

From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Friday, November 11, 2011 1:48 PM
To: NT System Admin Issues
Subject: Re: iPhone user can still send emails after being disabled in AD

 



the bug is that it's turned on by default, and requires effort to turn it off.



 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Creating an .ADM file

[Micheal Espinola Jr]

Aye - make certain you use a plain-text capable/converting text editor or
remember to save-as accordingly.

--
Espi





On Fri, Nov 11, 2011 at 8:30 AM, Carl Houseman  wrote:

> Careful if cutting and pasting from the web, your double quotes may not be
> “real” double quotes.This is one of mine.  Notice the difference
> between the double quotes from mine compared to what you included in your
> mail message.
>
> ** **
>
> CLASS MACHINE
>
> CATEGORY "System"
>
>   CATEGORY "DLL Search Behavior"
>
> EXPLAIN "LoadLibrary and LoadLibraryEx search path behavior."
>
> POLICY "Global Search Path Behavior"
>
>   KEYNAME "SYSTEM\CurrentControlSet\Control\Session Manager"
>
>   EXPLAIN "Global LoadLibrary and LoadLibraryEx search path behavior."
> 
>
>   SUPPORTED "MSKB2264107 must be installed."
>
>   PART "Search Policy" DROPDOWNLIST
>
> VALUENAME CWDIllegalInDllSearch
>
>   ITEMLIST
>
> NAME "Legacy Behavior"VALUE NUMERIC 0 DEFAULT
>
> NAME "Block WebDAV CWDs"  VALUE NUMERIC 1
>
> NAME "Block WebDAV and UNC CWDs"  VALUE NUMERIC 2
>
> NAME "No CWDs allowed"VALUE NUMERIC 4294967295
>
>   END ITEMLIST
>
>   END PART
>
> END POLICY
>
>   END CATEGORY
>
> END CATEGORY
>
> ** **
>
> Carl
>
> ** **
>
> *From:* David Lum [mailto:david@nwea.org]
> *Sent:* Friday, November 11, 2011 9:59 AM
> *To:* NT System Admin Issues
> *Subject:* Creating an .ADM file
>
> ** **
>
> Found an awesome article on rolling your own .ADM file
> http://www.frickelsoft.net/blog/downloads/howto_admTemplates.pdf
>
> ** **
>
> However, I cannot figure out how to properly quote the “KEYNAME” field,
> and all the examples I find don’t have a space in it
>
> KEYNAME “SOFTWARE\JavaSoft\Java Update\Policy” 
>
> ** **
>
> When I try and import this I get an “unexpected keyword’
>
> Found: Update\policy
> Expected; KEYNAME, CATEGORY, POLICY, END, EXPLAIN
>
> *David Lum*
> Systems Engineer // NWEATM
> Office 503.548.5229 //* *Cell (voice/text) 503.267.9764
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: iPhone user can still send emails after being disabled in AD

[Kurt Buff]

As funny and appropriate as this is, I thought a bit more about it, and had
a second thought...

If it were not the default that these services were turned on, this
wouldn't be such an issue. Then it would be the case that specific effort
would be needed to enable the facility for authorized users.

The bug isn't that remote wipe is possible, the bug is that it's turned on
by default, and requires effort to turn it off.

%s/bug/design flaw/g

Kurt

On Fri, Nov 11, 2011 at 08:46, Steven Peck  wrote:

> I first encountered the second post, then read why it was written.
>
>
> http://code.technically.us/post/1109586140/exchange-remote-wipe-is-a-terrible-terrible-bug
> http://www.bynkii.com/archives/2010/09/shut_the_fuck_up_part_mcmx.html
>
> Although old, it is funny.  Note, there is a little bit of curse words in
> the posts.
>
> On Fri, Nov 11, 2011 at 7:28 AM, Senter, John wrote:
>
>>  But it was attached to the corporate network so not erasing it also has
>> liability.  What if this guy sends out a e-mail from the company telling
>> customers to stop using the company?  We tell our users on the frontend
>> that if they want to use their device to attach to corporate e-mail, then
>> we will send a erase on termination.  They know that is coming so if they
>> remove the Exchange setup before we send it then they are good and so are
>> we since the e-mail has been removed.
>>
>> ** **
>>
>> *From:* Michael B. Smith [mailto:mich...@smithcons.com]
>> *Sent:* Friday, November 11, 2011 8:18 AM
>> *To:* NT System Admin Issues
>> *Subject:* RE: iPhone user can still send emails after being disabled in
>> AD
>>
>> ** **
>>
>> 'Cuz erase means *erase everything?* If it's a user's personal device
>> there is liability attached.
>>
>>  
>>
>> Regards,
>>
>>  
>>
>> Michael B. Smith
>>
>> Consultant and Exchange MVP
>>
>> http://theessentialexchange.com/
>>--
>>
>> *From:* Senter, John [john.sen...@etrade.com]
>> *Sent:* Friday, November 11, 2011 8:09 AM
>> *To:* NT System Admin Issues
>> *Subject:* RE: iPhone user can still send emails after being disabled in
>> AD
>>
>> Why would you not just send a erase command to the device?  If they are
>> still connecting in it will take and bam no more exchange.
>>
>>  
>>
>> *From:* Ben N [mailto:bennordlan...@gmail.com]
>> *Sent:* Thursday, November 10, 2011 11:53 PM
>> *To:* NT System Admin Issues
>> *Subject:* Re: iPhone user can still send emails after being disabled in
>> AD
>>
>>  
>>
>> yes this is exactly what we'll be doing on sudden terminations, we were
>> playing with these settings and how fast they kicked on. (after the fact)
>> 
>>
>> On Thu, Nov 10, 2011 at 4:37 PM, Donovan Oliver  wrote:
>> 
>>
>> Consider disabling all features (Mailbox Features tab) via Exchange
>> Management Console for the user object.  
>>
>> 
>>
>> This should sever any existing/ongoing sessions.
>>
>>  
>>
>> - Donovan
>>
>>  
>>
>> *From:* Ben N [mailto:bennordlan...@gmail.com]
>> *Sent:* Tuesday, November 08, 2011 5:33 PM
>> *To:* NT System Admin Issues
>> *Subject:* iPhone user can still send emails after being disabled in AD**
>> **
>>
>>  
>>
>> You guys have this issue ever come up? I think this user was disabled in
>> AD at about 4pm, and the last email we got from the user's phone was around
>> 8am the next morning. iPhone setup with EAS and we have Exchange 2007.***
>> *
>>
>>  
>>
>> Could it be due to user token caching like from this forum post?
>>
>>
>> http://social.technet.microsoft.com/Forums/en-US/exchangesvrclients/thread/3da53460-ef76-4f01-94c9-f7b96fdaf99d
>> 
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>>
>>
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>>  
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>>  
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-

Re: iPhone user can still send emails after being disabled in AD

[Kurt Buff]

LOL!

Love it...

Poor Nathan deserves the abuse...

Kurt

On Fri, Nov 11, 2011 at 08:46, Steven Peck  wrote:

> I first encountered the second post, then read why it was written.
>
>
> http://code.technically.us/post/1109586140/exchange-remote-wipe-is-a-terrible-terrible-bug
> http://www.bynkii.com/archives/2010/09/shut_the_fuck_up_part_mcmx.html
>
> Although old, it is funny.  Note, there is a little bit of curse words in
> the posts.
>
> On Fri, Nov 11, 2011 at 7:28 AM, Senter, John wrote:
>
>>  But it was attached to the corporate network so not erasing it also has
>> liability.  What if this guy sends out a e-mail from the company telling
>> customers to stop using the company?  We tell our users on the frontend
>> that if they want to use their device to attach to corporate e-mail, then
>> we will send a erase on termination.  They know that is coming so if they
>> remove the Exchange setup before we send it then they are good and so are
>> we since the e-mail has been removed.
>>
>> ** **
>>
>> *From:* Michael B. Smith [mailto:mich...@smithcons.com]
>> *Sent:* Friday, November 11, 2011 8:18 AM
>> *To:* NT System Admin Issues
>> *Subject:* RE: iPhone user can still send emails after being disabled in
>> AD
>>
>> ** **
>>
>> 'Cuz erase means *erase everything?* If it's a user's personal device
>> there is liability attached.
>>
>>  
>>
>> Regards,
>>
>>  
>>
>> Michael B. Smith
>>
>> Consultant and Exchange MVP
>>
>> http://theessentialexchange.com/
>>--
>>
>> *From:* Senter, John [john.sen...@etrade.com]
>> *Sent:* Friday, November 11, 2011 8:09 AM
>> *To:* NT System Admin Issues
>> *Subject:* RE: iPhone user can still send emails after being disabled in
>> AD
>>
>> Why would you not just send a erase command to the device?  If they are
>> still connecting in it will take and bam no more exchange.
>>
>>  
>>
>> *From:* Ben N [mailto:bennordlan...@gmail.com]
>> *Sent:* Thursday, November 10, 2011 11:53 PM
>> *To:* NT System Admin Issues
>> *Subject:* Re: iPhone user can still send emails after being disabled in
>> AD
>>
>>  
>>
>> yes this is exactly what we'll be doing on sudden terminations, we were
>> playing with these settings and how fast they kicked on. (after the fact)
>> 
>>
>> On Thu, Nov 10, 2011 at 4:37 PM, Donovan Oliver  wrote:
>> 
>>
>> Consider disabling all features (Mailbox Features tab) via Exchange
>> Management Console for the user object.  
>>
>> 
>>
>> This should sever any existing/ongoing sessions.
>>
>>  
>>
>> - Donovan
>>
>>  
>>
>> *From:* Ben N [mailto:bennordlan...@gmail.com]
>> *Sent:* Tuesday, November 08, 2011 5:33 PM
>> *To:* NT System Admin Issues
>> *Subject:* iPhone user can still send emails after being disabled in AD**
>> **
>>
>>  
>>
>> You guys have this issue ever come up? I think this user was disabled in
>> AD at about 4pm, and the last email we got from the user's phone was around
>> 8am the next morning. iPhone setup with EAS and we have Exchange 2007.***
>> *
>>
>>  
>>
>> Could it be due to user token caching like from this forum post?
>>
>>
>> http://social.technet.microsoft.com/Forums/en-US/exchangesvrclients/thread/3da53460-ef76-4f01-94c9-f7b96fdaf99d
>> 
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>>
>>
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>>  
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>>  
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an em

RE: Antivirus Recommendations?

[Tim Vander Kooi]

We are about to move to Kaspersky from Forefront. Kaspersky has come out with a 
management console that is the best I have ever seen and the cost is very 
reasonable. The management of Forefront has always been its weakness and the 
far superior reporting with Kaspersky is worth the added cost to us. Granted we 
are still using FCS not FEP since we use SCE for management not SCCM so 
Microsoft basically kicked us to the curb and told us they might come back 
around and care about us again in 2 to 3 years. :)
As a bigger shop SCCM might be worth your time and effort though.
Tim

From: Ray [mailto:rz...@qwest.net]
Sent: Friday, November 11, 2011 7:51 AM
To: NT System Admin Issues
Subject: RE: Antivirus Recommendations?

We dumped McAfee for Sophos.  At the time, we evaluated several, including 
Kapersky and Vipre.   At the time we thought Sophos had the better management 
console, but I was a bit concerned about their support.   Their best people 
seemed to be the pre-installation people, not the on-going support people.

We were most impressed with Kaspersky's support at the time, and Sophos was 
definitely more money.  I think Sophos does an ok job on effectiveness, but 
apparently our team that administers it put it in a "set it and forget" mode, 
and let things get out of date.

But that was 2+ years ago so many things have probably changed.

From: James Rankin 
[mailto:kz2...@googlemail.com]
Sent: Friday, November 11, 2011 5:36 AM
To: NT System Admin Issues
Subject: Re: Antivirus Recommendations?

SCCM to deploy it? Didn't realise that. Nasty.

I'm still a fan of Vipre, and Trend's offering isn't too bad, although the 
detection rates were not vastly impressive. I tend to look at things from a 
XenApp/RDS point of view though so I may dismissing some products that would be 
perfectly fine for you on a traditional fat client machine.
On 11 November 2011 12:27, Paul Hutchings 
mailto:paul.hutchi...@mira.co.uk>> wrote:
We actually have Forefront licenses via an MS agreement, I just don't think I 
want to try and get my teeth into SCCM right now just to administer it (I 
appreciate that SCCM does all manner of things but YKWIM, it's a bit of a 
monster).

We do all the defence in depth stuff regards perimiter scanning, URL blocking 
etc.
From: James Rankin [mailto:kz2...@googlemail.com]
Sent: 11 November 2011 12:20
To: NT System Admin Issues
Subject: Re: Antivirus Recommendations?

I haven't dealt much with AV over the last year, but I liked Vipre Enterprise 
last time I did. However we did move from Symantec so anything would probably 
have been a vast improvement.

I notice a lot of people are fans of the MS offerings now (Forefront, Security 
Essentials, etc, don't know the exact current brand names). Truth be known is 
that no AV can provide 100% coverage, and the ones that provide advanced 
heuristic detection are usually the ones with the bigger footprints. I'm 
personally a fan of coupling up your reactive AV with something like AppLocker 
from MS, if you're an AD shop, and obviously some good event log monitoring 
procedures. Defense-in-depth is usually the only way to stay fairly safe.

YMMV, etc.
On 11 November 2011 12:11, Paul Hutchings 
mailto:paul.hutchi...@mira.co.uk>> wrote:
Our Avira Antivir license is up for renewal in a couple of months.  Whilst 
we've had no significant issues, I want to look at a couple of other options so 
that even if we stay with Avira it's for the right technical reasons.

We have around 550 PC's, a mix of Windows XP, Windows Vista, Windows 7, 
predominantly 32bit with some x64.

I'd be looking for a mixture of good centralised management (this almost always 
seems to rule out many vendors) combined with low client footprint - and 
something that is totally "hands off" from the end user perspective and that 
"just works".

Suggestions?

Thanks,
Paul

MIRA Ltd

Watling Street, Nuneaton, Warwickshire, CV10 0TU, England
Registered in England and Wales No. 402570
VAT Registration  GB 100 1464 84

The contents of this e-mail are confidential and are solely for the use of the 
intended recipient.  If you receive this e-mail in error, please delete it and 
notify us either by e-mail, telephone or fax.  You should not copy, forward or 
otherwise disclose the content of the e-mail as this is prohibited.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



--
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the 
machine wrong figures, will the right answers come out?' I am not able rightly 
to apprehend the kind of confusion of ideas that c

RE: Antivirus Recommendations?

[Jim Holmgren]

We put together an SCCM package for deployment which worked like a charm.  I 
can't really speak much to using the console, although I did deploy it manually 
to several (somewhere between 50-100) of our servers without much effort.

I do admit that the inability to do a quick search for a particular machine is 
something I would really like to have changed.  Right now I choose the "all 
machines" view and sort by hostname.

Jim

From: pdw1...@hotmail.com [mailto:pdw1...@hotmail.com]
Sent: Friday, November 11, 2011 12:10 PM
To: NT System Admin Issues
Subject: RE: Antivirus Recommendations?

We also went with Sophos a couple of years back.  I agree with what Jim says 
except for easy deployment.  I find it to be bit of a pain.  Others may have 
the same issue because I was talking to the Sophos salesman this morning and he 
said version 10 coming out next month has a much better deployment scheme.

Note to Jim:  I can't just type in a server or pc name like I did with Vipre, I 
have to search by IP or search by domain, it brings up duplicate names in the 
Unmanaged computers window.  And, what's worse, the many of the computers in 
that window already have a\v on them.

From: jholmg...@xlhealth.com
To: 
ntsysadmin@lyris.sunbelt-software.com
Subject: RE: Antivirus Recommendations?
Date: Fri, 11 Nov 2011 12:46:06 +
We went through this exercise about a 14 months ago.  We chose Sophos.   I have 
not regretted it one bit.  Easy to deploy, centrally managed, relatively small 
footprint...and best of all - it actually WORKS.

