RE: New ISP - I have to route public IP's

[John Gwinner]

>> Why do you need separate IPs for the web servers given they're all being 
>> proxied through TMG, btw?<<

Well, there's other services besides the web servers, like SMTP (even though we 
outsource our email, I still need an SMTP server internally for various 
reasons), VPN, etc.

But, if I could handle it all through TMG, that would be fine.  I tried it, but 
it didn't seem to work.

It's the one IP from the ISP that gets me. TMG complains that my external IP's 
aren't on any of the adapters and won't allow the routing rule.

In other words, I setup TMG with:

216.2.69.1 as the external IP, gateway of 216.2.69.2

Then I setup internal IP's of 192.168.1.0 (NAT).  Let's say web server 1 is .1, 
two is .2, 3 is .3, SMTP server on .1, etc.

The external ip's are: 216.2.234.64, 65, 66

If I setup a TMG rule to publish 216.2.234.64 to 192.168.1.1, it'll complain 
that 216.2.234.64 is not in the external adapter (which it isn't, because it 
has to be 216.2.69.1).  I tried creating a new 'network' with IP's 216.2.234.64 
(etc) and then put in rules to do the routing, but again TMG wouldn't do it 
because 216.2.234.64 didn't exist as a defined interface.  I don't want to make 
216.2.234.64, 65, 66 as a DMZ, as the servers are internal in the 192.168.* 
address space.

The TMG docs imply you might not be able to do a virtual DMZ:

Forefront TMG does not support defining separate network objects that represent 
remote subnets
Issue: Forefront TMG does not support defining separate network objects that 
represent remote subnets.
Cause: When you define IP address ranges for a network, Forefront TMG checks 
all network adapters. When Forefront TMG finds an adapter with an IP address in 
the network range, it associates the network with that adapter. When a network 
includes remote subnets accessible by Forefront TMG through routers, the IP 
address of the remote subnets should be included in the network definition. If 
you define a separate network object for a remote subnet (instead of including 
it in the network definition), Forefront TMG tries to locate an adapter with an 
IP address of the network object, and fails. Forefront TMG assumes that the 
adapter is not available (disconnected or disabled), and sets network status to 
disconnected.


I'm running out of NIC's in the servers, I couldn't fit a 4 port board in, and 
the little Dell 1U servers don't have room for more than 1 expansion, so I'm 
limited to 4 connections.  1 for ISP failover, 1 for cluster interconnect, 1 
for internal DMZ, and 1 for the Internet doesn't leave room for an actual DMZ.

So my idea was to setup my Layer 3 switch (not level, my mistake) to do the 
routing from 216.2.69.1 to 216.2.234.64, 65, 66, then feed in the 216.2.234.64, 
65, 66 as the external IP's to my TMG farm like I did with the previous ISP's.
 == John ==
John Gwinner | Director of Technology
DAZSI /Oracle Business Applications
310.640.1300 (office) | 310.640.9900 (fax)
880 Apollo Street - Ste. 201 | El Segundo CA 90245

[cid:image002.jpg@01CCA328.768133E0]

From: Brian Desmond [mailto:br...@briandesmond.com]
Sent: Monday, November 14, 2011 9:33 PM
To: NT System Admin Issues
Subject: RE: New ISP - I have to route public IP's

I don't see how an L3 switch is required here. Certainly you could solve this 
problem with one but it's not necessary. You can do all the routing with TMG if 
you want.

Why do you need separate IPs for the web servers given they're all being 
proxied through TMG, btw?


Thanks,
Brian Desmond
br...@briandesmond.com

w - 312.625.1438 | c   - 312.731.3132

From: John Gwinner 
[mailto:jgwin...@dazsi.com]
Sent: Monday, November 14, 2011 8:20 PM
To: NT System Admin Issues
Subject: New ISP - I have to route public IP's

I just signed up with a new ISP for the office - we're getting 15Meg for the 
price I used to pay for 2 T-1's.  Nice!

Oddly though, I get a single IP in the range 216.2.69.x/30 and a default 
gateway. This isn't a T-1 or other telecom ish interface; they give me an 
Ethernet jack (comes out of an AdTran), with an IP stack on it.

I ALSO get 5 (usable) IP's in the range 216.2.234.X/29.

I have 3 public web servers with separate IP's I need to host on the Internet 
(they are firewalled/DMZ'd through Microsoft's TMG).

The wrinkle: My ISP expects me to route my public IP's 'through' the 216.2.69.X 
gateway. Not just switch the 5 usable IP's, I have to route them.  The 
216.2.69.X is what the Adtran puts out (say .2 for 'my' router and .1 for the 
gateway).  Behind that, I have the 5 useable IP's and I have to route that to 
the Adtran.

My ISP said I needed a Level 3 switch; I have a couple of Dell 6248P's.

Can I do this with a Dell 6248p?

VLAN tagging wouldn't work, I don't think, as who knows if whatever web site 
we're surfing too, or whatever customer is looking at our public IP's, would 
support vlan tagging.  This is a raw, publ

RE: OT - converting a VMware VM back to a physical box

[Greg Olson]

Because you can't allocate more vcpu than you physically have, so if you were 
moving it to say a single cpu, dual-core box physical, the new esxi would be a 
single cpu, dual core max as well. You're not running it with say 2 virtual 
cpu, on a box that has two 6 core procs, in which case based on the crappy 
licensing you'd have to buy 10 more licenses (one for each physical core). 
-Greg



-Original Message-
From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] 
Sent: Monday, November 14, 2011 6:56 PM
To: NT System Admin Issues
Subject: RE: OT - converting a VMware VM back to a physical box

> (and you take care of your licensing issues)

How exactly does moving from an esx server (with adjustable vcpu's) to an esx 
server (with adjustable vcpu's) solve anything?
 


-Original Message-
From: Crawford, Scott [mailto:crawfo...@evangel.edu]
Sent: Monday, November 14, 2011 4:53 PM
To: NT System Admin Issues
Subject: RE: OT - converting a VMware VM back to a physical box

Your general plan sounds decent and, as other have mentioned, your concerns 
could probably be overcome with a pre-sysprep snapshot. But, why not go a step 
further and create a copy of the .vmdk file and try the migration with that 
while the original sits safely turned off?

-Original Message-
From: Mike Leone [mailto:oozerd...@gmail.com]
Sent: Monday, November 14, 2011 10:37 AM
To: NT System Admin Issues
Subject: OT - converting a VMware VM back to a physical box

So I've got a request that is confusing me.


Environment: 6 host EX 4.1 U1 cluster. VM in question - Win2003 Enterprise, 32 
bit


My boss tells me that I need to convert this from a VM back onto a physical 
machine - for licensing reasons, this needs to be a physical box, apparently.


So here's the big rub ... this VM is one of those mission-critical VMs. 
Ordinarily, what I might have done is do a sysprep of the VM, and - before 
shutting it down - do a full backup using EMC Networker. Then, I would do a BMR 
(Bare Metal Recovery) of Windows on the new physical hardware. (when doing a 
BMR, you install Windows and your backup client on the new hardware. Then do a 
full restore, using the backup client, of everything except the backup client 
program files). That way, after the reboot at the end of the BMR, sysprep would 
run, find the new disk controller drivers, etc, and not blue screen with 
inaccessible boot device errors.


However, my boss has vetoed that idea, since we can't take any chances with the 
VM perhaps not working after the sysprep. If that BMR doesn't work, then I 
would need to turn the VM back on. and we have no guarantees that it would 
continue to work the same after the sysprep, etc.


So my hands are tied that way.


Then I thought - well, we could still do a BMR, but without the sysprep first. 
Just do a regular full backup, and then the BMR to the physical box. And if it 
fails to boot, we would (maybe) do a Windows repair installation, using the 
drivers for whatever disk controllers are in the physical box. Doing the BMR 
won't overwrite any drives that would be installed for the clean first-time 
Windows install, and so they'd still be there for the repair installation to 
find. That way, either the physical box would work, and I'd leave the VM 
powered off, or the physical box would fail, and I would power the VM back up.


So: any hints on how I can take this VM, and put it on a new physical box, make 
it work .. and still get the VM to boot afterwards, in case the conversion to 
physical did not work? Basically, I need the reverse of the P2V converter, 
where - if the virtualization fails - you can still turn the physical box back 
on. I just need to do exactly that, but in the other direction.


Thanks


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.su

Re: OT: Gadgets

[Erik Goldoff]

would it not be easier/simpler/less expensive to just copy music to an MP3
player and hook to inexpensive external speakers and be done with it ?
Maybe not the most elegant high tech solution, but seems to me it would
meet your requirements.

On Tue, Nov 15, 2011 at 7:51 AM, James Rankin  wrote:

> Just moved to a much bigger house and I am trying to revamp all my
> electronic kit. I have a lot of gym equipment in my garage, but I was
> fancying putting some sort of music-playing device into the garage that
> could connect up to my TeraStation and play a selection of music directly
> from there. Buying a stereo and burning a load of mp3s onto a CD/DVD seems
> s dated now...can anyone recommend any devices that might be able to
> achieve this for me?
>
> I've already got a streaming box linked to the TV that fires
> movies/music/pictures onto the TV which works great, but I doubt I could
> run a cable all the way from the streaming box to the garage (it is a much
> bigger house). Would I need a device to output the music in the garage as
> well as another streaming device? I've been Googling about (probably not
> very cleverly) and I've found plenty stuff that can stream music across to
> a stereo, but a) I don't have a stereo - I used to play all music through
> my TV, and b) kit like SqueezeBox seems fairly expensive. I'm not wanting
> to spend a great deal of money here, quality isn't that important, just
> need some music in the background while I pound the punchbags!
>
> All suggestions gratefully welcomed.
>
>
> TIA,
>
>
>
> JRR
>
>
> --
> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
> the machine wrong figures, will the right answers come out?' I am not able
> rightly to apprehend the kind of confusion of ideas that could provoke such
> a question."
>
> ** IMPORTANT INFORMATION/DISCLAIMER *
>
> This document should be read only by those persons to whom it is
> addressed. If you have received this message it was obviously addressed to
> you and therefore you can read it, even it we didn't mean to send it to
> you. However, if the contents of this email make no sense whatsoever then
> you probably were not the intended recipient, or, alternatively, you are a
> mindless cretin; either way, you should immediately kill yourself and
> destroy your computer (not necessarily in that order). Once you have taken
> this action, please contact us.. no, sorry, you can't use your computer,
> because you just destroyed it, and possibly also committed suicide
> afterwards, but I am starting to digress.. *
>
> *The originator of this email is not liable for the transmission of the
> information contained in this communication. Or are they? Either way it's a
> pretty dull legal query and frankly one I'm not going to dwell on. But
> should you have nothing better to do, please feel free to ruminate on it,
> and please pass on any concrete conclusions should you find them. However,
> if you pass them on via email, be sure to include a disclaimer regarding
> liability for transmission.
> *
>
> *In the event that the originator did not send this email to you, then
> please return it to us and attach a scanned-in picture of your mother's
> brother's wife wearing nothing but a kangaroo suit, and we will immediately
> refund you exactly half of what you paid for the can of Whiskas you bought
> when you went to Pets** **At Home yesterday. *
>
> *We take no responsibility for non-receipt of this email because we are
> running Exchange 5.5 and everyone knows how glitchy that can be. In the
> event that you do get this message then please note that we take no
> responsibility for that either. Nor will we accept any liability, tacit or
> implied, for any damage you may or may not incur as a result of receiving,
> or not, as the case may be, from time to time, notwithstanding all
> liabilities implied or otherwise, ummm, hell, where was I...umm, no matter
> what happens, it is NOT, and NEVER WILL BE, OUR FAULT! *
>
> *The comments and opinions expressed herein are my own and NOT those of
> my employer, who, if he knew I was sending emails and surfing the seamier
> side of the Internet, would cut off my manhood and feed it to me for
> afternoon tea. *
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

OT: Gadgets

[James Rankin]

Just moved to a much bigger house and I am trying to revamp all my
electronic kit. I have a lot of gym equipment in my garage, but I was
fancying putting some sort of music-playing device into the garage that
could connect up to my TeraStation and play a selection of music directly
from there. Buying a stereo and burning a load of mp3s onto a CD/DVD seems
s dated now...can anyone recommend any devices that might be able to
achieve this for me?

I've already got a streaming box linked to the TV that fires
movies/music/pictures onto the TV which works great, but I doubt I could
run a cable all the way from the streaming box to the garage (it is a much
bigger house). Would I need a device to output the music in the garage as
well as another streaming device? I've been Googling about (probably not
very cleverly) and I've found plenty stuff that can stream music across to
a stereo, but a) I don't have a stereo - I used to play all music through
my TV, and b) kit like SqueezeBox seems fairly expensive. I'm not wanting
to spend a great deal of money here, quality isn't that important, just
need some music in the background while I pound the punchbags!

All suggestions gratefully welcomed.


TIA,



JRR


-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question."

** IMPORTANT INFORMATION/DISCLAIMER *

This document should be read only by those persons to whom it is addressed.
If you have received this message it was obviously addressed to you and
therefore you can read it, even it we didn't mean to send it to you.
However, if the contents of this email make no sense whatsoever then you
probably were not the intended recipient, or, alternatively, you are a
mindless cretin; either way, you should immediately kill yourself and
destroy your computer (not necessarily in that order). Once you have taken
this action, please contact us.. no, sorry, you can't use your computer,
because you just destroyed it, and possibly also committed suicide
afterwards, but I am starting to digress.. *

*The originator of this email is not liable for the transmission of the
information contained in this communication. Or are they? Either way it's a
pretty dull legal query and frankly one I'm not going to dwell on. But
should you have nothing better to do, please feel free to ruminate on it,
and please pass on any concrete conclusions should you find them. However,
if you pass them on via email, be sure to include a disclaimer regarding
liability for transmission.
*

*In the event that the originator did not send this email to you, then
please return it to us and attach a scanned-in picture of your mother's
brother's wife wearing nothing but a kangaroo suit, and we will immediately
refund you exactly half of what you paid for the can of Whiskas you bought
when you went to Pets** **At Home yesterday. *

*We take no responsibility for non-receipt of this email because we are
running Exchange 5.5 and everyone knows how glitchy that can be. In the
event that you do get this message then please note that we take no
responsibility for that either. Nor will we accept any liability, tacit or
implied, for any damage you may or may not incur as a result of receiving,
or not, as the case may be, from time to time, notwithstanding all
liabilities implied or otherwise, ummm, hell, where was I...umm, no matter
what happens, it is NOT, and NEVER WILL BE, OUR FAULT! *

*The comments and opinions expressed herein are my own and NOT those of my
employer, who, if he knew I was sending emails and surfing the seamier side
of the Internet, would cut off my manhood and feed it to me for afternoon
tea. *

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: OT: Gadgets

[James Rankin]

Sounds fairly decent and straightforward. I have the unfortunate tendency
to change my favourite tunes very often, though, which was why I was
looking for some external wireless capability (that really means I am too
lazy to reload the mp3 player with different tunes) :-)

On 15 November 2011 12:56, Erik Goldoff  wrote:

> would it not be easier/simpler/less expensive to just copy music to an MP3
> player and hook to inexpensive external speakers and be done with it ?
> Maybe not the most elegant high tech solution, but seems to me it would
> meet your requirements.
>
>
> On Tue, Nov 15, 2011 at 7:51 AM, James Rankin wrote:
>
>> Just moved to a much bigger house and I am trying to revamp all my
>> electronic kit. I have a lot of gym equipment in my garage, but I was
>> fancying putting some sort of music-playing device into the garage that
>> could connect up to my TeraStation and play a selection of music directly
>> from there. Buying a stereo and burning a load of mp3s onto a CD/DVD seems
>> s dated now...can anyone recommend any devices that might be able to
>> achieve this for me?
>>
>> I've already got a streaming box linked to the TV that fires
>> movies/music/pictures onto the TV which works great, but I doubt I could
>> run a cable all the way from the streaming box to the garage (it is a much
>> bigger house). Would I need a device to output the music in the garage as
>> well as another streaming device? I've been Googling about (probably not
>> very cleverly) and I've found plenty stuff that can stream music across to
>> a stereo, but a) I don't have a stereo - I used to play all music through
>> my TV, and b) kit like SqueezeBox seems fairly expensive. I'm not wanting
>> to spend a great deal of money here, quality isn't that important, just
>> need some music in the background while I pound the punchbags!
>>
>> All suggestions gratefully welcomed.
>>
>>
>> TIA,
>>
>>
>>
>> JRR
>>
>>
>> --
>> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
>> the machine wrong figures, will the right answers come out?' I am not able
>> rightly to apprehend the kind of confusion of ideas that could provoke such
>> a question."
>>
>> ** IMPORTANT INFORMATION/DISCLAIMER *
>>
>> This document should be read only by those persons to whom it is
>> addressed. If you have received this message it was obviously addressed to
>> you and therefore you can read it, even it we didn't mean to send it to
>> you. However, if the contents of this email make no sense whatsoever then
>> you probably were not the intended recipient, or, alternatively, you are a
>> mindless cretin; either way, you should immediately kill yourself and
>> destroy your computer (not necessarily in that order). Once you have taken
>> this action, please contact us.. no, sorry, you can't use your computer,
>> because you just destroyed it, and possibly also committed suicide
>> afterwards, but I am starting to digress.. *
>>
>> *The originator of this email is not liable for the transmission of the
>> information contained in this communication. Or are they? Either way it's a
>> pretty dull legal query and frankly one I'm not going to dwell on. But
>> should you have nothing better to do, please feel free to ruminate on it,
>> and please pass on any concrete conclusions should you find them. However,
>> if you pass them on via email, be sure to include a disclaimer regarding
>> liability for transmission.
>> *
>>
>> *In the event that the originator did not send this email to you, then
>> please return it to us and attach a scanned-in picture of your mother's
>> brother's wife wearing nothing but a kangaroo suit, and we will immediately
>> refund you exactly half of what you paid for the can of Whiskas you bought
>> when you went to Pets** **At Home yesterday. *
>>
>> *We take no responsibility for non-receipt of this email because we are
>> running Exchange 5.5 and everyone knows how glitchy that can be. In the
>> event that you do get this message then please note that we take no
>> responsibility for that either. Nor will we accept any liability, tacit or
>> implied, for any damage you may or may not incur as a result of receiving,
>> or not, as the case may be, from time to time, notwithstanding all
>> liabilities implied or otherwise, ummm, hell, where was I...umm, no matter
>> what happens, it is NOT, and NEVER WILL BE, OUR FAULT! *
>>
>> *The comments and opinions expressed herein are my own and NOT those of
>> my employer, who, if he knew I was sending emails and surfing the seamier
>> side of the Internet, would cut off my manhood and feed it to me for
>> afternoon tea. *
>>
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe n

Re: OT: Gadgets

[Erik Goldoff]

I challenge you to find a current MP3 player with less than 4gb , many have
more storage ... just load it up, and then create playlists depending on
theme, mood, tempo, etc ..

On Tue, Nov 15, 2011 at 8:01 AM, James Rankin  wrote:

> Sounds fairly decent and straightforward. I have the unfortunate tendency
> to change my favourite tunes very often, though, which was why I was
> looking for some external wireless capability (that really means I am too
> lazy to reload the mp3 player with different tunes) :-)
>
> On 15 November 2011 12:56, Erik Goldoff  wrote:
>
>> would it not be easier/simpler/less expensive to just copy music to an
>> MP3 player and hook to inexpensive external speakers and be done with it ?
>> Maybe not the most elegant high tech solution, but seems to me it would
>> meet your requirements.
>>
>>
>> On Tue, Nov 15, 2011 at 7:51 AM, James Rankin wrote:
>>
>>> Just moved to a much bigger house and I am trying to revamp all my
>>> electronic kit. I have a lot of gym equipment in my garage, but I was
>>> fancying putting some sort of music-playing device into the garage that
>>> could connect up to my TeraStation and play a selection of music directly
>>> from there. Buying a stereo and burning a load of mp3s onto a CD/DVD seems
>>> s dated now...can anyone recommend any devices that might be able to
>>> achieve this for me?
>>>
>>> I've already got a streaming box linked to the TV that fires
>>> movies/music/pictures onto the TV which works great, but I doubt I could
>>> run a cable all the way from the streaming box to the garage (it is a much
>>> bigger house). Would I need a device to output the music in the garage as
>>> well as another streaming device? I've been Googling about (probably not
>>> very cleverly) and I've found plenty stuff that can stream music across to
>>> a stereo, but a) I don't have a stereo - I used to play all music through
>>> my TV, and b) kit like SqueezeBox seems fairly expensive. I'm not wanting
>>> to spend a great deal of money here, quality isn't that important, just
>>> need some music in the background while I pound the punchbags!
>>>
>>> All suggestions gratefully welcomed.
>>>
>>>
>>> TIA,
>>>
>>>
>>>
>>> JRR
>>>
>>>
>>> --
>>> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put
>>> into the machine wrong figures, will the right answers come out?' I am not
>>> able rightly to apprehend the kind of confusion of ideas that could provoke
>>> such a question."
>>>
>>> ** IMPORTANT INFORMATION/DISCLAIMER *
>>>
>>> This document should be read only by those persons to whom it is
>>> addressed. If you have received this message it was obviously addressed to
>>> you and therefore you can read it, even it we didn't mean to send it to
>>> you. However, if the contents of this email make no sense whatsoever then
>>> you probably were not the intended recipient, or, alternatively, you are a
>>> mindless cretin; either way, you should immediately kill yourself and
>>> destroy your computer (not necessarily in that order). Once you have taken
>>> this action, please contact us.. no, sorry, you can't use your computer,
>>> because you just destroyed it, and possibly also committed suicide
>>> afterwards, but I am starting to digress.. *
>>>
>>> *The originator of this email is not liable for the transmission of the
>>> information contained in this communication. Or are they? Either way it's a
>>> pretty dull legal query and frankly one I'm not going to dwell on. But
>>> should you have nothing better to do, please feel free to ruminate on it,
>>> and please pass on any concrete conclusions should you find them. However,
>>> if you pass them on via email, be sure to include a disclaimer regarding
>>> liability for transmission.
>>> *
>>>
>>> *In the event that the originator did not send this email to you, then
>>> please return it to us and attach a scanned-in picture of your mother's
>>> brother's wife wearing nothing but a kangaroo suit, and we will immediately
>>> refund you exactly half of what you paid for the can of Whiskas you bought
>>> when you went to Pets** **At Home yesterday. *
>>>
>>> *We take no responsibility for non-receipt of this email because we are
>>> running Exchange 5.5 and everyone knows how glitchy that can be. In the
>>> event that you do get this message then please note that we take no
>>> responsibility for that either. Nor will we accept any liability, tacit or
>>> implied, for any damage you may or may not incur as a result of receiving,
>>> or not, as the case may be, from time to time, notwithstanding all
>>> liabilities implied or otherwise, ummm, hell, where was I...umm, no matter
>>> what happens, it is NOT, and NEVER WILL BE, OUR FAULT! *
>>>
>>> *The comments and opinions expressed herein are my own and NOT those of
>>> my employer, who, if he knew I was sending emails and surfing the seamier
>>> side of the Internet, would cut off my manhood and feed it to me for
>>> afternoon tea. *
>>>
>>>
>>

Re: OT: Gadgets

[Erik Goldoff]

I suppose your other alternative is to bring a wireless laptop to your
workout dungeon to access your main storage, but that seems overkill to me
( not to mention potential risk to the laptop in that workout environment )

On Tue, Nov 15, 2011 at 8:01 AM, James Rankin  wrote:

> Sounds fairly decent and straightforward. I have the unfortunate tendency
> to change my favourite tunes very often, though, which was why I was
> looking for some external wireless capability (that really means I am too
> lazy to reload the mp3 player with different tunes) :-)
>
> On 15 November 2011 12:56, Erik Goldoff  wrote:
>
>> would it not be easier/simpler/less expensive to just copy music to an
>> MP3 player and hook to inexpensive external speakers and be done with it ?
>> Maybe not the most elegant high tech solution, but seems to me it would
>> meet your requirements.
>>
>>
>> On Tue, Nov 15, 2011 at 7:51 AM, James Rankin wrote:
>>
>>> Just moved to a much bigger house and I am trying to revamp all my
>>> electronic kit. I have a lot of gym equipment in my garage, but I was
>>> fancying putting some sort of music-playing device into the garage that
>>> could connect up to my TeraStation and play a selection of music directly
>>> from there. Buying a stereo and burning a load of mp3s onto a CD/DVD seems
>>> s dated now...can anyone recommend any devices that might be able to
>>> achieve this for me?
>>>
>>> I've already got a streaming box linked to the TV that fires
>>> movies/music/pictures onto the TV which works great, but I doubt I could
>>> run a cable all the way from the streaming box to the garage (it is a much
>>> bigger house). Would I need a device to output the music in the garage as
>>> well as another streaming device? I've been Googling about (probably not
>>> very cleverly) and I've found plenty stuff that can stream music across to
>>> a stereo, but a) I don't have a stereo - I used to play all music through
>>> my TV, and b) kit like SqueezeBox seems fairly expensive. I'm not wanting
>>> to spend a great deal of money here, quality isn't that important, just
>>> need some music in the background while I pound the punchbags!
>>>
>>> All suggestions gratefully welcomed.
>>>
>>>
>>> TIA,
>>>
>>>
>>>
>>> JRR
>>>
>>>
>>> --
>>> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put
>>> into the machine wrong figures, will the right answers come out?' I am not
>>> able rightly to apprehend the kind of confusion of ideas that could provoke
>>> such a question."
>>>
>>> ** IMPORTANT INFORMATION/DISCLAIMER *
>>>
>>> This document should be read only by those persons to whom it is
>>> addressed. If you have received this message it was obviously addressed to
>>> you and therefore you can read it, even it we didn't mean to send it to
>>> you. However, if the contents of this email make no sense whatsoever then
>>> you probably were not the intended recipient, or, alternatively, you are a
>>> mindless cretin; either way, you should immediately kill yourself and
>>> destroy your computer (not necessarily in that order). Once you have taken
>>> this action, please contact us.. no, sorry, you can't use your computer,
>>> because you just destroyed it, and possibly also committed suicide
>>> afterwards, but I am starting to digress.. *
>>>
>>> *The originator of this email is not liable for the transmission of the
>>> information contained in this communication. Or are they? Either way it's a
>>> pretty dull legal query and frankly one I'm not going to dwell on. But
>>> should you have nothing better to do, please feel free to ruminate on it,
>>> and please pass on any concrete conclusions should you find them. However,
>>> if you pass them on via email, be sure to include a disclaimer regarding
>>> liability for transmission.
>>> *
>>>
>>> *In the event that the originator did not send this email to you, then
>>> please return it to us and attach a scanned-in picture of your mother's
>>> brother's wife wearing nothing but a kangaroo suit, and we will immediately
>>> refund you exactly half of what you paid for the can of Whiskas you bought
>>> when you went to Pets** **At Home yesterday. *
>>>
>>> *We take no responsibility for non-receipt of this email because we are
>>> running Exchange 5.5 and everyone knows how glitchy that can be. In the
>>> event that you do get this message then please note that we take no
>>> responsibility for that either. Nor will we accept any liability, tacit or
>>> implied, for any damage you may or may not incur as a result of receiving,
>>> or not, as the case may be, from time to time, notwithstanding all
>>> liabilities implied or otherwise, ummm, hell, where was I...umm, no matter
>>> what happens, it is NOT, and NEVER WILL BE, OUR FAULT! *
>>>
>>> *The comments and opinions expressed herein are my own and NOT those of
>>> my employer, who, if he knew I was sending emails and surfing the seamier
>>> side of the Internet, would cut off my manhood and fee

Re: OT: Gadgets

[James Rankin]

I realise that storage is not the issueI'm not trying to be awkward,
but if I had a new favourite song, once I'd downloaded it I would have to
copy it to two places (or more, depending on how far I take this idea). I
know it's not much work but the IT bod in me hates duplication of effort :-)

On 15 November 2011 13:06, Erik Goldoff  wrote:

> I challenge you to find a current MP3 player with less than 4gb , many
> have more storage ... just load it up, and then create playlists depending
> on theme, mood, tempo, etc ..
>
>
> On Tue, Nov 15, 2011 at 8:01 AM, James Rankin wrote:
>
>> Sounds fairly decent and straightforward. I have the unfortunate tendency
>> to change my favourite tunes very often, though, which was why I was
>> looking for some external wireless capability (that really means I am too
>> lazy to reload the mp3 player with different tunes) :-)
>>
>> On 15 November 2011 12:56, Erik Goldoff  wrote:
>>
>>> would it not be easier/simpler/less expensive to just copy music to an
>>> MP3 player and hook to inexpensive external speakers and be done with it ?
>>> Maybe not the most elegant high tech solution, but seems to me it would
>>> meet your requirements.
>>>
>>>
>>> On Tue, Nov 15, 2011 at 7:51 AM, James Rankin wrote:
>>>
 Just moved to a much bigger house and I am trying to revamp all my
 electronic kit. I have a lot of gym equipment in my garage, but I was
 fancying putting some sort of music-playing device into the garage that
 could connect up to my TeraStation and play a selection of music directly
 from there. Buying a stereo and burning a load of mp3s onto a CD/DVD seems
 s dated now...can anyone recommend any devices that might be able to
 achieve this for me?