Jim

Jim Holmgren
Director of Technology Infrastructure
XLHealth Corporation
The Warehouse at Camden Yards
351 West Camden Street, Suite 100
Baltimore, MD 21201
410.625.2200 (main)
443.524.8573 (direct)
443-506.2400 (cell)
www.xlhealth.com



itente, y destruye cualquier copia existente del mensaje original.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use 
of the intended recipient(s) and may contain confidential and/or protected 
health information. Under the Federal Law (HIPAA), the intended recipient is 
obligated to keep this information secure and confidential. Any disclosure to 
third parties without authorization from the affiliate or as permitted by law 
is prohibited and punishable under Federal Law. If you are not the intended 
recipient, please contact the sender by reply e-mail and destroy all copies of 
the original message.

NOTA DE CONFIDENCIALIDAD: Este facsímile, incluyendo lo adjunto, es para el uso 
exclusivo del destinatario(s) y puede contener información confidencial y/o 
información protegida de salud. En virtud de la Ley Federal (HIPAA), el 
destinatario tiene la obligación de mantener esta información segura y 
confidencial. Cualquier divulgación a terceros sin la autorización de los 
miembros de lo permitido por la ley está prohibido y penado en virtud de la Ley 
Federal. Si usted no es el destinatario, por favor, póngase en contacto con el 
remitente por teléfono y destruir todas las copias del mensaje original
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Antivirus Recommendations?

[pdw1914]

We also went with Sophos a couple of years back.  I agree with what Jim says 
except for easy deployment.  I find it to be bit of a pain.  Others may have 
the same issue because I was talking to the Sophos salesman this morning and he 
said version 10 coming out next month has a much better deployment scheme.

Note to Jim:  I can't just type in a server or pc name like I did with Vipre, I 
have to search by IP or search by domain, it brings up duplicate names in the 
Unmanaged computers window.  And, what's worse, the many of the computers in 
that window already have a\v on them.  

From: jholmg...@xlhealth.com
To: ntsysadmin@lyris.sunbelt-software.com
Subject: RE: Antivirus Recommendations?
Date: Fri, 11 Nov 2011 12:46:06 +











We went through this exercise about a 14 months ago.  We chose Sophos.   I have 
not regretted it one bit.  Easy to deploy, centrally managed, relatively small
 footprint…and best of all - it actually WORKS.
 
Jim
 
Jim Holmgren
Director of Technology Infrastructure
XLHealth Corporation
The Warehouse at Camden Yards
351 West Camden Street, Suite 100
Baltimore, MD 21201

410.625.2200 (main)
443.524.8573 (direct)
443-506.2400 (cell)
www.xlhealth.com
 
 
 itente, y destruye cualquier copia existente del mensaje original. 
  
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: iPhone user can still send emails after being disabled in AD

[Michael B. Smith]

If you have policies - written and communicated - then that's great.



Too many companies do not.



Regards,

Michael B. Smith
Consultant and Exchange MVP
http://theessentialexchange.com/

From: Senter, John [john.sen...@etrade.com]
Sent: Friday, November 11, 2011 10:28 AM
To: NT System Admin Issues
Subject: RE: iPhone user can still send emails after being disabled in AD

But it was attached to the corporate network so not erasing it also has 
liability.  What if this guy sends out a e-mail from the company telling 
customers to stop using the company?  We tell our users on the frontend that if 
they want to use their device to attach to corporate e-mail, then we will send 
a erase on termination.  They know that is coming so if they remove the 
Exchange setup before we send it then they are good and so are we since the 
e-mail has been removed.

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Friday, November 11, 2011 8:18 AM
To: NT System Admin Issues
Subject: RE: iPhone user can still send emails after being disabled in AD


'Cuz erase means erase everything? If it's a user's personal device there is 
liability attached.


Regards,

Michael B. Smith
Consultant and Exchange MVP
http://theessentialexchange.com/

From: Senter, John [john.sen...@etrade.com]
Sent: Friday, November 11, 2011 8:09 AM
To: NT System Admin Issues
Subject: RE: iPhone user can still send emails after being disabled in AD
Why would you not just send a erase command to the device?  If they are still 
connecting in it will take and bam no more exchange.

From: Ben N 
[mailto:bennordlan...@gmail.com]
Sent: Thursday, November 10, 2011 11:53 PM
To: NT System Admin Issues
Subject: Re: iPhone user can still send emails after being disabled in AD

yes this is exactly what we'll be doing on sudden terminations, we were playing 
with these settings and how fast they kicked on. (after the fact)
On Thu, Nov 10, 2011 at 4:37 PM, Donovan Oliver 
mailto:oliv...@ohsu.edu>> wrote:
Consider disabling all features (Mailbox Features tab) via Exchange Management 
Console for the user object.
[cid:image001.png@01CCA05C.977DA110]
This should sever any existing/ongoing sessions.

- Donovan

From: Ben N [mailto:bennordlan...@gmail.com]
Sent: Tuesday, November 08, 2011 5:33 PM
To: NT System Admin Issues
Subject: iPhone user can still send emails after being disabled in AD

You guys have this issue ever come up? I think this user was disabled in AD at 
about 4pm, and the last email we got from the user's phone was around 8am the 
next morning. iPhone setup with EAS and we have Exchange 2007.

Could it be due to user token caching like from this forum post?
http://social.technet.microsoft.com/Forums/en-US/exchangesvrclients/thread/3da53460-ef76-4f01-94c9-f7b96fdaf99d

~ Finally, powerful endpoint security that ISN'T a resource hog! ~

~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email 

Re: iPhone user can still send emails after being disabled in AD

[Steven Peck]

I first encountered the second post, then read why it was written.

http://code.technically.us/post/1109586140/exchange-remote-wipe-is-a-terrible-terrible-bug
http://www.bynkii.com/archives/2010/09/shut_the_fuck_up_part_mcmx.html

Although old, it is funny.  Note, there is a little bit of curse words in
the posts.

On Fri, Nov 11, 2011 at 7:28 AM, Senter, John wrote:

>  But it was attached to the corporate network so not erasing it also has
> liability.  What if this guy sends out a e-mail from the company telling
> customers to stop using the company?  We tell our users on the frontend
> that if they want to use their device to attach to corporate e-mail, then
> we will send a erase on termination.  They know that is coming so if they
> remove the Exchange setup before we send it then they are good and so are
> we since the e-mail has been removed.
>
> ** **
>
> *From:* Michael B. Smith [mailto:mich...@smithcons.com]
> *Sent:* Friday, November 11, 2011 8:18 AM
> *To:* NT System Admin Issues
> *Subject:* RE: iPhone user can still send emails after being disabled in
> AD
>
> ** **
>
> 'Cuz erase means *erase everything?* If it's a user's personal device
> there is liability attached.
>
>  
>
> Regards,
>
>  
>
> Michael B. Smith
>
> Consultant and Exchange MVP
>
> http://theessentialexchange.com/
>--
>
> *From:* Senter, John [john.sen...@etrade.com]
> *Sent:* Friday, November 11, 2011 8:09 AM
> *To:* NT System Admin Issues
> *Subject:* RE: iPhone user can still send emails after being disabled in
> AD
>
> Why would you not just send a erase command to the device?  If they are
> still connecting in it will take and bam no more exchange.
>
>  
>
> *From:* Ben N [mailto:bennordlan...@gmail.com]
> *Sent:* Thursday, November 10, 2011 11:53 PM
> *To:* NT System Admin Issues
> *Subject:* Re: iPhone user can still send emails after being disabled in
> AD
>
>  
>
> yes this is exactly what we'll be doing on sudden terminations, we were
> playing with these settings and how fast they kicked on. (after the fact)*
> ***
>
> On Thu, Nov 10, 2011 at 4:37 PM, Donovan Oliver  wrote:*
> ***
>
> Consider disabling all features (Mailbox Features tab) via Exchange
> Management Console for the user object.  
>
> 
>
> This should sever any existing/ongoing sessions.
>
>  
>
> - Donovan
>
>  
>
> *From:* Ben N [mailto:bennordlan...@gmail.com]
> *Sent:* Tuesday, November 08, 2011 5:33 PM
> *To:* NT System Admin Issues
> *Subject:* iPhone user can still send emails after being disabled in AD***
> *
>
>  
>
> You guys have this issue ever come up? I think this user was disabled in
> AD at about 4pm, and the last email we got from the user's phone was around
> 8am the next morning. iPhone setup with EAS and we have Exchange 2007.
>
>  
>
> Could it be due to user token caching like from this forum post?
>
>
> http://social.technet.microsoft.com/Forums/en-US/exchangesvrclients/thread/3da53460-ef76-4f01-94c9-f7b96fdaf99d
> 
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>
>
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>  
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>  
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> 

RE: Creating an .ADM file

[Carl Houseman]

Careful if cutting and pasting from the web, your double quotes may not be
"real" double quotes.This is one of mine.  Notice the difference between
the double quotes from mine compared to what you included in your mail
message.

 

CLASS MACHINE

CATEGORY "System"

  CATEGORY "DLL Search Behavior"

EXPLAIN "LoadLibrary and LoadLibraryEx search path behavior."

POLICY "Global Search Path Behavior"

  KEYNAME "SYSTEM\CurrentControlSet\Control\Session Manager"

  EXPLAIN "Global LoadLibrary and LoadLibraryEx search path behavior."

  SUPPORTED "MSKB2264107 must be installed."

  PART "Search Policy" DROPDOWNLIST

VALUENAME CWDIllegalInDllSearch

  ITEMLIST

NAME "Legacy Behavior"VALUE NUMERIC 0 DEFAULT

NAME "Block WebDAV CWDs"  VALUE NUMERIC 1

NAME "Block WebDAV and UNC CWDs"  VALUE NUMERIC 2

NAME "No CWDs allowed"VALUE NUMERIC 4294967295

  END ITEMLIST

  END PART

END POLICY

  END CATEGORY

END CATEGORY

 

Carl

 

From: David Lum [mailto:david@nwea.org] 
Sent: Friday, November 11, 2011 9:59 AM
To: NT System Admin Issues
Subject: Creating an .ADM file

 

Found an awesome article on rolling your own .ADM file
http://www.frickelsoft.net/blog/downloads/howto_admTemplates.pdf

 

However, I cannot figure out how to properly quote the "KEYNAME" field, and
all the examples I find don't have a space in it

KEYNAME "SOFTWARE\JavaSoft\Java Update\Policy" 

 

When I try and import this I get an "unexpected keyword'

Found: Update\policy
Expected; KEYNAME, CATEGORY, POLICY, END, EXPLAIN

David Lum 
Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Antivirus Recommendations?

[Joseph L. Casale]

Our Open Value gets us Forefront and we are reverting back when its convenient.

I'm typing this from my wkst that has SBAMsvc using 1.5 Gig?
I have trouble with false positives for files like svchost.exe, really?
I recently allowed vnc and yesterday it yanked it out of the recyclebin 
corrupting the bin and I lost everything in it? I thought I allowed it? It was 
running fine after I allowed it?
Their support has always been a problem for me the few times I have asked for 
help.
Their sales didn't seem to be organized what so ever.
The service crashes often on my vanilla 08r2 servers, I suspect this is 
typical, why else would a "recovery" service be needed (except if you don't 
know how to set recovery options for the service).

I don't know what to say, I have tried to like it, but I just don't think the 
quality is there.

Of course, ymmv...


From: David Lum [mailto:david@nwea.org]
Sent: Friday, November 11, 2011 8:51 AM
To: NT System Admin Issues
Subject: RE: Antivirus Recommendations?

I can tell you a former %nightjob% client went from Vipre (from when I managed 
them) to Security Essentials (new support shop) and they certainly get more 
malware than when they had Vipre.

It's not  because they're a former client as it's my wife's work so no "sour 
grapes" involved in my observation. My wife wishes they'd go back to Vipre...

Dave

From: Cameron 
[mailto:cameron.orl...@gmail.com]
Sent: Friday, November 11, 2011 7:14 AM
To: NT System Admin Issues
Subject: Re: Antivirus Recommendations?

I'm using Vipre here and like it. Centralized, easy management...ANDsupport 
is good! People that you can understand and are NOT reading from cue cards!
On Fri, Nov 11, 2011 at 9:26 AM, Jim Holmgren 
mailto:jholmg...@xlhealth.com>> wrote:
Still does require RPC - you also have to turn on Remote Registry service to 
deploy automagically on Win7 clients.  We built an SCCM package for client 
deployment rather than use the Sophos console.

On the positive side, it does an AWESOME job removing Symantec automatically.

Jim


Jim Holmgren
Director of Technology Infrastructure
XLHealth Corporation
The Warehouse at Camden Yards
351 West Camden Street, Suite 100
Baltimore, MD 21201
410.625.2200 (main)
443.524.8573 (direct)
443-506.2400 (cell)
www.xlhealth.com



From: Erik Goldoff [mailto:egold...@gmail.com]
Sent: Friday, November 11, 2011 9:18 AM

To: NT System Admin Issues
Subject: Re: Antivirus Recommendations?

don't know about now, but a few years back Sophos did depend on RPC for 
deployment from the console
On Fri, Nov 11, 2011 at 8:33 AM, Harry Singh 
mailto:hbo...@gmail.com>> wrote:

Looking at Sophos now and hope to migrate off SAV Q1 of next year. Not keen on 
delivering a/v over GPO, I'm hoping Sophos built-in delivery doesn't use SMB.


On Friday, November 11, 2011, Rod Trent 
mailto:rodtr...@myitforum.com>> wrote:
> Incidentally, Truesec has LMS which allows management of Forefront without 
> SCCM:
>
>
>
> http://lms.truesec.se/
>
>
>
> From: James Rankin 
> [mailto:kz2...@googlemail.com]
> Sent: Friday, November 11, 2011 8:06 AM
> To: NT System Admin Issues
> Subject: Re: Antivirus Recommendations?
>
>
>
> Oh right. That's a bit more slippery.
>
> On 11 November 2011 13:01, Michael B. Smith 
> mailto:mich...@smithcons.com>> wrote:
>
> No, you don't have to use SCCM to deploy, but SCCM provides the management of 
> it. if you install it managed, then you need SCCM (or my previously mentioned 
> third-party product). You can also install it unmanaged.
>
>
>
> Regards,
>
>
>
> Michael B. Smith
>
> Consultant and Exchange MVP
>
> http://theessentialexchange.com/
>
> 
>
> From: James Rankin [kz2...@googlemail.com]
>
> Sent: Friday, November 11, 2011 7:36 AM
>
> To: NT System Admin Issues
> Subject: Re: Antivirus Recommendations?
>
>
>
> SCCM to deploy it? Didn't realise that. Nasty.
>
>
>
> I'm still a fan of Vipre, and Trend's offering isn't too bad, although the 
> detection rates were not vastly impressive. I tend to look at things from a 
> XenApp/RDS point of view though so I may dismissing some products that would 
> be perfectly fine for you on a traditional fat client machine.
>
> On 11 November 2011 12:27, Paul Hutchings 
> mailto:paul.hutchi...@mira.co.uk>> wrote:
>
> We actually have Forefront licenses via an MS agreement, I just don't think I 
> want to try and get my teeth into SCCM right now just to administer it (I 
> appreciate that SCCM does all manner of things but YKWIM, it's a bit of a 
> monster).
>
>
>
> We do all the defence in depth stuff regards perimiter scanning, URL blocking 
> etc.
>
> From: James Rankin 
> [mailto:kz2...@googlemail.com]
> Sent: 11 November 2011 12:20
> To: NT System Admin Issues
> Subject: Re: Antivirus Recommendations?
>
>
>
> I haven't dealt much

RE: Antivirus Recommendations?

[David Lum]

I can tell you a former %nightjob% client went from Vipre (from when I managed 
them) to Security Essentials (new support shop) and they certainly get more 
malware than when they had Vipre.

It's not  because they're a former client as it's my wife's work so no "sour 
grapes" involved in my observation. My wife wishes they'd go back to Vipre...

Dave

From: Cameron [mailto:cameron.orl...@gmail.com]
Sent: Friday, November 11, 2011 7:14 AM
To: NT System Admin Issues
Subject: Re: Antivirus Recommendations?

I'm using Vipre here and like it. Centralized, easy management...ANDsupport 
is good! People that you can understand and are NOT reading from cue cards!
On Fri, Nov 11, 2011 at 9:26 AM, Jim Holmgren 
mailto:jholmg...@xlhealth.com>> wrote:
Still does require RPC - you also have to turn on Remote Registry service to 
deploy automagically on Win7 clients.  We built an SCCM package for client 
deployment rather than use the Sophos console.

On the positive side, it does an AWESOME job removing Symantec automatically.

Jim


Jim Holmgren
Director of Technology Infrastructure
XLHealth Corporation
The Warehouse at Camden Yards
351 West Camden Street, Suite 100
Baltimore, MD 21201
410.625.2200 (main)
443.524.8573 (direct)
443-506.2400 (cell)
www.xlhealth.com



From: Erik Goldoff [mailto:egold...@gmail.com]
Sent: Friday, November 11, 2011 9:18 AM

To: NT System Admin Issues
Subject: Re: Antivirus Recommendations?

don't know about now, but a few years back Sophos did depend on RPC for 
deployment from the console
On Fri, Nov 11, 2011 at 8:33 AM, Harry Singh 
mailto:hbo...@gmail.com>> wrote:

Looking at Sophos now and hope to migrate off SAV Q1 of next year. Not keen on 
delivering a/v over GPO, I'm hoping Sophos built-in delivery doesn't use SMB.


On Friday, November 11, 2011, Rod Trent 
mailto:rodtr...@myitforum.com>> wrote:
> Incidentally, Truesec has LMS which allows management of Forefront without 
> SCCM:
>
>
>
> http://lms.truesec.se/
>
>
>
> From: James Rankin 
> [mailto:kz2...@googlemail.com]
> Sent: Friday, November 11, 2011 8:06 AM
> To: NT System Admin Issues
> Subject: Re: Antivirus Recommendations?
>
>
>
> Oh right. That's a bit more slippery.
>
> On 11 November 2011 13:01, Michael B. Smith 
> mailto:mich...@smithcons.com>> wrote:
>
> No, you don't have to use SCCM to deploy, but SCCM provides the management of 
> it. if you install it managed, then you need SCCM (or my previously mentioned 
> third-party product). You can also install it unmanaged.
>
>
>
> Regards,
>
>
>
> Michael B. Smith
>
> Consultant and Exchange MVP
>
> http://theessentialexchange.com/
>
> 
>
> From: James Rankin [kz2...@googlemail.com]
>
> Sent: Friday, November 11, 2011 7:36 AM
>
> To: NT System Admin Issues
> Subject: Re: Antivirus Recommendations?
>
>
>
> SCCM to deploy it? Didn't realise that. Nasty.
>
>
>
> I'm still a fan of Vipre, and Trend's offering isn't too bad, although the 
> detection rates were not vastly impressive. I tend to look at things from a 
> XenApp/RDS point of view though so I may dismissing some products that would 
> be perfectly fine for you on a traditional fat client machine.
>
> On 11 November 2011 12:27, Paul Hutchings 
> mailto:paul.hutchi...@mira.co.uk>> wrote:
>
> We actually have Forefront licenses via an MS agreement, I just don't think I 
> want to try and get my teeth into SCCM right now just to administer it (I 
> appreciate that SCCM does all manner of things but YKWIM, it's a bit of a 
> monster).
>
>
>
> We do all the defence in depth stuff regards perimiter scanning, URL blocking 
> etc.
>
> From: James Rankin 
> [mailto:kz2...@googlemail.com]
> Sent: 11 November 2011 12:20
> To: NT System Admin Issues
> Subject: Re: Antivirus Recommendations?
>
>
>
> I haven't dealt much with AV over the last year, but I liked Vipre Enterprise 
> last time I did. However we did move from Symantec so anything would probably 
> have been a vast improvement.
>
>
>
> I notice a lot of people are fans of the MS offerings now (Forefront, 
> Security Essentials, etc, don't know the exact current brand names). Truth be 
> known is that no AV can provide 100% coverage, and the ones that provide 
> advanced heuristic detection are usually the ones with the bigger footprints. 
> I'm personally a fan of coupling up your reactive AV with something like 
> AppLocker from MS, if you're an AD shop, and obviously some good event log 
> monitoring procedures. Defense-in-depth is usually the only way to stay 
> fairly safe.
>
>
>
> YMMV, etc.
>
> On 11 November 2011 12:11, Paul Hutchings 
> mailto:paul.hutchi...@mira.co.uk>> wrote:
>
> Our Avira Antivir license is up for renewal in a couple of months.  Whilst 
> we've had no significant issues, I want to look at a couple of other options 
> so that even if we stay with Avira it's for the ri

RE: iPhone user can still send emails after being disabled in AD

[Senter, John]

But it was attached to the corporate network so not erasing it also has 
liability.  What if this guy sends out a e-mail from the company telling 
customers to stop using the company?  We tell our users on the frontend that if 
they want to use their device to attach to corporate e-mail, then we will send 
a erase on termination.  They know that is coming so if they remove the 
Exchange setup before we send it then they are good and so are we since the 
e-mail has been removed.

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Friday, November 11, 2011 8:18 AM
To: NT System Admin Issues
Subject: RE: iPhone user can still send emails after being disabled in AD


'Cuz erase means erase everything? If it's a user's personal device there is 
liability attached.


Regards,

Michael B. Smith
Consultant and Exchange MVP
http://theessentialexchange.com/

From: Senter, John [john.sen...@etrade.com]
Sent: Friday, November 11, 2011 8:09 AM
To: NT System Admin Issues
Subject: RE: iPhone user can still send emails after being disabled in AD
Why would you not just send a erase command to the device?  If they are still 
connecting in it will take and bam no more exchange.

From: Ben N 
[mailto:bennordlan...@gmail.com]
Sent: Thursday, November 10, 2011 11:53 PM
To: NT System Admin Issues
Subject: Re: iPhone user can still send emails after being disabled in AD

yes this is exactly what we'll be doing on sudden terminations, we were playing 
with these settings and how fast they kicked on. (after the fact)
On Thu, Nov 10, 2011 at 4:37 PM, Donovan Oliver 
mailto:oliv...@ohsu.edu>> wrote:
Consider disabling all features (Mailbox Features tab) via Exchange Management 
Console for the user object.
[cid:image001.png@01CCA05C.977DA110]
This should sever any existing/ongoing sessions.

- Donovan

From: Ben N [mailto:bennordlan...@gmail.com]
Sent: Tuesday, November 08, 2011 5:33 PM
To: NT System Admin Issues
Subject: iPhone user can still send emails after being disabled in AD

You guys have this issue ever come up? I think this user was disabled in AD at 
about 4pm, and the last email we got from the user's phone was around 8am the 
next morning. iPhone setup with EAS and we have Exchange 2007.

Could it be due to user token caching like from this forum post?
http://social.technet.microsoft.com/Forums/en-US/exchangesvrclients/thread/3da53460-ef76-4f01-94c9-f7b96fdaf99d

~ Finally, powerful endpoint security that ISN'T a resource hog! ~

~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
w

Re[2]: Antivirus Recommendations?

[Joe User]

Hello,


For me bloat is a major factor. Vipre is probably the leanest AV out
there. I don't think you'd regret going with Vipre, IMHO.



-- 
Regards,
 joeuser - Still looking for the 'any' key...

"...now these points of data make a beautiful line..."


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Antivirus Recommendations?

[Jacob]

I have been happy with NOD32. But you can also take a look at our sponser.

 

 

 

From: Paul Hutchings [mailto:paul.hutchi...@mira.co.uk] 
Sent: Friday, November 11, 2011 4:11 AM
To: NT System Admin Issues
Subject: Antivirus Recommendations?

 

Our Avira Antivir license is up for renewal in a couple of months.  Whilst
we've had no significant issues, I want to look at a couple of other options
so that even if we stay with Avira it's for the right technical reasons.

 

We have around 550 PC's, a mix of Windows XP, Windows Vista, Windows 7,
predominantly 32bit with some x64.

 

I'd be looking for a mixture of good centralised management (this almost
always seems to rule out many vendors) combined with low client footprint -
and something that is totally "hands off" from the end user perspective and
that "just works". 

 

Suggestions?

 

Thanks,

Paul

  _  

MIRA Ltd

 

Watling Street, Nuneaton, Warwickshire, CV10 0TU, England

Registered in England and Wales No. 402570

VAT Registration  GB 100 1464 84

 

The contents of this e-mail are confidential and are solely for the use of
the intended recipient.  If you receive this e-mail in error, please delete
it and notify us either by e-mail, telephone or fax.  You should not copy,
forward or otherwise disclose the content of the e-mail as this is
prohibited.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Antivirus Recommendations?

[Cameron]

I'm using Vipre here and like it. Centralized, easy
management...ANDsupport is good! People that you can understand and are
NOT reading from cue cards!

On Fri, Nov 11, 2011 at 9:26 AM, Jim Holmgren wrote:

>  Still does require RPC – you also have to turn on Remote Registry
> service to deploy automagically on Win7 clients.  We built an SCCM package
> for client deployment rather than use the Sophos console.
>
> ** **
>
> On the positive side, it does an AWESOME job removing Symantec
> automatically.
>
> ** **
>
> Jim
>
> ** **
>
> ** **
>
> Jim Holmgren
>
> Director of Technology Infrastructure
>
> XLHealth Corporation
>
> The Warehouse at Camden Yards
>
> 351 West Camden Street, Suite 100
>
> Baltimore, MD 21201 
>
> 410.625.2200 (main)
>
> 443.524.8573 (direct)
>
> 443-506.2400 (cell)
>
> www.xlhealth.com
>
> ** **
>
> ** **
>
> ** **
>
> *From:* Erik Goldoff [mailto:egold...@gmail.com]
> *Sent:* Friday, November 11, 2011 9:18 AM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Antivirus Recommendations?
>
>  ** **
>
> don't know about now, but a few years back Sophos did depend on RPC for
> deployment from the console
>
> On Fri, Nov 11, 2011 at 8:33 AM, Harry Singh  wrote:
>
>
> Looking at Sophos now and hope to migrate off SAV Q1 of next year. Not
> keen on delivering a/v over GPO, I'm hoping Sophos built-in delivery
> doesn't use SMB.
>
>
> On Friday, November 11, 2011, Rod Trent  wrote:
> > Incidentally, Truesec has LMS which allows management of Forefront
> without SCCM:
> >
> >
> >
> > http://lms.truesec.se/
> >
> >
> >
> > From: James Rankin [mailto:kz2...@googlemail.com]
> > Sent: Friday, November 11, 2011 8:06 AM
> > To: NT System Admin Issues
> > Subject: Re: Antivirus Recommendations?
> >
> >
> >
> > Oh right. That's a bit more slippery.
> >
> > On 11 November 2011 13:01, Michael B. Smith 
> wrote:
> >
> > No, you don't have to use SCCM to deploy, but SCCM provides the
> management of it. if you install it managed, then you need SCCM (or my
> previously mentioned third-party product). You can also install it
> unmanaged.
> >
> >
> >
> > Regards,
> >
> >
> >
> > Michael B. Smith
> >
> > Consultant and Exchange MVP
> >
> > http://theessentialexchange.com/
> >
> > 
> >
> > From: James Rankin [kz2...@googlemail.com]
> >
> > Sent: Friday, November 11, 2011 7:36 AM
> >
> > To: NT System Admin Issues
> > Subject: Re: Antivirus Recommendations?
> >
> >
> >
> > SCCM to deploy it? Didn't realise that. Nasty.
> >
> >
> >
> > I'm still a fan of Vipre, and Trend's offering isn't too bad, although
> the detection rates were not vastly impressive. I tend to look at things
> from a XenApp/RDS point of view though so I may dismissing some products
> that would be perfectly fine for you on a traditional fat client machine.
> >
> > On 11 November 2011 12:27, Paul Hutchings 
> wrote:
> >
> > We actually have Forefront licenses via an MS agreement, I just don’t
> think I want to try and get my teeth into SCCM right now just to administer
> it (I appreciate that SCCM does all manner of things but YKWIM, it’s a bit
> of a monster).
> >
> >
> >
> > We do all the defence in depth stuff regards perimiter scanning, URL
> blocking etc.
> >
> > From: James Rankin [mailto:kz2...@googlemail.com]
> > Sent: 11 November 2011 12:20
> > To: NT System Admin Issues
> > Subject: Re: Antivirus Recommendations?
> >
> >
> >
> > I haven't dealt much with AV over the last year, but I liked Vipre
> Enterprise last time I did. However we did move from Symantec so anything
> would probably have been a vast improvement.
> >
> >
> >
> > I notice a lot of people are fans of the MS offerings now (Forefront,
> Security Essentials, etc, don't know the exact current brand names). Truth
> be known is that no AV can provide 100% coverage, and the ones that provide
> advanced heuristic detection are usually the ones with the bigger
> footprints. I'm personally a fan of coupling up your reactive AV with
> something like AppLocker from MS, if you're an AD shop, and obviously some
> good event log monitoring procedures. Defense-in-depth is usually the only
> way to stay fairly safe.
> >
> >
> >
> > YMMV, etc.
> >
> > On 11 November 2011 12:11, Paul Hutchings 
> wrote:
> >
> > Our Avira Antivir license is up for renewal in a couple of months.
> Whilst we’ve had no significant issues, I want to look at a couple of other
> options so that even if we stay with Avira it’s for the right technical
> reasons.
> >
> >
> >
> > We have around 550 PC’s, a mix of Windows XP, Windows Vista, Windows 7,
> predominantly 32bit with some x64.
> >
> >
> >
> > I’d be looking for a mixture of good centralised management (this almost
> always seems to rule out many vendors) combined with low client footprint –
> and something that is totally “hands off” from the end user perspective and
> that “just works”.
> >
> >
> >
> > Suggestions?
> >
> >
> >
> > Thanks,
> >
> > ~ Fin

RE: Antivirus Recommendations?

[Jim Holmgren]

Still does require RPC - you also have to turn on Remote Registry service to 
deploy automagically on Win7 clients.  We built an SCCM package for client 
deployment rather than use the Sophos console.

On the positive side, it does an AWESOME job removing Symantec automatically.

Jim


Jim Holmgren
Director of Technology Infrastructure
XLHealth Corporation
The Warehouse at Camden Yards
351 West Camden Street, Suite 100
Baltimore, MD 21201
410.625.2200 (main)
443.524.8573 (direct)
443-506.2400 (cell)
www.xlhealth.com



From: Erik Goldoff [mailto:egold...@gmail.com]
Sent: Friday, November 11, 2011 9:18 AM
To: NT System Admin Issues
Subject: Re: Antivirus Recommendations?

don't know about now, but a few years back Sophos did depend on RPC for 
deployment from the console
On Fri, Nov 11, 2011 at 8:33 AM, Harry Singh 
mailto:hbo...@gmail.com>> wrote:

Looking at Sophos now and hope to migrate off SAV Q1 of next year. Not keen on 
delivering a/v over GPO, I'm hoping Sophos built-in delivery doesn't use SMB.