 I've already got a streaming box linked to the TV that fires
 movies/music/pictures onto the TV which works great, but I doubt I could
 run a cable all the way from the streaming box to the garage (it is a much
 bigger house). Would I need a device to output the music in the garage as
 well as another streaming device? I've been Googling about (probably not
 very cleverly) and I've found plenty stuff that can stream music across to
 a stereo, but a) I don't have a stereo - I used to play all music through
 my TV, and b) kit like SqueezeBox seems fairly expensive. I'm not wanting
 to spend a great deal of money here, quality isn't that important, just
 need some music in the background while I pound the punchbags!

 All suggestions gratefully welcomed.


 TIA,



 JRR


 --
 "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put
 into the machine wrong figures, will the right answers come out?' I am not
 able rightly to apprehend the kind of confusion of ideas that could provoke
 such a question."

 ** IMPORTANT INFORMATION/DISCLAIMER *

 This document should be read only by those persons to whom it is
 addressed. If you have received this message it was obviously addressed to
 you and therefore you can read it, even it we didn't mean to send it to
 you. However, if the contents of this email make no sense whatsoever then
 you probably were not the intended recipient, or, alternatively, you are a
 mindless cretin; either way, you should immediately kill yourself and
 destroy your computer (not necessarily in that order). Once you have taken
 this action, please contact us.. no, sorry, you can't use your computer,
 because you just destroyed it, and possibly also committed suicide
 afterwards, but I am starting to digress.. *

 *The originator of this email is not liable for the transmission of
 the information contained in this communication. Or are they? Either way
 it's a pretty dull legal query and frankly one I'm not going to dwell on.
 But should you have nothing better to do, please feel free to ruminate on
 it, and please pass on any concrete conclusions should you find them.
 However, if you pass them on via email, be sure to include a disclaimer
 regarding liability for transmission.
 *

 *In the event that the originator did not send this email to you, then
 please return it to us and attach a scanned-in picture of your mother's
 brother's wife wearing nothing but a kangaroo suit, and we will immediately
 refund you exactly half of what you paid for the can of Whiskas you bought
 when you went to Pets** **At Home yesterday. *

 *We take no responsibility for non-receipt of this email because we
 are running Exchange 5.5 and everyone knows how glitchy that can be. In the
 event that you do get this message then please note that we take no
 responsibility for that either. Nor will we accept any liability, tacit or
 implied, for any damage you may or may not incur as a result of receiving,
 or not, as the case may be

Re: OT: Gadgets

[James Rankin]

Yeah, could do that, it is overkill though because I'd then have to fire it
up and access the playlists etc.

Been Googling about for an mp3-capable wireless home stereo of some sort,
but I'm not having much luck :-(

On 15 November 2011 13:07, Erik Goldoff  wrote:

> I suppose your other alternative is to bring a wireless laptop to your
> workout dungeon to access your main storage, but that seems overkill to me
> ( not to mention potential risk to the laptop in that workout environment )
>
>
> On Tue, Nov 15, 2011 at 8:01 AM, James Rankin wrote:
>
>> Sounds fairly decent and straightforward. I have the unfortunate tendency
>> to change my favourite tunes very often, though, which was why I was
>> looking for some external wireless capability (that really means I am too
>> lazy to reload the mp3 player with different tunes) :-)
>>
>> On 15 November 2011 12:56, Erik Goldoff  wrote:
>>
>>> would it not be easier/simpler/less expensive to just copy music to an
>>> MP3 player and hook to inexpensive external speakers and be done with it ?
>>> Maybe not the most elegant high tech solution, but seems to me it would
>>> meet your requirements.
>>>
>>>
>>> On Tue, Nov 15, 2011 at 7:51 AM, James Rankin wrote:
>>>
 Just moved to a much bigger house and I am trying to revamp all my
 electronic kit. I have a lot of gym equipment in my garage, but I was
 fancying putting some sort of music-playing device into the garage that
 could connect up to my TeraStation and play a selection of music directly
 from there. Buying a stereo and burning a load of mp3s onto a CD/DVD seems
 s dated now...can anyone recommend any devices that might be able to
 achieve this for me?

 I've already got a streaming box linked to the TV that fires
 movies/music/pictures onto the TV which works great, but I doubt I could
 run a cable all the way from the streaming box to the garage (it is a much
 bigger house). Would I need a device to output the music in the garage as
 well as another streaming device? I've been Googling about (probably not
 very cleverly) and I've found plenty stuff that can stream music across to
 a stereo, but a) I don't have a stereo - I used to play all music through
 my TV, and b) kit like SqueezeBox seems fairly expensive. I'm not wanting
 to spend a great deal of money here, quality isn't that important, just
 need some music in the background while I pound the punchbags!

 All suggestions gratefully welcomed.


 TIA,



 JRR


 --
 "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put
 into the machine wrong figures, will the right answers come out?' I am not
 able rightly to apprehend the kind of confusion of ideas that could provoke
 such a question."

 ** IMPORTANT INFORMATION/DISCLAIMER *

 This document should be read only by those persons to whom it is
 addressed. If you have received this message it was obviously addressed to
 you and therefore you can read it, even it we didn't mean to send it to
 you. However, if the contents of this email make no sense whatsoever then
 you probably were not the intended recipient, or, alternatively, you are a
 mindless cretin; either way, you should immediately kill yourself and
 destroy your computer (not necessarily in that order). Once you have taken
 this action, please contact us.. no, sorry, you can't use your computer,
 because you just destroyed it, and possibly also committed suicide
 afterwards, but I am starting to digress.. *

 *The originator of this email is not liable for the transmission of
 the information contained in this communication. Or are they? Either way
 it's a pretty dull legal query and frankly one I'm not going to dwell on.
 But should you have nothing better to do, please feel free to ruminate on
 it, and please pass on any concrete conclusions should you find them.
 However, if you pass them on via email, be sure to include a disclaimer
 regarding liability for transmission.
 *

 *In the event that the originator did not send this email to you, then
 please return it to us and attach a scanned-in picture of your mother's
 brother's wife wearing nothing but a kangaroo suit, and we will immediately
 refund you exactly half of what you paid for the can of Whiskas you bought
 when you went to Pets** **At Home yesterday. *

 *We take no responsibility for non-receipt of this email because we
 are running Exchange 5.5 and everyone knows how glitchy that can be. In the
 event that you do get this message then please note that we take no
 responsibility for that either. Nor will we accept any liability, tacit or
 implied, for any damage you may or may not incur as a result of receiving,
 or not, as the case may be, from time to time, notwithstandin

RE: Gadgets

[John Hornbuckle]

No advice on the gadgets, but congrats on the housing upgrade!

:)


John



From: James Rankin [mailto:kz2...@googlemail.com]
Sent: Tuesday, November 15, 2011 7:52 AM
To: NT System Admin Issues
Subject: OT: Gadgets

Just moved to a much bigger house and I am trying to revamp all my electronic 
kit. I have a lot of gym equipment in my garage, but I was fancying putting 
some sort of music-playing device into the garage that could connect up to my 
TeraStation and play a selection of music directly from there. Buying a stereo 
and burning a load of mp3s onto a CD/DVD seems s dated now...can anyone 
recommend any devices that might be able to achieve this for me?

I've already got a streaming box linked to the TV that fires 
movies/music/pictures onto the TV which works great, but I doubt I could run a 
cable all the way from the streaming box to the garage (it is a much bigger 
house). Would I need a device to output the music in the garage as well as 
another streaming device? I've been Googling about (probably not very cleverly) 
and I've found plenty stuff that can stream music across to a stereo, but a) I 
don't have a stereo - I used to play all music through my TV, and b) kit like 
SqueezeBox seems fairly expensive. I'm not wanting to spend a great deal of 
money here, quality isn't that important, just need some music in the 
background while I pound the punchbags!

All suggestions gratefully welcomed.


TIA,



JRR


--
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the 
machine wrong figures, will the right answers come out?' I am not able rightly 
to apprehend the kind of confusion of ideas that could provoke such a question."

* IMPORTANT INFORMATION/DISCLAIMER *

This document should be read only by those persons to whom it is addressed. If 
you have received this message it was obviously addressed to you and therefore 
you can read it, even it we didn't mean to send it to you. However, if the 
contents of this email make no sense whatsoever then you probably were not the 
intended recipient, or, alternatively, you are a mindless cretin; either way, 
you should immediately kill yourself and destroy your computer (not necessarily 
in that order). Once you have taken this action, please contact us.. no, sorry, 
you can't use your computer, because you just destroyed it, and possibly also 
committed suicide afterwards, but I am starting to digress..

The originator of this email is not liable for the transmission of the 
information contained in this communication. Or are they? Either way it's a 
pretty dull legal query and frankly one I'm not going to dwell on. But should 
you have nothing better to do, please feel free to ruminate on it, and please 
pass on any concrete conclusions should you find them. However, if you pass 
them on via email, be sure to include a disclaimer regarding liability for 
transmission.

In the event that the originator did not send this email to you, then please 
return it to us and attach a scanned-in picture of your mother's brother's wife 
wearing nothing but a kangaroo suit, and we will immediately refund you exactly 
half of what you paid for the can of Whiskas you bought when you went to Pets 
At Home yesterday.

We take no responsibility for non-receipt of this email because we are running 
Exchange 5.5 and everyone knows how glitchy that can be. In the event that you 
do get this message then please note that we take no responsibility for that 
either. Nor will we accept any liability, tacit or implied, for any damage you 
may or may not incur as a result of receiving, or not, as the case may be, from 
time to time, notwithstanding all liabilities implied or otherwise, ummm, hell, 
where was I...umm, no matter what happens, it is NOT, and NEVER WILL BE, OUR 
FAULT!

The comments and opinions expressed herein are my own and NOT those of my 
employer, who, if he knew I was sending emails and surfing the seamier side of 
the Internet, would cut off my manhood and feed it to me for afternoon tea.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: OT: Gadgets

[Al Lilianstrom]

Smart phone with wireless capability, Amazon cloud player app, and your music 
in the Amazon cloud. Your music is everywhere you have wireless access and no 
hit on your data plan. Works great. I also use it over my 4G connection when 
I'm out walking or when we're doing something like bowling where we want music 
at our lane.

al

--
Al Lilianstrom
CD/LSC/SOS/ES
lilst...@fnal.gov

From: James Rankin [mailto:kz2...@googlemail.com]
Sent: Tuesday, November 15, 2011 7:12 AM
To: NT System Admin Issues
Subject: Re: OT: Gadgets

Yeah, could do that, it is overkill though because I'd then have to fire it up 
and access the playlists etc.

Been Googling about for an mp3-capable wireless home stereo of some sort, but 
I'm not having much luck :-(
On 15 November 2011 13:07, Erik Goldoff 
mailto:egold...@gmail.com>> wrote:
I suppose your other alternative is to bring a wireless laptop to your workout 
dungeon to access your main storage, but that seems overkill to me ( not to 
mention potential risk to the laptop in that workout environment )

On Tue, Nov 15, 2011 at 8:01 AM, James Rankin 
mailto:kz2...@googlemail.com>> wrote:
Sounds fairly decent and straightforward. I have the unfortunate tendency to 
change my favourite tunes very often, though, which was why I was looking for 
some external wireless capability (that really means I am too lazy to reload 
the mp3 player with different tunes) :-)
On 15 November 2011 12:56, Erik Goldoff 
mailto:egold...@gmail.com>> wrote:
would it not be easier/simpler/less expensive to just copy music to an MP3 
player and hook to inexpensive external speakers and be done with it ?  Maybe 
not the most elegant high tech solution, but seems to me it would meet your 
requirements.

On Tue, Nov 15, 2011 at 7:51 AM, James Rankin 
mailto:kz2...@googlemail.com>> wrote:
Just moved to a much bigger house and I am trying to revamp all my electronic 
kit. I have a lot of gym equipment in my garage, but I was fancying putting 
some sort of music-playing device into the garage that could connect up to my 
TeraStation and play a selection of music directly from there. Buying a stereo 
and burning a load of mp3s onto a CD/DVD seems s dated now...can anyone 
recommend any devices that might be able to achieve this for me?

I've already got a streaming box linked to the TV that fires 
movies/music/pictures onto the TV which works great, but I doubt I could run a 
cable all the way from the streaming box to the garage (it is a much bigger 
house). Would I need a device to output the music in the garage as well as 
another streaming device? I've been Googling about (probably not very cleverly) 
and I've found plenty stuff that can stream music across to a stereo, but a) I 
don't have a stereo - I used to play all music through my TV, and b) kit like 
SqueezeBox seems fairly expensive. I'm not wanting to spend a great deal of 
money here, quality isn't that important, just need some music in the 
background while I pound the punchbags!

All suggestions gratefully welcomed.


TIA,



JRR


--
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the 
machine wrong figures, will the right answers come out?' I am not able rightly 
to apprehend the kind of confusion of ideas that could provoke such a question."

* IMPORTANT INFORMATION/DISCLAIMER *

This document should be read only by those persons to whom it is addressed. If 
you have received this message it was obviously addressed to you and therefore 
you can read it, even it we didn't mean to send it to you. However, if the 
contents of this email make no sense whatsoever then you probably were not the 
intended recipient, or, alternatively, you are a mindless cretin; either way, 
you should immediately kill yourself and destroy your computer (not necessarily 
in that order). Once you have taken this action, please contact us.. no, sorry, 
you can't use your computer, because you just destroyed it, and possibly also 
committed suicide afterwards, but I am starting to digress..

The originator of this email is not liable for the transmission of the 
information contained in this communication. Or are they? Either way it's a 
pretty dull legal query and frankly one I'm not going to dwell on. But should 
you have nothing better to do, please feel free to ruminate on it, and please 
pass on any concrete conclusions should you find them. However, if you pass 
them on via email, be sure to include a disclaimer regarding liability for 
transmission.

In the event that the originator did not send this email to you, then please 
return it to us and attach a scanned-in picture of your mother's brother's wife 
wearing nothing but a kangaroo suit, and we will immediately refund you exactly 
half of what you paid for the can of Whiskas you bought when you went to Pets 
At Home yesterday.

We take no responsibility for non-receipt of this email because we are running 
Exchange 5.5 and e

Re: OT: Gadgets

[James Rankin]

That's a cool idea, although my experience on the Blackberry isn't a great
sound (although I did say the quality didn't matter, I know!). It probably
means more charging of my phone battery though, which was why I was
thinking around an AC-powered device of some type. I'm betting the Amazon
cloud player app probably isn't available for the BB as well (although
that's just me being cynical, I haven't checked). Still food for thought
though, cheers

On 15 November 2011 13:27, Al Lilianstrom  wrote:

>  Smart phone with wireless capability, Amazon cloud player app, and your
> music in the Amazon cloud. Your music is everywhere you have wireless
> access and no hit on your data plan. Works great. I also use it over my 4G
> connection when I’m out walking or when we’re doing something like bowling
> where we want music at our lane.
>
> ** **
>
> al
>
> ** **
>
> --
>
> Al Lilianstrom
>
> CD/LSC/SOS/ES
>
> lilst...@fnal.gov
>
> ** **
>
> *From:* James Rankin [mailto:kz2...@googlemail.com]
> *Sent:* Tuesday, November 15, 2011 7:12 AM
> *To:* NT System Admin Issues
> *Subject:* Re: OT: Gadgets
>
> ** **
>
> Yeah, could do that, it is overkill though because I'd then have to fire
> it up and access the playlists etc.
>
>  
>
> Been Googling about for an mp3-capable wireless home stereo of some sort,
> but I'm not having much luck :-(
>
> On 15 November 2011 13:07, Erik Goldoff  wrote:
>
> I suppose your other alternative is to bring a wireless laptop to your
> workout dungeon to access your main storage, but that seems overkill to me
> ( not to mention potential risk to the laptop in that workout environment )
> 
>
> ** **
>
> On Tue, Nov 15, 2011 at 8:01 AM, James Rankin 
> wrote:
>
> Sounds fairly decent and straightforward. I have the unfortunate tendency
> to change my favourite tunes very often, though, which was why I was
> looking for some external wireless capability (that really means I am too
> lazy to reload the mp3 player with different tunes) :-)
>
> On 15 November 2011 12:56, Erik Goldoff  wrote:
>
> would it not be easier/simpler/less expensive to just copy music to an MP3
> player and hook to inexpensive external speakers and be done with it ?
> Maybe not the most elegant high tech solution, but seems to me it would
> meet your requirements. 
>
> ** **
>
> On Tue, Nov 15, 2011 at 7:51 AM, James Rankin 
> wrote:
>
> Just moved to a much bigger house and I am trying to revamp all my
> electronic kit. I have a lot of gym equipment in my garage, but I was
> fancying putting some sort of music-playing device into the garage that
> could connect up to my TeraStation and play a selection of music directly
> from there. Buying a stereo and burning a load of mp3s onto a CD/DVD seems
> s dated now...can anyone recommend any devices that might be able to
> achieve this for me?
>
>  
>
> I've already got a streaming box linked to the TV that fires
> movies/music/pictures onto the TV which works great, but I doubt I could
> run a cable all the way from the streaming box to the garage (it is a much
> bigger house). Would I need a device to output the music in the garage as
> well as another streaming device? I've been Googling about (probably not
> very cleverly) and I've found plenty stuff that can stream music across to
> a stereo, but a) I don't have a stereo - I used to play all music through
> my TV, and b) kit like SqueezeBox seems fairly expensive. I'm not wanting
> to spend a great deal of money here, quality isn't that important, just
> need some music in the background while I pound the punchbags!
>
>  
>
> All suggestions gratefully welcomed.
>
>  
>
>  
>
> TIA,
>
>  
>
>  
>
>  
>
> JRR
>
>  
>
>  
>
> --
> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
> the machine wrong figures, will the right answers come out?' I am not able
> rightly to apprehend the kind of confusion of ideas that could provoke such
> a question."
>
> ** IMPORTANT INFORMATION/DISCLAIMER *
>
> This document should be read only by those persons to whom it is
> addressed. If you have received this message it was obviously addressed to
> you and therefore you can read it, even it we didn't mean to send it to
> you. However, if the contents of this email make no sense whatsoever then
> you probably were not the intended recipient, or, alternatively, you are a
> mindless cretin; either way, you should immediately kill yourself and
> destroy your computer (not necessarily in that order). Once you have taken
> this action, please contact us.. no, sorry, you can't use your computer,
> because you just destroyed it, and possibly also committed suicide
> afterwards, but I am starting to digress.. *
>
> *The originator of this email is not liable for the transmission of the
> information contained in this communication. Or are they? Either way it's a
> pre

Re: Gadgets

[James Rankin]

Cheers! Now I just have to keep enough work coming in to pay for it :-0

On 15 November 2011 13:26, John Hornbuckle  wrote:

>  No advice on the gadgets, but congrats on the housing upgrade!
>
> ** **
>
> :)
>
> ** **
>
> ** **
>
> John
>
> ** **
>
> ** **
>
> ** **
>
> *From:* James Rankin [mailto:kz2...@googlemail.com]
> *Sent:* Tuesday, November 15, 2011 7:52 AM
> *To:* NT System Admin Issues
> *Subject:* OT: Gadgets
>
> ** **
>
> Just moved to a much bigger house and I am trying to revamp all my
> electronic kit. I have a lot of gym equipment in my garage, but I was
> fancying putting some sort of music-playing device into the garage that
> could connect up to my TeraStation and play a selection of music directly
> from there. Buying a stereo and burning a load of mp3s onto a CD/DVD seems
> s dated now...can anyone recommend any devices that might be able to
> achieve this for me?
>
>  
>
> I've already got a streaming box linked to the TV that fires
> movies/music/pictures onto the TV which works great, but I doubt I could
> run a cable all the way from the streaming box to the garage (it is a much
> bigger house). Would I need a device to output the music in the garage as
> well as another streaming device? I've been Googling about (probably not
> very cleverly) and I've found plenty stuff that can stream music across to
> a stereo, but a) I don't have a stereo - I used to play all music through
> my TV, and b) kit like SqueezeBox seems fairly expensive. I'm not wanting
> to spend a great deal of money here, quality isn't that important, just
> need some music in the background while I pound the punchbags!
>
>  
>
> All suggestions gratefully welcomed.
>
>  
>
>  
>
> TIA,
>
>  
>
>  
>
>  
>
> JRR
>
>  
>
>  
>
> --
> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
> the machine wrong figures, will the right answers come out?' I am not able
> rightly to apprehend the kind of confusion of ideas that could provoke such
> a question."
>
> ** IMPORTANT INFORMATION/DISCLAIMER *
>
> This document should be read only by those persons to whom it is
> addressed. If you have received this message it was obviously addressed to
> you and therefore you can read it, even it we didn't mean to send it to
> you. However, if the contents of this email make no sense whatsoever then
> you probably were not the intended recipient, or, alternatively, you are a
> mindless cretin; either way, you should immediately kill yourself and
> destroy your computer (not necessarily in that order). Once you have taken
> this action, please contact us.. no, sorry, you can't use your computer,
> because you just destroyed it, and possibly also committed suicide
> afterwards, but I am starting to digress.. *
>
> *The originator of this email is not liable for the transmission of the
> information contained in this communication. Or are they? Either way it's a
> pretty dull legal query and frankly one I'm not going to dwell on. But
> should you have nothing better to do, please feel free to ruminate on it,
> and please pass on any concrete conclusions should you find them. However,
> if you pass them on via email, be sure to include a disclaimer regarding
> liability for transmission.*
>
> *In the event that the originator did not send this email to you, then
> please return it to us and attach a scanned-in picture of your mother's
> brother's wife wearing nothing but a kangaroo suit, and we will immediately
> refund you exactly half of what you paid for the can of Whiskas you bought
> when you went to Pets At Home yesterday. *
>
> *We take no responsibility for non-receipt of this email because we are
> running Exchange 5.5 and everyone knows how glitchy that can be. In the
> event that you do get this message then please note that we take no
> responsibility for that either. Nor will we accept any liability, tacit or
> implied, for any damage you may or may not incur as a result of receiving,
> or not, as the case may be, from time to time, notwithstanding all
> liabilities implied or otherwise, ummm, hell, where was I...umm, no matter
> what happens, it is NOT, and NEVER WILL BE, OUR FAULT! *
>
> *The comments and opinions expressed herein are my own and NOT those of
> my employer, who, if he knew I was sending emails and surfing the seamier
> side of the Internet, would cut off my manhood and feed it to me for
> afternoon tea. *
>
> ** **
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ 

RE: OT: Gadgets

[Al Lilianstrom]

The cloud player app is Android only right now. It could possibly work in the 
browser on your BB but I'm not sure. Good reason to upgrade your phone...

al

--
Al Lilianstrom
CD/LSC/SOS/ES
lilst...@fnal.gov

From: James Rankin [mailto:kz2...@googlemail.com]
Sent: Tuesday, November 15, 2011 7:36 AM
To: NT System Admin Issues
Subject: Re: OT: Gadgets

That's a cool idea, although my experience on the Blackberry isn't a great 
sound (although I did say the quality didn't matter, I know!). It probably 
means more charging of my phone battery though, which was why I was thinking 
around an AC-powered device of some type. I'm betting the Amazon cloud player 
app probably isn't available for the BB as well (although that's just me being 
cynical, I haven't checked). Still food for thought though, cheers

On 15 November 2011 13:27, Al Lilianstrom 
mailto:lilst...@fnal.gov>> wrote:
Smart phone with wireless capability, Amazon cloud player app, and your music 
in the Amazon cloud. Your music is everywhere you have wireless access and no 
hit on your data plan. Works great. I also use it over my 4G connection when 
I'm out walking or when we're doing something like bowling where we want music 
at our lane.

al

--
Al Lilianstrom
CD/LSC/SOS/ES
lilst...@fnal.gov

From: James Rankin [mailto:kz2...@googlemail.com]
Sent: Tuesday, November 15, 2011 7:12 AM
To: NT System Admin Issues
Subject: Re: OT: Gadgets

Yeah, could do that, it is overkill though because I'd then have to fire it up 
and access the playlists etc.

Been Googling about for an mp3-capable wireless home stereo of some sort, but 
I'm not having much luck :-(
On 15 November 2011 13:07, Erik Goldoff 
mailto:egold...@gmail.com>> wrote:
I suppose your other alternative is to bring a wireless laptop to your workout 
dungeon to access your main storage, but that seems overkill to me ( not to 
mention potential risk to the laptop in that workout environment )

On Tue, Nov 15, 2011 at 8:01 AM, James Rankin 
mailto:kz2...@googlemail.com>> wrote:
Sounds fairly decent and straightforward. I have the unfortunate tendency to 
change my favourite tunes very often, though, which was why I was looking for 
some external wireless capability (that really means I am too lazy to reload 
the mp3 player with different tunes) :-)
On 15 November 2011 12:56, Erik Goldoff 
mailto:egold...@gmail.com>> wrote:
would it not be easier/simpler/less expensive to just copy music to an MP3 
player and hook to inexpensive external speakers and be done with it ?  Maybe 
not the most elegant high tech solution, but seems to me it would meet your 
requirements.

On Tue, Nov 15, 2011 at 7:51 AM, James Rankin 
mailto:kz2...@googlemail.com>> wrote:
Just moved to a much bigger house and I am trying to revamp all my electronic 
kit. I have a lot of gym equipment in my garage, but I was fancying putting 
some sort of music-playing device into the garage that could connect up to my 
TeraStation and play a selection of music directly from there. Buying a stereo 
and burning a load of mp3s onto a CD/DVD seems s dated now...can anyone 
recommend any devices that might be able to achieve this for me?

I've already got a streaming box linked to the TV that fires 
movies/music/pictures onto the TV which works great, but I doubt I could run a 
cable all the way from the streaming box to the garage (it is a much bigger 
house). Would I need a device to output the music in the garage as well as 
another streaming device? I've been Googling about (probably not very cleverly) 
and I've found plenty stuff that can stream music across to a stereo, but a) I 
don't have a stereo - I used to play all music through my TV, and b) kit like 
SqueezeBox seems fairly expensive. I'm not wanting to spend a great deal of 
money here, quality isn't that important, just need some music in the 
background while I pound the punchbags!

All suggestions gratefully welcomed.


TIA,



JRR


--
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the 
machine wrong figures, will the right answers come out?' I am not able rightly 
to apprehend the kind of confusion of ideas that could provoke such a question."

* IMPORTANT INFORMATION/DISCLAIMER *

This document should be read only by those persons to whom it is addressed. If 
you have received this message it was obviously addressed to you and therefore 
you can read it, even it we didn't mean to send it to you. However, if the 
contents of this email make no sense whatsoever then you probably were not the 
intended recipient, or, alternatively, you are a mindless cretin; either way, 
you should immediately kill yourself and destroy your computer (not necessarily 
in that order). Once you have taken this action, please contact us.. no, sorry, 
you can't use your computer, because you just destroyed it, and possibly also 
committed suicide a

RE: OT: Gadgets

[Maglinger, Paul]

You're looking at this all wrong.  Don't put your gym into the garage, put it 
into your office.
http://www.woodway.com/desktreadmill/desktreadmill.html

-Paul

From: James Rankin [mailto:kz2...@googlemail.com]
Sent: Tuesday, November 15, 2011 7:36 AM
To: NT System Admin Issues
Subject: Re: OT: Gadgets

That's a cool idea, although my experience on the Blackberry isn't a great 
sound (although I did say the quality didn't matter, I know!). It probably 
means more charging of my phone battery though, which was why I was thinking 
around an AC-powered device of some type. I'm betting the Amazon cloud player 
app probably isn't available for the BB as well (although that's just me being 
cynical, I haven't checked). Still food for thought though, cheers

On 15 November 2011 13:27, Al Lilianstrom 
mailto:lilst...@fnal.gov>> wrote:
Smart phone with wireless capability, Amazon cloud player app, and your music 
in the Amazon cloud. Your music is everywhere you have wireless access and no 
hit on your data plan. Works great. I also use it over my 4G connection when 
I'm out walking or when we're doing something like bowling where we want music 
at our lane.

al

--
Al Lilianstrom
CD/LSC/SOS/ES
lilst...@fnal.gov

From: James Rankin [mailto:kz2...@googlemail.com]
Sent: Tuesday, November 15, 2011 7:12 AM
To: NT System Admin Issues
Subject: Re: OT: Gadgets

Yeah, could do that, it is overkill though because I'd then have to fire it up 
and access the playlists etc.

Been Googling about for an mp3-capable wireless home stereo of some sort, but 
I'm not having much luck :-(
On 15 November 2011 13:07, Erik Goldoff 
mailto:egold...@gmail.com>> wrote:
I suppose your other alternative is to bring a wireless laptop to your workout 
dungeon to access your main storage, but that seems overkill to me ( not to 
mention potential risk to the laptop in that workout environment )

On Tue, Nov 15, 2011 at 8:01 AM, James Rankin 
mailto:kz2...@googlemail.com>> wrote:
Sounds fairly decent and straightforward. I have the unfortunate tendency to 
change my favourite tunes very often, though, which was why I was looking for 
some external wireless capability (that really means I am too lazy to reload 
the mp3 player with different tunes) :-)
On 15 November 2011 12:56, Erik Goldoff 
mailto:egold...@gmail.com>> wrote:
would it not be easier/simpler/less expensive to just copy music to an MP3 
player and hook to inexpensive external speakers and be done with it ?  Maybe 
not the most elegant high tech solution, but seems to me it would meet your 
requirements.

On Tue, Nov 15, 2011 at 7:51 AM, James Rankin 
mailto:kz2...@googlemail.com>> wrote:
Just moved to a much bigger house and I am trying to revamp all my electronic 
kit. I have a lot of gym equipment in my garage, but I was fancying putting 
some sort of music-playing device into the garage that could connect up to my 
TeraStation and play a selection of music directly from there. Buying a stereo 
and burning a load of mp3s onto a CD/DVD seems s dated now...can anyone 
recommend any devices that might be able to achieve this for me?

I've already got a streaming box linked to the TV that fires 
movies/music/pictures onto the TV which works great, but I doubt I could run a 
cable all the way from the streaming box to the garage (it is a much bigger 
house). Would I need a device to output the music in the garage as well as 
another streaming device? I've been Googling about (probably not very cleverly) 
and I've found plenty stuff that can stream music across to a stereo, but a) I 
don't have a stereo - I used to play all music through my TV, and b) kit like 
SqueezeBox seems fairly expensive. I'm not wanting to spend a great deal of 
money here, quality isn't that important, just need some music in the 
background while I pound the punchbags!

All suggestions gratefully welcomed.


TIA,



JRR


--
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the 
machine wrong figures, will the right answers come out?' I am not able rightly 
to apprehend the kind of confusion of ideas that could provoke such a question."

* IMPORTANT INFORMATION/DISCLAIMER *

This document should be read only by those persons to whom it is addressed. If 
you have received this message it was obviously addressed to you and therefore 
you can read it, even it we didn't mean to send it to you. However, if the 
contents of this email make no sense whatsoever then you probably were not the 
intended recipient, or, alternatively, you are a mindless cretin; either way, 
you should immediately kill yourself and destroy your computer (not necessarily 
in that order). Once you have taken this action, please contact us.. no, sorry, 
you can't use your computer, because you just destroyed it, and possibly also 
committed suicide afterwards, but I am starting to digress..

The originator of this email is not liable 

RE: OT: Gadgets

[John Cook]

Old laptop with wifi, cheap set of speakers, Google Music

 John W. Cook
System Administrator
Partnership For Strong Families
5950 NW 1st Place
Gainesville, Fl 32607
Office (352) 244-1610
Cell (352) 215-6944
MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4

From: James Rankin [mailto:kz2...@googlemail.com]
Sent: Tuesday, November 15, 2011 8:36 AM
To: NT System Admin Issues
Subject: Re: OT: Gadgets

That's a cool idea, although my experience on the Blackberry isn't a great 
sound (although I did say the quality didn't matter, I know!). It probably 
means more charging of my phone battery though, which was why I was thinking 
around an AC-powered device of some type. I'm betting the Amazon cloud player 
app probably isn't available for the BB as well (although that's just me being 
cynical, I haven't checked). Still food for thought though, cheers

On 15 November 2011 13:27, Al Lilianstrom 
mailto:lilst...@fnal.gov>> wrote:
Smart phone with wireless capability, Amazon cloud player app, and your music 
in the Amazon cloud. Your music is everywhere you have wireless access and no 
hit on your data plan. Works great. I also use it over my 4G connection when 
I'm out walking or when we're doing something like bowling where we want music 
at our lane.

al

--
Al Lilianstrom
CD/LSC/SOS/ES
lilst...@fnal.gov

From: James Rankin [mailto:kz2...@googlemail.com]
Sent: Tuesday, November 15, 2011 7:12 AM
To: NT System Admin Issues
Subject: Re: OT: Gadgets

Yeah, could do that, it is overkill though because I'd then have to fire it up 
and access the playlists etc.

Been Googling about for an mp3-capable wireless home stereo of some sort, but 
I'm not having much luck :-(
On 15 November 2011 13:07, Erik Goldoff 
mailto:egold...@gmail.com>> wrote:
I suppose your other alternative is to bring a wireless laptop to your workout 
dungeon to access your main storage, but that seems overkill to me ( not to 
mention potential risk to the laptop in that workout environment )

On Tue, Nov 15, 2011 at 8:01 AM, James Rankin 
mailto:kz2...@googlemail.com>> wrote:
Sounds fairly decent and straightforward. I have the unfortunate tendency to 
change my favourite tunes very often, though, which was why I was looking for 
some external wireless capability (that really means I am too lazy to reload 
the mp3 player with different tunes) :-)
On 15 November 2011 12:56, Erik Goldoff 
mailto:egold...@gmail.com>> wrote:
would it not be easier/simpler/less expensive to just copy music to an MP3 
player and hook to inexpensive external speakers and be done with it ?  Maybe 
not the most elegant high tech solution, but seems to me it would meet your 
requirements.

On Tue, Nov 15, 2011 at 7:51 AM, James Rankin 
mailto:kz2...@googlemail.com>> wrote:
Just moved to a much bigger house and I am trying to revamp all my electronic 
kit. I have a lot of gym equipment in my garage, but I was fancying putting 
some sort of music-playing device into the garage that could connect up to my 
TeraStation and play a selection of music directly from there. Buying a stereo 
and burning a load of mp3s onto a CD/DVD seems s dated now...can anyone 
recommend any devices that might be able to achieve this for me?

I've already got a streaming box linked to the TV that fires 
movies/music/pictures onto the TV which works great, but I doubt I could run a 
cable all the way from the streaming box to the garage (it is a much bigger 
house). Would I need a device to output the music in the garage as well as 
another streaming device? I've been Googling about (probably not very cleverly) 
and I've found plenty stuff that can stream music across to a stereo, but a) I 
don't have a stereo - I used to play all music through my TV, and b) kit like 
SqueezeBox seems fairly expensive. I'm not wanting to spend a great deal of 
money here, quality isn't that important, just need some music in the 
background while I pound the punchbags!

All suggestions gratefully welcomed.


TIA,



JRR


--
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the 
machine wrong figures, will the right answers come out?' I am not able rightly 
to apprehend the kind of confusion of ideas that could provoke such a question."

* IMPORTANT INFORMATION/DISCLAIMER *

This document should be read only by those persons to whom it is addressed. If 
you have received this message it was obviously addressed to you and therefore 
you can read it, even it we didn't mean to send it to you. However, if the 
contents of this email make no sense whatsoever then you probably were not the 
intended recipient, or, alternatively, you are a mindless cretin; either way, 
you should immediately kill yourself and destroy your computer (not necessarily 
in that order). Once you have taken this action, please contact us.. no, sorry, 
you can't use your computer, because you just destroyed it, and possibly also 
committed 

RE: OT: Gadgets

[Simon Butler]

Why don't you pick up a Squeezebox Classic from eBay and then hook it up to a 
cheap stereo? That is what I did. The old stereo I had as teenager got a new 
lease of life because it had phono ports. The CD and tape deck became redundant 
years ago.
Just make sure you get the wireless and not the wired one. Logitech still 
provide software support for the older devices, so you will be able to use the 
latest version of their software on whatever the host machine is.

If you can find the older version of the Squeeze center software then you can 
even control the device using your Blackberry over the wireless network!

Simon.

From: James Rankin [mailto:kz2...@googlemail.com]
Sent: 15 November 2011 13:41
To: NT System Admin Issues
Subject: Re: OT: Gadgets

That's a cool idea, although my experience on the Blackberry isn't a great 
sound (although I did say the quality didn't matter, I know!). It probably 
means more charging of my phone battery though, which was why I was thinking 
around an AC-powered device of some type. I'm betting the Amazon cloud player 
app probably isn't available for the BB as well (although that's just me being 
cynical, I haven't checked). Still food for thought though, cheers

On 15 November 2011 13:27, Al Lilianstrom 
mailto:lilst...@fnal.gov>> wrote:
Smart phone with wireless capability, Amazon cloud player app, and your music 
in the Amazon cloud. Your music is everywhere you have wireless access and no 
hit on your data plan. Works great. I also use it over my 4G connection when 
I'm out walking or when we're doing something like bowling where we want music 
at our lane.

al

--
Al Lilianstrom
CD/LSC/SOS/ES
lilst...@fnal.gov

From: James Rankin [mailto:kz2...@googlemail.com]
Sent: Tuesday, November 15, 2011 7:12 AM
To: NT System Admin Issues
Subject: Re: OT: Gadgets

Yeah, could do that, it is overkill though because I'd then have to fire it up 
and access the playlists etc.

Been Googling about for an mp3-capable wireless home stereo of some sort, but 
I'm not having much luck :-(
On 15 November 2011 13:07, Erik Goldoff 
mailto:egold...@gmail.com>> wrote:
I suppose your other alternative is to bring a wireless laptop to your workout 
dungeon to access your main storage, but that seems overkill to me ( not to 
mention potential risk to the laptop in that workout environment )

On Tue, Nov 15, 2011 at 8:01 AM, James Rankin 
mailto:kz2...@googlemail.com>> wrote:
Sounds fairly decent and straightforward. I have the unfortunate tendency to 
change my favourite tunes very often, though, which was why I was looking for 
some external wireless capability (that really means I am too lazy to reload 
the mp3 player with different tunes) :-)
On 15 November 2011 12:56, Erik Goldoff 
mailto:egold...@gmail.com>> wrote:
would it not be easier/simpler/less expensive to just copy music to an MP3 
player and hook to inexpensive external speakers and be done with it ?  Maybe 
not the most elegant high tech solution, but seems to me it would meet your 
requirements.

On Tue, Nov 15, 2011 at 7:51 AM, James Rankin 
mailto:kz2...@googlemail.com>> wrote:
Just moved to a much bigger house and I am trying to revamp all my electronic 
kit. I have a lot of gym equipment in my garage, but I was fancying putting 
some sort of music-playing device into the garage that could connect up to my 
TeraStation and play a selection of music directly from there. Buying a stereo 
and burning a load of mp3s onto a CD/DVD seems s dated now...can anyone 
recommend any devices that might be able to achieve this for me?

I've already got a streaming box linked to the TV that fires 
movies/music/pictures onto the TV which works great, but I doubt I could run a 
cable all the way from the streaming box to the garage (it is a much bigger 
house). Would I need a device to output the music in the garage as well as 
another streaming device? I've been Googling about (probably not very cleverly) 
and I've found plenty stuff that can stream music across to a stereo, but a) I 
don't have a stereo - I used to play all music through my TV, and b) kit like 
SqueezeBox seems fairly expensive. I'm not wanting to spend a great deal of 
money here, quality isn't that important, just need some music in the 
background while I pound the punchbags!

All suggestions gratefully welcomed.


TIA,



JRR


--
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the 
machine wrong figures, will the right answers come out?' I am not able rightly 
to apprehend the kind of confusion of ideas that could provoke such a question."

* IMPORTANT INFORMATION/DISCLAIMER *

This document should be read only by those persons to whom it is addressed. If 
you have received this message it was obviously addressed to you and therefore 
you can read it, even it we didn't mean to send it to you. However, if the 
contents of this email make no sense whatsoever th

Re: OT: Gadgets

[Kevin Lundy]

The WD TV live can stream from a single file share and output to any
amp.  I do that over powerline ethernet.  Get the Plus version with a
drive and it can synchronize the files locally.

On 11/15/11, James Rankin  wrote:
> Yeah, could do that, it is overkill though because I'd then have to fire it
> up and access the playlists etc.
>
> Been Googling about for an mp3-capable wireless home stereo of some sort,
> but I'm not having much luck :-(
>
> On 15 November 2011 13:07, Erik Goldoff  wrote:
>
>> I suppose your other alternative is to bring a wireless laptop to your
>> workout dungeon to access your main storage, but that seems overkill to me
>> ( not to mention potential risk to the laptop in that workout environment
>> )
>>
>>
>> On Tue, Nov 15, 2011 at 8:01 AM, James Rankin
>> wrote:
>>
>>> Sounds fairly decent and straightforward. I have the unfortunate tendency
>>> to change my favourite tunes very often, though, which was why I was
>>> looking for some external wireless capability (that really means I am too
>>> lazy to reload the mp3 player with different tunes) :-)
>>>
>>> On 15 November 2011 12:56, Erik Goldoff  wrote:
>>>
 would it not be easier/simpler/less expensive to just copy music to an
 MP3 player and hook to inexpensive external speakers and be done with it
 ?
 Maybe not the most elegant high tech solution, but seems to me it would
 meet your requirements.


 On Tue, Nov 15, 2011 at 7:51 AM, James Rankin
 wrote:

> Just moved to a much bigger house and I am trying to revamp all my
> electronic kit. I have a lot of gym equipment in my garage, but I was
> fancying putting some sort of music-playing device into the garage that
> could connect up to my TeraStation and play a selection of music
> directly
> from there. Buying a stereo and burning a load of mp3s onto a CD/DVD
> seems
> s dated now...can anyone recommend any devices that might be able
> to
> achieve this for me?
>
> I've already got a streaming box linked to the TV that fires
> movies/music/pictures onto the TV which works great, but I doubt I
> could
> run a cable all the way from the streaming box to the garage (it is a
> much
> bigger house). Would I need a device to output the music in the garage
> as
> well as another streaming device? I've been Googling about (probably
> not
> very cleverly) and I've found plenty stuff that can stream music across
> to
> a stereo, but a) I don't have a stereo - I used to play all music
> through
> my TV, and b) kit like SqueezeBox seems fairly expensive. I'm not
> wanting
> to spend a great deal of money here, quality isn't that important, just
> need some music in the background while I pound the punchbags!
>
> All suggestions gratefully welcomed.
>
>
> TIA,
>
>
>
> JRR
>
>
> --
> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put
> into the machine wrong figures, will the right answers come out?' I am
> not
> able rightly to apprehend the kind of confusion of ideas that could
> provoke
> such a question."
>
> ** IMPORTANT INFORMATION/DISCLAIMER *
>
> This document should be read only by those persons to whom it is
> addressed. If you have received this message it was obviously addressed
> to
> you and therefore you can read it, even it we didn't mean to send it to
> you. However, if the contents of this email make no sense whatsoever
> then
> you probably were not the intended recipient, or, alternatively, you
> are a
> mindless cretin; either way, you should immediately kill yourself and
> destroy your computer (not necessarily in that order). Once you have
> taken
> this action, please contact us.. no, sorry, you can't use your
> computer,
> because you just destroyed it, and possibly also committed suicide
> afterwards, but I am starting to digress.. *
>
> *The originator of this email is not liable for the transmission of
> the information contained in this communication. Or are they? Either
> way
> it's a pretty dull legal query and frankly one I'm not going to dwell
> on.
> But should you have nothing better to do, please feel free to ruminate
> on
> it, and please pass on any concrete conclusions should you find them.
> However, if you pass them on via email, be sure to include a disclaimer
> regarding liability for transmission.
> *
>
> *In the event that the originator did not send this email to you, then
> please return it to us and attach a scanned-in picture of your mother's
> brother's wife wearing nothing but a kangaroo suit, and we will
> immediately
> refund you exactly half of what you paid for the can of Whiskas you
> bought
> when you went to Pets** **At Home yest

Re: Gadgets

[Pete Howard]

Im in the same boat and looking at eventually hooking up the whole house with a 
sonos or squeezebox to stream music everywhere. For now, I use an ipad with a 
klipsch docking station to get pretty good output. Then launch pandora, itunes, 
slacker, last.fm, spotify or stream mp3 from your PC or NAS. I use a synology 
NAS that doubles as an itunes server, media server etc and it does a good job. 





From: James Rankin 
To: NT System Admin Issues 
Sent: Tuesday, November 15, 2011 8:36 AM
Subject: Re: Gadgets


Cheers! Now I just have to keep enough work coming in to pay for it :-0


On 15 November 2011 13:26, John Hornbuckle  
wrote:

No advice on the gadgets, but congrats on the housing upgrade!
> 
>:)
> 
> 
>John
> 
> 
> 
>From:James Rankin [mailto:kz2...@googlemail.com] 
>Sent: Tuesday, November 15, 2011 7:52 AM
>To: NT System Admin Issues
>Subject: OT: Gadgets
> 
>Just moved to a much bigger house and I am trying to revamp all my electronic 
>kit. I have a lot of gym equipment in my garage, but I was fancying putting 
>some sort of music-playing device into the garage that could connect up to my 
>TeraStation and play a selection of music directly from there. Buying a stereo 
>and burning a load of mp3s onto a CD/DVD seems s dated now...can anyone 
>recommend any devices that might be able to achieve this for me?
> 
>I've already got a streaming box linked to the TV that fires 
>movies/music/pictures onto the TV which works great, but I doubt I could run a 
>cable all the way from the streaming box to the garage (it is a much bigger 
>house). Would I need a device to output the music in the garage as well as 
>another streaming device? I've been Googling about (probably not very 
>cleverly) and I've found plenty stuff that can stream music across to a 
>stereo, but a) I don't have a stereo - I used to play all music through my TV, 
>and b) kit like SqueezeBox seems fairly expensive. I'm not wanting to spend a 
>great deal of money here, quality isn't that important, just need some music 
>in the background while I pound the punchbags!
> 
>All suggestions gratefully welcomed.
> 
> 
>TIA,
> 
> 
> 
>JRR
> 
> 
>-- 
>"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the 
>machine wrong figures, will the right answers come out?' I am not able rightly 
>to apprehend the kind of confusion of ideas that could provoke such a 
>question."
>
>* IMPORTANT INFORMATION/DISCLAIMER *
>
>This document should be read only by those persons to whom it is addressed. If 
>you have received this message it was obviously addressed to you and therefore 
>you can read it, even it we didn't mean to send it to you. However, if the 
>contents of this email make no sense whatsoever then you probably were not the 
>intended recipient, or, alternatively, you are a mindless cretin; either way, 
>you should immediately kill yourself and destroy your computer (not 
>necessarily in that order). Once you have taken this action, please contact 
>us.. no, sorry, you can't use your computer, because you just destroyed it, 
>and possibly also committed suicide afterwards, but I am starting to 
>digress.. 
>The originator of this email is not liable for the transmission of the 
>information contained in this communication. Or are they? Either way it's a 
>pretty dull legal query and frankly one I'm not going to dwell on. But should 
>you have nothing better to do, please feel free to ruminate on it, and please 
>pass on any concrete conclusions should you find them. However, if you pass 
>them on via email, be sure to include a disclaimer regarding liability for 
>transmission.
>In the event that the originator did not send this email to you, then please 
>return it to us and attach a scanned-in picture of your mother's brother's 
>wife wearing nothing but a kangaroo suit, and we will immediately refund you 
>exactly half of what you paid for the can of Whiskas you bought when you went 
>to Pets At Home yesterday. 
>We take no responsibility for non-receipt of this email because we are running 
>Exchange 5.5 and everyone knows how glitchy that can be. In the event that you 
>do get this message then please note that we take no responsibility for that 
>either. Nor will we accept any liability, tacit or implied, for any damage you 
>may or may not incur as a result of receiving, or not, as the case may be, 
>from time to time, notwithstanding all liabilities implied or otherwise, ummm, 
>hell, where was I...umm, no matter what happens, it is NOT, and NEVER WILL BE, 
>OUR FAULT! 
>The comments and opinions expressed herein are my own and NOT those of my 
>employer, who, if he knew I was sending emails and surfing the seamier side of 
>the Internet, would cut off my manhood and feed it to me for afternoon tea. 
> 
>~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>~   ~
>
>---
>To manage subscription

Re: OT: Gadgets

[Gary Slinger]

Airport Express (~$50) coupled to an iHome mini speaker (~$20).   Done.
Cheap, portable, reusable kit if you decide to upscale later on.

On Tue, Nov 15, 2011 at 7:51 AM, James Rankin  wrote:

> Just moved to a much bigger house and I am trying to revamp all my
> electronic kit. I have a lot of gym equipment in my garage, but I was
> fancying putting some sort of music-playing device into the garage that
> could connect up to my TeraStation and play a selection of music directly
> from there. Buying a stereo and burning a load of mp3s onto a CD/DVD seems
> s dated now...can anyone recommend any devices that might be able to
> achieve this for me?
>
> I've already got a streaming box linked to the TV that fires
> movies/music/pictures onto the TV which works great, but I doubt I could
> run a cable all the way from the streaming box to the garage (it is a much
> bigger house). Would I need a device to output the music in the garage as
> well as another streaming device? I've been Googling about (probably not
> very cleverly) and I've found plenty stuff that can stream music across to
> a stereo, but a) I don't have a stereo - I used to play all music through
> my TV, and b) kit like SqueezeBox seems fairly expensive. I'm not wanting
> to spend a great deal of money here, quality isn't that important, just
> need some music in the background while I pound the punchbags!
>
> All suggestions gratefully welcomed.
>
>
> TIA,
>
>
>
> JRR
>
>
> --
> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
> the machine wrong figures, will the right answers come out?' I am not able
> rightly to apprehend the kind of confusion of ideas that could provoke such
> a question."
>
> ** IMPORTANT INFORMATION/DISCLAIMER *
>
> This document should be read only by those persons to whom it is
> addressed. If you have received this message it was obviously addressed to
> you and therefore you can read it, even it we didn't mean to send it to
> you. However, if the contents of this email make no sense whatsoever then
> you probably were not the intended recipient, or, alternatively, you are a
> mindless cretin; either way, you should immediately kill yourself and
> destroy your computer (not necessarily in that order). Once you have taken
> this action, please contact us.. no, sorry, you can't use your computer,
> because you just destroyed it, and possibly also committed suicide
> afterwards, but I am starting to digress.. *
>
> *The originator of this email is not liable for the transmission of the
> information contained in this communication. Or are they? Either way it's a
> pretty dull legal query and frankly one I'm not going to dwell on. But
> should you have nothing better to do, please feel free to ruminate on it,
> and please pass on any concrete conclusions should you find them. However,
> if you pass them on via email, be sure to include a disclaimer regarding
> liability for transmission.
> *
>
> *In the event that the originator did not send this email to you, then
> please return it to us and attach a scanned-in picture of your mother's
> brother's wife wearing nothing but a kangaroo suit, and we will immediately
> refund you exactly half of what you paid for the can of Whiskas you bought
> when you went to Pets** **At Home yesterday. *
>
> *We take no responsibility for non-receipt of this email because we are
> running Exchange 5.5 and everyone knows how glitchy that can be. In the
> event that you do get this message then please note that we take no
> responsibility for that either. Nor will we accept any liability, tacit or
> implied, for any damage you may or may not incur as a result of receiving,
> or not, as the case may be, from time to time, notwithstanding all
> liabilities implied or otherwise, ummm, hell, where was I...umm, no matter
> what happens, it is NOT, and NEVER WILL BE, OUR FAULT! *
>
> *The comments and opinions expressed herein are my own and NOT those of
> my employer, who, if he knew I was sending emails and surfing the seamier
> side of the Internet, would cut off my manhood and feed it to me for
> afternoon tea. *
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>



-- 
Gary K. Slinger
Voice: 727-475-1947 // gChat gary.slin...@gmail.com // Skype: garyslinger
Profile: http://www.linkedin.com/in/garyslinger

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: OT: Gadgets

[N Parr]

Just go all out, hang a touch screen PC on the wall and use media center.  Mine 
doubles as a video player for movies or the slingbox to the projector that 
points out the window to the screen on the patio.  Output the audio to an old 
stereo and you're good go.  If wifi won't cut it use a powerline adapter, they 
work great, use them for a couple surveillance camera's.
http://www.buy.com/prod/zyxel-pla401v3-homeplug-av-200-mbps-powerline-wall-plug-adapter/214413913.html


From: Gary Slinger [mailto:gary.slin...@gmail.com]
Sent: Tuesday, November 15, 2011 8:19 AM
To: NT System Admin Issues
Subject: Re: OT: Gadgets

Airport Express (~$50) coupled to an iHome mini speaker (~$20).   Done.   
Cheap, portable, reusable kit if you decide to upscale later on.

On Tue, Nov 15, 2011 at 7:51 AM, James Rankin 
mailto:kz2...@googlemail.com>> wrote:
Just moved to a much bigger house and I am trying to revamp all my electronic 
kit. I have a lot of gym equipment in my garage, but I was fancying putting 
some sort of music-playing device into the garage that could connect up to my 
TeraStation and play a selection of music directly from there. Buying a stereo 
and burning a load of mp3s onto a CD/DVD seems s dated now...can anyone 
recommend any devices that might be able to achieve this for me?