On Friday, November 11, 2011, Rod Trent 
mailto:rodtr...@myitforum.com>> wrote:
> Incidentally, Truesec has LMS which allows management of Forefront without 
> SCCM:
>
>
>
> http://lms.truesec.se/
>
>
>
> From: James Rankin 
> [mailto:kz2...@googlemail.com]
> Sent: Friday, November 11, 2011 8:06 AM
> To: NT System Admin Issues
> Subject: Re: Antivirus Recommendations?
>
>
>
> Oh right. That's a bit more slippery.
>
> On 11 November 2011 13:01, Michael B. Smith 
> mailto:mich...@smithcons.com>> wrote:
>
> No, you don't have to use SCCM to deploy, but SCCM provides the management of 
> it. if you install it managed, then you need SCCM (or my previously mentioned 
> third-party product). You can also install it unmanaged.
>
>
>
> Regards,
>
>
>
> Michael B. Smith
>
> Consultant and Exchange MVP
>
> http://theessentialexchange.com/
>
> 
>
> From: James Rankin [kz2...@googlemail.com]
>
> Sent: Friday, November 11, 2011 7:36 AM
>
> To: NT System Admin Issues
> Subject: Re: Antivirus Recommendations?
>
>
>
> SCCM to deploy it? Didn't realise that. Nasty.
>
>
>
> I'm still a fan of Vipre, and Trend's offering isn't too bad, although the 
> detection rates were not vastly impressive. I tend to look at things from a 
> XenApp/RDS point of view though so I may dismissing some products that would 
> be perfectly fine for you on a traditional fat client machine.
>
> On 11 November 2011 12:27, Paul Hutchings 
> mailto:paul.hutchi...@mira.co.uk>> wrote:
>
> We actually have Forefront licenses via an MS agreement, I just don't think I 
> want to try and get my teeth into SCCM right now just to administer it (I 
> appreciate that SCCM does all manner of things but YKWIM, it's a bit of a 
> monster).
>
>
>
> We do all the defence in depth stuff regards perimiter scanning, URL blocking 
> etc.
>
> From: James Rankin 
> [mailto:kz2...@googlemail.com]
> Sent: 11 November 2011 12:20
> To: NT System Admin Issues
> Subject: Re: Antivirus Recommendations?
>
>
>
> I haven't dealt much with AV over the last year, but I liked Vipre Enterprise 
> last time I did. However we did move from Symantec so anything would probably 
> have been a vast improvement.
>
>
>
> I notice a lot of people are fans of the MS offerings now (Forefront, 
> Security Essentials, etc, don't know the exact current brand names). Truth be 
> known is that no AV can provide 100% coverage, and the ones that provide 
> advanced heuristic detection are usually the ones with the bigger footprints. 
> I'm personally a fan of coupling up your reactive AV with something like 
> AppLocker from MS, if you're an AD shop, and obviously some good event log 
> monitoring procedures. Defense-in-depth is usually the only way to stay 
> fairly safe.
>
>
>
> YMMV, etc.
>
> On 11 November 2011 12:11, Paul Hutchings 
> mailto:paul.hutchi...@mira.co.uk>> wrote:
>
> Our Avira Antivir license is up for renewal in a couple of months.  Whilst 
> we've had no significant issues, I want to look at a couple of other options 
> so that even if we stay with Avira it's for the right technical reasons.
>
>
>
> We have around 550 PC's, a mix of Windows XP, Windows Vista, Windows 7, 
> predominantly 32bit with some x64.
>
>
>
> I'd be looking for a mixture of good centralised management (this almost 
> always seems to rule out many vendors) combined with low client footprint - 
> and something that is totally "hands off" from the end user perspective and 
> that "just works".
>
>
>
> Suggestions?
>
>
>
> Thanks,
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to 
> listmana...@lyris.sunbeltsoftware.com

Re: Antivirus Recommendations?

[Erik Goldoff]

don't know about now, but a few years back Sophos did depend on RPC for
deployment from the console

On Fri, Nov 11, 2011 at 8:33 AM, Harry Singh  wrote:

>
> Looking at Sophos now and hope to migrate off SAV Q1 of next year. Not
> keen on delivering a/v over GPO, I'm hoping Sophos built-in delivery
> doesn't use SMB.
>
>
> On Friday, November 11, 2011, Rod Trent  wrote:
> > Incidentally, Truesec has LMS which allows management of Forefront
> without SCCM:
> >
> >
> >
> > http://lms.truesec.se/
> >
> >
> >
> > From: James Rankin [mailto:kz2...@googlemail.com]
> > Sent: Friday, November 11, 2011 8:06 AM
> > To: NT System Admin Issues
> > Subject: Re: Antivirus Recommendations?
> >
> >
> >
> > Oh right. That's a bit more slippery.
> >
> > On 11 November 2011 13:01, Michael B. Smith 
> wrote:
> >
> > No, you don't have to use SCCM to deploy, but SCCM provides the
> management of it. if you install it managed, then you need SCCM (or my
> previously mentioned third-party product). You can also install it
> unmanaged.
> >
> >
> >
> > Regards,
> >
> >
> >
> > Michael B. Smith
> >
> > Consultant and Exchange MVP
> >
> > http://theessentialexchange.com/
> >
> > 
> >
> > From: James Rankin [kz2...@googlemail.com]
> >
> > Sent: Friday, November 11, 2011 7:36 AM
> >
> > To: NT System Admin Issues
> > Subject: Re: Antivirus Recommendations?
> >
> >
> >
> > SCCM to deploy it? Didn't realise that. Nasty.
> >
> >
> >
> > I'm still a fan of Vipre, and Trend's offering isn't too bad, although
> the detection rates were not vastly impressive. I tend to look at things
> from a XenApp/RDS point of view though so I may dismissing some products
> that would be perfectly fine for you on a traditional fat client machine.
> >
> > On 11 November 2011 12:27, Paul Hutchings 
> wrote:
> >
> > We actually have Forefront licenses via an MS agreement, I just don’t
> think I want to try and get my teeth into SCCM right now just to administer
> it (I appreciate that SCCM does all manner of things but YKWIM, it’s a bit
> of a monster).
> >
> >
> >
> > We do all the defence in depth stuff regards perimiter scanning, URL
> blocking etc.
> >
> > From: James Rankin [mailto:kz2...@googlemail.com]
> > Sent: 11 November 2011 12:20
> > To: NT System Admin Issues
> > Subject: Re: Antivirus Recommendations?
> >
> >
> >
> > I haven't dealt much with AV over the last year, but I liked Vipre
> Enterprise last time I did. However we did move from Symantec so anything
> would probably have been a vast improvement.
> >
> >
> >
> > I notice a lot of people are fans of the MS offerings now (Forefront,
> Security Essentials, etc, don't know the exact current brand names). Truth
> be known is that no AV can provide 100% coverage, and the ones that provide
> advanced heuristic detection are usually the ones with the bigger
> footprints. I'm personally a fan of coupling up your reactive AV with
> something like AppLocker from MS, if you're an AD shop, and obviously some
> good event log monitoring procedures. Defense-in-depth is usually the only
> way to stay fairly safe.
> >
> >
> >
> > YMMV, etc.
> >
> > On 11 November 2011 12:11, Paul Hutchings 
> wrote:
> >
> > Our Avira Antivir license is up for renewal in a couple of months.
> Whilst we’ve had no significant issues, I want to look at a couple of other
> options so that even if we stay with Avira it’s for the right technical
> reasons.
> >
> >
> >
> > We have around 550 PC’s, a mix of Windows XP, Windows Vista, Windows 7,
> predominantly 32bit with some x64.
> >
> >
> >
> > I’d be looking for a mixture of good centralised management (this almost
> always seems to rule out many vendors) combined with low client footprint –
> and something that is totally “hands off” from the end user perspective and
> that “just works”.
> >
> >
> >
> > Suggestions?
> >
> >
> >
> > Thanks,
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> > ~   ~
> >
> > ---
> > To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> > or send an email to listmana...@lyris.sunbeltsoftware.com
> > with the body: unsubscribe ntsysadmin
> >
> >
> > --
> > "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put
> into the machine wrong figures, will the right answers come out?' I am not
> able rightly to apprehend the kind of confusion of ideas that could provoke
> such a question."
> >
> > * IMPORTANT INFORMATION/DISCLAIMER *
> >
> > This document should be read only by those persons to whom it is
> addressed. If you have received this message it was obviously addressed to
> you and therefore you can read it, even it we didn't mean to send it to
> you. However, if the contents of this email make no sense whatsoever then
> you probably were not the intended recipient, or, alternatively, you are a
> mindless cretin; either way, you should immediately kill yourself and
> destroy 

Re: Antivirus Recommendations?

[John Cook]

The latest Vipre has a new cosole.
John W. Cook
Systems Administrator
Partnership for Strong Families

From: Ray [mailto:rz...@qwest.net]
Sent: Friday, November 11, 2011 08:50 AM
To: NT System Admin Issues 
Subject: RE: Antivirus Recommendations?

We dumped McAfee for Sophos.  At the time, we evaluated several, including 
Kapersky and Vipre.   At the time we thought Sophos had the better management 
console, but I was a bit concerned about their support.   Their best people 
seemed to be the pre-installation people, not the on-going support people.

We were most impressed with Kaspersky’s support at the time, and Sophos was 
definitely more money.  I think Sophos does an ok job on effectiveness, but 
apparently our team that administers it put it in a “set it and forget� mode, 
and let things get out of date.

But that was 2+ years ago so many things have probably changed.

From: James Rankin [mailto:kz2...@googlemail.com]
Sent: Friday, November 11, 2011 5:36 AM
To: NT System Admin Issues
Subject: Re: Antivirus Recommendations?

SCCM to deploy it? Didn't realise that. Nasty.

I'm still a fan of Vipre, and Trend's offering isn't too bad, although the 
detection rates were not vastly impressive. I tend to look at things from a 
XenApp/RDS point of view though so I may dismissing some products that would be 
perfectly fine for you on a traditional fat client machine.
On 11 November 2011 12:27, Paul Hutchings 
mailto:paul.hutchi...@mira.co.uk>> wrote:
We actually have Forefront licenses via an MS agreement, I just don’t think I 
want to try and get my teeth into SCCM right now just to administer it (I 
appreciate that SCCM does all manner of things but YKWIM, it’s a bit of a 
monster).

We do all the defence in depth stuff regards perimiter scanning, URL blocking 
etc.
From: James Rankin [mailto:kz2...@googlemail.com]
Sent: 11 November 2011 12:20
To: NT System Admin Issues
Subject: Re: Antivirus Recommendations?

I haven't dealt much with AV over the last year, but I liked Vipre Enterprise 
last time I did. However we did move from Symantec so anything would probably 
have been a vast improvement.

I notice a lot of people are fans of the MS offerings now (Forefront, Security 
Essentials, etc, don't know the exact current brand names). Truth be known is 
that no AV can provide 100% coverage, and the ones that provide advanced 
heuristic detection are usually the ones with the bigger footprints. I'm 
personally a fan of coupling up your reactive AV with something like AppLocker 
from MS, if you're an AD shop, and obviously some good event log monitoring 
procedures. Defense-in-depth is usually the only way to stay fairly safe.

YMMV, etc.
On 11 November 2011 12:11, Paul Hutchings 
mailto:paul.hutchi...@mira.co.uk>> wrote:
Our Avira Antivir license is up for renewal in a couple of months.  Whilst 
we’ve had no significant issues, I want to look at a couple of other options so 
that even if we stay with Avira it’s for the right technical reasons.

We have around 550 PC’s, a mix of Windows XP, Windows Vista, Windows 7, 
predominantly 32bit with some x64.

I’d be looking for a mixture of good centralised management (this almost always 
seems to rule out many vendors) combined with low client footprint – and 
something that is totally “hands off� from the end user perspective and that 
“just works�.

Suggestions?

Thanks,
Paul

MIRA Ltd

Watling Street, Nuneaton, Warwickshire, CV10 0TU, England
Registered in England and Wales No. 402570
VAT Registration  GB 100 1464 84

The contents of this e-mail are confidential and are solely for the use of the 
intended recipient.  If you receive this e-mail in error, please delete it and 
notify us either by e-mail, telephone or fax.  You should not copy, forward or 
otherwise disclose the content of the e-mail as this is prohibited.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



--
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the 
machine wrong figures, will the right answers come out?' I am not able rightly 
to apprehend the kind of confusion of ideas that could provoke such a question."

* IMPORTANT INFORMATION/DISCLAIMER *

This document should be read only by those persons to whom it is addressed. If 
you have received this message it was obviously addressed to you and therefore 
you can read it, even it we didn't mean to send it to you. However, if the 
contents of this email make no sense whatsoever then you probably were not the 
intended recipient, or, alternatively, you are a mindless cretin; either way, 
you should immediately kill yourself and dest

RE: Antivirus Recommendations?

[Ray]

We dumped McAfee for Sophos.  At the time, we evaluated several, including
Kapersky and Vipre.   At the time we thought Sophos had the better
management console, but I was a bit concerned about their support.   Their
best people seemed to be the pre-installation people, not the on-going
support people. 

 

We were most impressed with Kaspersky's support at the time, and Sophos was
definitely more money.  I think Sophos does an ok job on effectiveness, but
apparently our team that administers it put it in a "set it and forget"
mode, and let things get out of date.   

 

But that was 2+ years ago so many things have probably changed.  

 

From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: Friday, November 11, 2011 5:36 AM
To: NT System Admin Issues
Subject: Re: Antivirus Recommendations?

 

SCCM to deploy it? Didn't realise that. Nasty.

 

I'm still a fan of Vipre, and Trend's offering isn't too bad, although the
detection rates were not vastly impressive. I tend to look at things from a
XenApp/RDS point of view though so I may dismissing some products that would
be perfectly fine for you on a traditional fat client machine.

On 11 November 2011 12:27, Paul Hutchings  wrote:

We actually have Forefront licenses via an MS agreement, I just don't think
I want to try and get my teeth into SCCM right now just to administer it (I
appreciate that SCCM does all manner of things but YKWIM, it's a bit of a
monster).

 

We do all the defence in depth stuff regards perimiter scanning, URL
blocking etc.

From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: 11 November 2011 12:20
To: NT System Admin Issues
Subject: Re: Antivirus Recommendations?

 

I haven't dealt much with AV over the last year, but I liked Vipre
Enterprise last time I did. However we did move from Symantec so anything
would probably have been a vast improvement.

 

I notice a lot of people are fans of the MS offerings now (Forefront,
Security Essentials, etc, don't know the exact current brand names). Truth
be known is that no AV can provide 100% coverage, and the ones that provide
advanced heuristic detection are usually the ones with the bigger
footprints. I'm personally a fan of coupling up your reactive AV with
something like AppLocker from MS, if you're an AD shop, and obviously some
good event log monitoring procedures. Defense-in-depth is usually the only
way to stay fairly safe.

 

YMMV, etc.

On 11 November 2011 12:11, Paul Hutchings  wrote:

Our Avira Antivir license is up for renewal in a couple of months.  Whilst
we've had no significant issues, I want to look at a couple of other options
so that even if we stay with Avira it's for the right technical reasons.

 

We have around 550 PC's, a mix of Windows XP, Windows Vista, Windows 7,
predominantly 32bit with some x64.

 

I'd be looking for a mixture of good centralised management (this almost
always seems to rule out many vendors) combined with low client footprint -
and something that is totally "hands off" from the end user perspective and
that "just works". 

 

Suggestions?

 

Thanks,

Paul

  _  

MIRA Ltd

 

Watling Street, Nuneaton, Warwickshire, CV10 0TU, England

Registered in England and Wales No. 402570

VAT Registration  GB 100 1464 84

 

The contents of this e-mail are confidential and are solely for the use of
the intended recipient.  If you receive this e-mail in error, please delete
it and notify us either by e-mail, telephone or fax.  You should not copy,
forward or otherwise disclose the content of the e-mail as this is
prohibited.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin




-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question."

* IMPORTANT INFORMATION/DISCLAIMER *

This document should be read only by those persons to whom it is addressed.
If you have received this message it was obviously addressed to you and
therefore you can read it, even it we didn't mean to send it to you.
However, if the contents of this email make no sense whatsoever then you
probably were not the intended recipient, or, alternatively, you are a
mindless cretin; either way, you should immediately kill yourself and
destroy your computer (not necessarily in that order). Once you have taken
this action, please contact us.. no, sorry, you can't use your computer,
because you just destroyed it, and possibly also committed suicide
afterwards, but I am starting to digress.. 

The originator of this email is not liable for the transmission of the
information contained in this communication. Or are they? Eith

RE: iPhone user can still send emails after being disabled in AD

[Rod Trent]

Sorry to push SCCM into another thread, but ConfigMgr 2012 will have a bit
more granular control over iPhones, without wiping them completely. 

 

From: Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: Friday, November 11, 2011 8:18 AM
To: NT System Admin Issues
Subject: RE: iPhone user can still send emails after being disabled in AD

 

'Cuz erase means erase everything? If it's a user's personal device there is
liability attached.

 

Regards,

 

Michael B. Smith

Consultant and Exchange MVP

http://theessentialexchange.com/

  _  

From: Senter, John [john.sen...@etrade.com]
Sent: Friday, November 11, 2011 8:09 AM
To: NT System Admin Issues
Subject: RE: iPhone user can still send emails after being disabled in AD

Why would you not just send a erase command to the device?  If they are
still connecting in it will take and bam no more exchange.

 

From: Ben N [mailto:bennordlan...@gmail.com] 
Sent: Thursday, November 10, 2011 11:53 PM
To: NT System Admin Issues
Subject: Re: iPhone user can still send emails after being disabled in AD

 

yes this is exactly what we'll be doing on sudden terminations, we were
playing with these settings and how fast they kicked on. (after the fact)

On Thu, Nov 10, 2011 at 4:37 PM, Donovan Oliver  wrote:

Consider disabling all features (Mailbox Features tab) via Exchange
Management Console for the user object.  



This should sever any existing/ongoing sessions.

 

- Donovan

 

From: Ben N [mailto:bennordlan...@gmail.com] 
Sent: Tuesday, November 08, 2011 5:33 PM
To: NT System Admin Issues
Subject: iPhone user can still send emails after being disabled in AD

 

You guys have this issue ever come up? I think this user was disabled in AD
at about 4pm, and the last email we got from the user's phone was around 8am
the next morning. iPhone setup with EAS and we have Exchange 2007.

 

Could it be due to user token caching like from this forum post?

http://social.technet.microsoft.com/Forums/en-US/exchangesvrclients/thread/3
da53460-ef76-4f01-94c9-f7b96fdaf99d

~ Finally, powerful endpoint security that ISN'T a resource hog! ~


~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

Re: Antivirus Recommendations?

[Harry Singh]

Looking at Sophos now and hope to migrate off SAV Q1 of next year. Not keen
on delivering a/v over GPO, I'm hoping Sophos built-in delivery doesn't use
SMB.


On Friday, November 11, 2011, Rod Trent  wrote:
> Incidentally, Truesec has LMS which allows management of Forefront
without SCCM:
>
>
>
> http://lms.truesec.se/
>
>
>
> From: James Rankin [mailto:kz2...@googlemail.com]
> Sent: Friday, November 11, 2011 8:06 AM
> To: NT System Admin Issues
> Subject: Re: Antivirus Recommendations?
>
>
>
> Oh right. That's a bit more slippery.
>
> On 11 November 2011 13:01, Michael B. Smith  wrote:
>
> No, you don't have to use SCCM to deploy, but SCCM provides the
management of it. if you install it managed, then you need SCCM (or my
previously mentioned third-party product). You can also install it
unmanaged.
>
>
>
> Regards,
>
>
>
> Michael B. Smith
>
> Consultant and Exchange MVP
>
> http://theessentialexchange.com/
>
> 
>
> From: James Rankin [kz2...@googlemail.com]
>
> Sent: Friday, November 11, 2011 7:36 AM
>
> To: NT System Admin Issues
> Subject: Re: Antivirus Recommendations?
>
>
>
> SCCM to deploy it? Didn't realise that. Nasty.
>
>
>
> I'm still a fan of Vipre, and Trend's offering isn't too bad, although
the detection rates were not vastly impressive. I tend to look at things
from a XenApp/RDS point of view though so I may dismissing some products
that would be perfectly fine for you on a traditional fat client machine.
>
> On 11 November 2011 12:27, Paul Hutchings 
wrote:
>
> We actually have Forefront licenses via an MS agreement, I just don’t
think I want to try and get my teeth into SCCM right now just to administer
it (I appreciate that SCCM does all manner of things but YKWIM, it’s a bit
of a monster).
>
>
>
> We do all the defence in depth stuff regards perimiter scanning, URL
blocking etc.
>
> From: James Rankin [mailto:kz2...@googlemail.com]
> Sent: 11 November 2011 12:20
> To: NT System Admin Issues
> Subject: Re: Antivirus Recommendations?
>
>
>
> I haven't dealt much with AV over the last year, but I liked Vipre
Enterprise last time I did. However we did move from Symantec so anything
would probably have been a vast improvement.
>
>
>
> I notice a lot of people are fans of the MS offerings now (Forefront,
Security Essentials, etc, don't know the exact current brand names). Truth
be known is that no AV can provide 100% coverage, and the ones that provide
advanced heuristic detection are usually the ones with the bigger
footprints. I'm personally a fan of coupling up your reactive AV with
something like AppLocker from MS, if you're an AD shop, and obviously some
good event log monitoring procedures. Defense-in-depth is usually the only
way to stay fairly safe.
>
>
>
> YMMV, etc.
>
> On 11 November 2011 12:11, Paul Hutchings 
wrote:
>
> Our Avira Antivir license is up for renewal in a couple of months.
Whilst we’ve had no significant issues, I want to look at a couple of other
options so that even if we stay with Avira it’s for the right technical
reasons.
>
>
>
> We have around 550 PC’s, a mix of Windows XP, Windows Vista, Windows 7,
predominantly 32bit with some x64.
>
>
>
> I’d be looking for a mixture of good centralised management (this almost
always seems to rule out many vendors) combined with low client footprint –
and something that is totally “hands off” from the end user perspective and
that “just works”.
>
>
>
> Suggestions?
>
>
>
> Thanks,
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
> --
> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question."
>
> * IMPORTANT INFORMATION/DISCLAIMER *
>
> This document should be read only by those persons to whom it is
addressed. If you have received this message it was obviously addressed to
you and therefore you can read it, even it we didn't mean to send it to
you. However, if the contents of this email make no sense whatsoever then
you probably were not the intended recipient, or, alternatively, you are a
mindless cretin; either way, you should immediately kill yourself and
destroy your computer (not necessarily in that order). Once you have taken
this action, please contact us.. no, sorry, you can't use your computer,
because you just destroyed it, and possibly also committed suicide
afterwards, but I am starting to digress..
>
> The originator of this email is not liable for the transmission of the
information contained in this communication. Or are they? Either way it's a
pretty dull legal query and frankly one I'm not going to dwell

RE: Antivirus Recommendations?

[Rod Trent]

Incidentally, Truesec has LMS which allows management of Forefront without
SCCM:

 

http://lms.truesec.se/ 

 

From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: Friday, November 11, 2011 8:06 AM
To: NT System Admin Issues
Subject: Re: Antivirus Recommendations?

 

Oh right. That's a bit more slippery.

On 11 November 2011 13:01, Michael B. Smith  wrote:

No, you don't have to use SCCM to deploy, but SCCM provides the management
of it. if you install it managed, then you need SCCM (or my previously
mentioned third-party product). You can also install it unmanaged.

 

Regards,

 

Michael B. Smith

Consultant and Exchange MVP

http://theessentialexchange.com/

  _  

From: James Rankin [kz2...@googlemail.com] 


Sent: Friday, November 11, 2011 7:36 AM

To: NT System Admin Issues
Subject: Re: Antivirus Recommendations?

 

SCCM to deploy it? Didn't realise that. Nasty.

 

I'm still a fan of Vipre, and Trend's offering isn't too bad, although the
detection rates were not vastly impressive. I tend to look at things from a
XenApp/RDS point of view though so I may dismissing some products that would
be perfectly fine for you on a traditional fat client machine.

On 11 November 2011 12:27, Paul Hutchings  wrote:

We actually have Forefront licenses via an MS agreement, I just don't think
I want to try and get my teeth into SCCM right now just to administer it (I
appreciate that SCCM does all manner of things but YKWIM, it's a bit of a
monster).

 

We do all the defence in depth stuff regards perimiter scanning, URL
blocking etc.

From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: 11 November 2011 12:20
To: NT System Admin Issues
Subject: Re: Antivirus Recommendations?

 

I haven't dealt much with AV over the last year, but I liked Vipre
Enterprise last time I did. However we did move from Symantec so anything
would probably have been a vast improvement.

 

I notice a lot of people are fans of the MS offerings now (Forefront,
Security Essentials, etc, don't know the exact current brand names). Truth
be known is that no AV can provide 100% coverage, and the ones that provide
advanced heuristic detection are usually the ones with the bigger
footprints. I'm personally a fan of coupling up your reactive AV with
something like AppLocker from MS, if you're an AD shop, and obviously some
good event log monitoring procedures. Defense-in-depth is usually the only
way to stay fairly safe.

 

YMMV, etc.

On 11 November 2011 12:11, Paul Hutchings  wrote:

Our Avira Antivir license is up for renewal in a couple of months.  Whilst
we've had no significant issues, I want to look at a couple of other options
so that even if we stay with Avira it's for the right technical reasons.

 

We have around 550 PC's, a mix of Windows XP, Windows Vista, Windows 7,
predominantly 32bit with some x64.

 

I'd be looking for a mixture of good centralised management (this almost
always seems to rule out many vendors) combined with low client footprint -
and something that is totally "hands off" from the end user perspective and
that "just works". 

 

Suggestions?

 

Thanks,

Paul

  _  

MIRA Ltd

 

Watling Street, Nuneaton, Warwickshire, CV10 0TU, England

Registered in England and Wales No. 402570

VAT Registration  GB 100 1464 84

 

The contents of this e-mail are confidential and are solely for the use of
the intended recipient.  If you receive this e-mail in error, please delete
it and notify us either by e-mail, telephone or fax.  You should not copy,
forward or otherwise disclose the content of the e-mail as this is
prohibited.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin




-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question."

* IMPORTANT INFORMATION/DISCLAIMER *

This document should be read only by those persons to whom it is addressed.
If you have received this message it was obviously addressed to you and
therefore you can read it, even it we didn't mean to send it to you.
However, if the contents of this email make no sense whatsoever then you
probably were not the intended recipient, or, alternatively, you are a
mindless cretin; either way, you should immediately kill yourself and
destroy your computer (not necessarily in that order). Once you have taken
this action, please contact us.. no, sorry, you can't use your computer,
because you just destroyed it, and possibly also committed suicide
afterwards, but I am starting to digress.. 

The originator of this email is not liable for the transmission of the
information contained in 

RE: Antivirus Recommendations?

[Paul Hutchings]

Sorry, I should have been clearer, I'd like to be able to deploy via GPO but 
would still want the machines to report back to the management console so that 
I could see if, for some reason, machines didn't have A/V installed but should. 
 Plus of course I'd want the option of deploying from the management console.

I can completely "get" the reason for integrating with SCCM, but it does seem 
like a sledgehammer to crack a nut.

From: Rod Trent [mailto:rodtr...@myitforum.com]
Sent: 11 November 2011 13:17
To: NT System Admin Issues
Subject: RE: Antivirus Recommendations?

Simpler, yes, but GPO has no way of reporting success and failures or allowing 
you to isolate outbreaks.

The idea behind integrating Forefront (now, just Endpoint Protection) with 
ConfigMgr is that a) it uses robust distribution technology for the client and 
all subsequent updates (a lot like WSUS), b) installation and update success 
and failures are tracked and monitored from a central point, c) virus detection 
can be monitored, hence, client security can be managed and a client can be 
isolated (using and integrated NAP environment) if there's an outbreak.  
There's other reasons and it will depend on your own environment.

Granted...if you're managing a couple hundred PCs it's probably not for you 
unless the endpoints are located over a wide area.

From: Paul Hutchings 
[mailto:paul.hutchi...@mira.co.uk]
Sent: Friday, November 11, 2011 7:57 AM
To: NT System Admin Issues
Subject: RE: Antivirus Recommendations?

We used to use Trend.  I quite liked it but we had "issues" with detection 
hence the switch.

One thing I would quite like is something that can be deployed as an MSI via 
Group Policy as it just makes deployment so much simpler.

From: James Rankin 
[mailto:kz2...@googlemail.com]
Sent: 11 November 2011 12:36
To: NT System Admin Issues
Subject: Re: Antivirus Recommendations?

SCCM to deploy it? Didn't realise that. Nasty.

I'm still a fan of Vipre, and Trend's offering isn't too bad, although the 
detection rates were not vastly impressive. I tend to look at things from a 
XenApp/RDS point of view though so I may dismissing some products that would be 
perfectly fine for you on a traditional fat client machine.
On 11 November 2011 12:27, Paul Hutchings 
mailto:paul.hutchi...@mira.co.uk>> wrote:
We actually have Forefront licenses via an MS agreement, I just don't think I 
want to try and get my teeth into SCCM right now just to administer it (I 
appreciate that SCCM does all manner of things but YKWIM, it's a bit of a 
monster).

We do all the defence in depth stuff regards perimiter scanning, URL blocking 
etc.
From: James Rankin [mailto:kz2...@googlemail.com]
Sent: 11 November 2011 12:20
To: NT System Admin Issues
Subject: Re: Antivirus Recommendations?

I haven't dealt much with AV over the last year, but I liked Vipre Enterprise 
last time I did. However we did move from Symantec so anything would probably 
have been a vast improvement.

I notice a lot of people are fans of the MS offerings now (Forefront, Security 
Essentials, etc, don't know the exact current brand names). Truth be known is 
that no AV can provide 100% coverage, and the ones that provide advanced 
heuristic detection are usually the ones with the bigger footprints. I'm 
personally a fan of coupling up your reactive AV with something like AppLocker 
from MS, if you're an AD shop, and obviously some good event log monitoring 
procedures. Defense-in-depth is usually the only way to stay fairly safe.

YMMV, etc.
On 11 November 2011 12:11, Paul Hutchings 
mailto:paul.hutchi...@mira.co.uk>> wrote:
Our Avira Antivir license is up for renewal in a couple of months.  Whilst 
we've had no significant issues, I want to look at a couple of other options so 
that even if we stay with Avira it's for the right technical reasons.

We have around 550 PC's, a mix of Windows XP, Windows Vista, Windows 7, 
predominantly 32bit with some x64.

I'd be looking for a mixture of good centralised management (this almost always 
seems to rule out many vendors) combined with low client footprint - and 
something that is totally "hands off" from the end user perspective and that 
"just works".

Suggestions?

Thanks,
Paul

MIRA Ltd

Watling Street, Nuneaton, Warwickshire, CV10 0TU, England
Registered in England and Wales No. 402570
VAT Registration  GB 100 1464 84

The contents of this e-mail are confidential and are solely for the use of the 
intended recipient.  If you receive this e-mail in error, please delete it and 
notify us either by e-mail, telephone or fax.  You should not copy, forward or 
otherwise disclose the content of the e-mail as this is prohibited.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 

RE: iPhone user can still send emails after being disabled in AD

[Michael B. Smith]

'Cuz erase means erase everything? If it's a user's personal device there is 
liability attached.



Regards,

Michael B. Smith
Consultant and Exchange MVP
http://theessentialexchange.com/

From: Senter, John [john.sen...@etrade.com]
Sent: Friday, November 11, 2011 8:09 AM
To: NT System Admin Issues
Subject: RE: iPhone user can still send emails after being disabled in AD

Why would you not just send a erase command to the device?  If they are still 
connecting in it will take and bam no more exchange.