I've already got a streaming box linked to the TV that fires 
movies/music/pictures onto the TV which works great, but I doubt I could run a 
cable all the way from the streaming box to the garage (it is a much bigger 
house). Would I need a device to output the music in the garage as well as 
another streaming device? I've been Googling about (probably not very cleverly) 
and I've found plenty stuff that can stream music across to a stereo, but a) I 
don't have a stereo - I used to play all music through my TV, and b) kit like 
SqueezeBox seems fairly expensive. I'm not wanting to spend a great deal of 
money here, quality isn't that important, just need some music in the 
background while I pound the punchbags!

All suggestions gratefully welcomed.


TIA,



JRR


--
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the 
machine wrong figures, will the right answers come out?' I am not able rightly 
to apprehend the kind of confusion of ideas that could provoke such a question."

* IMPORTANT INFORMATION/DISCLAIMER *

This document should be read only by those persons to whom it is addressed. If 
you have received this message it was obviously addressed to you and therefore 
you can read it, even it we didn't mean to send it to you. However, if the 
contents of this email make no sense whatsoever then you probably were not the 
intended recipient, or, alternatively, you are a mindless cretin; either way, 
you should immediately kill yourself and destroy your computer (not necessarily 
in that order). Once you have taken this action, please contact us.. no, sorry, 
you can't use your computer, because you just destroyed it, and possibly also 
committed suicide afterwards, but I am starting to digress..

The originator of this email is not liable for the transmission of the 
information contained in this communication. Or are they? Either way it's a 
pretty dull legal query and frankly one I'm not going to dwell on. But should 
you have nothing better to do, please feel free to ruminate on it, and please 
pass on any concrete conclusions should you find them. However, if you pass 
them on via email, be sure to include a disclaimer regarding liability for 
transmission.

In the event that the originator did not send this email to you, then please 
return it to us and attach a scanned-in picture of your mother's brother's wife 
wearing nothing but a kangaroo suit, and we will immediately refund you exactly 
half of what you paid for the can of Whiskas you bought when you went to Pets 
At Home yesterday.

We take no responsibility for non-receipt of this email because we are running 
Exchange 5.5 and everyone knows how glitchy that can be. In the event that you 
do get this message then please note that we take no responsibility for that 
either. Nor will we accept any liability, tacit or implied, for any damage you 
may or may not incur as a result of receiving, or not, as the case may be, from 
time to time, notwithstanding all liabilities implied or otherwise, ummm, hell, 
where was I...umm, no matter what happens, it is NOT, and NEVER WILL BE, OUR 
FAULT!

The comments and opinions expressed herein are my own and NOT those of my 
employer, who, if he knew I was sending emails and surfing the seamier side of 
the Internet, would cut off my manhood and feed it to me for afternoon tea.



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftwar

RE: OT: Gadgets

[N Parr]

Just noticed today's woot.com, it may work well also.


From: Gary Slinger [mailto:gary.slin...@gmail.com]
Sent: Tuesday, November 15, 2011 8:19 AM
To: NT System Admin Issues
Subject: Re: OT: Gadgets

Airport Express (~$50) coupled to an iHome mini speaker (~$20).   Done.   
Cheap, portable, reusable kit if you decide to upscale later on.

On Tue, Nov 15, 2011 at 7:51 AM, James Rankin 
mailto:kz2...@googlemail.com>> wrote:
Just moved to a much bigger house and I am trying to revamp all my electronic 
kit. I have a lot of gym equipment in my garage, but I was fancying putting 
some sort of music-playing device into the garage that could connect up to my 
TeraStation and play a selection of music directly from there. Buying a stereo 
and burning a load of mp3s onto a CD/DVD seems s dated now...can anyone 
recommend any devices that might be able to achieve this for me?

I've already got a streaming box linked to the TV that fires 
movies/music/pictures onto the TV which works great, but I doubt I could run a 
cable all the way from the streaming box to the garage (it is a much bigger 
house). Would I need a device to output the music in the garage as well as 
another streaming device? I've been Googling about (probably not very cleverly) 
and I've found plenty stuff that can stream music across to a stereo, but a) I 
don't have a stereo - I used to play all music through my TV, and b) kit like 
SqueezeBox seems fairly expensive. I'm not wanting to spend a great deal of 
money here, quality isn't that important, just need some music in the 
background while I pound the punchbags!

All suggestions gratefully welcomed.


TIA,



JRR


--
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the 
machine wrong figures, will the right answers come out?' I am not able rightly 
to apprehend the kind of confusion of ideas that could provoke such a question."

* IMPORTANT INFORMATION/DISCLAIMER *

This document should be read only by those persons to whom it is addressed. If 
you have received this message it was obviously addressed to you and therefore 
you can read it, even it we didn't mean to send it to you. However, if the 
contents of this email make no sense whatsoever then you probably were not the 
intended recipient, or, alternatively, you are a mindless cretin; either way, 
you should immediately kill yourself and destroy your computer (not necessarily 
in that order). Once you have taken this action, please contact us.. no, sorry, 
you can't use your computer, because you just destroyed it, and possibly also 
committed suicide afterwards, but I am starting to digress..

The originator of this email is not liable for the transmission of the 
information contained in this communication. Or are they? Either way it's a 
pretty dull legal query and frankly one I'm not going to dwell on. But should 
you have nothing better to do, please feel free to ruminate on it, and please 
pass on any concrete conclusions should you find them. However, if you pass 
them on via email, be sure to include a disclaimer regarding liability for 
transmission.

In the event that the originator did not send this email to you, then please 
return it to us and attach a scanned-in picture of your mother's brother's wife 
wearing nothing but a kangaroo suit, and we will immediately refund you exactly 
half of what you paid for the can of Whiskas you bought when you went to Pets 
At Home yesterday.

We take no responsibility for non-receipt of this email because we are running 
Exchange 5.5 and everyone knows how glitchy that can be. In the event that you 
do get this message then please note that we take no responsibility for that 
either. Nor will we accept any liability, tacit or implied, for any damage you 
may or may not incur as a result of receiving, or not, as the case may be, from 
time to time, notwithstanding all liabilities implied or otherwise, ummm, hell, 
where was I...umm, no matter what happens, it is NOT, and NEVER WILL BE, OUR 
FAULT!

The comments and opinions expressed herein are my own and NOT those of my 
employer, who, if he knew I was sending emails and surfing the seamier side of 
the Internet, would cut off my manhood and feed it to me for afternoon tea.



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



--
Gary K. Slinger
Voice: 727-475-1947 // gChat 
gary.slin...@gmail.com // Skype: garyslinger
Profile: http://www.linkedin.com/in/garyslinger


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscri

Re: OT - converting a VMware VM back to a physical box

[Mike Leone]

On 11/14/2011 7:52 PM, Crawford, Scott wrote:

Your general plan sounds decent and, as other have mentioned, your concerns 
could probably be overcome with a pre-sysprep snapshot. But, why not go a step 
further and create a copy of the .vmdk file and try the migration with that 
while the original sits safely turned off?


I thought of that - trying it out on a clone of the production machine. 
That way, if it fails, I can power the original backup. The problem is 
the sysprep - if I do this (and that's the recommended way, even by 
VMware), then even trying the attempts will fubar up the SID, and I 
won't be able to power on the old machine and have it Just Work, as it's 
SID won't match the domain SID.


Doing the BMR should keep the same SID, which would be restored with the 
backup, so if it didn't work as a physical machine, I could still power 
the VM back up.


My boss thinks we should do the BMR, and - if we had to - do a Windows 
repair installation on the physical machine, giving it whatever drivers 
it wants. And if needed, remove from domain and re-join.


While I also think that *should* work, what happens if I'm wrong? I 
wouldn't have any fall back, as the VM won't work due to SID changes 
during the domain removal/re-join. And while a domain removal/re-join 
should have no impact on the application ... what if we're wrong, and it 
does have some freaky weird effect? I have nowhere to go at that point ...


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: OT - converting a VMware VM back to a physical box

[Mike Leone]

On 11/14/2011 10:20 PM, Benjamin Zachary wrote:

In the past years back, we would install the driver controller (Raid/HP/Dell
etc) into the 2000/2003 vm, then ghost it from VM to physical. Usually this
got us at least into booting and then re-detected all the new hardware ,
several reboots later we were okay (drivers loading, rebooting etc). if any
issues you just turn the vm back on , having the drivers loaded doesn't
matter.


Hmmm  pre-installing disk and NIC drivers into the currently running 
VM first. There's an idea .. and you didn't sysprep first?


How did you "ghost it from VM to physical"? We don't have an Enterprise 
version of Ghost, or a Ghost server.


Platespin comes to mind ... for p2v and v2p ... Symantec made a similar
product in the early days I don't know if it still exists. I think its built
into Backup Exec today.


There will be no budget for any purchases. Yes, I've asked. Repeatedly ...


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: OT - converting a VMware VM back to a physical box

[Graeme Carstairs]

We have use Platespin to migrate from P2P and P2V, and V2P before.

Nice and easy and depending on the server setup, old one stays live, until
new one starts last quick sync and new one is live, exactly as the old one
was.

Simples

Graeme


On 15 November 2011 14:56, Mike Leone  wrote:

> On 11/14/2011 7:52 PM, Crawford, Scott wrote:
>
>> Your general plan sounds decent and, as other have mentioned, your
>> concerns could probably be overcome with a pre-sysprep snapshot. But, why
>> not go a step further and create a copy of the .vmdk file and try the
>> migration with that while the original sits safely turned off?
>>
>
> I thought of that - trying it out on a clone of the production machine.
> That way, if it fails, I can power the original backup. The problem is the
> sysprep - if I do this (and that's the recommended way, even by VMware),
> then even trying the attempts will fubar up the SID, and I won't be able to
> power on the old machine and have it Just Work, as it's SID won't match the
> domain SID.
>
> Doing the BMR should keep the same SID, which would be restored with the
> backup, so if it didn't work as a physical machine, I could still power the
> VM back up.
>
> My boss thinks we should do the BMR, and - if we had to - do a Windows
> repair installation on the physical machine, giving it whatever drivers it
> wants. And if needed, remove from domain and re-join.
>
> While I also think that *should* work, what happens if I'm wrong? I
> wouldn't have any fall back, as the VM won't work due to SID changes during
> the domain removal/re-join. And while a domain removal/re-join should have
> no impact on the application ... what if we're wrong, and it does have some
> freaky weird effect? I have nowhere to go at that point ...
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ 
> 
> **>  ~
>
> ---
> To manage subscriptions click here: http://lyris.sunbelt-software.**
> com/read/my_forums/ 
> or send an email to 
> listmanager@lyris.**sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>



-- 
Good news everyone, you have just received an e-mail from me!

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: OT - converting a VMware VM back to a physical box

[Mike Leone]

On 11/15/2011 10:08 AM, Kennedy, Jim wrote:
>
> It really sounds like this app server is very mission critical. 
> Restore one of your DC’s to a test domain. Seize all the rolls, 
> metadata cleanup for all the missing DC’s. Copy your VM over to that 
> domain, bring it up and test both plans.
>

I have a test domain. But it's a virtual one, and not accessible to any 
machine on my production network (it's all one a private switch on one 
ESX server). So I can't test it that way, as the test domain can not 
reach out to my backup server to do the BMR, therefore I can't duplicate 
the methods appropriately.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: OT - converting a VMware VM back to a physical box

[Mike Leone]

On 11/15/2011 10:12 AM, Graeme Carstairs wrote:

We have use Platespin to migrate from P2P and P2V, and V2P before.


There will be no software purchases for this project. I have asked; it 
won't happen. So any recommended methods utilizing them won't help me, 
unfortunately ...



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: OT - converting a VMware VM back to a physical box

[Kennedy, Jim]

Couldn’t you copy over the VM to your test domain and at least test your plan 
and prove it would work, or not.

From: Mike Leone [mailto:oozerd...@gmail.com]
Sent: Tuesday, November 15, 2011 10:22 AM
To: NT System Admin Issues
Subject: Re: OT - converting a VMware VM back to a physical box

On 11/15/2011 10:08 AM, Kennedy, Jim wrote:

It really sounds like this app server is very mission critical. Restore one of 
your DC’s to a test domain. Seize all the rolls, metadata cleanup for all the 
missing DC’s. Copy your VM over to that domain, bring it up and test both plans.

I have a test domain. But it's a virtual one, and not accessible to any machine 
on my production network (it's all one a private switch on one ESX server). So 
I can't test it that way, as the test domain can not reach out to my backup 
server to do the BMR, therefore I can't duplicate the methods appropriately.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Whitelisting Pros & Cons?

[Joseph Heaton]

Would it be better to have a tool that only does whitelisting, or a software 
more like Viewfinity, where you can do both white and black lists, and also 
elevate permissions for applications that aren't on either list, but are needed 
by a few people, which wouldn't warrant putting it on the whitelist?

>>> Stu Sjouwerman  11/14/2011 2:16 PM >>>

Thanks Micheal. Anyone experience with any of the Whitelisting products in this 
InfoWorld Review?
 
http://www.infoworld.com/d/security-central/test-center-review-whitelisting-security-offers-salvation-835?
 
 

Bit9 Parity Suite 5.01
10
8
9
9
10
9.4
EXCELLENT

30%
15%
25%
10%
20%

CoreTrace Bouncer 5
9
9
9
8
9
8.9
VERY GOOD

30%
15%
25%
10%
20%

Lumension Application Control
8
9
8
9
9
8.5
VERY GOOD

30%
15%
25%
10%
20%

McAfee Application Control 5.0
9
9
9
8
8
8.7
VERY GOOD

30%
15%
25%
10%
20%

SignaCert Enterprise Trust Services 3.0

 
 
 
From:Micheal Espinola Jr [mailto:michealespin...@gmail.com] 
Sent: Monday, November 14, 2011 5:10 PM
To: NT System Admin Issues
Subject: Re: Whitelisting Pros & Cons?
 
Whitelisting is the future IMHO.  You cant trust anything anymore.  Faith 
doesnt cut it.  You have to protect yourself and your assets, and whitelisting 
is the best way to do it.

--
Espi
 
 



On Mon, Nov 14, 2011 at 8:48 AM, Stu Sjouwerman  
wrote:
I'm referring to Whitelisting in the context of security.  About 10 years ago, 
the ratio
"Good code" versus malware was perhaps 90 good 10 bad.  In that scenario, it 
makes
sense to keep the bad code out. But over the last 10 years, with automated 
malware
variant generation, the tables have turned, and there is actually more malware 
than
good code out there. So in -that- scenario it might make sense to only allow 
"good code"
and implement application control. Only that which is allowed, will run.

I'd like your feedback - input - discussion on this !

Warm regards,

Stu


-Original Message-
From: Matthew W. Ross [mailto:mr...@ephrataschools.org] 
Sent: Monday, November 14, 2011 11:22 AM
To: NT System Admin Issues

Subject: Re: Whitelisting Pros & Cons?

Are you asking about web content filtering, email filtering, or some other type 
of "whitelisting?"


--Matt Ross
Ephrata School District


- Original Message -
From: Stu Sjouwerman
[mailto:s...@sunbelt-software.com] 
To: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com] 
Sent: Mon, 14 Nov 2011
08:14:57 -0800
Subject: Whitelisting Pros & Cons?


> Guys, I am writing an article for WServerNews, and would like your
> public input.
>
> What is your experience with Whitelisting, which products you
> tried/use, and what experience you are having with this, likes and hates are 
> all welcome !!
>
> Warm regards,
>
> Stu
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/ 
> or send an email to listmana...@lyris.sunbeltsoftware.com 
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/ 
or send an email to listmana...@lyris.sunbeltsoftware.com 
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/ 
or send an email to listmana...@lyris.sunbeltsoftware.com 
with the body: unsubscribe ntsysadmin

 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/ 
or send an email to listmana...@lyris.sunbeltsoftware.com 
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/ 
or send an email to listmana...@lyris.sunbeltsoftware.com 
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: OT - converting a VMware VM back to a physical box

[Mike Leone]

On 11/15/2011 10:23 AM, Kennedy, Jim wrote:
>
> Couldn’t you copy over the VM to your test domain and at least test 
> your plan and prove it would work, or not.
>

No. Because the VM hardware wouldn't have changed. The worry is getting 
the VM to boot on the completely different hardware in the physical box, 
as opposed to the VM. Effectively speaking, this is a more like a 
Disaster Recovery Bare Metal Recovery to dissimilar hardware. If I just 
clone the VM to the new ESX server, even changing the virtual hardware 
list won't guarantee to be a valid test, because I don't know if I can 
change all the vhardware (motherboard, etc) that will be part of the 
change from VM to physical.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: OT: Gadgets

[Bill Humphries]

Just be aware that the airport express ties you to itunes.  otherwise it 
is awesome.


Gary Slinger wrote:
Airport Express (~$50) coupled to an iHome mini speaker (~$20).   
Done.   Cheap, portable, reusable kit if you decide to upscale later on.


On Tue, Nov 15, 2011 at 7:51 AM, James Rankin > wrote:


Just moved to a much bigger house and I am trying to revamp all my
electronic kit. I have a lot of gym equipment in my garage, but I
was fancying putting some sort of music-playing device into the
garage that could connect up to my TeraStation and play a
selection of music directly from there. Buying a stereo and
burning a load of mp3s onto a CD/DVD seems s dated now...can
anyone recommend any devices that might be able to achieve this
for me?
 
I've already got a streaming box linked to the TV that fires

movies/music/pictures onto the TV which works great, but I doubt I
could run a cable all the way from the streaming box to the garage
(it is a much bigger house). Would I need a device to output the
music in the garage as well as another streaming device? I've been
Googling about (probably not very cleverly) and I've found plenty
stuff that can stream music across to a stereo, but a) I don't
have a stereo - I used to play all music through my TV, and b) kit
like SqueezeBox seems fairly expensive. I'm not wanting to spend a
great deal of money here, quality isn't that important, just need
some music in the background while I pound the punchbags!
 
All suggestions gratefully welcomed.
 
 
TIA,
 
 
 
JRR
 
 
-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you

put into the machine wrong figures, will the right answers come
out?' I am not able rightly to apprehend the kind of confusion of
ideas that could provoke such a question."

** IMPORTANT INFORMATION/DISCLAIMER *

This document should be read only by those persons to whom it is
addressed. If you have received this message it was obviously
addressed to you and therefore you can read it, even it we didn't
mean to send it to you. However, if the contents of this email
make no sense whatsoever then you probably were not the intended
recipient, or, alternatively, you are a mindless cretin; either
way, you should immediately kill yourself and destroy your
computer (not necessarily in that order). Once you have taken this
action, please contact us.. no, sorry, you can't use your
computer, because you just destroyed it, and possibly also
committed suicide afterwards, but I am starting to digress.. *

*The originator of this email is not liable for the transmission
of the information contained in this communication. Or are they?
Either way it's a pretty dull legal query and frankly one I'm not
going to dwell on. But should you have nothing better to do,
please feel free to ruminate on it, and please pass on any
concrete conclusions should you find them. However, if you pass
them on via email, be sure to include a disclaimer regarding
liability for transmission.
*

*In the event that the originator did not send this email to you,
then please return it to us and attach a scanned-in picture of
your mother's brother's wife wearing nothing but a kangaroo suit,
and we will immediately refund you exactly half of what you paid
for the can of Whiskas you bought when you went to /Pets/*/*
*/*/At Home/ yesterday. *

*We take no responsibility for non-receipt of this email because
we are running Exchange 5.5 and everyone knows how glitchy that
can be. In the event that you do get this message then please note
that we take no responsibility for that either. Nor will we accept
any liability, tacit or implied, for any damage you may or may not
incur as a result of receiving, or not, as the case may be, from
time to time, notwithstanding all liabilities implied or
otherwise, ummm, hell, where was I...umm, no matter what happens,
it is NOT, and NEVER WILL BE, OUR FAULT! *

*The comments and opinions expressed herein are my own and NOT
those of my employer, who, if he knew I was sending emails and
surfing the seamier side of the Internet, would cut off my manhood
and feed it to me for afternoon tea. *



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com

with the body: unsubscribe ntsysadmin




--
Gary K. Slinger
Voice: 727-475-1947 // gChat gary.slin...@gmail.com 
 // Skype: garysli

RE: OT - converting a VMware VM back to a physical box

[Coleman, Hunter]

>>While I also think that *should* work, what happens if I'm wrong? I
wouldn't have any fall back, as the VM won't work due to SID changes
during the domain removal/re-join. And while a domain removal/re-join
should have no impact on the application ... what if we're wrong, and it
does have some freaky weird effect? I have nowhere to go at that point ...



You could do an authoritative restore of that computer object from your AD 
backups, which would get your SID and computer object password matched back to 
your VM.



From: Mike Leone [oozerd...@gmail.com]
Sent: Tuesday, November 15, 2011 7:56 AM
To: NT System Admin Issues
Subject: Re: OT - converting a VMware VM back to a physical box

On 11/14/2011 7:52 PM, Crawford, Scott wrote:
> Your general plan sounds decent and, as other have mentioned, your concerns 
> could probably be overcome with a pre-sysprep snapshot. But, why not go a 
> step further and create a copy of the .vmdk file and try the migration with 
> that while the original sits safely turned off?

I thought of that - trying it out on a clone of the production machine.
That way, if it fails, I can power the original backup. The problem is
the sysprep - if I do this (and that's the recommended way, even by
VMware), then even trying the attempts will fubar up the SID, and I
won't be able to power on the old machine and have it Just Work, as it's
SID won't match the domain SID.

Doing the BMR should keep the same SID, which would be restored with the
backup, so if it didn't work as a physical machine, I could still power
the VM back up.

My boss thinks we should do the BMR, and - if we had to - do a Windows
repair installation on the physical machine, giving it whatever drivers
it wants. And if needed, remove from domain and re-join.

While I also think that *should* work, what happens if I'm wrong? I
wouldn't have any fall back, as the VM won't work due to SID changes
during the domain removal/re-join. And while a domain removal/re-join
should have no impact on the application ... what if we're wrong, and it
does have some freaky weird effect? I have nowhere to go at that point ...

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Whitelisting Pros & Cons? - Lumension

[Stu Sjouwerman]

Anyone experience with Lumension? This seems to be one of the bigger players.
Did some testing with this perhaps?

Warm regards,

Stu

From: Joseph Heaton [mailto:jhea...@dfg.ca.gov]
Sent: Tuesday, November 15, 2011 10:47 AM
To: NT System Admin Issues
Subject: RE: Whitelisting Pros & Cons?

Would it be better to have a tool that only does whitelisting, or a software 
more like Viewfinity, where you can do both white and black lists, and also 
elevate permissions for applications that aren't on either list, but are needed 
by a few people, which wouldn't warrant putting it on the whitelist?

>>> Stu Sjouwerman 
>>> mailto:s...@sunbelt-software.com>> 11/14/2011 
>>> 2:16 PM >>>
Thanks Micheal. Anyone experience with any of the Whitelisting products in this 
InfoWorld Review?

http://www.infoworld.com/d/security-central/test-center-review-whitelisting-security-offers-salvation-835?


Bit9 Parity Suite 5.01

10

8

9

9

10

9.4
EXCELLENT


30%

15%

25%

10%

20%

CoreTrace Bouncer 5

9

9

9

8

9

8.9
VERY GOOD


30%

15%

25%

10%

20%

Lumension Application Control

8

9

8

9

9

8.5
VERY GOOD


30%

15%

25%

10%

20%

McAfee Application Control 5.0

9

9

9

8

8

8.7
VERY GOOD


30%

15%

25%

10%

20%

SignaCert Enterprise Trust Services 3.0




From: Micheal Espinola Jr [mailto:michealespin...@gmail.com]
Sent: Monday, November 14, 2011 5:10 PM
To: NT System Admin Issues
Subject: Re: Whitelisting Pros & Cons?

Whitelisting is the future IMHO.  You cant trust anything anymore.  Faith 
doesnt cut it.  You have to protect yourself and your assets, and whitelisting 
is the best way to do it.

--
Espi



On Mon, Nov 14, 2011 at 8:48 AM, Stu Sjouwerman 
mailto:s...@sunbelt-software.com>> wrote:
I'm referring to Whitelisting in the context of security.  About 10 years ago, 
the ratio
"Good code" versus malware was perhaps 90 good 10 bad.  In that scenario, it 
makes
sense to keep the bad code out. But over the last 10 years, with automated 
malware
variant generation, the tables have turned, and there is actually more malware 
than
good code out there. So in -that- scenario it might make sense to only allow 
"good code"
and implement application control. Only that which is allowed, will run.

I'd like your feedback - input - discussion on this !

Warm regards,

Stu

-Original Message-
From: Matthew W. Ross 
[mailto:mr...@ephrataschools.org]
Sent: Monday, November 14, 2011 11:22 AM
To: NT System Admin Issues
Subject: Re: Whitelisting Pros & Cons?

Are you asking about web content filtering, email filtering, or some other type 
of "whitelisting?"


--Matt Ross
Ephrata School District


- Original Message -
From: Stu Sjouwerman
[mailto:s...@sunbelt-software.com]
To: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com]
Sent: Mon, 14 Nov 2011
08:14:57 -0800
Subject: Whitelisting Pros & Cons?
> Guys, I am writing an article for WServerNews, and would like your
> public input.
>
> What is your experience with Whitelisting, which products you
> tried/use, and what experience you are having with this, likes and hates are 
> all welcome !!
>
> Warm regards,
>
> Stu
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to 
> listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
list

Re: Whitelisting Pros & Cons? - Lumension

[James Rankin]

Can't believe that AppSense AM isn't in there as one of the test subjects.
I think the issue is that most people use them for the Environment Manager
(EM) feature of the suite so AppSense are treated more as a competitor in
the UEM (User Environment Management) market rather than against other
applications that do whitelisting, but the whitelisting product is (IMHO)
their strongest. If they were willing to run the rule over AppLocker for
that survey, then AM should surely have been included - most people who
work with Application Manager brand it as "AppLocker on steroids", which is
slightly unfair seeing though it can do a lot more feature-wise.

On 15 November 2011 16:07, Stu Sjouwerman  wrote:

> 
>
> Anyone experience with Lumension? This seems to be one of the bigger
> players.
>
> Did some testing with this perhaps?
>
> ** **
>
> Warm regards,
>
> ** **
>
> Stu 
>
> ** **
>
> *From:* Joseph Heaton [mailto:jhea...@dfg.ca.gov]
> *Sent:* Tuesday, November 15, 2011 10:47 AM
> *To:* NT System Admin Issues
> *Subject:* RE: Whitelisting Pros & Cons?
>
> ** **
>
> Would it be better to have a tool that only does whitelisting, or a
> software more like Viewfinity, where you can do both white and black lists,
> and also elevate permissions for applications that aren't on either list,
> but are needed by a few people, which wouldn't warrant putting it on the
> whitelist?
>
> >>> Stu Sjouwerman  11/14/2011 2:16 PM >>>
>
> Thanks Micheal. Anyone experience with any of the Whitelisting products in
> this InfoWorld Review?
>
> ** **
>
>
> http://www.infoworld.com/d/security-central/test-center-review-whitelisting-security-offers-salvation-835?
> 
>
> ** **
>
> ** **
>
> *Bit9 Parity Suite 5.01*
>
> *10*
>
> *8*
>
> *9*
>
> *9*
>
> *10*
>
> *9.4*
>
> *EXCELLENT*
>
> *30%*
>
> *15%*
>
> *25%*
>
> *10%*
>
> *20%*
>
> *CoreTrace Bouncer 5*
>
> *9*
>
> *9*
>
> *9*
>
> *8*
>
> *9*
>
> *8.9*
>
> *VERY GOOD*
>
> *30%*
>
> *15%*
>
> *25%*
>
> *10%*
>
> *20%*
>
> *Lumension Application Control*
>
> *8*
>
> *9*
>
> *8*
>
> *9*
>
> *9*
>
> *8.5*
>
> *VERY GOOD*
>
> *30%*
>
> *15%*
>
> *25%*
>
> *10%*
>
> *20%*
>
> *McAfee Application Control 5.0*
>
> *9*
>
> *9*
>
> *9*
>
> *8*
>
> *8*
>
> *8.7*
>
> *VERY GOOD*
>
> *30%*
>
> *15%*
>
> *25%*
>
> *10%*
>
> *20%*
>
> *SignaCert Enterprise Trust Services 3.0*
>
> ** **
>
> ** **
>
> ** **
>
> *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com]
> *Sent:* Monday, November 14, 2011 5:10 PM
> *To:* NT System Admin Issues
> *Subject:* Re: Whitelisting Pros & Cons?
>
> ** **
>
> Whitelisting is the future IMHO.  You cant trust anything anymore.  Faith
> doesnt cut it.  You have to protect yourself and your assets, and
> whitelisting is the best way to do it.
>
> --
> Espi
>
> ** **
>
> ** **
>
> ** **
>
> On Mon, Nov 14, 2011 at 8:48 AM, Stu Sjouwerman 
> wrote:
>
> I'm referring to Whitelisting in the context of security.  About 10 years
> ago, the ratio
> "Good code" versus malware was perhaps 90 good 10 bad.  In that scenario,
> it makes
> sense to keep the bad code out. But over the last 10 years, with automated
> malware
> variant generation, the tables have turned, and there is actually more
> malware than
> good code out there. So in -that- scenario it might make sense to only
> allow "good code"
> and implement application control. Only that which is allowed, will run.
>
> I'd like your feedback - input - discussion on this !
>
> Warm regards,
>
> Stu
>
>
> -Original Message-
> From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
> Sent: Monday, November 14, 2011 11:22 AM
> To: NT System Admin Issues
>
> Subject: Re: Whitelisting Pros & Cons?
>
> Are you asking about web content filtering, email filtering, or some other
> type of "whitelisting?"
>
>
> --Matt Ross
> Ephrata School District
>
>
> - Original Message -
> From: Stu Sjouwerman
> [mailto:s...@sunbelt-software.com]
> To: NT System Admin Issues
> [mailto:ntsysadmin@lyris.sunbelt-software.com]
> Sent: Mon, 14 Nov 2011
> 08:14:57 -0800
> Subject: Whitelisting Pros & Cons?
>
> > Guys, I am writing an article for WServerNews, and would like your
> > public input.
> >
> > What is your experience with Whitelisting, which products you
> > tried/use, and what experience you are having with this, likes and hates
> are all welcome !!
> >
> > Warm regards,
> >
> > Stu
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
> >   ~
> >
> > ---
> > To manage subscriptions click here:
> > http://lyris.sunbelt-software.com/read/my_forums/
> > or send an email to listmana...@lyris.sunbeltsoftware.com
> > with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <
> http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_for

Re: OT: Gadgets

[Jeff Bunting]

Check out sonos.com.  Might be more than you want to spend, but sounds like
it may be what you're looking for.

Jeff

On Tue, Nov 15, 2011 at 7:51 AM, James Rankin  wrote:

> Just moved to a much bigger house and I am trying to revamp all my
> electronic kit. I have a lot of gym equipment in my garage, but I was
> fancying putting some sort of music-playing device into the garage that
> could connect up to my TeraStation and play a selection of music directly
> from there. Buying a stereo and burning a load of mp3s onto a CD/DVD seems
> s dated now...can anyone recommend any devices that might be able to
> achieve this for me?
>
> I've already got a streaming box linked to the TV that fires
> movies/music/pictures onto the TV which works great, but I doubt I could
> run a cable all the way from the streaming box to the garage (it is a much
> bigger house). Would I need a device to output the music in the garage as
> well as another streaming device? I've been Googling about (probably not
> very cleverly) and I've found plenty stuff that can stream music across to
> a stereo, but a) I don't have a stereo - I used to play all music through
> my TV, and b) kit like SqueezeBox seems fairly expensive. I'm not wanting
> to spend a great deal of money here, quality isn't that important, just
> need some music in the background while I pound the punchbags!
>
> All suggestions gratefully welcomed.
>
>
> TIA,
>
>
>
> JRR
>
>
> --
> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
> the machine wrong figures, will the right answers come out?' I am not able
> rightly to apprehend the kind of confusion of ideas that could provoke such
> a question."
>
> ** IMPORTANT INFORMATION/DISCLAIMER *
>
> This document should be read only by those persons to whom it is
> addressed. If you have received this message it was obviously addressed to
> you and therefore you can read it, even it we didn't mean to send it to
> you. However, if the contents of this email make no sense whatsoever then
> you probably were not the intended recipient, or, alternatively, you are a
> mindless cretin; either way, you should immediately kill yourself and
> destroy your computer (not necessarily in that order). Once you have taken
> this action, please contact us.. no, sorry, you can't use your computer,
> because you just destroyed it, and possibly also committed suicide
> afterwards, but I am starting to digress.. *
>
> *The originator of this email is not liable for the transmission of the
> information contained in this communication. Or are they? Either way it's a
> pretty dull legal query and frankly one I'm not going to dwell on. But
> should you have nothing better to do, please feel free to ruminate on it,
> and please pass on any concrete conclusions should you find them. However,
> if you pass them on via email, be sure to include a disclaimer regarding
> liability for transmission.
> *
>
> *In the event that the originator did not send this email to you, then
> please return it to us and attach a scanned-in picture of your mother's
> brother's wife wearing nothing but a kangaroo suit, and we will immediately
> refund you exactly half of what you paid for the can of Whiskas you bought
> when you went to Pets** **At Home yesterday. *
>
> *We take no responsibility for non-receipt of this email because we are
> running Exchange 5.5 and everyone knows how glitchy that can be. In the
> event that you do get this message then please note that we take no
> responsibility for that either. Nor will we accept any liability, tacit or
> implied, for any damage you may or may not incur as a result of receiving,
> or not, as the case may be, from time to time, notwithstanding all
> liabilities implied or otherwise, ummm, hell, where was I...umm, no matter
> what happens, it is NOT, and NEVER WILL BE, OUR FAULT! *
>
> *The comments and opinions expressed herein are my own and NOT those of
> my employer, who, if he knew I was sending emails and surfing the seamier
> side of the Internet, would cut off my manhood and feed it to me for
> afternoon tea. *
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: OT: Gadgets

[Jeff Bunting]

never mind I didn't know what a squeezebox was till after I posted
this. cut your workout time by 5 minutes so you'll have enough energy to
make playlists and copy files around :-)

On Tue, Nov 15, 2011 at 11:22 AM, Jeff Bunting wrote:

> Check out sonos.com.  Might be more than you want to spend, but sounds
> like it may be what you're looking for.
>
> Jeff
>
> On Tue, Nov 15, 2011 at 7:51 AM, James Rankin wrote:
>
>> Just moved to a much bigger house and I am trying to revamp all my
>> electronic kit. I have a lot of gym equipment in my garage, but I was
>> fancying putting some sort of music-playing device into the garage that
>> could connect up to my TeraStation and play a selection of music directly
>> from there. Buying a stereo and burning a load of mp3s onto a CD/DVD seems
>> s dated now...can anyone recommend any devices that might be able to
>> achieve this for me?
>>
>> I've already got a streaming box linked to the TV that fires
>> movies/music/pictures onto the TV which works great, but I doubt I could
>> run a cable all the way from the streaming box to the garage (it is a much
>> bigger house). Would I need a device to output the music in the garage as
>> well as another streaming device? I've been Googling about (probably not
>> very cleverly) and I've found plenty stuff that can stream music across to
>> a stereo, but a) I don't have a stereo - I used to play all music through
>> my TV, and b) kit like SqueezeBox seems fairly expensive. I'm not wanting
>> to spend a great deal of money here, quality isn't that important, just
>> need some music in the background while I pound the punchbags!
>>
>> All suggestions gratefully welcomed.
>>
>>
>> TIA,
>>
>>
>>
>> JRR
>>
>>
>> --
>> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
>> the machine wrong figures, will the right answers come out?' I am not able
>> rightly to apprehend the kind of confusion of ideas that could provoke such
>> a question."
>>
>> ** IMPORTANT INFORMATION/DISCLAIMER *
>>
>> This document should be read only by those persons to whom it is
>> addressed. If you have received this message it was obviously addressed to
>> you and therefore you can read it, even it we didn't mean to send it to
>> you. However, if the contents of this email make no sense whatsoever then
>> you probably were not the intended recipient, or, alternatively, you are a
>> mindless cretin; either way, you should immediately kill yourself and
>> destroy your computer (not necessarily in that order). Once you have taken
>> this action, please contact us.. no, sorry, you can't use your computer,
>> because you just destroyed it, and possibly also committed suicide
>> afterwards, but I am starting to digress.. *
>>
>> *The originator of this email is not liable for the transmission of the
>> information contained in this communication. Or are they? Either way it's a
>> pretty dull legal query and frankly one I'm not going to dwell on. But
>> should you have nothing better to do, please feel free to ruminate on it,
>> and please pass on any concrete conclusions should you find them. However,
>> if you pass them on via email, be sure to include a disclaimer regarding
>> liability for transmission.
>> *
>>
>> *In the event that the originator did not send this email to you, then
>> please return it to us and attach a scanned-in picture of your mother's
>> brother's wife wearing nothing but a kangaroo suit, and we will immediately
>> refund you exactly half of what you paid for the can of Whiskas you bought
>> when you went to Pets** **At Home yesterday. *
>>
>> *We take no responsibility for non-receipt of this email because we are
>> running Exchange 5.5 and everyone knows how glitchy that can be. In the
>> event that you do get this message then please note that we take no
>> responsibility for that either. Nor will we accept any liability, tacit or
>> implied, for any damage you may or may not incur as a result of receiving,
>> or not, as the case may be, from time to time, notwithstanding all
>> liabilities implied or otherwise, ummm, hell, where was I...umm, no matter
>> what happens, it is NOT, and NEVER WILL BE, OUR FAULT! *
>>
>> *The comments and opinions expressed herein are my own and NOT those of
>> my employer, who, if he knew I was sending emails and surfing the seamier
>> side of the Internet, would cut off my manhood and feed it to me for
>> afternoon tea. *
>>
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyri

Re: Whitelisting Pros & Cons?

[Andrew S. Baker]

The greater the flexibility of the tool, the less tools you need to manage
your security.

Relying on 1 tool is not wise, but having to manage 12 slightly overlapping
tools is its own nightmare.

Getting it down to 3 or 4 tools is useful.

* *

*ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of
Technology for the SMB market…

*



On Tue, Nov 15, 2011 at 10:46 AM, Joseph Heaton  wrote:

> Would it be better to have a tool that only does whitelisting, or a
> software more like Viewfinity, where you can do both white and black lists,
> and also elevate permissions for applications that aren't on either list,
> but are needed by a few people, which wouldn't warrant putting it on the
> whitelist?
>
> >>> Stu Sjouwerman  11/14/2011 2:16 PM >>>
>
>  Thanks Micheal. Anyone experience with any of the Whitelisting products
> in this InfoWorld Review?
>
> ** **
>
>
> http://www.infoworld.com/d/security-central/test-center-review-whitelisting-security-offers-salvation-835?
> 
>
> ** **
>
> ** **
>
> *Bit9 Parity Suite 5.01*
>
> *10*
>
> *8*
>
> *9*
>
> *9*
>
> *10*
>
> *9.4*
>
> *EXCELLENT*
>
> *30%*
>
> *15%*
>
> *25%*
>
> *10%*
>
> *20%*
>
> *CoreTrace Bouncer 5*
>
> *9*
>
> *9*
>
> *9*
>
> *8*
>
> *9*
>
> *8.9*
>
> *VERY GOOD*
>
> *30%*
>
> *15%*
>
> *25%*
>
> *10%*
>
> *20%*
>
> *Lumension Application Control*
>
> *8*
>
> *9*
>
> *8*
>
> *9*
>
> *9*
>
> *8.5*
>
> *VERY GOOD*
>
> *30%*
>
> *15%*
>
> *25%*
>
> *10%*
>
> *20%*
>
> *McAfee Application Control 5.0*
>
> *9*
>
> *9*
>
> *9*
>
> *8*
>
> *8*
>
> *8.7*
>
> *VERY GOOD*
>
> *30%*
>
> *15%*
>
> *25%*
>
> *10%*
>
> *20%*
>
> *SignaCert Enterprise Trust Services 3.0*
>
> ** **
>
> ** **
>
> ** **
>
> *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com]
> *Sent:* Monday, November 14, 2011 5:10 PM
> *To:* NT System Admin Issues
> *Subject:* Re: Whitelisting Pros & Cons?
>
> ** **
>
> Whitelisting is the future IMHO.  You cant trust anything anymore.  Faith
> doesnt cut it.  You have to protect yourself and your assets, and
> whitelisting is the best way to do it.
>
> --
> Espi
>
> ** **
>
> ** **
>
>
>
> 
>
> On Mon, Nov 14, 2011 at 8:48 AM, Stu Sjouwerman 
> wrote:
>
> I'm referring to Whitelisting in the context of security.  About 10 years
> ago, the ratio
> "Good code" versus malware was perhaps 90 good 10 bad.  In that scenario,
> it makes
> sense to keep the bad code out. But over the last 10 years, with automated
> malware
> variant generation, the tables have turned, and there is actually more
> malware than
> good code out there. So in -that- scenario it might make sense to only
> allow "good code"
> and implement application control. Only that which is allowed, will run.
>
> I'd like your feedback - input - discussion on this !
>
> Warm regards,
>
> Stu
>
>
> -Original Message-
> From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
> Sent: Monday, November 14, 2011 11:22 AM
> To: NT System Admin Issues
>
> Subject: Re: Whitelisting Pros & Cons?
>
> Are you asking about web content filtering, email filtering, or some other
> type of "whitelisting?"
>
>
> --Matt Ross
> Ephrata School District
>
>
> - Original Message -
> From: Stu Sjouwerman
> [mailto:s...@sunbelt-software.com]
> To: NT System Admin Issues
> [mailto:ntsysadmin@lyris.sunbelt-software.com]
> Sent: Mon, 14 Nov 2011
> 08:14:57 -0800
> Subject: Whitelisting Pros & Cons?
>
> 
>
> > Guys, I am writing an article for WServerNews, and would like your
> > public input.
> >
> > What is your experience with Whitelisting, which products you
> > tried/use, and what experience you are having with this, likes and hates
> are all welcome !!
> >
> > Warm regards,
> >
> > Stu
> >
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: OT: Gadgets

[Steven Peck]

If you end up needing speakers, I got a set of in wall from
monoprice.comand they sound great.  They have a way broader selection
then I had
realized until my boss suggested them when I was looking a month ago.
Steven Peck
http://www.blkmtn.org


On Tue, Nov 15, 2011 at 4:51 AM, James Rankin  wrote:

> Just moved to a much bigger house and I am trying to revamp all my
> electronic kit. I have a lot of gym equipment in my garage, but I was
> fancying putting some sort of music-playing device into the garage that
> could connect up to my TeraStation and play a selection of music directly
> from there. Buying a stereo and burning a load of mp3s onto a CD/DVD seems
> s dated now...can anyone recommend any devices that might be able to
> achieve this for me?
>
> I've already got a streaming box linked to the TV that fires
> movies/music/pictures onto the TV which works great, but I doubt I could
> run a cable all the way from the streaming box to the garage (it is a much
> bigger house). Would I need a device to output the music in the garage as
> well as another streaming device? I've been Googling about (probably not
> very cleverly) and I've found plenty stuff that can stream music across to
> a stereo, but a) I don't have a stereo - I used to play all music through
> my TV, and b) kit like SqueezeBox seems fairly expensive. I'm not wanting
> to spend a great deal of money here, quality isn't that important, just
> need some music in the background while I pound the punchbags!
>
> All suggestions gratefully welcomed.
>
>
> TIA,
>
>
>
> JRR
>
>
> --
> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
> the machine wrong figures, will the right answers come out?' I am not able
> rightly to apprehend the kind of confusion of ideas that could provoke such
> a question."
>
> ** IMPORTANT INFORMATION/DISCLAIMER *
>
> This document should be read only by those persons to whom it is
> addressed. If you have received this message it was obviously addressed to
> you and therefore you can read it, even it we didn't mean to send it to
> you. However, if the contents of this email make no sense whatsoever then
> you probably were not the intended recipient, or, alternatively, you are a
> mindless cretin; either way, you should immediately kill yourself and
> destroy your computer (not necessarily in that order). Once you have taken
> this action, please contact us.. no, sorry, you can't use your computer,
> because you just destroyed it, and possibly also committed suicide
> afterwards, but I am starting to digress.. *
>
> *The originator of this email is not liable for the transmission of the
> information contained in this communication. Or are they? Either way it's a
> pretty dull legal query and frankly one I'm not going to dwell on. But
> should you have nothing better to do, please feel free to ruminate on it,
> and please pass on any concrete conclusions should you find them. However,
> if you pass them on via email, be sure to include a disclaimer regarding
> liability for transmission.
> *
>
> *In the event that the originator did not send this email to you, then
> please return it to us and attach a scanned-in picture of your mother's
> brother's wife wearing nothing but a kangaroo suit, and we will immediately
> refund you exactly half of what you paid for the can of Whiskas you bought
> when you went to Pets** **At Home yesterday. *
>
> *We take no responsibility for non-receipt of this email because we are
> running Exchange 5.5 and everyone knows how glitchy that can be. In the
> event that you do get this message then please note that we take no
> responsibility for that either. Nor will we accept any liability, tacit or
> implied, for any damage you may or may not incur as a result of receiving,
> or not, as the case may be, from time to time, notwithstanding all
> liabilities implied or otherwise, ummm, hell, where was I...umm, no matter
> what happens, it is NOT, and NEVER WILL BE, OUR FAULT! *
>
> *The comments and opinions expressed herein are my own and NOT those of
> my employer, who, if he knew I was sending emails and surfing the seamier
> side of the Internet, would cut off my manhood and feed it to me for
> afternoon tea. *
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: OT: Gadgets

[Rankin, James R]

Thanks guys. Lots of food for thought now, cheers!

Sent from my SR-71 Blackbird

-Original Message-
From: Steven Peck 
Date: Tue, 15 Nov 2011 09:01:00 
To: NT System Admin Issues
Reply-To: "NT System Admin Issues" 
Subject: Re: OT: Gadgets

If you end up needing speakers, I got a set of in wall from
monoprice.comand they sound great.  They have a way broader selection
then I had
realized until my boss suggested them when I was looking a month ago.
Steven Peck
http://www.blkmtn.org


On Tue, Nov 15, 2011 at 4:51 AM, James Rankin  wrote:

> Just moved to a much bigger house and I am trying to revamp all my
> electronic kit. I have a lot of gym equipment in my garage, but I was
> fancying putting some sort of music-playing device into the garage that
> could connect up to my TeraStation and play a selection of music directly
> from there. Buying a stereo and burning a load of mp3s onto a CD/DVD seems
> s dated now...can anyone recommend any devices that might be able to
> achieve this for me?
>
> I've already got a streaming box linked to the TV that fires
> movies/music/pictures onto the TV which works great, but I doubt I could
> run a cable all the way from the streaming box to the garage (it is a much
> bigger house). Would I need a device to output the music in the garage as
> well as another streaming device? I've been Googling about (probably not
> very cleverly) and I've found plenty stuff that can stream music across to
> a stereo, but a) I don't have a stereo - I used to play all music through
> my TV, and b) kit like SqueezeBox seems fairly expensive. I'm not wanting
> to spend a great deal of money here, quality isn't that important, just
> need some music in the background while I pound the punchbags!
>
> All suggestions gratefully welcomed.
>
>
> TIA,
>
>
>
> JRR
>
>
> --
> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
> the machine wrong figures, will the right answers come out?' I am not able
> rightly to apprehend the kind of confusion of ideas that could provoke such
> a question."
>
> ** IMPORTANT INFORMATION/DISCLAIMER *
>
> This document should be read only by those persons to whom it is
> addressed. If you have received this message it was obviously addressed to
> you and therefore you can read it, even it we didn't mean to send it to
> you. However, if the contents of this email make no sense whatsoever then
> you probably were not the intended recipient, or, alternatively, you are a
> mindless cretin; either way, you should immediately kill yourself and
> destroy your computer (not necessarily in that order). Once you have taken
> this action, please contact us.. no, sorry, you can't use your computer,
> because you just destroyed it, and possibly also committed suicide
> afterwards, but I am starting to digress.. *
>
> *The originator of this email is not liable for the transmission of the
> information contained in this communication. Or are they? Either way it's a
> pretty dull legal query and frankly one I'm not going to dwell on. But
> should you have nothing better to do, please feel free to ruminate on it,
> and please pass on any concrete conclusions should you find them. However,
> if you pass them on via email, be sure to include a disclaimer regarding
> liability for transmission.
> *
>
> *In the event that the originator did not send this email to you, then
> please return it to us and attach a scanned-in picture of your mother's
> brother's wife wearing nothing but a kangaroo suit, and we will immediately
> refund you exactly half of what you paid for the can of Whiskas you bought
> when you went to Pets** **At Home yesterday. *
>
> *We take no responsibility for non-receipt of this email because we are
> running Exchange 5.5 and everyone knows how glitchy that can be. In the
> event that you do get this message then please note that we take no
> responsibility for that either. Nor will we accept any liability, tacit or
> implied, for any damage you may or may not incur as a result of receiving,
> or not, as the case may be, from time to time, notwithstanding all
> liabilities implied or otherwise, ummm, hell, where was I...umm, no matter
> what happens, it is NOT, and NEVER WILL BE, OUR FAULT! *
>
> *The comments and opinions expressed herein are my own and NOT those of
> my employer, who, if he knew I was sending emails and surfing the seamier
> side of the Internet, would cut off my manhood and feed it to me for
> afternoon tea. *
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscrip

Re: OT: Gadgets

[Michael White]

+1

On Tue, Nov 15, 2011 at 6:19 AM, Gary Slinger  wrote:
> Airport Express (~$50) coupled to an iHome mini speaker (~$20).   Done.
> Cheap, portable, reusable kit if you decide to upscale later on.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: MDT and WIM Deployment?

[Leroux, Harold]

Here are a few of the resources I have used. Hope this helps


1.   
http://www.windowsnetworking.com/articles_tutorials/Deploying-Windows-7-Part1.html

2.   Deployment Fundamentals-Volume 1 by Johan Arwidmark and Mikael Nystom 
this will give you a jump start especially if you need to get this up and 
running quickly

3.   http://www.truesec.com/  I believe they have a downloadable video 
tutorial on LTI that is free.

4.   Window 7  Resource Kit also has a lot of good material on MDT.



H. Joe Leroux




From: Sam Cayze [mailto:sca...@gmail.com]
Sent: Tuesday, November 15, 2011 11:16 AM
To: NT System Admin Issues
Subject: MDT and WIM Deployment?

1. Diving into MDT.
2. Wow, quite the product!

3. Any good resources you know of?
Loving this site and learning lots there: 
http://blogs.technet.com/b/deploymentguys/

4. However, still struggling with yet the simplest tasks:
I'm just looking to
a. Boot from USB/DVD
b. Format Drive 0
c: Push WIM
d: Reboot into the WIM'd drive.

The WIM I am using is a thick image with all Sysprep, domain join, etc already 
taking care of. I've been using this WIM for ages and know it works great. The 
MDT wrappers and wizards are not needed at all.  I'll dive into those later.

I have a custom task sequence that includes:
Format and Partition Disk
Install OS

That should be all I need, right?  Is the default task "Install Application" 
needed?  I know to update the MDT share, update media, and copy the Content 
folder to the USB key. (It boots fine)

Yet it reboots right after the format and the WIM is not pushed onto the 
drive...?

Any quick pointers?
Thanks!

-Sam




Sam Cayze
Systems Administrator
ROLLOUTS
ONSITE * ON DEMAND
952.279.6218...Direct Dial
612.386.3946...Mobile
www.Rollouts.com
www.e-Technicians.net

CONFIDENTIALITY NOTICE: This email and any attachment(s) are intended only for 
the designated recipient(s).   Rollouts Incorporated prohibits use, 
distribution or transmittal by or to an unintended recipient without Rollouts' 
express written approval.  If you are not the intended recipient, please delete 
this email and notify Rollouts.




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Whitelisting Pros & Cons?

[Doug Hampshire]

Clearly these results are flawed if McAfee Anything gets higher than a -3
in any category. :-)

On Mon, Nov 14, 2011 at 5:16 PM, Stu Sjouwerman
wrote:

> Thanks Micheal. Anyone experience with any of the Whitelisting products in
> this InfoWorld Review?
>
> ** **
>
>
> http://www.infoworld.com/d/security-central/test-center-review-whitelisting-security-offers-salvation-835?
> 
>
> ** **
>
> ** **
>
> *Bit9 Parity Suite 5.01*
>
> *10*
>
> *8*
>
> *9*
>
> *9*
>
> *10*
>
> *9.4*
>
> *EXCELLENT*
>
> *30%*
>
> *15%*
>
> *25%*
>
> *10%*
>
> *20%*
>
> *CoreTrace Bouncer 5*
>
> *9*
>
> *9*
>
> *9*
>
> *8*
>
> *9*
>
> *8.9*
>
> *VERY GOOD*
>
> *30%*
>
> *15%*
>
> *25%*
>
> *10%*
>
> *20%*
>
> *Lumension Application Control*
>
> *8*
>
> *9*
>
> *8*
>
> *9*
>
> *9*
>
> *8.5*
>
> *VERY GOOD*
>
> *30%*
>
> *15%*
>
> *25%*
>
> *10%*
>
> *20%*
>
> *McAfee Application Control 5.0*
>
> *9*
>
> *9*
>
> *9*
>
> *8*
>
> *8*
>
> *8.7*
>
> *VERY GOOD*
>
> *30%*
>
> *15%*
>
> *25%*
>
> *10%*
>
> *20%*
>
> *SignaCert Enterprise Trust Services 3.0*
>
> ** **
>
> ** **
>
> ** **
>
> *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com]
> *Sent:* Monday, November 14, 2011 5:10 PM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Whitelisting Pros & Cons?
>
> ** **
>
> Whitelisting is the future IMHO.  You cant trust anything anymore.  Faith
> doesnt cut it.  You have to protect yourself and your assets, and
> whitelisting is the best way to do it.
>
> --
> Espi
>
> ** **
>
> ** **
>
>
>
> 
>
> On Mon, Nov 14, 2011 at 8:48 AM, Stu Sjouwerman 
> wrote:
>
> I'm referring to Whitelisting in the context of security.  About 10 years
> ago, the ratio
> "Good code" versus malware was perhaps 90 good 10 bad.  In that scenario,
> it makes
> sense to keep the bad code out. But over the last 10 years, with automated
> malware
> variant generation, the tables have turned, and there is actually more
> malware than
> good code out there. So in -that- scenario it might make sense to only
> allow "good code"
> and implement application control. Only that which is allowed, will run.
>
> I'd like your feedback - input - discussion on this !
>
> Warm regards,
>
> Stu
>
>
> -Original Message-
> From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
> Sent: Monday, November 14, 2011 11:22 AM
> To: NT System Admin Issues
>
> Subject: Re: Whitelisting Pros & Cons?
>
> Are you asking about web content filtering, email filtering, or some other
> type of "whitelisting?"
>
>
> --Matt Ross
> Ephrata School District
>
>
> - Original Message -
> From: Stu Sjouwerman
> [mailto:s...@sunbelt-software.com]
> To: NT System Admin Issues
> [mailto:ntsysadmin@lyris.sunbelt-software.com]
> Sent: Mon, 14 Nov 2011
> 08:14:57 -0800
> Subject: Whitelisting Pros & Cons?
>
> 
>
> > Guys, I am writing an article for WServerNews, and would like your
> > public input.
> >
> > What is your experience with Whitelisting, which products you
> > tried/use, and what experience you are having with this, likes and hates
> are all welcome !!
> >
> > Warm regards,
> >
> > Stu
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
> >   ~
> >
> > ---
> > To manage subscriptions click here:
> > http://lyris.sunbelt-software.com/read/my_forums/
> > or send an email to listmana...@lyris.sunbeltsoftware.com
> > with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <
> http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ** **
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click h

RE: MDT and WIM Deployment?