From: Ben N [mailto:bennordlan...@gmail.com]
Sent: Thursday, November 10, 2011 11:53 PM
To: NT System Admin Issues
Subject: Re: iPhone user can still send emails after being disabled in AD

yes this is exactly what we'll be doing on sudden terminations, we were playing 
with these settings and how fast they kicked on. (after the fact)
On Thu, Nov 10, 2011 at 4:37 PM, Donovan Oliver 
mailto:oliv...@ohsu.edu>> wrote:
Consider disabling all features (Mailbox Features tab) via Exchange Management 
Console for the user object.
[cid:image001.png@01CCA049.4D36B730]
This should sever any existing/ongoing sessions.

- Donovan

From: Ben N [mailto:bennordlan...@gmail.com]
Sent: Tuesday, November 08, 2011 5:33 PM
To: NT System Admin Issues
Subject: iPhone user can still send emails after being disabled in AD

You guys have this issue ever come up? I think this user was disabled in AD at 
about 4pm, and the last email we got from the user's phone was around 8am the 
next morning. iPhone setup with EAS and we have Exchange 2007.

Could it be due to user token caching like from this forum post?
http://social.technet.microsoft.com/Forums/en-US/exchangesvrclients/thread/3da53460-ef76-4f01-94c9-f7b96fdaf99d

~ Finally, powerful endpoint security that ISN'T a resource hog! ~

~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

RE: Antivirus Recommendations?

[Rod Trent]

Simpler, yes, but GPO has no way of reporting success and failures or
allowing you to isolate outbreaks.

 

The idea behind integrating Forefront (now, just Endpoint Protection) with
ConfigMgr is that a) it uses robust distribution technology for the client
and all subsequent updates (a lot like WSUS), b) installation and update
success and failures are tracked and monitored from a central point, c)
virus detection can be monitored, hence, client security can be managed and
a client can be isolated (using and integrated NAP environment) if there's
an outbreak.  There's other reasons and it will depend on your own
environment.

 

Granted.if you're managing a couple hundred PCs it's probably not for you
unless the endpoints are located over a wide area.

 

From: Paul Hutchings [mailto:paul.hutchi...@mira.co.uk] 
Sent: Friday, November 11, 2011 7:57 AM
To: NT System Admin Issues
Subject: RE: Antivirus Recommendations?

 

We used to use Trend.  I quite liked it but we had "issues" with detection
hence the switch.

 

One thing I would quite like is something that can be deployed as an MSI via
Group Policy as it just makes deployment so much simpler.

 

From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: 11 November 2011 12:36
To: NT System Admin Issues
Subject: Re: Antivirus Recommendations?

 

SCCM to deploy it? Didn't realise that. Nasty.

 

I'm still a fan of Vipre, and Trend's offering isn't too bad, although the
detection rates were not vastly impressive. I tend to look at things from a
XenApp/RDS point of view though so I may dismissing some products that would
be perfectly fine for you on a traditional fat client machine.

On 11 November 2011 12:27, Paul Hutchings  wrote:

We actually have Forefront licenses via an MS agreement, I just don't think
I want to try and get my teeth into SCCM right now just to administer it (I
appreciate that SCCM does all manner of things but YKWIM, it's a bit of a
monster).

 

We do all the defence in depth stuff regards perimiter scanning, URL
blocking etc.

From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: 11 November 2011 12:20
To: NT System Admin Issues
Subject: Re: Antivirus Recommendations?

 

I haven't dealt much with AV over the last year, but I liked Vipre
Enterprise last time I did. However we did move from Symantec so anything
would probably have been a vast improvement.

 

I notice a lot of people are fans of the MS offerings now (Forefront,
Security Essentials, etc, don't know the exact current brand names). Truth
be known is that no AV can provide 100% coverage, and the ones that provide
advanced heuristic detection are usually the ones with the bigger
footprints. I'm personally a fan of coupling up your reactive AV with
something like AppLocker from MS, if you're an AD shop, and obviously some
good event log monitoring procedures. Defense-in-depth is usually the only
way to stay fairly safe.

 

YMMV, etc.

On 11 November 2011 12:11, Paul Hutchings  wrote:

Our Avira Antivir license is up for renewal in a couple of months.  Whilst
we've had no significant issues, I want to look at a couple of other options
so that even if we stay with Avira it's for the right technical reasons.

 

We have around 550 PC's, a mix of Windows XP, Windows Vista, Windows 7,
predominantly 32bit with some x64.

 

I'd be looking for a mixture of good centralised management (this almost
always seems to rule out many vendors) combined with low client footprint -
and something that is totally "hands off" from the end user perspective and
that "just works". 

 

Suggestions?

 

Thanks,

Paul

  _  

MIRA Ltd

 

Watling Street, Nuneaton, Warwickshire, CV10 0TU, England

Registered in England and Wales No. 402570

VAT Registration  GB 100 1464 84

 

The contents of this e-mail are confidential and are solely for the use of
the intended recipient.  If you receive this e-mail in error, please delete
it and notify us either by e-mail, telephone or fax.  You should not copy,
forward or otherwise disclose the content of the e-mail as this is
prohibited.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin




-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question."

* IMPORTANT INFORMATION/DISCLAIMER *

This document should be read only by those persons to whom it is addressed.
If you have received this message it was obviously addressed to you and
therefore you can read it, even it we didn't mean to send it to you.
However, if the contents of this email make no sense whatsoever then you
probably were not the int

RE: iPhone user can still send emails after being disabled in AD

[Senter, John]

Why would you not just send a erase command to the device?  If they are still 
connecting in it will take and bam no more exchange.

From: Ben N [mailto:bennordlan...@gmail.com]
Sent: Thursday, November 10, 2011 11:53 PM
To: NT System Admin Issues
Subject: Re: iPhone user can still send emails after being disabled in AD

yes this is exactly what we'll be doing on sudden terminations, we were playing 
with these settings and how fast they kicked on. (after the fact)
On Thu, Nov 10, 2011 at 4:37 PM, Donovan Oliver 
mailto:oliv...@ohsu.edu>> wrote:
Consider disabling all features (Mailbox Features tab) via Exchange Management 
Console for the user object.
[cid:image001.png@01CCA049.4D36B730]
This should sever any existing/ongoing sessions.

- Donovan

From: Ben N [mailto:bennordlan...@gmail.com]
Sent: Tuesday, November 08, 2011 5:33 PM
To: NT System Admin Issues
Subject: iPhone user can still send emails after being disabled in AD

You guys have this issue ever come up? I think this user was disabled in AD at 
about 4pm, and the last email we got from the user's phone was around 8am the 
next morning. iPhone setup with EAS and we have Exchange 2007.

Could it be due to user token caching like from this forum post?
http://social.technet.microsoft.com/Forums/en-US/exchangesvrclients/thread/3da53460-ef76-4f01-94c9-f7b96fdaf99d

~ Finally, powerful endpoint security that ISN'T a resource hog! ~

~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

Re: Antivirus Recommendations?

[James Rankin]

Oh right. That's a bit more slippery.

On 11 November 2011 13:01, Michael B. Smith  wrote:

>  No, you don't have to use SCCM to deploy, but SCCM provides the *
> management* of it. if you install it managed, then you need SCCM (or my
> previously mentioned third-party product). You can also install it
> unmanaged.
>
>
>  Regards,
>
> Michael B. Smith
> Consultant and Exchange MVP
> http://theessentialexchange.com/
>  --
> *From:* James Rankin [kz2...@googlemail.com]
>
> *Sent:* Friday, November 11, 2011 7:36 AM
>  *To:* NT System Admin Issues
> *Subject:* Re: Antivirus Recommendations?
>
>   SCCM to deploy it? Didn't realise that. Nasty.
>
> I'm still a fan of Vipre, and Trend's offering isn't too bad, although the
> detection rates were not vastly impressive. I tend to look at things from a
> XenApp/RDS point of view though so I may dismissing some products that
> would be perfectly fine for you on a traditional fat client machine.
>
> On 11 November 2011 12:27, Paul Hutchings wrote:
>
>>  We actually have Forefront licenses via an MS agreement, I just don’t
>> think I want to try and get my teeth into SCCM right now *just* to
>> administer it (I appreciate that SCCM does all manner of things but YKWIM,
>> it’s a bit of a monster).
>>
>> 
>>
>> We do all the defence in depth stuff regards perimiter scanning, URL
>> blocking etc.
>>
>> 
>>
>> *From:* James Rankin [mailto:kz2...@googlemail.com]
>> *Sent:* 11 November 2011 12:20
>> *To:* NT System Admin Issues
>> *Subject:* Re: Antivirus Recommendations?
>>
>> 
>>
>> I haven't dealt much with AV over the last year, but I liked Vipre
>> Enterprise last time I did. However we did move from Symantec so anything
>> would probably have been a vast improvement.
>>
>> 
>>
>> I notice a lot of people are fans of the MS offerings now (Forefront,
>> Security Essentials, etc, don't know the exact current brand names). Truth
>> be known is that no AV can provide 100% coverage, and the ones that provide
>> advanced heuristic detection are usually the ones with the bigger
>> footprints. I'm personally a fan of coupling up your reactive AV with
>> something like AppLocker from MS, if you're an AD shop, and obviously some
>> good event log monitoring procedures. Defense-in-depth is usually the only
>> way to stay fairly safe.
>>
>> 
>>
>> YMMV, etc.
>>
>> On 11 November 2011 12:11, Paul Hutchings 
>> wrote:
>>
>> Our Avira Antivir license is up for renewal in a couple of months.
>> Whilst we’ve had no significant issues, I want to look at a couple of other
>> options so that even if we stay with Avira it’s for the right technical
>> reasons.
>>
>> 
>>
>> We have around 550 PC’s, a mix of Windows XP, Windows Vista, Windows 7,
>> predominantly 32bit with some x64.
>>
>> 
>>
>> I’d be looking for a mixture of good centralised management (this almost
>> always seems to rule out many vendors) combined with low client footprint –
>> and something that is totally “hands off” from the end user perspective and
>> that “just works”. 
>>
>> 
>>
>> Suggestions?
>>
>> 
>>
>> Thanks,
>>
>> Paul
>>  --
>>
>> *MIRA Ltd*
>>
>> 
>>
>> Watling Street, Nuneaton, Warwickshire, CV10 0TU, England
>>
>> Registered in England and Wales No. 402570
>>
>> VAT Registration  GB 100 1464 84
>>
>> 
>>
>> The contents of this e-mail are confidential and are solely for the use
>> of the intended recipient.  If you receive this e-mail in error, please
>> delete it and notify us either by e-mail, telephone or fax.  You should not
>> copy, forward or otherwise disclose the content of the e-mail as this is
>> prohibited.
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>>
>>
>>
>> --
>> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
>> the machine wrong figures, will the right answers come out?' I am not able
>> rightly to apprehend the kind of confusion of ideas that could provoke such
>> a question."
>>
>> ** IMPORTANT INFORMATION/DISCLAIMER *
>>
>> This document should be read only by those persons to whom it is
>> addressed. If you have received this message it was obviously addressed to
>> you and therefore you can read it, even it we didn't mean to send it to
>> you. However, if the contents of this email make no sense whatsoever then
>> you probably were not the intended recipient, or, alternatively, you are a
>> mindless cretin; either way, you should immediately kill yourself and
>> destroy your computer (not necessarily in that order). Once you have taken
>> this action, please contact us.. no, sorry, yo

Re: Antivirus Recommendations?

[James Rankin]

I remember people installing SAV 10 via GPO (
http://www.symantec.com/business/support/index?page=content&id=TECH101395 ) -
but a lot of times the consoles themselves have features to enable
automatic deployment based on criteria you specify, sometimes allowing you
a lot more granularity than the GPO method. Unfortunately my rustiness in
this area means I can't remember any that have these features :-(



On 11 November 2011 12:57, Paul Hutchings  wrote:

>  We used to use Trend.  I quite liked it but we had “issues” with
> detection hence the switch.
>
> ** **
>
> One thing I would quite like is something that can be deployed as an MSI
> via Group Policy as it just makes deployment so much simpler.
>
> ** **
>
> *From:* James Rankin [mailto:kz2...@googlemail.com]
> *Sent:* 11 November 2011 12:36
>
> *To:* NT System Admin Issues
> *Subject:* Re: Antivirus Recommendations?
>
>  ** **
>
> SCCM to deploy it? Didn't realise that. Nasty.
>
>  
>
> I'm still a fan of Vipre, and Trend's offering isn't too bad, although the
> detection rates were not vastly impressive. I tend to look at things from a
> XenApp/RDS point of view though so I may dismissing some products that
> would be perfectly fine for you on a traditional fat client machine.
>
> On 11 November 2011 12:27, Paul Hutchings 
> wrote:
>
> We actually have Forefront licenses via an MS agreement, I just don’t
> think I want to try and get my teeth into SCCM right now *just* to
> administer it (I appreciate that SCCM does all manner of things but YKWIM,
> it’s a bit of a monster).
>
>  
>
> We do all the defence in depth stuff regards perimiter scanning, URL
> blocking etc.
>
> *From:* James Rankin [mailto:kz2...@googlemail.com]
> *Sent:* 11 November 2011 12:20
> *To:* NT System Admin Issues
> *Subject:* Re: Antivirus Recommendations?
>
>  
>
> I haven't dealt much with AV over the last year, but I liked Vipre
> Enterprise last time I did. However we did move from Symantec so anything
> would probably have been a vast improvement.
>
>  
>
> I notice a lot of people are fans of the MS offerings now (Forefront,
> Security Essentials, etc, don't know the exact current brand names). Truth
> be known is that no AV can provide 100% coverage, and the ones that provide
> advanced heuristic detection are usually the ones with the bigger
> footprints. I'm personally a fan of coupling up your reactive AV with
> something like AppLocker from MS, if you're an AD shop, and obviously some
> good event log monitoring procedures. Defense-in-depth is usually the only
> way to stay fairly safe.
>
>  
>
> YMMV, etc.
>
> On 11 November 2011 12:11, Paul Hutchings 
> wrote:
>
> Our Avira Antivir license is up for renewal in a couple of months.  Whilst
> we’ve had no significant issues, I want to look at a couple of other
> options so that even if we stay with Avira it’s for the right technical
> reasons.
>
>  
>
> We have around 550 PC’s, a mix of Windows XP, Windows Vista, Windows 7,
> predominantly 32bit with some x64.
>
>  
>
> I’d be looking for a mixture of good centralised management (this almost
> always seems to rule out many vendors) combined with low client footprint –
> and something that is totally “hands off” from the end user perspective and
> that “just works”. 
>
>  
>
> Suggestions?
>
>  
>
> Thanks,
>
> Paul
>  --
>
> *MIRA Ltd*
>
>  
>
> Watling Street, Nuneaton, Warwickshire, CV10 0TU, England
>
> Registered in England and Wales No. 402570
>
> VAT Registration  GB 100 1464 84
>
>  
>
> The contents of this e-mail are confidential and are solely for the use of
> the intended recipient.  If you receive this e-mail in error, please delete
> it and notify us either by e-mail, telephone or fax.  You should not copy,
> forward or otherwise disclose the content of the e-mail as this is
> prohibited.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
>
>
> --
> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
> the machine wrong figures, will the right answers come out?' I am not able
> rightly to apprehend the kind of confusion of ideas that could provoke such
> a question."
>
> ** IMPORTANT INFORMATION/DISCLAIMER *
>
> This document should be read only by those persons to whom it is
> addressed. If you have received this message it was obviously addressed to
> you and therefore you can read it, even it we didn't mean to send it to
> you. However, if the contents of this email make no sense whatsoever then
> you probably were not the intended recipient, or, alternatively, you are 

RE: Antivirus Recommendations?

[Michael B. Smith]

No, you don't have to use SCCM to deploy, but SCCM provides the management of 
it. if you install it managed, then you need SCCM (or my previously mentioned 
third-party product). You can also install it unmanaged.



Regards,

Michael B. Smith
Consultant and Exchange MVP
http://theessentialexchange.com/

From: James Rankin [kz2...@googlemail.com]
Sent: Friday, November 11, 2011 7:36 AM
To: NT System Admin Issues
Subject: Re: Antivirus Recommendations?