[Rod Trent]

The original "inventor", if you will.will be giving a webcast on Thursday:

 

http://myitforum.com/myitforumwp/services/events/event/sccm-guru-webcast-ser
ies-2/

 

All of the MDT folks at Microsoft participate on the MDT email list:

 

http://myitforum.com/myitforumwp/support/email-lists/ 

 

From: Sam Cayze [mailto:sca...@gmail.com] 
Sent: Tuesday, November 15, 2011 11:16 AM
To: NT System Admin Issues
Subject: MDT and WIM Deployment?

 

1. Diving into MDT.

2. Wow, quite the product!

 

3. Any good resources you know of? 

Loving this site and learning lots there:
http://blogs.technet.com/b/deploymentguys/

 

4. However, still struggling with yet the simplest tasks:

I'm just looking to 

a. Boot from USB/DVD

b. Format Drive 0

c: Push WIM

d: Reboot into the WIM'd drive.  


The WIM I am using is a thick image with all Sysprep, domain join, etc
already taking care of. I've been using this WIM for ages and know it works
great. The MDT wrappers and wizards are not needed at all.  I'll dive into
those later.

 

I have a custom task sequence that includes:

Format and Partition Disk

Install OS

 

That should be all I need, right?  Is the default task "Install Application"
needed?  I know to update the MDT share, update media, and copy the Content
folder to the USB key. (It boots fine)

 

Yet it reboots right after the format and the WIM is not pushed onto the
drive.?

 

Any quick pointers?

Thanks!

 

-Sam

 

 

 

 

Sam Cayze
Systems Administrator
ROLLOUTS
ONSITE . ON DEMAND
952.279.6218...Direct Dial
612.386.3946...Mobile
  www.Rollouts.com
  www.e-Technicians.net

CONFIDENTIALITY NOTICE: This email and any attachment(s) are intended only
for the designated recipient(s).   Rollouts Incorporated prohibits use,
distribution or transmittal by or to an unintended recipient without
Rollouts' express written approval.  If you are not the intended recipient,
please delete this email and notify Rollouts.

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: MDT and WIM Deployment?

[Ralph Smith]

I'm also just testing this out.  I found this free ebook by Greg Sheilds
to be helpful.  It's more about combining MDT with Windows Deployment
Services (WDS) and Windows Automated Installation Toolkit (WAIK).
Pretty much following his tutorial we've got this set up and are
upgrading WinXP  machines and it is working great.  
 
Automating Windows 7 Installation for Desktop and VDI Environments
http://nexus.realtimepublishers.com/awidv.php



From: Sam Cayze [mailto:sca...@gmail.com] 
Sent: Tuesday, November 15, 2011 11:16 AM
To: NT System Admin Issues
Subject: MDT and WIM Deployment?



1. Diving into MDT.

2. Wow, quite the product!

 

3. Any good resources you know of? 

Loving this site and learning lots there:
http://blogs.technet.com/b/deploymentguys/

 

4. However, still struggling with yet the simplest tasks:

I'm just looking to 

a. Boot from USB/DVD

b. Format Drive 0

c: Push WIM

d: Reboot into the WIM'd drive.  


The WIM I am using is a thick image with all Sysprep, domain join, etc
already taking care of. I've been using this WIM for ages and know it
works great. The MDT wrappers and wizards are not needed at all.  I'll
dive into those later.

 

I have a custom task sequence that includes:

Format and Partition Disk

Install OS

 

That should be all I need, right?  Is the default task "Install
Application" needed?  I know to update the MDT share, update media, and
copy the Content folder to the USB key. (It boots fine)

 

Yet it reboots right after the format and the WIM is not pushed onto the
drive...?

 

Any quick pointers?

Thanks!

 

-Sam

 

 

 

 

Sam Cayze
Systems Administrator
ROLLOUTS
ONSITE * ON DEMAND
952.279.6218...Direct Dial
612.386.3946...Mobile
www.Rollouts.com  
www.e-Technicians.net  

CONFIDENTIALITY NOTICE: This email and any attachment(s) are intended
only for the designated recipient(s).   Rollouts Incorporated prohibits
use, distribution or transmittal by or to an unintended recipient
without Rollouts' express written approval.  If you are not the intended
recipient, please delete this email and notify Rollouts.

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Backing / auto save up any open Microsoft Office document

[Cameron]

autosave

On Tue, Nov 15, 2011 at 1:34 PM, justino garcia wrote:

> Are thier any products that do this on workstations company wide.  For
> example, a user said he was typing a long report, made some edits, but some
> how lost all the corrections he made, due to document getting corrupt or he
> did not click save ?
>
> I know backing up all workstations is not a  good solution because of
> space constraints, but on currently open working documents?
>
>
> Any solution software or policy wise to avoid lost work?
>
> --
> Justin
> IT-TECH
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: New ISP - I have to route public IP's

[John Gwinner]

| From: Kurt Buff 
| Sent: Monday, November 14, 2011 9:55 PM

Thanks Kurt

| Not odd at all. Pretty standard.

Well, we've gone through 4 ISP's over the last 11 years, and they always give 
me a /248 IP.  Granted, they route upstream very similar, but I never have to 
supply the router beyond the router that supports my /248.

| Yup. Pretty standard. I assume that the Adtran is the ISP's box that is
| at your site.

Correct, it only gives out the one IP.

I think I said 'level' and I meant 'layer'.

| First, though, you haven't described the rest of your environment.
| What else will this speedy interface be serving? Is this link *only* for
| your web servers, or does it serve the rest of your organization?

A few mail servers, some other services (VPN), etc., as well as the rest of the 
organization, yes.

I can handle that fine with TMG, it's the routing outside my router that has me 
a bit stumped.

| So, you might want to strategise a bit regarding how you treat those
| four public IP addresses. Ask yourself questions, such as:

Those are good questions - I've got that part handled more or less.

Excellent writeup - I'll consider those points.

| Regardless, the simplest way to do what you want is to acquire two boxes
| that can support this. 

Right, I was hoping to avoid buying another box ... if the Layer 3 switch can 
do the routing.  I don't need to do any filtering or firewall outside of the 5 
IP's I get on the /248 subnet, just the routing.

TMG gets upset if you try to define a 'virtual' IP subset, i.e. one not bound 
to an adapter.

 == John == 

John Gwinner | Director of Technology
DAZSI /Oracle Business Applications
310.640.1300 (office) | 310.640.9900 (fax)
880 Apollo Street - Ste. 201 | El Segundo CA 90245



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Backing / auto save up any open Microsoft Office document

[Rankin, James R]

Microsoft Office GPOs can set autosave times. Just download the adm files, set 
a policy and you are cooking on gas.

Sent from my SR-71 Blackbird

-Original Message-
From: justino garcia 
Date: Tue, 15 Nov 2011 13:34:16 
To: NT System Admin Issues
Reply-To: "NT System Admin Issues" 
Subject: Backing / auto save up any open 
Microsoft Office document

Are thier any products that do this on workstations company wide.  For
example, a user said he was typing a long report, made some edits, but some
how lost all the corrections he made, due to document getting corrupt or he
did not click save ?

I know backing up all workstations is not a  good solution because of space
constraints, but on currently open working documents?


Any solution software or policy wise to avoid lost work?

-- 
Justin
IT-TECH

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Backing / auto save up any open Microsoft Office document

[Kurt Buff]

On Tue, Nov 15, 2011 at 10:34, justino garcia  wrote:
> Are thier any products that do this on workstations company wide.  For
> example, a user said he was typing a long report, made some edits, but some
> how lost all the corrections he made, due to document getting corrupt or he
> did not click save ?
>
> I know backing up all workstations is not a  good solution because of space
> constraints, but on currently open working documents?
>
>
> Any solution software or policy wise to avoid lost work?

I'll bet you could put a reg entry for all of the Office product to do
an autosave every minute in a GPO and deploy that. Haven't done that
myself, though.

Kurt

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Gadgets

[Jim McAtee]

Squeezebox. Greatest thing I have ever added to my stereo system(s). I 
have six or seven of them around the house (I've lost count). They can 
also be synced together if you like for whole-house audio. The greatest 
thing about the implementation is that it's very much client/server. You 
run a central server, with just one centralized copy of your music 
library, and all of the players are streamed to from that one server.


If a new Squeezebox Touch is too pricey, look around for either a used one 
or a used Squeezebox 2 or Squeezebox 3 (aka Squeezeobx Classic). There's 
also the Squeezebox Radio that can operate on either mains power or 
battery. It's a portable that doesn't require the addition of an amp and 
speakers.



- Original Message - 
From: "James Rankin" 

To: "NT System Admin Issues" 
Sent: Tuesday, November 15, 2011 5:51 AM
Subject: OT: Gadgets



Just moved to a much bigger house and I am trying to revamp all my
electronic kit. I have a lot of gym equipment in my garage, but I was
fancying putting some sort of music-playing device into the garage that
could connect up to my TeraStation and play a selection of music 
directly
from there. Buying a stereo and burning a load of mp3s onto a CD/DVD 
seems

s dated now...can anyone recommend any devices that might be able to
achieve this for me?

I've already got a streaming box linked to the TV that fires
movies/music/pictures onto the TV which works great, but I doubt I could
run a cable all the way from the streaming box to the garage (it is a 
much
bigger house). Would I need a device to output the music in the garage 
as

well as another streaming device? I've been Googling about (probably not
very cleverly) and I've found plenty stuff that can stream music across 
to
a stereo, but a) I don't have a stereo - I used to play all music 
through
my TV, and b) kit like SqueezeBox seems fairly expensive. I'm not 
wanting

to spend a great deal of money here, quality isn't that important, just
need some music in the background while I pound the punchbags!



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Backing / auto save up any open Microsoft Office document

[justino garcia]

Okay thanks for help...

On Tue, Nov 15, 2011 at 1:43 PM, Kurt Buff  wrote:

> On Tue, Nov 15, 2011 at 10:34, justino garcia 
> wrote:
> > Are thier any products that do this on workstations company wide.  For
> > example, a user said he was typing a long report, made some edits, but
> some
> > how lost all the corrections he made, due to document getting corrupt or
> he
> > did not click save ?
> >
> > I know backing up all workstations is not a  good solution because of
> space
> > constraints, but on currently open working documents?
> >
> >
> > Any solution software or policy wise to avoid lost work?
>
> I'll bet you could put a reg entry for all of the Office product to do
> an autosave every minute in a GPO and deploy that. Haven't done that
> myself, though.
>
> Kurt
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>


-- 
Justin
IT-TECH

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Whitelisting Pros & Cons?

[Stu Sjouwerman]

Oh, this an acquisition, that is why it's having such a high score!   LOL

From: Doug Hampshire [mailto:dhampsh...@gmail.com]
Sent: Tuesday, November 15, 2011 1:13 PM
To: NT System Admin Issues
Subject: Re: Whitelisting Pros & Cons?

Clearly these results are flawed if McAfee Anything gets higher than a -3 in 
any category. :-)
On Mon, Nov 14, 2011 at 5:16 PM, Stu Sjouwerman 
mailto:s...@sunbelt-software.com>> wrote:
Thanks Micheal. Anyone experience with any of the Whitelisting products in this 
InfoWorld Review?

http://www.infoworld.com/d/security-central/test-center-review-whitelisting-security-offers-salvation-835?


Bit9 Parity Suite 5.01

10

8

9

9

10

9.4
EXCELLENT


30%

15%

25%

10%

20%

CoreTrace Bouncer 5

9

9

9

8

9

8.9
VERY GOOD


30%

15%

25%

10%

20%

Lumension Application Control

8

9

8

9

9

8.5
VERY GOOD


30%

15%

25%

10%

20%

McAfee Application Control 5.0

9

9

9

8

8

8.7
VERY GOOD


30%

15%

25%

10%

20%

SignaCert Enterprise Trust Services 3.0




From: Micheal Espinola Jr 
[mailto:michealespin...@gmail.com]
Sent: Monday, November 14, 2011 5:10 PM

To: NT System Admin Issues
Subject: Re: Whitelisting Pros & Cons?

Whitelisting is the future IMHO.  You cant trust anything anymore.  Faith 
doesnt cut it.  You have to protect yourself and your assets, and whitelisting 
is the best way to do it.

--
Espi



On Mon, Nov 14, 2011 at 8:48 AM, Stu Sjouwerman 
mailto:s...@sunbelt-software.com>> wrote:
I'm referring to Whitelisting in the context of security.  About 10 years ago, 
the ratio
"Good code" versus malware was perhaps 90 good 10 bad.  In that scenario, it 
makes
sense to keep the bad code out. But over the last 10 years, with automated 
malware
variant generation, the tables have turned, and there is actually more malware 
than
good code out there. So in -that- scenario it might make sense to only allow 
"good code"
and implement application control. Only that which is allowed, will run.

I'd like your feedback - input - discussion on this !

Warm regards,

Stu

-Original Message-
From: Matthew W. Ross 
[mailto:mr...@ephrataschools.org]
Sent: Monday, November 14, 2011 11:22 AM
To: NT System Admin Issues
Subject: Re: Whitelisting Pros & Cons?

Are you asking about web content filtering, email filtering, or some other type 
of "whitelisting?"


--Matt Ross
Ephrata School District


- Original Message -
From: Stu Sjouwerman
[mailto:s...@sunbelt-software.com]
To: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com]
Sent: Mon, 14 Nov 2011
08:14:57 -0800
Subject: Whitelisting Pros & Cons?
> Guys, I am writing an article for WServerNews, and would like your
> public input.
>
> What is your experience with Whitelisting, which products you
> tried/use, and what experience you are having with this, likes and hates are 
> all welcome !!
>
> Warm regards,
>
> Stu
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to 
> listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ 

Re: Whitelisting Pros & Cons?

[Kurt Buff]

McAfee has done a bit of that in the past couple of years - witness their
pickup of the Sidewinder firewall line with the purchase of Secure
Computing a couple of years ago, along with WebWasher, SnapGear and
IronMail.

Kurt

On Tue, Nov 15, 2011 at 11:09, Stu Sjouwerman wrote:

> Oh, this an acquisition, that is why it’s having such a high score!   LOL
> 
>
> ** **
>
> *From:* Doug Hampshire [mailto:dhampsh...@gmail.com]
> *Sent:* Tuesday, November 15, 2011 1:13 PM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Whitelisting Pros & Cons?
>
> ** **
>
> Clearly these results are flawed if McAfee Anything gets higher than a -3
> in any category. :-)
>
> On Mon, Nov 14, 2011 at 5:16 PM, Stu Sjouwerman 
> wrote:
>
> Thanks Micheal. Anyone experience with any of the Whitelisting products in
> this InfoWorld Review?
>
>  
>
>
> http://www.infoworld.com/d/security-central/test-center-review-whitelisting-security-offers-salvation-835?
> 
>
>  
>
>  
>
> *Bit9 Parity Suite 5.01*
>
> *10*
>
> *8*
>
> *9*
>
> *9*
>
> *10*
>
> *9.4*
>
> *EXCELLENT*
>
> *30%*
>
> *15%*
>
> *25%*
>
> *10%*
>
> *20%*
>
> *CoreTrace Bouncer 5*
>
> *9*
>
> *9*
>
> *9*
>
> *8*
>
> *9*
>
> *8.9*
>
> *VERY GOOD*
>
> *30%*
>
> *15%*
>
> *25%*
>
> *10%*
>
> *20%*
>
> *Lumension Application Control*
>
> *8*
>
> *9*
>
> *8*
>
> *9*
>
> *9*
>
> *8.5*
>
> *VERY GOOD*
>
> *30%*
>
> *15%*
>
> *25%*
>
> *10%*
>
> *20%*
>
> *McAfee Application Control 5.0*
>
> *9*
>
> *9*
>
> *9*
>
> *8*
>
> *8*
>
> *8.7*
>
> *VERY GOOD*
>
> *30%*
>
> *15%*
>
> *25%*
>
> *10%*
>
> *20%*
>
> *SignaCert Enterprise Trust Services 3.0*
>
>  
>
>  
>
>  
>
> *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com]
> *Sent:* Monday, November 14, 2011 5:10 PM
>
>
> *To:* NT System Admin Issues
> *Subject:* Re: Whitelisting Pros & Cons?
>
>  
>
> Whitelisting is the future IMHO.  You cant trust anything anymore.  Faith
> doesnt cut it.  You have to protect yourself and your assets, and
> whitelisting is the best way to do it.
>
> --
> Espi
>
>  
>
>  
>
> ** **
>
> On Mon, Nov 14, 2011 at 8:48 AM, Stu Sjouwerman 
> wrote:
>
> I'm referring to Whitelisting in the context of security.  About 10 years
> ago, the ratio
> "Good code" versus malware was perhaps 90 good 10 bad.  In that scenario,
> it makes
> sense to keep the bad code out. But over the last 10 years, with automated
> malware
> variant generation, the tables have turned, and there is actually more
> malware than
> good code out there. So in -that- scenario it might make sense to only
> allow "good code"
> and implement application control. Only that which is allowed, will run.
>
> I'd like your feedback - input - discussion on this !
>
> Warm regards,
>
> Stu
>
>
> -Original Message-
> From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
> Sent: Monday, November 14, 2011 11:22 AM
> To: NT System Admin Issues
>
> Subject: Re: Whitelisting Pros & Cons?
>
> Are you asking about web content filtering, email filtering, or some other
> type of "whitelisting?"
>
>
> --Matt Ross
> Ephrata School District
>
>
> - Original Message -
> From: Stu Sjouwerman
> [mailto:s...@sunbelt-software.com]
> To: NT System Admin Issues
> [mailto:ntsysadmin@lyris.sunbelt-software.com]
> Sent: Mon, 14 Nov 2011
> 08:14:57 -0800
> Subject: Whitelisting Pros & Cons?
>
> > Guys, I am writing an article for WServerNews, and would like your
> > public input.
> >
> > What is your experience with Whitelisting, which products you
> > tried/use, and what experience you are having with this, likes and hates
> are all welcome !!
> >
> > Warm regards,
> >
> > Stu
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
> >   ~
> >
> > ---
> > To manage subscriptions click here:
> > http://lyris.sunbelt-software.com/read/my_forums/
> > or send an email to listmana...@lyris.sunbeltsoftware.com
> > with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <
> http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>  
>
> ~ Finally, powerful endpoint security that ISN'

Re: Would you drop AV for Whitelisting / Application Control?

[Kurt Buff]

On Tue, Nov 15, 2011 at 11:18, Stu Sjouwerman  wrote:
>
> So I’m asking a bunch of questions here, because I’m looking at writing this
> story from a few different angles. If the ratio Malware to good code is 80 – 
> 20
> (which it is +/- at the moment) why not drop AV all together and lock down 
> those
> workstations and only allow good code to run?   Saves budget.
>
> Your view? Input?
>
> Stu

Does it really save budget? I ask this though I'm thoroughly in favor
of application whitelisting [1]

The whitelist publisher should

 o- Have a comprehensive set of known apps up front
 o- Make it easy for an administrator to add apps to the whitelist
for some obscure program that's crucial
 o- Have a subscription mechanism to update their whitelist frequently
 o- Have a way for a subscriber to submit an executable for
analysis to be included/excluded from the whitelist

Absent the above, the blacklisters probably have an advantage in terms
of effort expended by the sysadmin, by virtue of the nearly hourly
updates they publish.

Kurt

[1] I don't yet have experience with whitelisting. Given our
relatively recent EA with MSFT, I plan to make some time to explore it
by setting up Applocker on a test OU and subjecting myself to the
pain.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Would you drop AV for Whitelisting / Application Control?

[Bourque Daniel]

Developper's stations...   
 
I don't know how you can lock them down...
 


De : Stu Sjouwerman [mailto:s...@sunbelt-software.com] 
Envoyé : 15 novembre 2011 14:19
À : NT System Admin Issues
Objet : Would you drop AV for Whitelisting / Application Control?



So I'm asking a bunch of questions here, because I'm looking at writing this

story from a few different angles. If the ratio Malware to good code is 80 - 20

(which it is +/- at the moment) why not drop AV all together and lock down those

workstations and only allow good code to run?   Saves budget.

 

Your view? Input?


Stu 

 

 

 

 

 

From: Stu Sjouwerman 
Sent: Tuesday, November 15, 2011 2:10 PM
To: NT System Admin Issues
Subject: RE: Whitelisting Pros & Cons?

 

Oh, this an acquisition, that is why it's having such a high score!   LOL 

 

From: Doug Hampshire [mailto:dhampsh...@gmail.com] 
Sent: Tuesday, November 15, 2011 1:13 PM
To: NT System Admin Issues
Subject: Re: Whitelisting Pros & Cons?

 

Clearly these results are flawed if McAfee Anything gets higher than a -3 in 
any category. :-)

On Mon, Nov 14, 2011 at 5:16 PM, Stu Sjouwerman  
wrote:

Thanks Micheal. Anyone experience with any of the Whitelisting products in this 
InfoWorld Review?

 

http://www.infoworld.com/d/security-central/test-center-review-whitelisting-security-offers-salvation-835?

 

 

Bit9 Parity Suite 5.01

10

8

9

9

10

9.4

EXCELLENT

30%

15%

25%

10%

20%


CoreTrace Bouncer 5

9

9

9

8

9

8.9

VERY GOOD

30%

15%

25%

10%

20%


Lumension Application Control

8

9

8

9

9

8.5

VERY GOOD

30%

15%

25%

10%

20%


McAfee Application Control 5.0

9

9

9

8

8

8.7

VERY GOOD

30%

15%

25%

10%

20%


SignaCert Enterprise Trust Services 3.0



 

 

 

From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] 
Sent: Monday, November 14, 2011 5:10 PM


To: NT System Admin Issues
Subject: Re: Whitelisting Pros & Cons?

 

Whitelisting is the future IMHO.  You cant trust anything anymore.  Faith 
doesnt cut it.  You have to protect yourself and your assets, and whitelisting 
is the best way to do it.

--
Espi

 

 

 

On Mon, Nov 14, 2011 at 8:48 AM, Stu Sjouwerman  
wrote:

I'm referring to Whitelisting in the context of security.  About 10 years ago, 
the ratio
"Good code" versus malware was perhaps 90 good 10 bad.  In that scenario, it 
makes
sense to keep the bad code out. But over the last 10 years, with automated 
malware
variant generation, the tables have turned, and there is actually more malware 
than
good code out there. So in -that- scenario it might make sense to only allow 
"good code"
and implement application control. Only that which is allowed, will run.

I'd like your feedback - input - discussion on this !

Warm regards,

Stu


-Original Message-
From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
Sent: Monday, November 14, 2011 11:22 AM
To: NT System Admin Issues

Subject: Re: Whitelisting Pros & Cons?

Are you asking about web content filtering, email filtering, or some other type 
of "whitelisting?"


--Matt Ross
Ephrata School District


- Original Message -
From: Stu Sjouwerman
[mailto:s...@sunbelt-software.com]
To: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com]
Sent: Mon, 14 Nov 2011
08:14:57 -0800
Subject: Whitelisting Pros & Cons?

> Guys, I am writing an article for WServerNews, and would like your
> public input.
>
> What is your experience with Whitelisting, which products you
> tried/use, and what experience you are having with this, likes and hates are 
> all welcome !!
>
> Warm regards,
>
> Stu
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltso

Cross Post from Susan Bradley, POC exploit code for MS11-083, TCPIP Kernel Remote Code Execution,

[Ziots, Edward]

Vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

Just so you know now with the POC, and probably exploits running around,
probably best to get this patch on your Windows 2008,R2 Windows Vista
and Windows 7 systems sooner than laters. 

 

 

http://pastebin.com/fjZ1k0fi

Now they are developing proof of concepts.

 

I would hope that at day one your firewall guys would be getting alerts.

 

1.

MS11-083 DoS/PoC exploit

2.

* 

3.

* This attempts to trigger the ICMP refCount overflow 4.

* in TCP/IP stack of Win7/Vista/Win2k8 hosts. This 5.

* requires sending 2^32 UDP packets to a host on a closed 6.

* port, or 4,294,967,296 packets. A dereference function 7.

* must be called that is not triggered via UDP but ICMP 8.

* echo packets. This exploit creates 250 threads and 9.

* floods a host with UDP packets and then attempts to 10.

* trigger the de-ref using ping. I calculated that it 11.

* would take approximately 52 days for the host to 12.

* enter a condition where this vulnerability is 13.

* triggerable.

 

Z

 

Edward E. Ziots

CISSP, Network +, Security +

Security Engineer

Lifespan Organization

Email:ezi...@lifespan.org

Cell:401-639-3505

 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

Would you drop AV for Whitelisting / Application Control?

[Stu Sjouwerman]

So I'm asking a bunch of questions here, because I'm looking at writing this
story from a few different angles. If the ratio Malware to good code is 80 - 20
(which it is +/- at the moment) why not drop AV all together and lock down those
workstations and only allow good code to run?   Saves budget.

Your view? Input?

Stu





From: Stu Sjouwerman
Sent: Tuesday, November 15, 2011 2:10 PM
To: NT System Admin Issues
Subject: RE: Whitelisting Pros & Cons?

Oh, this an acquisition, that is why it's having such a high score!   LOL

From: Doug Hampshire [mailto:dhampsh...@gmail.com]
Sent: Tuesday, November 15, 2011 1:13 PM
To: NT System Admin Issues
Subject: Re: Whitelisting Pros & Cons?

Clearly these results are flawed if McAfee Anything gets higher than a -3 in 
any category. :-)
On Mon, Nov 14, 2011 at 5:16 PM, Stu Sjouwerman 
mailto:s...@sunbelt-software.com>> wrote:
Thanks Micheal. Anyone experience with any of the Whitelisting products in this 
InfoWorld Review?

http://www.infoworld.com/d/security-central/test-center-review-whitelisting-security-offers-salvation-835?


Bit9 Parity Suite 5.01

10

8

9

9

10

9.4
EXCELLENT


30%

15%

25%

10%

20%

CoreTrace Bouncer 5

9

9

9

8

9

8.9
VERY GOOD


30%

15%

25%

10%

20%

Lumension Application Control

8

9

8

9

9

8.5
VERY GOOD


30%

15%

25%

10%

20%

McAfee Application Control 5.0

9

9

9

8

8

8.7
VERY GOOD


30%

15%

25%

10%

20%

SignaCert Enterprise Trust Services 3.0




From: Micheal Espinola Jr 
[mailto:michealespin...@gmail.com]
Sent: Monday, November 14, 2011 5:10 PM

To: NT System Admin Issues
Subject: Re: Whitelisting Pros & Cons?

Whitelisting is the future IMHO.  You cant trust anything anymore.  Faith 
doesnt cut it.  You have to protect yourself and your assets, and whitelisting 
is the best way to do it.

--
Espi



On Mon, Nov 14, 2011 at 8:48 AM, Stu Sjouwerman 
mailto:s...@sunbelt-software.com>> wrote:
I'm referring to Whitelisting in the context of security.  About 10 years ago, 
the ratio
"Good code" versus malware was perhaps 90 good 10 bad.  In that scenario, it 
makes
sense to keep the bad code out. But over the last 10 years, with automated 
malware
variant generation, the tables have turned, and there is actually more malware 
than
good code out there. So in -that- scenario it might make sense to only allow 
"good code"
and implement application control. Only that which is allowed, will run.

I'd like your feedback - input - discussion on this !