SCCM to deploy it? Didn't realise that. Nasty.

I'm still a fan of Vipre, and Trend's offering isn't too bad, although the 
detection rates were not vastly impressive. I tend to look at things from a 
XenApp/RDS point of view though so I may dismissing some products that would be 
perfectly fine for you on a traditional fat client machine.

On 11 November 2011 12:27, Paul Hutchings 
mailto:paul.hutchi...@mira.co.uk>> wrote:
We actually have Forefront licenses via an MS agreement, I just don’t think I 
want to try and get my teeth into SCCM right now just to administer it (I 
appreciate that SCCM does all manner of things but YKWIM, it’s a bit of a 
monster).

We do all the defence in depth stuff regards perimiter scanning, URL blocking 
etc.

From: James Rankin [mailto:kz2...@googlemail.com]
Sent: 11 November 2011 12:20
To: NT System Admin Issues
Subject: Re: Antivirus Recommendations?

I haven't dealt much with AV over the last year, but I liked Vipre Enterprise 
last time I did. However we did move from Symantec so anything would probably 
have been a vast improvement.

I notice a lot of people are fans of the MS offerings now (Forefront, Security 
Essentials, etc, don't know the exact current brand names). Truth be known is 
that no AV can provide 100% coverage, and the ones that provide advanced 
heuristic detection are usually the ones with the bigger footprints. I'm 
personally a fan of coupling up your reactive AV with something like AppLocker 
from MS, if you're an AD shop, and obviously some good event log monitoring 
procedures. Defense-in-depth is usually the only way to stay fairly safe.

YMMV, etc.
On 11 November 2011 12:11, Paul Hutchings 
mailto:paul.hutchi...@mira.co.uk>> wrote:
Our Avira Antivir license is up for renewal in a couple of months.  Whilst 
we’ve had no significant issues, I want to look at a couple of other options so 
that even if we stay with Avira it’s for the right technical reasons.

We have around 550 PC’s, a mix of Windows XP, Windows Vista, Windows 7, 
predominantly 32bit with some x64.

I’d be looking for a mixture of good centralised management (this almost always 
seems to rule out many vendors) combined with low client footprint – and 
something that is totally “hands off” from the end user perspective and that 
“just works”.

Suggestions?

Thanks,
Paul

MIRA Ltd

Watling Street, Nuneaton, Warwickshire, CV10 0TU, England
Registered in England and Wales No. 402570
VAT Registration  GB 100 1464 84

The contents of this e-mail are confidential and are solely for the use of the 
intended recipient.  If you receive this e-mail in error, please delete it and 
notify us either by e-mail, telephone or fax.  You should not copy, forward or 
otherwise disclose the content of the e-mail as this is prohibited.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



--
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the 
machine wrong figures, will the right answers come out?' I am not able rightly 
to apprehend the kind of confusion of ideas that could provoke such a question."

* IMPORTANT INFORMATION/DISCLAIMER *

This document should be read only by those persons to whom it is addressed. If 
you have received this message it was obviously addressed to you and therefore 
you can read it, even it we didn't mean to send it to you. However, if the 
contents of this email make no sense whatsoever then you probably were not the 
intended recipient, or, alternatively, you are a mindless cretin; either way, 
you should immediately kill yourself and destroy your computer (not necessarily 
in that order). Once you have taken this action, please contact us.. no, sorry, 
you can't use your computer, because you just destroyed it, and possibly also 
committed suicide afterwards, but I am starting to digress..

The originator of this email is not liable for the transmission of the 
information contained in this communication. Or are they? Either way it's a 
pretty dull legal query and frankly one I'm not going to dwell on. But should 
you have nothing better to do, please feel free to ruminate on it,

RE: Antivirus Recommendations?

[Paul Hutchings]

We used to use Trend.  I quite liked it but we had "issues" with detection 
hence the switch.

One thing I would quite like is something that can be deployed as an MSI via 
Group Policy as it just makes deployment so much simpler.

From: James Rankin [mailto:kz2...@googlemail.com]
Sent: 11 November 2011 12:36
To: NT System Admin Issues
Subject: Re: Antivirus Recommendations?

SCCM to deploy it? Didn't realise that. Nasty.

I'm still a fan of Vipre, and Trend's offering isn't too bad, although the 
detection rates were not vastly impressive. I tend to look at things from a 
XenApp/RDS point of view though so I may dismissing some products that would be 
perfectly fine for you on a traditional fat client machine.
On 11 November 2011 12:27, Paul Hutchings 
mailto:paul.hutchi...@mira.co.uk>> wrote:
We actually have Forefront licenses via an MS agreement, I just don't think I 
want to try and get my teeth into SCCM right now just to administer it (I 
appreciate that SCCM does all manner of things but YKWIM, it's a bit of a 
monster).

We do all the defence in depth stuff regards perimiter scanning, URL blocking 
etc.
From: James Rankin [mailto:kz2...@googlemail.com]
Sent: 11 November 2011 12:20
To: NT System Admin Issues
Subject: Re: Antivirus Recommendations?

I haven't dealt much with AV over the last year, but I liked Vipre Enterprise 
last time I did. However we did move from Symantec so anything would probably 
have been a vast improvement.

I notice a lot of people are fans of the MS offerings now (Forefront, Security 
Essentials, etc, don't know the exact current brand names). Truth be known is 
that no AV can provide 100% coverage, and the ones that provide advanced 
heuristic detection are usually the ones with the bigger footprints. I'm 
personally a fan of coupling up your reactive AV with something like AppLocker 
from MS, if you're an AD shop, and obviously some good event log monitoring 
procedures. Defense-in-depth is usually the only way to stay fairly safe.

YMMV, etc.
On 11 November 2011 12:11, Paul Hutchings 
mailto:paul.hutchi...@mira.co.uk>> wrote:
Our Avira Antivir license is up for renewal in a couple of months.  Whilst 
we've had no significant issues, I want to look at a couple of other options so 
that even if we stay with Avira it's for the right technical reasons.

We have around 550 PC's, a mix of Windows XP, Windows Vista, Windows 7, 
predominantly 32bit with some x64.

I'd be looking for a mixture of good centralised management (this almost always 
seems to rule out many vendors) combined with low client footprint - and 
something that is totally "hands off" from the end user perspective and that 
"just works".

Suggestions?

Thanks,
Paul

MIRA Ltd

Watling Street, Nuneaton, Warwickshire, CV10 0TU, England
Registered in England and Wales No. 402570
VAT Registration  GB 100 1464 84

The contents of this e-mail are confidential and are solely for the use of the 
intended recipient.  If you receive this e-mail in error, please delete it and 
notify us either by e-mail, telephone or fax.  You should not copy, forward or 
otherwise disclose the content of the e-mail as this is prohibited.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



--
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the 
machine wrong figures, will the right answers come out?' I am not able rightly 
to apprehend the kind of confusion of ideas that could provoke such a question."

* IMPORTANT INFORMATION/DISCLAIMER *

This document should be read only by those persons to whom it is addressed. If 
you have received this message it was obviously addressed to you and therefore 
you can read it, even it we didn't mean to send it to you. However, if the 
contents of this email make no sense whatsoever then you probably were not the 
intended recipient, or, alternatively, you are a mindless cretin; either way, 
you should immediately kill yourself and destroy your computer (not necessarily 
in that order). Once you have taken this action, please contact us.. no, sorry, 
you can't use your computer, because you just destroyed it, and possibly also 
committed suicide afterwards, but I am starting to digress..

The originator of this email is not liable for the transmission of the 
information contained in this communication. Or are they? Either way it's a 
pretty dull legal query and frankly one I'm not going to dwell on. But should 
you have nothing better to do, please feel free to ruminate on it, and please 
pass on any concrete conclusions should you find them. However, if you pass 
them on via email, be s

RE: Antivirus Recommendations?

[Jim Holmgren]

We went through this exercise about a 14 months ago.  We chose Sophos.   I have 
not regretted it one bit.  Easy to deploy, centrally managed, relatively small 
footprint...and best of all - it actually WORKS.

Jim

Jim Holmgren
Director of Technology Infrastructure
XLHealth Corporation
The Warehouse at Camden Yards
351 West Camden Street, Suite 100
Baltimore, MD 21201
410.625.2200 (main)
443.524.8573 (direct)
443-506.2400 (cell)
www.xlhealth.com



From: James Rankin [mailto:kz2...@googlemail.com]
Sent: Friday, November 11, 2011 7:36 AM
To: NT System Admin Issues
Subject: Re: Antivirus Recommendations?

SCCM to deploy it? Didn't realise that. Nasty.

I'm still a fan of Vipre, and Trend's offering isn't too bad, although the 
detection rates were not vastly impressive. I tend to look at things from a 
XenApp/RDS point of view though so I may dismissing some products that would be 
perfectly fine for you on a traditional fat client machine.
On 11 November 2011 12:27, Paul Hutchings 
mailto:paul.hutchi...@mira.co.uk>> wrote:
We actually have Forefront licenses via an MS agreement, I just don't think I 
want to try and get my teeth into SCCM right now just to administer it (I 
appreciate that SCCM does all manner of things but YKWIM, it's a bit of a 
monster).

We do all the defence in depth stuff regards perimiter scanning, URL blocking 
etc.
From: James Rankin [mailto:kz2...@googlemail.com]
Sent: 11 November 2011 12:20
To: NT System Admin Issues
Subject: Re: Antivirus Recommendations?

I haven't dealt much with AV over the last year, but I liked Vipre Enterprise 
last time I did. However we did move from Symantec so anything would probably 
have been a vast improvement.

I notice a lot of people are fans of the MS offerings now (Forefront, Security 
Essentials, etc, don't know the exact current brand names). Truth be known is 
that no AV can provide 100% coverage, and the ones that provide advanced 
heuristic detection are usually the ones with the bigger footprints. I'm 
personally a fan of coupling up your reactive AV with something like AppLocker 
from MS, if you're an AD shop, and obviously some good event log monitoring 
procedures. Defense-in-depth is usually the only way to stay fairly safe.

YMMV, etc.
On 11 November 2011 12:11, Paul Hutchings 
mailto:paul.hutchi...@mira.co.uk>> wrote:
Our Avira Antivir license is up for renewal in a couple of months.  Whilst 
we've had no significant issues, I want to look at a couple of other options so 
that even if we stay with Avira it's for the right technical reasons.

We have around 550 PC's, a mix of Windows XP, Windows Vista, Windows 7, 
predominantly 32bit with some x64.

I'd be looking for a mixture of good centralised management (this almost always 
seems to rule out many vendors) combined with low client footprint - and 
something that is totally "hands off" from the end user perspective and that 
"just works".

Suggestions?

Thanks,
Paul

MIRA Ltd

Watling Street, Nuneaton, Warwickshire, CV10 0TU, England
Registered in England and Wales No. 402570
VAT Registration  GB 100 1464 84

The contents of this e-mail are confidential and are solely for the use of the 
intended recipient.  If you receive this e-mail in error, please delete it and 
notify us either by e-mail, telephone or fax.  You should not copy, forward or 
otherwise disclose the content of the e-mail as this is prohibited.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



--
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the 
machine wrong figures, will the right answers come out?' I am not able rightly 
to apprehend the kind of confusion of ideas that could provoke such a question."

* IMPORTANT INFORMATION/DISCLAIMER *

This document should be read only by those persons to whom it is addressed. If 
you have received this message it was obviously addressed to you and therefore 
you can read it, even it we didn't mean to send it to you. However, if the 
contents of this email make no sense whatsoever then you probably were not the 
intended recipient, or, alternatively, you are a mindless cretin; either way, 
you should immediately kill yourself and destroy your computer (not necessarily 
in that order). Once you have taken this action, please contact us.. no, sorry, 
you can't use your computer, because you just destroyed it, and possibly also 
committed suicide afterwards, but I am starting to digress..

The originator of this email is not liable for the transmission of the 
information contained in this communication. Or are they? Either way it's a 

RE: Antivirus Recommendations?

[Paul Hutchings]

A couple of consultant days and we'd be over the cost of any a/v licenses, so I 
don't have many issues with not using sccm just yet as I figure diving in and 
screwing it up will potentially cost us more.

It's annoying as I'd quite like to try it, but I don't want to lose several 
days just to get to the point where I can do so.

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: 11 November 2011 12:34
To: NT System Admin Issues
Subject: RE: Antivirus Recommendations?


There are one or two third parties that offer management for Forefront without 
SCCM.



That being said, and I don't know how large your organization is, but you may 
find it MUCH cheaper to pay a consultant to come in for a few days to help you 
set up SCCM (just for patching) than to sign a license for a different A/V.


Regards,

Michael B. Smith
Consultant and Exchange MVP
http://theessentialexchange.com/

From: Paul Hutchings [paul.hutchi...@mira.co.uk]
Sent: Friday, November 11, 2011 7:27 AM
To: NT System Admin Issues
Subject: RE: Antivirus Recommendations?
We actually have Forefront licenses via an MS agreement, I just don't think I 
want to try and get my teeth into SCCM right now just to administer it (I 
appreciate that SCCM does all manner of things but YKWIM, it's a bit of a 
monster).

We do all the defence in depth stuff regards perimiter scanning, URL blocking 
etc.
From: James Rankin 
[mailto:kz2...@googlemail.com]
Sent: 11 November 2011 12:20
To: NT System Admin Issues
Subject: Re: Antivirus Recommendations?

I haven't dealt much with AV over the last year, but I liked Vipre Enterprise 
last time I did. However we did move from Symantec so anything would probably 
have been a vast improvement.

I notice a lot of people are fans of the MS offerings now (Forefront, Security 
Essentials, etc, don't know the exact current brand names). Truth be known is 
that no AV can provide 100% coverage, and the ones that provide advanced 
heuristic detection are usually the ones with the bigger footprints. I'm 
personally a fan of coupling up your reactive AV with something like AppLocker 
from MS, if you're an AD shop, and obviously some good event log monitoring 
procedures. Defense-in-depth is usually the only way to stay fairly safe.

YMMV, etc.
On 11 November 2011 12:11, Paul Hutchings 
mailto:paul.hutchi...@mira.co.uk>> wrote:
Our Avira Antivir license is up for renewal in a couple of months.  Whilst 
we've had no significant issues, I want to look at a couple of other options so 
that even if we stay with Avira it's for the right technical reasons.

We have around 550 PC's, a mix of Windows XP, Windows Vista, Windows 7, 
predominantly 32bit with some x64.

I'd be looking for a mixture of good centralised management (this almost always 
seems to rule out many vendors) combined with low client footprint - and 
something that is totally "hands off" from the end user perspective and that 
"just works".

Suggestions?

Thanks,
Paul

MIRA Ltd

Watling Street, Nuneaton, Warwickshire, CV10 0TU, England
Registered in England and Wales No. 402570
VAT Registration  GB 100 1464 84

The contents of this e-mail are confidential and are solely for the use of the 
intended recipient.  If you receive this e-mail in error, please delete it and 
notify us either by e-mail, telephone or fax.  You should not copy, forward or 
otherwise disclose the content of the e-mail as this is prohibited.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



--
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the 
machine wrong figures, will the right answers come out?' I am not able rightly 
to apprehend the kind of confusion of ideas that could provoke such a question."

* IMPORTANT INFORMATION/DISCLAIMER *

This document should be read only by those persons to whom it is addressed. If 
you have received this message it was obviously addressed to you and therefore 
you can read it, even it we didn't mean to send it to you. However, if the 
contents of this email make no sense whatsoever then you probably were not the 
intended recipient, or, alternatively, you are a mindless cretin; either way, 
you should immediately kill yourself and destroy your computer (not necessarily 
in that order). Once you have taken this action, please contact us.. no, sorry, 
you can't use your computer, because you just destroyed it, and possibly also 
committed suicide afterwards, but I am starting to digress..