Warm regards,

Stu

-Original Message-
From: Matthew W. Ross 
[mailto:mr...@ephrataschools.org]
Sent: Monday, November 14, 2011 11:22 AM
To: NT System Admin Issues
Subject: Re: Whitelisting Pros & Cons?

Are you asking about web content filtering, email filtering, or some other type 
of "whitelisting?"


--Matt Ross
Ephrata School District


- Original Message -
From: Stu Sjouwerman
[mailto:s...@sunbelt-software.com]
To: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com]
Sent: Mon, 14 Nov 2011
08:14:57 -0800
Subject: Whitelisting Pros & Cons?
> Guys, I am writing an article for WServerNews, and would like your
> public input.
>
> What is your experience with Whitelisting, which products you
> tried/use, and what experience you are having with this, likes and hates are 
> all welcome !!
>
> Warm regards,
>
> Stu
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to 
> listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful

RE: Would you drop AV for Whitelisting / Application Control?

[Stu Sjouwerman]

Very good feedback Kurt! Anyone else ?

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Tuesday, November 15, 2011 2:37 PM
To: NT System Admin Issues
Subject: Re: Would you drop AV for Whitelisting / Application Control?

On Tue, Nov 15, 2011 at 11:18, Stu Sjouwerman  wrote:
>
> So I’m asking a bunch of questions here, because I’m looking at 
> writing this story from a few different angles. If the ratio Malware 
> to good code is 80 – 20 (which it is +/- at the moment) why not drop 
> AV all together and lock down those workstations and only allow good code to 
> run?   Saves budget.
>
> Your view? Input?
>
> Stu

Does it really save budget? I ask this though I'm thoroughly in favor of 
application whitelisting [1]

The whitelist publisher should

 o- Have a comprehensive set of known apps up front
 o- Make it easy for an administrator to add apps to the whitelist for some 
obscure program that's crucial
 o- Have a subscription mechanism to update their whitelist frequently
 o- Have a way for a subscriber to submit an executable for analysis to be 
included/excluded from the whitelist

Absent the above, the blacklisters probably have an advantage in terms of 
effort expended by the sysadmin, by virtue of the nearly hourly updates they 
publish.

Kurt

[1] I don't yet have experience with whitelisting. Given our relatively recent 
EA with MSFT, I plan to make some time to explore it by setting up Applocker on 
a test OU and subjecting myself to the pain.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: netsession_win.exe

[Rankin, James R]

Adobe Customization Wizard. Cut out the stuff you don't want.

Sent from my SR-71 Blackbird

-Original Message-
From: David Lum 
Date: Tue, 15 Nov 2011 19:40:28 
To: NT System Admin Issues
Reply-To: "NT System Admin Issues" 
Subject: netsession_win.exe

Looks like an Adobe update installs this .EXE.  I'm thinking I should have it 
blocked by AV or whatever. User came to me because Win7's firewall barked at 
him.

http://www.akamai.com/html/misc/akamai_client/netsession_interface_faq.html

Key phrase that makes me want to kill it: "enable secure, closed peer-to-peer 
networking so that websites can deliver files to their users economically and 
with faster downloads"

P2P = not if I don't have to...
David Lum
Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: netsession_win.exe

[Andrew S. Baker]

It's not P2P...

It's otherwise known as CDN: Content Distribution Network

Akamai is legitimate stuff.

* *

*ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of
Technology for the SMB market…

*



On Tue, Nov 15, 2011 at 2:40 PM, David Lum  wrote:

> Looks like an Adobe update installs this .EXE.  I’m thinking I should have
> it blocked by AV or whatever. User came to me because Win7’s firewall
> barked at him.
>
> ** **
>
> http://www.akamai.com/html/misc/akamai_client/netsession_interface_faq.html
> 
>
> ** **
>
> Key phrase that makes me want to kill it: “enable secure, closed
> peer-to-peer networking so that websites can deliver files to their users
> economically and with faster downloads”
>
> ** **
>
> P2P = not if I don’t have to…
>
> *David Lum*
> Systems Engineer // NWEATM
> Office 503.548.5229 //* *Cell (voice/text) 503.267.9764
>
> ** **
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Would you drop AV for Whitelisting / Application Control?

[David Lum]

I like the idea for many scenarios, developers would be one where it would be 
tough, but in the places I manage I bet It would work for 80% of the systems as 
a great many fire up just a few apps. For public access machines (library) this 
is largely what I do anyway, but for more than just malware concerns :-).

The catch is developers usually need more speed than the rest so if you could 
go without AV on them it would be beneficial from their standpoint - they are 
historically (in my experience) the hardest to balance between security and 
performance.

Dave

-Original Message-
From: Stu Sjouwerman [mailto:s...@sunbelt-software.com] 
Sent: Tuesday, November 15, 2011 11:47 AM
To: NT System Admin Issues
Subject: RE: Would you drop AV for Whitelisting / Application Control?

Very good feedback Kurt! Anyone else ?

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com]
Sent: Tuesday, November 15, 2011 2:37 PM
To: NT System Admin Issues
Subject: Re: Would you drop AV for Whitelisting / Application Control?

On Tue, Nov 15, 2011 at 11:18, Stu Sjouwerman  wrote:
>
> So I’m asking a bunch of questions here, because I’m looking at 
> writing this story from a few different angles. If the ratio Malware 
> to good code is 80 – 20 (which it is +/- at the moment) why not drop 
> AV all together and lock down those workstations and only allow good code to 
> run?   Saves budget.
>
> Your view? Input?
>
> Stu

Does it really save budget? I ask this though I'm thoroughly in favor of 
application whitelisting [1]

The whitelist publisher should

 o- Have a comprehensive set of known apps up front
 o- Make it easy for an administrator to add apps to the whitelist for some 
obscure program that's crucial
 o- Have a subscription mechanism to update their whitelist frequently
 o- Have a way for a subscriber to submit an executable for analysis to be 
included/excluded from the whitelist

Absent the above, the blacklisters probably have an advantage in terms of 
effort expended by the sysadmin, by virtue of the nearly hourly updates they 
publish.

Kurt

[1] I don't yet have experience with whitelisting. Given our relatively recent 
EA with MSFT, I plan to make some time to explore it by setting up Applocker on 
a test OU and subjecting myself to the pain.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Would you drop AV for Whitelisting / Application Control?

[Ziots, Edward]

Some have taken that stance, but I have also heard the other side, is
they need to keep AV on workstations, Servers due to compliance issues.
( which I don't really take as a valid argument, especially if
compensating controls are taking effect)

 

Z

 

Edward E. Ziots

CISSP, Network +, Security +

Security Engineer

Lifespan Organization

Email:ezi...@lifespan.org

Cell:401-639-3505

 

 

From: Stu Sjouwerman [mailto:s...@sunbelt-software.com] 
Sent: Tuesday, November 15, 2011 2:19 PM
To: NT System Admin Issues
Subject: Would you drop AV for Whitelisting / Application Control?

 

So I'm asking a bunch of questions here, because I'm looking at writing
this

story from a few different angles. If the ratio Malware to good code is
80 - 20

(which it is +/- at the moment) why not drop AV all together and lock
down those

workstations and only allow good code to run?   Saves budget.

 

Your view? Input?


Stu 

 

 

 

 

 

From: Stu Sjouwerman 
Sent: Tuesday, November 15, 2011 2:10 PM
To: NT System Admin Issues
Subject: RE: Whitelisting Pros & Cons?

 

Oh, this an acquisition, that is why it's having such a high score!
LOL 

 

From: Doug Hampshire [mailto:dhampsh...@gmail.com] 
Sent: Tuesday, November 15, 2011 1:13 PM
To: NT System Admin Issues
Subject: Re: Whitelisting Pros & Cons?

 

Clearly these results are flawed if McAfee Anything gets higher than a
-3 in any category. :-)

On Mon, Nov 14, 2011 at 5:16 PM, Stu Sjouwerman <
s...@sunbelt-software.com> wrote:

Thanks Micheal. Anyone experience with any of the Whitelisting products
in this InfoWorld Review?

 

http://www.infoworld.com/d/security-central/test-center-review-whitelist
ing-security-offers-salvation-835?

 

 

Bit9 Parity Suite 5.01

10

8

9

9

10

9.4

EXCELLENT

30%

15%

25%

10%

20%


CoreTrace Bouncer 5

9

9

9

8

9

8.9

VERY GOOD

30%

15%

25%

10%

20%


Lumension Application Control

8

9

8

9

9

8.5

VERY GOOD

30%

15%

25%

10%

20%


McAfee Application Control 5.0

9

9

9

8

8

8.7

VERY GOOD

30%

15%

25%

10%

20%


SignaCert Enterprise Trust Services 3.0



 

 

 

From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] 
Sent: Monday, November 14, 2011 5:10 PM


To: NT System Admin Issues
Subject: Re: Whitelisting Pros & Cons?

 

Whitelisting is the future IMHO.  You cant trust anything anymore.
Faith doesnt cut it.  You have to protect yourself and your assets, and
whitelisting is the best way to do it.

--
Espi

 

 

 

On Mon, Nov 14, 2011 at 8:48 AM, Stu Sjouwerman <
s...@sunbelt-software.com> wrote:

I'm referring to Whitelisting in the context of security.  About 10
years ago, the ratio
"Good code" versus malware was perhaps 90 good 10 bad.  In that
scenario, it makes
sense to keep the bad code out. But over the last 10 years, with
automated malware
variant generation, the tables have turned, and there is actually more
malware than
good code out there. So in -that- scenario it might make sense to only
allow "good code"
and implement application control. Only that which is allowed, will run.

I'd like your feedback - input - discussion on this !

Warm regards,

Stu


-Original Message-
From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
Sent: Monday, November 14, 2011 11:22 AM
To: NT System Admin Issues

Subject: Re: Whitelisting Pros & Cons?

Are you asking about web content filtering, email filtering, or some
other type of "whitelisting?"


--Matt Ross
Ephrata School District


- Original Message -
From: Stu Sjouwerman
[mailto:s...@sunbelt-software.com]
To: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com]
Sent: Mon, 14 Nov 2011
08:14:57 -0800
Subject: Whitelisting Pros & Cons?

> Guys, I am writing an article for WServerNews, and would like your
> public input.
>
> What is your experience with Whitelisting, which products you
> tried/use, and what experience you are having with this, likes and
hates are all welcome !!
>
> Warm regards,
>
> Stu
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <
http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@

Re: Would you drop AV for Whitelisting / Application Control?

[Andrew S. Baker]

AV is still very useful in perimeter security devices, but its usefulness
is deteriorating rapidly.

In the past 2 years, various machines on my home network have intercepted
malware trying to infect my network, but except for malware-laden email, AV
has not been the vehicle that has caught it.  On the flip side, I've had
lots more false positives with AV (things that it doesn't like, but which I
know is there, and want it to be there, like MetaSploit, VNC, etc)

My detailed viewpoint is:
http://home.asbzone.com/ASB/archive/2010/05/10/it-s-time-to-re-evaluate-host-based-security.aspx

I intend to get rid of AV at home (using Vipre, MSE, and Avira on different
machines) and fully deploy whitelisting in the next few months.  It's my
major upgrade project for the Winter.

OpenDNS is already doing more for me in terms of malware detection and
protection vs host-based AV

* *

*ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of
Technology for the SMB market…

*



On Tue, Nov 15, 2011 at 2:18 PM, Stu Sjouwerman
wrote:

> So I’m asking a bunch of questions here, because I’m looking at writing
> this
>
> story from a few different angles. If the ratio Malware to good code is 80
> – 20
>
> (which it is +/- at the moment) why not drop AV all together and lock down
> those
>
> workstations and only allow good code to run?   Saves budget.
>
> ** **
>
> Your view? Input?
>
>
> Stu 
>
> ** **
>
> ** **
>
> ** **
>
> ** **
>
> ** **
>
> *From:* Stu Sjouwerman
> *Sent:* Tuesday, November 15, 2011 2:10 PM
> *To:* NT System Admin Issues
> *Subject:* RE: Whitelisting Pros & Cons?
>
> ** **
>
> Oh, this an acquisition, that is why it’s having such a high score!   LOL
> 
>
> ** **
>
> *From:* Doug Hampshire [mailto:dhampsh...@gmail.com]
> *Sent:* Tuesday, November 15, 2011 1:13 PM
> *To:* NT System Admin Issues
> *Subject:* Re: Whitelisting Pros & Cons?
>
> ** **
>
> Clearly these results are flawed if McAfee Anything gets higher than a -3
> in any category. :-)
>
> On Mon, Nov 14, 2011 at 5:16 PM, Stu Sjouwerman 
> wrote:
>
> Thanks Micheal. Anyone experience with any of the Whitelisting products in
> this InfoWorld Review?
>
>  
>
>
> http://www.infoworld.com/d/security-central/test-center-review-whitelisting-security-offers-salvation-835?
> 
>
>  
>
>  
>
> *Bit9 Parity Suite 5.01*
>
> *10*
>
> *8*
>
> *9*
>
> *9*
>
> *10*
>
> *9.4*
>
> *EXCELLENT*
>
> *30%*
>
> *15%*
>
> *25%*
>
> *10%*
>
> *20%*
>
> *CoreTrace Bouncer 5*
>
> *9*
>
> *9*
>
> *9*
>
> *8*
>
> *9*
>
> *8.9*
>
> *VERY GOOD*
>
> *30%*
>
> *15%*
>
> *25%*
>
> *10%*
>
> *20%*
>
> *Lumension Application Control*
>
> *8*
>
> *9*
>
> *8*
>
> *9*
>
> *9*
>
> *8.5*
>
> *VERY GOOD*
>
> *30%*
>
> *15%*
>
> *25%*
>
> *10%*
>
> *20%*
>
> *McAfee Application Control 5.0*
>
> *9*
>
> *9*
>
> *9*
>
> *8*
>
> *8*
>
> *8.7*
>
> *VERY GOOD*
>
> *30%*
>
> *15%*
>
> *25%*
>
> *10%*
>
> *20%*
>
> *SignaCert Enterprise Trust Services 3.0*
>
>  
>
>  
>
>  
>
> *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com]
> *Sent:* Monday, November 14, 2011 5:10 PM
>
>
> *To:* NT System Admin Issues
> *Subject:* Re: Whitelisting Pros & Cons?
>
>  
>
> Whitelisting is the future IMHO.  You cant trust anything anymore.  Faith
> doesnt cut it.  You have to protect yourself and your assets, and
> whitelisting is the best way to do it.
>
> --
> Espi
>
>  
>
>  
>
> ** **
>
> On Mon, Nov 14, 2011 at 8:48 AM, Stu Sjouwerman 
> wrote:
>
> I'm referring to Whitelisting in the context of security.  About 10 years
> ago, the ratio
> "Good code" versus malware was perhaps 90 good 10 bad.  In that scenario,
> it makes
> sense to keep the bad code out. But over the last 10 years, with automated
> malware
> variant generation, the tables have turned, and there is actually more
> malware than
> good code out there. So in -that- scenario it might make sense to only
> allow "good code"
> and implement application control. Only that which is allowed, will run.
>
> I'd like your feedback - input - discussion on this !
>
> Warm regards,
>
> Stu
>
>
> -Original Message-
> From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
> Sent: Monday, November 14, 2011 11:22 AM
> To: NT System Admin Issues
>
> Subject: Re: Whitelisting Pros & Cons?
>
> Are you asking about web content filtering, email filtering, or some other
> type of "whitelisting?"
>
>
> --Matt Ross
> Ephrata School District
>
>
> - Original Message -
> From: Stu Sjouwerman
> [mailto:s...@sunbelt-software.com]
> To: NT System Admin Issues
> [mailto:ntsysadmin@lyris.sunbelt-software.com]
> Sent: Mon, 14 Nov 2011
> 08:14:57 -0800
> Subject: Whitelisting Pros & Cons?
>
> > Guys, I am writing 

Re: Would you drop AV for Whitelisting / Application Control?

[Andrew S. Baker]

Auditors can be picky here.

What you do to get around this is not surprise them.  Get them onboard
early on, and there are no surprises at audit time.

* *

*ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of
Technology for the SMB market…

*



On Tue, Nov 15, 2011 at 3:09 PM, Ziots, Edward  wrote:

> Some have taken that stance, but I have also heard the other side, is they
> need to keep AV on workstations, Servers due to compliance issues. ( which
> I don’t really take as a valid argument, especially if compensating
> controls are taking effect)
>
> ** **
>
> Z
>
> ** **
>
> Edward E. Ziots
>
> CISSP, Network +, Security +
>
> Security Engineer
>
> Lifespan Organization
>
> Email:ezi...@lifespan.org
>
> Cell:401-639-3505
>
> [image: CISSP_logo]
>
> ** **
>
> *From:* Stu Sjouwerman [mailto:s...@sunbelt-software.com]
> *Sent:* Tuesday, November 15, 2011 2:19 PM
>
> *To:* NT System Admin Issues
> *Subject:* Would you drop AV for Whitelisting / Application Control?
>
> ** **
>
> So I’m asking a bunch of questions here, because I’m looking at writing
> this
>
> story from a few different angles. If the ratio Malware to good code is 80
> – 20
>
> (which it is +/- at the moment) why not drop AV all together and lock down
> those
>
> workstations and only allow good code to run?   Saves budget.
>
> ** **
>
> Your view? Input?
>
>
> Stu 
>
> ** **
>
> ** **
>
> ** **
>
> ** **
>
> ** **
>
> *From:* Stu Sjouwerman
> *Sent:* Tuesday, November 15, 2011 2:10 PM
> *To:* NT System Admin Issues
> *Subject:* RE: Whitelisting Pros & Cons?
>
> ** **
>
> Oh, this an acquisition, that is why it’s having such a high score!   LOL
> 
>
> ** **
>
> *From:* Doug Hampshire [mailto:dhampsh...@gmail.com ]
>
> *Sent:* Tuesday, November 15, 2011 1:13 PM
> *To:* NT System Admin Issues
> *Subject:* Re: Whitelisting Pros & Cons?
>
> ** **
>
> Clearly these results are flawed if McAfee Anything gets higher than a -3
> in any category. :-)
>
> On Mon, Nov 14, 2011 at 5:16 PM, Stu Sjouwerman 
> wrote:
>
> Thanks Micheal. Anyone experience with any of the Whitelisting products in
> this InfoWorld Review?
>
>  
>
>
> http://www.infoworld.com/d/security-central/test-center-review-whitelisting-security-offers-salvation-835?
> 
>
>  
>
>  
>
> *Bit9 Parity Suite 5.01*
>
> *10*
>
> *8*
>
> *9*
>
> *9*
>
> *10*
>
> *9.4*
>
> *EXCELLENT*
>
> *30%*
>
> *15%*
>
> *25%*
>
> *10%*
>
> *20%*
>
> *CoreTrace Bouncer 5*
>
> *9*
>
> *9*
>
> *9*
>
> *8*
>
> *9*
>
> *8.9*
>
> *VERY GOOD*
>
> *30%*
>
> *15%*
>
> *25%*
>
> *10%*
>
> *20%*
>
> *Lumension Application Control*
>
> *8*
>
> *9*
>
> *8*
>
> *9*
>
> *9*
>
> *8.5*
>
> *VERY GOOD*
>
> *30%*
>
> *15%*
>
> *25%*
>
> *10%*
>
> *20%*
>
> *McAfee Application Control 5.0*
>
> *9*
>
> *9*
>
> *9*
>
> *8*
>
> *8*
>
> *8.7*
>
> *VERY GOOD*
>
> *30%*
>
> *15%*
>
> *25%*
>
> *10%*
>
> *20%*
>
> *SignaCert Enterprise Trust Services 3.0*
>
>  
>
>  
>
>  
>
> *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com]
> *Sent:* Monday, November 14, 2011 5:10 PM
>
>
> *To:* NT System Admin Issues
> *Subject:* Re: Whitelisting Pros & Cons?
>
>  
>
> Whitelisting is the future IMHO.  You cant trust anything anymore.  Faith
> doesnt cut it.  You have to protect yourself and your assets, and
> whitelisting is the best way to do it.
>
> --
> Espi
>
>  
>
>  
>
> ** **
>
> On Mon, Nov 14, 2011 at 8:48 AM, Stu Sjouwerman 
> wrote:
>
> I'm referring to Whitelisting in the context of security.  About 10 years
> ago, the ratio
> "Good code" versus malware was perhaps 90 good 10 bad.  In that scenario,
> it makes
> sense to keep the bad code out. But over the last 10 years, with automated
> malware
> variant generation, the tables have turned, and there is actually more
> malware than
> good code out there. So in -that- scenario it might make sense to only
> allow "good code"
> and implement application control. Only that which is allowed, will run.
>
> I'd like your feedback - input - discussion on this !
>
> Warm regards,
>
> Stu
>
>
> -Original Message-
> From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
> Sent: Monday, November 14, 2011 11:22 AM
> To: NT System Admin Issues
>
> Subject: Re: Whitelisting Pros & Cons?
>
> Are you asking about web content filtering, email filtering, or some other
> type of "whitelisting?"
>
>
> --Matt Ross
> Ephrata School District
>
>
> - Original Message -
> From: Stu Sjouwerman
> [mailto:s...@sunbelt-software.com]
> To: NT System Admin Issues
> [mailto:ntsysadmin@lyris.sunbelt-software.com]
> Sent: Mon, 14 Nov 2011
> 08:14:57 -0800
> Subject: Whitelisting Pros & Cons?
>
> > Guys, I am wr

Re: Would you drop AV for Whitelisting / Application Control?

[Andrew S. Baker]

What I did in one environment was isolate the entire developer segment,
because they made a stink about the mandatory AV, and insisted that they
couldn't work if their systems were locked down like everyone else.

We allowed them to have control of their own scanning settings, but
firewalled their entire segment from the rest of the network and
deep-scanned their traffic.

The security posture of the rest of the environment improved greatly, but
more than half of the developers needed to have their laptops rebuilt due
to constant rootkits.  They finally relented when they couldn't win any
argument about how unnecessary our approach to security was for them.

* *

*ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of
Technology for the SMB market…

*



On Tue, Nov 15, 2011 at 2:57 PM, David Lum  wrote:

> I like the idea for many scenarios, developers would be one where it would
> be tough, but in the places I manage I bet It would work for 80% of the
> systems as a great many fire up just a few apps. For public access machines
> (library) this is largely what I do anyway, but for more than just malware
> concerns :-).
>
> The catch is developers usually need more speed than the rest so if you
> could go without AV on them it would be beneficial from their standpoint -
> they are historically (in my experience) the hardest to balance between
> security and performance.
>
> Dave
>
> -Original Message-
> From: Stu Sjouwerman [mailto:s...@sunbelt-software.com]
> Sent: Tuesday, November 15, 2011 11:47 AM
> To: NT System Admin Issues
> Subject: RE: Would you drop AV for Whitelisting / Application Control?
>
> Very good feedback Kurt! Anyone else ?
>
> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Tuesday, November 15, 2011 2:37 PM
> To: NT System Admin Issues
> Subject: Re: Would you drop AV for Whitelisting / Application Control?
>
> On Tue, Nov 15, 2011 at 11:18, Stu Sjouwerman 
> wrote:
> >
> > So I’m asking a bunch of questions here, because I’m looking at
> > writing this story from a few different angles. If the ratio Malware
> > to good code is 80 – 20 (which it is +/- at the moment) why not drop
> > AV all together and lock down those workstations and only allow good
> code to run?   Saves budget.
> >
> > Your view? Input?
> >
> > Stu
>
> Does it really save budget? I ask this though I'm thoroughly in favor of
> application whitelisting [1]
>
> The whitelist publisher should
>
> o- Have a comprehensive set of known apps up front
> o- Make it easy for an administrator to add apps to the whitelist for
> some obscure program that's crucial
> o- Have a subscription mechanism to update their whitelist frequently
> o- Have a way for a subscriber to submit an executable for analysis to
> be included/excluded from the whitelist
>
> Absent the above, the blacklisters probably have an advantage in terms of
> effort expended by the sysadmin, by virtue of the nearly hourly updates
> they publish.
>
> Kurt
>
> [1] I don't yet have experience with whitelisting. Given our relatively
> recent EA with MSFT, I plan to make some time to explore it by setting up
> Applocker on a test OU and subjecting myself to the pain.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <
> http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <
> http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Server room cooling units

[John Gwinner]

My 0.02 ...

I'm getting bids myself; the owners have always gone cheap and so far I have a 
little 'room a/c' unit that I had to rig up with my own insulated pipe to 
exhaust the hot air into the return air plenum (i.e. above the drop ceiling 
tiles).

Full rack, about 10K BTU's, 18k if you include the fridge and coffee pot.  Yea, 
not my choice.

Movincool has a unit that looks pretty easy to install, but so far all of the 
installers want MORE money than the unit costs to lift it up above the ceiling 
tiles and hookup the 2 ducts to the room.

Here's the Movincool:

http://www.movincool.com/portable-air-conditioner/cm25.php

The price is pretty similar to the comparable Liebert (Emerson power) unit 
though, so we'll probably go with Liebert.

Building A/C is usually just about enough (room is about 70-80 during the 
week), but on the weekend they shut it off.

We exploded a can of soda in the room once:

One can in the 6 pack spewed and knocked the 6 pack off. Not sure if it 
exploded on the rack or when it hit the floor.  Yea, we have office supplies in 
there too.

[cid:image002.jpg@01CCA38F.B2291770]
 == John ==
John Gwinner | Director of Technology
DAZSI /Oracle Business Applications
310.640.1300 (office) | 310.640.9900 (fax)
880 Apollo Street - Ste. 201 | El Segundo CA 90245

[cid:image004.jpg@01CCA38F.B2291770]

From: Greg Olson [mailto:gol...@markettools.com]
Sent: Monday, November 14, 2011 1:17 PM
To: NT System Admin Issues
Subject: RE: Server room cooling units

+1
Have 12 10ton Liebert units in various locations and I've only had one unit 
fail in 10 years time.
I'd fire that service company. We do have quarterly maintance checks we do 
(change filters, etc) and bi-annually have preventive maintance from our 
service provider.


From: Mark Boeck 
[mailto:netadmin...@gmail.com]
Sent: Monday, November 14, 2011 1:07 PM
To: NT System Admin Issues
Subject: Re: Server room cooling units

We have 1 Liebert, and in 6 years it's only down for scheduled maintenance...
On Sat, Nov 12, 2011 at 8:22 AM, Kevin Lundy 
mailto:klu...@gmail.com>> wrote:
Ironically, we have had minimal issues with our 2 8 year old Lieberts.  Here in 
Florida, they run almost 24x7.

On Sat, Nov 12, 2011 at 9:16 AM, Bob Fronk 
mailto:b...@btrfronk.com>> wrote:
We can count on our Leibert(s) having problems shortly after any preventive 
maintenance.  It is a running joke with the service company.

BF

From: Stu Sjouwerman 
[mailto:s...@sunbelt-software.com]
Sent: Friday, November 11, 2011 5:13 PM

To: NT System Admin Issues
Subject: RE: Server room cooling units

We used Liebert at Sunbelt, but had regular outages with it, make sure that the 
company you buy from understand the concept of "preventive maintenance"

Warm regards,
Stu

From: richardmccl...@aspca.org 
[mailto:richardmccl...@aspca.org]
Sent: Thursday, November 10, 2011 11:04 AM
To: NT System Admin Issues
Subject: Server room cooling units


Greetings!

Currently, I have two HVAC bids regarding the expansion of our server room.  
(It will seem strange to have that room below 80 degrees, and I am not kidding 
with that number!).

We have two proposals and with two different units, both 15 tons.  One is by 
Stulz, and one is by Liebert.

Anyone care to offer their opinions/experiences/etc on the advantages one has 
over the other?