The originator of this email is not liable for the transmission of the 
information contained in this communicatio

Re: Antivirus Recommendations?

[James Rankin]

SCCM to deploy it? Didn't realise that. Nasty.

I'm still a fan of Vipre, and Trend's offering isn't too bad, although the
detection rates were not vastly impressive. I tend to look at things from a
XenApp/RDS point of view though so I may dismissing some products that
would be perfectly fine for you on a traditional fat client machine.

On 11 November 2011 12:27, Paul Hutchings  wrote:

>  We actually have Forefront licenses via an MS agreement, I just don’t
> think I want to try and get my teeth into SCCM right now *just* to
> administer it (I appreciate that SCCM does all manner of things but YKWIM,
> it’s a bit of a monster).
>
> ** **
>
> We do all the defence in depth stuff regards perimiter scanning, URL
> blocking etc.
>
> 
>
> *From:* James Rankin [mailto:kz2...@googlemail.com]
> *Sent:* 11 November 2011 12:20
> *To:* NT System Admin Issues
> *Subject:* Re: Antivirus Recommendations?
>
> ** **
>
> I haven't dealt much with AV over the last year, but I liked Vipre
> Enterprise last time I did. However we did move from Symantec so anything
> would probably have been a vast improvement.
>
>  
>
> I notice a lot of people are fans of the MS offerings now (Forefront,
> Security Essentials, etc, don't know the exact current brand names). Truth
> be known is that no AV can provide 100% coverage, and the ones that provide
> advanced heuristic detection are usually the ones with the bigger
> footprints. I'm personally a fan of coupling up your reactive AV with
> something like AppLocker from MS, if you're an AD shop, and obviously some
> good event log monitoring procedures. Defense-in-depth is usually the only
> way to stay fairly safe.
>
>  
>
> YMMV, etc.
>
> On 11 November 2011 12:11, Paul Hutchings 
> wrote:
>
> Our Avira Antivir license is up for renewal in a couple of months.  Whilst
> we’ve had no significant issues, I want to look at a couple of other
> options so that even if we stay with Avira it’s for the right technical
> reasons.
>
>  
>
> We have around 550 PC’s, a mix of Windows XP, Windows Vista, Windows 7,
> predominantly 32bit with some x64.
>
>  
>
> I’d be looking for a mixture of good centralised management (this almost
> always seems to rule out many vendors) combined with low client footprint –
> and something that is totally “hands off” from the end user perspective and
> that “just works”. 
>
>  
>
> Suggestions?
>
>  
>
> Thanks,
>
> Paul
>  --
>
> *MIRA Ltd*
>
> ** **
>
> Watling Street, Nuneaton, Warwickshire, CV10 0TU, England
>
> Registered in England and Wales No. 402570
>
> VAT Registration  GB 100 1464 84
>
> ** **
>
> The contents of this e-mail are confidential and are solely for the use of
> the intended recipient.  If you receive this e-mail in error, please delete
> it and notify us either by e-mail, telephone or fax.  You should not copy,
> forward or otherwise disclose the content of the e-mail as this is
> prohibited.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
>
>
> --
> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
> the machine wrong figures, will the right answers come out?' I am not able
> rightly to apprehend the kind of confusion of ideas that could provoke such
> a question."
>
> ** IMPORTANT INFORMATION/DISCLAIMER *
>
> This document should be read only by those persons to whom it is
> addressed. If you have received this message it was obviously addressed to
> you and therefore you can read it, even it we didn't mean to send it to
> you. However, if the contents of this email make no sense whatsoever then
> you probably were not the intended recipient, or, alternatively, you are a
> mindless cretin; either way, you should immediately kill yourself and
> destroy your computer (not necessarily in that order). Once you have taken
> this action, please contact us.. no, sorry, you can't use your computer,
> because you just destroyed it, and possibly also committed suicide
> afterwards, but I am starting to digress.. *
>
> *The originator of this email is not liable for the transmission of the
> information contained in this communication. Or are they? Either way it's a
> pretty dull legal query and frankly one I'm not going to dwell on. But
> should you have nothing better to do, please feel free to ruminate on it,
> and please pass on any concrete conclusions should you find them. However,
> if you pass them on via email, be sure to include a disclaimer regarding
> liability for transmission.*
>
> *In the event that the originator did not send this email to you, then
> please return it to us and

RE: Antivirus Recommendations?

[Michael B. Smith]

There are one or two third parties that offer management for Forefront without 
SCCM.



That being said, and I don't know how large your organization is, but you may 
find it MUCH cheaper to pay a consultant to come in for a few days to help you 
set up SCCM (just for patching) than to sign a license for a different A/V.



Regards,

Michael B. Smith
Consultant and Exchange MVP
http://theessentialexchange.com/

From: Paul Hutchings [paul.hutchi...@mira.co.uk]
Sent: Friday, November 11, 2011 7:27 AM
To: NT System Admin Issues
Subject: RE: Antivirus Recommendations?

We actually have Forefront licenses via an MS agreement, I just don’t think I 
want to try and get my teeth into SCCM right now just to administer it (I 
appreciate that SCCM does all manner of things but YKWIM, it’s a bit of a 
monster).

We do all the defence in depth stuff regards perimiter scanning, URL blocking 
etc.

From: James Rankin [mailto:kz2...@googlemail.com]
Sent: 11 November 2011 12:20
To: NT System Admin Issues
Subject: Re: Antivirus Recommendations?

I haven't dealt much with AV over the last year, but I liked Vipre Enterprise 
last time I did. However we did move from Symantec so anything would probably 
have been a vast improvement.

I notice a lot of people are fans of the MS offerings now (Forefront, Security 
Essentials, etc, don't know the exact current brand names). Truth be known is 
that no AV can provide 100% coverage, and the ones that provide advanced 
heuristic detection are usually the ones with the bigger footprints. I'm 
personally a fan of coupling up your reactive AV with something like AppLocker 
from MS, if you're an AD shop, and obviously some good event log monitoring 
procedures. Defense-in-depth is usually the only way to stay fairly safe.

YMMV, etc.
On 11 November 2011 12:11, Paul Hutchings 
mailto:paul.hutchi...@mira.co.uk>> wrote:
Our Avira Antivir license is up for renewal in a couple of months.  Whilst 
we’ve had no significant issues, I want to look at a couple of other options so 
that even if we stay with Avira it’s for the right technical reasons.

We have around 550 PC’s, a mix of Windows XP, Windows Vista, Windows 7, 
predominantly 32bit with some x64.

I’d be looking for a mixture of good centralised management (this almost always 
seems to rule out many vendors) combined with low client footprint – and 
something that is totally “hands off” from the end user perspective and that 
“just works”.

Suggestions?

Thanks,
Paul

MIRA Ltd

Watling Street, Nuneaton, Warwickshire, CV10 0TU, England
Registered in England and Wales No. 402570
VAT Registration  GB 100 1464 84

The contents of this e-mail are confidential and are solely for the use of the 
intended recipient.  If you receive this e-mail in error, please delete it and 
notify us either by e-mail, telephone or fax.  You should not copy, forward or 
otherwise disclose the content of the e-mail as this is prohibited.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



--
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the 
machine wrong figures, will the right answers come out?' I am not able rightly 
to apprehend the kind of confusion of ideas that could provoke such a question."

* IMPORTANT INFORMATION/DISCLAIMER *

This document should be read only by those persons to whom it is addressed. If 
you have received this message it was obviously addressed to you and therefore 
you can read it, even it we didn't mean to send it to you. However, if the 
contents of this email make no sense whatsoever then you probably were not the 
intended recipient, or, alternatively, you are a mindless cretin; either way, 
you should immediately kill yourself and destroy your computer (not necessarily 
in that order). Once you have taken this action, please contact us.. no, sorry, 
you can't use your computer, because you just destroyed it, and possibly also 
committed suicide afterwards, but I am starting to digress..

The originator of this email is not liable for the transmission of the 
information contained in this communication. Or are they? Either way it's a 
pretty dull legal query and frankly one I'm not going to dwell on. But should 
you have nothing better to do, please feel free to ruminate on it, and please 
pass on any concrete conclusions should you find them. However, if you pass 
them on via email, be sure to include a disclaimer regarding liability for 
transmission.

In the event that the originator did not send this email to you, then please 
return it to us and attach a scanned-in picture of your mother's brother's wife 
wea

RE: Antivirus Recommendations?

[Paul Hutchings]

We actually have Forefront licenses via an MS agreement, I just don't think I 
want to try and get my teeth into SCCM right now just to administer it (I 
appreciate that SCCM does all manner of things but YKWIM, it's a bit of a 
monster).

We do all the defence in depth stuff regards perimiter scanning, URL blocking 
etc.

From: James Rankin [mailto:kz2...@googlemail.com]
Sent: 11 November 2011 12:20
To: NT System Admin Issues
Subject: Re: Antivirus Recommendations?

I haven't dealt much with AV over the last year, but I liked Vipre Enterprise 
last time I did. However we did move from Symantec so anything would probably 
have been a vast improvement.

I notice a lot of people are fans of the MS offerings now (Forefront, Security 
Essentials, etc, don't know the exact current brand names). Truth be known is 
that no AV can provide 100% coverage, and the ones that provide advanced 
heuristic detection are usually the ones with the bigger footprints. I'm 
personally a fan of coupling up your reactive AV with something like AppLocker 
from MS, if you're an AD shop, and obviously some good event log monitoring 
procedures. Defense-in-depth is usually the only way to stay fairly safe.

YMMV, etc.
On 11 November 2011 12:11, Paul Hutchings 
mailto:paul.hutchi...@mira.co.uk>> wrote:
Our Avira Antivir license is up for renewal in a couple of months.  Whilst 
we've had no significant issues, I want to look at a couple of other options so 
that even if we stay with Avira it's for the right technical reasons.

We have around 550 PC's, a mix of Windows XP, Windows Vista, Windows 7, 
predominantly 32bit with some x64.

I'd be looking for a mixture of good centralised management (this almost always 
seems to rule out many vendors) combined with low client footprint - and 
something that is totally "hands off" from the end user perspective and that 
"just works".

Suggestions?

Thanks,
Paul

MIRA Ltd

Watling Street, Nuneaton, Warwickshire, CV10 0TU, England
Registered in England and Wales No. 402570
VAT Registration  GB 100 1464 84

The contents of this e-mail are confidential and are solely for the use of the 
intended recipient.  If you receive this e-mail in error, please delete it and 
notify us either by e-mail, telephone or fax.  You should not copy, forward or 
otherwise disclose the content of the e-mail as this is prohibited.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



--
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the 
machine wrong figures, will the right answers come out?' I am not able rightly 
to apprehend the kind of confusion of ideas that could provoke such a question."

* IMPORTANT INFORMATION/DISCLAIMER *

This document should be read only by those persons to whom it is addressed. If 
you have received this message it was obviously addressed to you and therefore 
you can read it, even it we didn't mean to send it to you. However, if the 
contents of this email make no sense whatsoever then you probably were not the 
intended recipient, or, alternatively, you are a mindless cretin; either way, 
you should immediately kill yourself and destroy your computer (not necessarily 
in that order). Once you have taken this action, please contact us.. no, sorry, 
you can't use your computer, because you just destroyed it, and possibly also 
committed suicide afterwards, but I am starting to digress..

The originator of this email is not liable for the transmission of the 
information contained in this communication. Or are they? Either way it's a 
pretty dull legal query and frankly one I'm not going to dwell on. But should 
you have nothing better to do, please feel free to ruminate on it, and please 
pass on any concrete conclusions should you find them. However, if you pass 
them on via email, be sure to include a disclaimer regarding liability for 
transmission.

In the event that the originator did not send this email to you, then please 
return it to us and attach a scanned-in picture of your mother's brother's wife 
wearing nothing but a kangaroo suit, and we will immediately refund you exactly 
half of what you paid for the can of Whiskas you bought when you went to Pets 
At Home yesterday.

We take no responsibility for non-receipt of this email because we are running 
Exchange 5.5 and everyone knows how glitchy that can be. In the event that you 
do get this message then please note that we take no responsibility for that 
either. Nor will we accept any liability, tacit or implied, for any damage you 
may or may not incur as a result of receiving, or not, as the case may be, from 
time to time, notwithstanding

Re: Antivirus Recommendations?

[James Rankin]

I haven't dealt much with AV over the last year, but I liked Vipre
Enterprise last time I did. However we did move from Symantec so anything
would probably have been a vast improvement.

I notice a lot of people are fans of the MS offerings now (Forefront,
Security Essentials, etc, don't know the exact current brand names). Truth
be known is that no AV can provide 100% coverage, and the ones that provide
advanced heuristic detection are usually the ones with the bigger
footprints. I'm personally a fan of coupling up your reactive AV with
something like AppLocker from MS, if you're an AD shop, and obviously some
good event log monitoring procedures. Defense-in-depth is usually the only
way to stay fairly safe.

YMMV, etc.

On 11 November 2011 12:11, Paul Hutchings  wrote:

>  Our Avira Antivir license is up for renewal in a couple of months.
> Whilst we’ve had no significant issues, I want to look at a couple of other
> options so that even if we stay with Avira it’s for the right technical
> reasons.
>
> ** **
>
> We have around 550 PC’s, a mix of Windows XP, Windows Vista, Windows 7,
> predominantly 32bit with some x64.
>
> ** **
>
> I’d be looking for a mixture of good centralised management (this almost
> always seems to rule out many vendors) combined with low client footprint –
> and something that is totally “hands off” from the end user perspective and
> that “just works”. 
>
> ** **
>
> Suggestions?
>
> ** **
>
> Thanks,
>
> Paul
>  --
>  *MIRA Ltd*
>
> Watling Street, Nuneaton, Warwickshire, CV10 0TU, England
>  Registered in England and Wales No. 402570
> VAT Registration  GB 100 1464 84
>
> The contents of this e-mail are confidential and are solely for the use of
> the intended recipient.  If you receive this e-mail in error, please delete
> it and notify us either by e-mail, telephone or fax.  You should not copy,
> forward or otherwise disclose the content of the e-mail as this is
> prohibited.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>



-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question."

** IMPORTANT INFORMATION/DISCLAIMER *

This document should be read only by those persons to whom it is addressed.
If you have received this message it was obviously addressed to you and
therefore you can read it, even it we didn't mean to send it to you.
However, if the contents of this email make no sense whatsoever then you
probably were not the intended recipient, or, alternatively, you are a
mindless cretin; either way, you should immediately kill yourself and
destroy your computer (not necessarily in that order). Once you have taken
this action, please contact us.. no, sorry, you can't use your computer,
because you just destroyed it, and possibly also committed suicide
afterwards, but I am starting to digress.. *

*The originator of this email is not liable for the transmission of the
information contained in this communication. Or are they? Either way it's a
pretty dull legal query and frankly one I'm not going to dwell on. But
should you have nothing better to do, please feel free to ruminate on it,
and please pass on any concrete conclusions should you find them. However,
if you pass them on via email, be sure to include a disclaimer regarding
liability for transmission.
*

*In the event that the originator did not send this email to you, then
please return it to us and attach a scanned-in picture of your mother's
brother's wife wearing nothing but a kangaroo suit, and we will immediately
refund you exactly half of what you paid for the can of Whiskas you bought
when you went to Pets** **At Home yesterday. *

*We take no responsibility for non-receipt of this email because we are
running Exchange 5.5 and everyone knows how glitchy that can be. In the
event that you do get this message then please note that we take no
responsibility for that either. Nor will we accept any liability, tacit or
implied, for any damage you may or may not incur as a result of receiving,
or not, as the case may be, from time to time, notwithstanding all
liabilities implied or otherwise, ummm, hell, where was I...umm, no matter
what happens, it is NOT, and NEVER WILL BE, OUR FAULT! *

*The comments and opinions expressed herein are my own and NOT those of my
employer, who, if he knew I was sending emails and surfing the seamier side
of the Internet, would cut off my manhood and feed it to me for afternoon
tea. *

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~