Thank you...
--
Richard D. McClary
Jr Infrastructure Architect, Information Technology Group
ASPCA(r)
1717 S. Philo Rd, Ste 36
Urbana, IL  61802


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an

Re: Would you drop AV for Whitelisting / Application Control?

[Erik Goldoff]

again, depends on your whitelisting solution


   - does it only depend on filename and size/date info
  -  that can be spoofed
   - does it also checksum executables ?
  - what happens on patch Tuesday ?
  - are patches/hotfixes even allowed to run ?
  - what happens to patched software that no longer matches checksum
 - especially when patched software is OS core ? do you brick
 machine via whitelist protection ?
  - how do you manage whitlelisting for power users with LOTS of
   installed software and legitimate need to install utilities and updates on
   the fly ?

I've found whitelisting to be very good on 'standardized' systems that
perform a specific role, but the more a system needs to be customized for
the end user, the harder it is to mange security via whitelisting.

On Tue, Nov 15, 2011 at 2:18 PM, Stu Sjouwerman
wrote:

>  So I’m asking a bunch of questions here, because I’m looking at writing
> this
>
> story from a few different angles. If the ratio Malware to good code is 80
> – 20
>
> (which it is +/- at the moment) why not drop AV all together and lock down
> those
>
> workstations and only allow good code to run?   Saves budget.
>
> ** **
>
> Your view? Input?
>
>
> Stu 
>
> ** **
>
> ** **
>
> ** **
>
> ** **
>
> ** **
>
> *From:* Stu Sjouwerman
> *Sent:* Tuesday, November 15, 2011 2:10 PM
> *To:* NT System Admin Issues
> *Subject:* RE: Whitelisting Pros & Cons?
>
> ** **
>
> Oh, this an acquisition, that is why it’s having such a high score!   LOL
> 
>
> ** **
>
> *From:* Doug Hampshire [mailto:dhampsh...@gmail.com]
> *Sent:* Tuesday, November 15, 2011 1:13 PM
> *To:* NT System Admin Issues
> *Subject:* Re: Whitelisting Pros & Cons?
>
> ** **
>
> Clearly these results are flawed if McAfee Anything gets higher than a -3
> in any category. :-)
>
> On Mon, Nov 14, 2011 at 5:16 PM, Stu Sjouwerman 
> wrote:
>
> Thanks Micheal. Anyone experience with any of the Whitelisting products in
> this InfoWorld Review?
>
>  
>
>
> http://www.infoworld.com/d/security-central/test-center-review-whitelisting-security-offers-salvation-835?
> 
>
>  
>
>  
>
> *Bit9 Parity Suite 5.01*
>
> *10*
>
> *8*
>
> *9*
>
> *9*
>
> *10*
>
> *9.4*
>
> *EXCELLENT*
>
> *30%*
>
> *15%*
>
> *25%*
>
> *10%*
>
> *20%*
>
> *CoreTrace Bouncer 5*
>
> *9*
>
> *9*
>
> *9*
>
> *8*
>
> *9*
>
> *8.9*
>
> *VERY GOOD*
>
> *30%*
>
> *15%*
>
> *25%*
>
> *10%*
>
> *20%*
>
> *Lumension Application Control*
>
> *8*
>
> *9*
>
> *8*
>
> *9*
>
> *9*
>
> *8.5*
>
> *VERY GOOD*
>
> *30%*
>
> *15%*
>
> *25%*
>
> *10%*
>
> *20%*
>
> *McAfee Application Control 5.0*
>
> *9*
>
> *9*
>
> *9*
>
> *8*
>
> *8*
>
> *8.7*
>
> *VERY GOOD*
>
> *30%*
>
> *15%*
>
> *25%*
>
> *10%*
>
> *20%*
>
> *SignaCert Enterprise Trust Services 3.0*
>
>  
>
>  
>
>  
>
> *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com]
> *Sent:* Monday, November 14, 2011 5:10 PM
>
>
> *To:* NT System Admin Issues
> *Subject:* Re: Whitelisting Pros & Cons?
>
>  
>
> Whitelisting is the future IMHO.  You cant trust anything anymore.  Faith
> doesnt cut it.  You have to protect yourself and your assets, and
> whitelisting is the best way to do it.
>
> --
> Espi
>
>  
>
>  
>
> ** **
>
> On Mon, Nov 14, 2011 at 8:48 AM, Stu Sjouwerman 
> wrote:
>
> I'm referring to Whitelisting in the context of security.  About 10 years
> ago, the ratio
> "Good code" versus malware was perhaps 90 good 10 bad.  In that scenario,
> it makes
> sense to keep the bad code out. But over the last 10 years, with automated
> malware
> variant generation, the tables have turned, and there is actually more
> malware than
> good code out there. So in -that- scenario it might make sense to only
> allow "good code"
> and implement application control. Only that which is allowed, will run.
>
> I'd like your feedback - input - discussion on this !
>
> Warm regards,
>
> Stu
>
>
> -Original Message-
> From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
> Sent: Monday, November 14, 2011 11:22 AM
> To: NT System Admin Issues
>
> Subject: Re: Whitelisting Pros & Cons?
>
> Are you asking about web content filtering, email filtering, or some other
> type of "whitelisting?"
>
>
> --Matt Ross
> Ephrata School District
>
>
> - Original Message -
> From: Stu Sjouwerman
> [mailto:s...@sunbelt-software.com]
> To: NT System Admin Issues
> [mailto:ntsysadmin@lyris.sunbelt-software.com]
> Sent: Mon, 14 Nov 2011
> 08:14:57 -0800
> Subject: Whitelisting Pros & Cons?
>
> > Guys, I am writing an article for WServerNews, and would like your
> > public input.
> >
> > What is your experience with Whitelisting, which products you
> > tried/use, and what exp

RE: Backing / auto save up any open Microsoft Office document

[Ray]

http://support.microsoft.com/kb/107686 = guess that depends on whether
you're looking for multiple copies or just sort of a "emergency recovery".
Last time I looked at this, the autosave is pretty worthless if you get out
of the document correctly.   

 

 

From: justino garcia [mailto:jgarciaitl...@gmail.com] 
Sent: Tuesday, November 15, 2011 11:59 AM
To: NT System Admin Issues
Subject: Re: Backing / auto save up any open Microsoft Office document

 

Okay thanks for help...

On Tue, Nov 15, 2011 at 1:43 PM, Kurt Buff  wrote:

On Tue, Nov 15, 2011 at 10:34, justino garcia 
wrote:
> Are thier any products that do this on workstations company wide.  For
> example, a user said he was typing a long report, made some edits, but
some
> how lost all the corrections he made, due to document getting corrupt or
he
> did not click save ?
>
> I know backing up all workstations is not a  good solution because of
space
> constraints, but on currently open working documents?
>
>
> Any solution software or policy wise to avoid lost work?

I'll bet you could put a reg entry for all of the Office product to do
an autosave every minute in a GPO and deploy that. Haven't done that
myself, though.

Kurt


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin




-- 
Justin
IT-TECH

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Would you drop AV for Whitelisting / Application Control?

[Kurt Buff]

Two workstations, one for standard corporate applications and locked down,
the actual development machine should be in a separate subnet that's locked
down and has access to only the required netwrok assets, which ideally
should also be in that subnet.

Kurt

On Tue, Nov 15, 2011 at 11:36, Bourque Daniel <
daniel.bour...@loto-quebec.com> wrote:

> **
> Developper's stations...
>
> I don't know how you can lock them down...
>
>  --
> *De :* Stu Sjouwerman [mailto:s...@sunbelt-software.com]
> *Envoyé :* 15 novembre 2011 14:19
> *À :* NT System Admin Issues
> *Objet :* Would you drop AV for Whitelisting / Application Control?
>
>  So I'm asking a bunch of questions here, because I'm looking at writing
> this
>
> story from a few different angles. If the ratio Malware to good code is 80
> - 20
>
> (which it is +/- at the moment) why not drop AV all together and lock down
> those
>
> workstations and only allow good code to run?   Saves budget.
>
> ** **
>
> Your view? Input?
>
>
> Stu 
>
> ** **
>
> ** **
>
> ** **
>
> ** **
>
> ** **
>
> *From:* Stu Sjouwerman
> *Sent:* Tuesday, November 15, 2011 2:10 PM
> *To:* NT System Admin Issues
> *Subject:* RE: Whitelisting Pros & Cons?
>
> ** **
>
> Oh, this an acquisition, that is why it's having such a high score!   LOL
> 
>
> ** **
>
> *From:* Doug Hampshire [mailto:dhampsh...@gmail.com]
> *Sent:* Tuesday, November 15, 2011 1:13 PM
> *To:* NT System Admin Issues
> *Subject:* Re: Whitelisting Pros & Cons?
>
> ** **
>
> Clearly these results are flawed if McAfee Anything gets higher than a -3
> in any category. :-)
>
> On Mon, Nov 14, 2011 at 5:16 PM, Stu Sjouwerman 
> wrote:
>
> Thanks Micheal. Anyone experience with any of the Whitelisting products in
> this InfoWorld Review?
>
>  
>
>
> http://www.infoworld.com/d/security-central/test-center-review-whitelisting-security-offers-salvation-835?
> 
>
>  
>
>  
>
> *Bit9 Parity Suite 5.01*
>
> *10*
>
> *8*
>
> *9*
>
> *9*
>
> *10*
>
> *9.4*
>
> *EXCELLENT*
>
> *30%*
>
> *15%*
>
> *25%*
>
> *10%*
>
> *20%*
>
> *CoreTrace Bouncer 5*
>
> *9*
>
> *9*
>
> *9*
>
> *8*
>
> *9*
>
> *8.9*
>
> *VERY GOOD*
>
> *30%*
>
> *15%*
>
> *25%*
>
> *10%*
>
> *20%*
>
> *Lumension Application Control*
>
> *8*
>
> *9*
>
> *8*
>
> *9*
>
> *9*
>
> *8.5*
>
> *VERY GOOD*
>
> *30%*
>
> *15%*
>
> *25%*
>
> *10%*
>
> *20%*
>
> *McAfee Application Control 5.0*
>
> *9*
>
> *9*
>
> *9*
>
> *8*
>
> *8*
>
> *8.7*
>
> *VERY GOOD*
>
> *30%*
>
> *15%*
>
> *25%*
>
> *10%*
>
> *20%*
>
> *SignaCert Enterprise Trust Services 3.0*
>
>  
>
>  
>
>  
>
> *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com]
> *Sent:* Monday, November 14, 2011 5:10 PM
>
>
> *To:* NT System Admin Issues
> *Subject:* Re: Whitelisting Pros & Cons?
>
>  
>
> Whitelisting is the future IMHO.  You cant trust anything anymore.  Faith
> doesnt cut it.  You have to protect yourself and your assets, and
> whitelisting is the best way to do it.
>
> --
> Espi
>
>  
>
>  
>
> ** **
>
> On Mon, Nov 14, 2011 at 8:48 AM, Stu Sjouwerman 
> wrote:
>
> I'm referring to Whitelisting in the context of security.  About 10 years
> ago, the ratio
> "Good code" versus malware was perhaps 90 good 10 bad.  In that scenario,
> it makes
> sense to keep the bad code out. But over the last 10 years, with automated
> malware
> variant generation, the tables have turned, and there is actually more
> malware than
> good code out there. So in -that- scenario it might make sense to only
> allow "good code"
> and implement application control. Only that which is allowed, will run.
>
> I'd like your feedback - input - discussion on this !
>
> Warm regards,
>
> Stu
>
>
> -Original Message-
> From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
> Sent: Monday, November 14, 2011 11:22 AM
> To: NT System Admin Issues
>
> Subject: Re: Whitelisting Pros & Cons?
>
> Are you asking about web content filtering, email filtering, or some other
> type of "whitelisting?"
>
>
> --Matt Ross
> Ephrata School District
>
>
> - Original Message -
> From: Stu Sjouwerman
> [mailto:s...@sunbelt-software.com]
> To: NT System Admin Issues
> [mailto:ntsysadmin@lyris.sunbelt-software.com]
> Sent: Mon, 14 Nov 2011
> 08:14:57 -0800
> Subject: Whitelisting Pros & Cons?
>
> > Guys, I am writing an article for WServerNews, and would like your
> > public input.
> >
> > What is your experience with Whitelisting, which products you
> > tried/use, and what experience you are having with this, likes and hates
> are all welcome !!
> >
> > Warm regards,
> >
> > Stu
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
> > 

RE: Would you drop AV for Whitelisting / Application Control?

[Ziots, Edward]

Why get around them? That is the same negative thinking I see all over
the place. ( I deal with auditors a lot, they aren't to be feared as
much as some make it out to be) 

 

Best thing is to have your ducks in order on why you make the risk based
decisions in the deployment of your security controls, and be able to
explain it to the auditors and back it up with the understanding of the
compliance issues that you are under. 

 

Sincerely,

EZ

 

Edward E. Ziots

CISSP, Network +, Security +

Security Engineer

Lifespan Organization

Email:ezi...@lifespan.org

Cell:401-639-3505

 

 

From: Andrew S. Baker [mailto:asbz...@gmail.com] 
Sent: Tuesday, November 15, 2011 3:14 PM
To: NT System Admin Issues
Subject: Re: Would you drop AV for Whitelisting / Application Control?

 

Auditors can be picky here.

What you do to get around this is not surprise them.  Get them onboard
early on, and there are no surprises at audit time.


ASB

http://XeeMe.com/AndrewBaker

Harnessing the Advantages of Technology for the SMB market...





On Tue, Nov 15, 2011 at 3:09 PM, Ziots, Edward 
wrote:

Some have taken that stance, but I have also heard the other side, is
they need to keep AV on workstations, Servers due to compliance issues.
( which I don't really take as a valid argument, especially if
compensating controls are taking effect)

 

Z

 

Edward E. Ziots

CISSP, Network +, Security +

Security Engineer

Lifespan Organization

Email:ezi...@lifespan.org  

Cell:401-639-3505

 

 

From: Stu Sjouwerman [mailto:s...@sunbelt-software.com] 
Sent: Tuesday, November 15, 2011 2:19 PM


To: NT System Admin Issues

Subject: Would you drop AV for Whitelisting / Application Control?

 

So I'm asking a bunch of questions here, because I'm looking at writing
this

story from a few different angles. If the ratio Malware to good code is
80 - 20

(which it is +/- at the moment) why not drop AV all together and lock
down those

workstations and only allow good code to run?   Saves budget.

 

Your view? Input?


Stu 

 

 

 

 

 

From: Stu Sjouwerman 
Sent: Tuesday, November 15, 2011 2:10 PM
To: NT System Admin Issues
Subject: RE: Whitelisting Pros & Cons?

 

Oh, this an acquisition, that is why it's having such a high score!
LOL 

 

From: Doug Hampshire [mailto:dhampsh...@gmail.com] 
Sent: Tuesday, November 15, 2011 1:13 PM
To: NT System Admin Issues
Subject: Re: Whitelisting Pros & Cons?

 

Clearly these results are flawed if McAfee Anything gets higher than a
-3 in any category. :-)

On Mon, Nov 14, 2011 at 5:16 PM, Stu Sjouwerman <
s...@sunbelt-software.com> wrote:

Thanks Micheal. Anyone experience with any of the Whitelisting products
in this InfoWorld Review?

 

http://www.infoworld.com/d/security-central/test-center-review-whitelist
ing-security-offers-salvation-835?

 

 

Bit9 Parity Suite 5.01

10

8

9

9

10

9.4

EXCELLENT

30%

15%

25%

10%

20%


CoreTrace Bouncer 5

9

9

9

8

9

8.9

VERY GOOD

30%

15%

25%

10%

20%


Lumension Application Control

8

9

8

9

9

8.5

VERY GOOD

30%

15%

25%

10%

20%


McAfee Application Control 5.0

9

9

9

8

8

8.7

VERY GOOD

30%

15%

25%

10%

20%


SignaCert Enterprise Trust Services 3.0



 

 

 

From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] 
Sent: Monday, November 14, 2011 5:10 PM


To: NT System Admin Issues
Subject: Re: Whitelisting Pros & Cons?

 

Whitelisting is the future IMHO.  You cant trust anything anymore.
Faith doesnt cut it.  You have to protect yourself and your assets, and
whitelisting is the best way to do it.

--
Espi

 

 

 

On Mon, Nov 14, 2011 at 8:48 AM, Stu Sjouwerman <
s...@sunbelt-software.com> wrote:

I'm referring to Whitelisting in the context of security.  About 10
years ago, the ratio
"Good code" versus malware was perhaps 90 good 10 bad.  In that
scenario, it makes
sense to keep the bad code out. But over the last 10 years, with
automated malware
variant generation, the tables have turned, and there is actually more
malware than
good code out there. So in -that- scenario it might make sense to only
allow "good code"
and implement application control. Only that which is allowed, will run.

I'd like your feedback - input - discussion on this !

Warm regards,

Stu


-Original Message-
From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
Sent: Monday, November 14, 2011 11:22 AM
To: NT System Admin Issues

Subject: Re: Whitelisting Pros & Cons?

Are you asking about web content filtering, email filtering, or some
other type of "whitelisting?"


--Matt Ross
Ephrata School District


- Original Message -
From: Stu Sjouwerman
[mailto:s...@sunbelt-software.com]
To: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com]
Sent: Mon, 14 Nov 2011
08:14:57 -0800
Subject: Whitelisting Pros & Cons?

> Guys, I am writing an article for WServerNew

Re: Would you drop AV for Whitelisting / Application Control?

[Andrew S. Baker]

No, not get around *them*.  Get around the issue of them being picky about
certain technologies.

You get them on board with the approach being taken -- not at audit time,
but well before.

By working with them in advance, everyone is happy(ier).

* *

*ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of
Technology for the SMB market…

*



On Tue, Nov 15, 2011 at 3:57 PM, Ziots, Edward  wrote:

> Why get around them? That is the same negative thinking I see all over the
> place. ( I deal with auditors a lot, they aren’t to be feared as much as
> some make it out to be) 
>
> ** **
>
> Best thing is to have your ducks in order on why you make the *risk based
> *decisions in the deployment of your security controls, and be able to
> explain it to the auditors and back it up with the understanding of the
> compliance issues that you are under. 
>
> ** **
>
> Sincerely,
>
> EZ
>
> ** **
>
> Edward E. Ziots
>
> CISSP, Network +, Security +
>
> Security Engineer
>
> Lifespan Organization
>
> Email:ezi...@lifespan.org
>
> Cell:401-639-3505
>
> [image: CISSP_logo]
>
> ** **
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Sent:* Tuesday, November 15, 2011 3:14 PM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Would you drop AV for Whitelisting / Application Control?**
> **
>
> ** **
>
> Auditors can be picky here.
>
>
> What you do to get around this is not surprise them.  Get them onboard
> early on, and there are no surprises at audit time.
> 
>
> *ASB*
>
> *http://XeeMe.com/AndrewBaker*
>
> *Harnessing the Advantages of Technology for the SMB market…*
>
>
>
> 
>
> On Tue, Nov 15, 2011 at 3:09 PM, Ziots, Edward 
> wrote:
>
> Some have taken that stance, but I have also heard the other side, is they
> need to keep AV on workstations, Servers due to compliance issues. ( which
> I don’t really take as a valid argument, especially if compensating
> controls are taking effect)
>
>  
>
> Z
>
>  
>
> Edward E. Ziots
>
> CISSP, Network +, Security +
>
> Security Engineer
>
> Lifespan Organization
>
> Email:ezi...@lifespan.org
>
> Cell:401-639-3505
>
> [image: CISSP_logo]
>
>  
>
> *From:* Stu Sjouwerman [mailto:s...@sunbelt-software.com]
> *Sent:* Tuesday, November 15, 2011 2:19 PM
>
>
> *To:* NT System Admin Issues
>
> *Subject:* Would you drop AV for Whitelisting / Application Control?
>
>  
>
> So I’m asking a bunch of questions here, because I’m looking at writing
> this
>
> story from a few different angles. If the ratio Malware to good code is 80
> – 20
>
> (which it is +/- at the moment) why not drop AV all together and lock down
> those
>
> workstations and only allow good code to run?   Saves budget.
>
>  
>
> Your view? Input?
>
>
> Stu 
>
>  
>
>  
>
>  
>
>  
>
>  
>
> *From:* Stu Sjouwerman
> *Sent:* Tuesday, November 15, 2011 2:10 PM
> *To:* NT System Admin Issues
> *Subject:* RE: Whitelisting Pros & Cons?
>
>  
>
> Oh, this an acquisition, that is why it’s having such a high score!   LOL
> 
>
>  
>
> *From:* Doug Hampshire [mailto:dhampsh...@gmail.com ]
>
> *Sent:* Tuesday, November 15, 2011 1:13 PM
> *To:* NT System Admin Issues
> *Subject:* Re: Whitelisting Pros & Cons?
>
>  
>
> Clearly these results are flawed if McAfee Anything gets higher than a -3
> in any category. :-)
>
> On Mon, Nov 14, 2011 at 5:16 PM, Stu Sjouwerman 
> wrote:
>
> Thanks Micheal. Anyone experience with any of the Whitelisting products in
> this InfoWorld Review?
>
>  
>
>
> http://www.infoworld.com/d/security-central/test-center-review-whitelisting-security-offers-salvation-835?
> 
>
>  
>
>  
>
> *Bit9 Parity Suite 5.01*
>
> *10*
>
> *8*
>
> *9*
>
> *9*
>
> *10*
>
> *9.4*
>
> *EXCELLENT*
>
> *30%*
>
> *15%*
>
> *25%*
>
> *10%*
>
> *20%*
>
> *CoreTrace Bouncer 5*
>
> *9*
>
> *9*
>
> *9*
>
> *8*
>
> *9*
>
> *8.9*
>
> *VERY GOOD*
>
> *30%*
>
> *15%*
>
> *25%*
>
> *10%*
>
> *20%*
>
> *Lumension Application Control*
>
> *8*
>
> *9*
>
> *8*
>
> *9*
>
> *9*
>
> *8.5*
>
> *VERY GOOD*
>
> *30%*
>
> *15%*
>
> *25%*
>
> *10%*
>
> *20%*
>
> *McAfee Application Control 5.0*
>
> *9*
>
> *9*
>
> *9*
>
> *8*
>
> *8*
>
> *8.7*
>
> *VERY GOOD*
>
> *30%*
>
> *15%*
>
> *25%*
>
> *10%*
>
> *20%*
>
> *SignaCert Enterprise Trust Services 3.0*
>
>  
>
>  
>
>  
>
> *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com]
> *Sent:* Monday, November 14, 2011 5:10 PM
>
>
> *To:* NT System Admin Issues
> *Subject:* Re: Whitelisting Pros & Cons?
>
>  
>
> Whitelisting is the future IMHO.  You cant trust anything anymore.  Faith
> doesnt cut it.  You have to protect

Re: "Authenticated Users" List

[Jon Harris]

I am far from an expert like Michael and Steve but is she using a local
account on her system and not getting authenicated to Exchange correctly.

Jon Harris

On Fri, Nov 11, 2011 at 3:43 PM, Michael B. Smith wrote:

>  I would look to see:
>
> ** **
>
> [1] how is her account configured in Outlook
>
> [2] is she using POP/IMAP
>
> [3] if so, is she specifying credentials
>
> [4] if not, does the group have a list of valid senders attached to  it***
> *
>
> ** **
>
> Regards,
>
> ** **
>
> Michael B. Smith
>
> Consultant and Exchange MVP
>
> http://TheEssentialExchange.com
>
> ** **
>
> *From:* Mark Boeck [mailto:netadmin...@gmail.com]
> *Sent:* Friday, November 11, 2011 3:36 PM
>
> *To:* NT System Admin Issues
> *Subject:* Re: "Authenticated Users" List
>
> ** **
>
> Michael and Andrew -
>
>  
>
> I have 1 user who, when she sends an email from her Outlook 2003 client to
> one group or another, she gets an NDR stating "can't be delivered" because
> she's not authenticated.  No one else has this issue.  Removing the
> "require authenticated sender" from the group on the Exchange 2010 sp 1
> server "fixes" the problem.
>
>  
>
> Thanks, gents.
>
> On Wed, Nov 9, 2011 at 3:11 PM, Mark Boeck  wrote:*
> ***
>
> Greets.
>
>  
>
> Other than using WHOAMI or GPRESULT against each user 1 at a time, how can
> I get a list of who is currently an "AUTHENTICATED USER" on my domain(s)?*
> ***
>
>  
>
> TIA!
>
> ** **
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Would you drop AV for Whitelisting / Application Control?

[Crawford, Scott]

It's not a question of whitelist or AV (blacklist). Both are necessary.  
Whitelisting is very effective at controlling what exe, dll, com, etc. are 
allowed to run. But, malware can also exist as malformed data files such as 
pdf, jpeg, mp3.  For these, blacklisting is needed since its extremely 
impractical to whitelist every data file you'd like to open.

The analogy I like is home access. It's pretty impractical to maintain a list 
of criminals that you won't allow into your house. It's much easier to keep a 
mental list of friends and family who are welcome to come in. In that sense, 
you're whitelisting access to your house. But, even though Uncle Louie may be 
on the whitelist, if he comes over drunk one night and starts swinging a bat at 
my wife, I'm not gonna let him stick around just because he's been whitelisted. 
My failsafe blacklist of unacceptable behavior is going to dictate that I kick 
him out.

From: Stu Sjouwerman [mailto:s...@sunbelt-software.com]
Sent: Tuesday, November 15, 2011 1:19 PM
To: NT System Admin Issues
Subject: Would you drop AV for Whitelisting / Application Control?

So I'm asking a bunch of questions here, because I'm looking at writing this
story from a few different angles. If the ratio Malware to good code is 80 - 20
(which it is +/- at the moment) why not drop AV all together and lock down those
workstations and only allow good code to run?   Saves budget.

Your view? Input?

Stu





From: Stu Sjouwerman
Sent: Tuesday, November 15, 2011 2:10 PM
To: NT System Admin Issues
Subject: RE: Whitelisting Pros & Cons?

Oh, this an acquisition, that is why it's having such a high score!   LOL

From: Doug Hampshire 
[mailto:dhampsh...@gmail.com]
Sent: Tuesday, November 15, 2011 1:13 PM
To: NT System Admin Issues
Subject: Re: Whitelisting Pros & Cons?

Clearly these results are flawed if McAfee Anything gets higher than a -3 in 
any category. :-)
On Mon, Nov 14, 2011 at 5:16 PM, Stu Sjouwerman 
mailto:s...@sunbelt-software.com>> wrote:
Thanks Micheal. Anyone experience with any of the Whitelisting products in this 
InfoWorld Review?

http://www.infoworld.com/d/security-central/test-center-review-whitelisting-security-offers-salvation-835?


Bit9 Parity Suite 5.01

10

8

9

9

10

9.4
EXCELLENT


30%

15%

25%

10%

20%

CoreTrace Bouncer 5

9

9

9

8

9

8.9
VERY GOOD


30%

15%

25%

10%

20%

Lumension Application Control

8

9

8

9

9

8.5
VERY GOOD


30%

15%

25%

10%

20%

McAfee Application Control 5.0

9

9

9

8

8

8.7
VERY GOOD


30%

15%

25%

10%

20%

SignaCert Enterprise Trust Services 3.0




From: Micheal Espinola Jr 
[mailto:michealespin...@gmail.com]
Sent: Monday, November 14, 2011 5:10 PM

To: NT System Admin Issues
Subject: Re: Whitelisting Pros & Cons?

Whitelisting is the future IMHO.  You cant trust anything anymore.  Faith 
doesnt cut it.  You have to protect yourself and your assets, and whitelisting 
is the best way to do it.

--
Espi



On Mon, Nov 14, 2011 at 8:48 AM, Stu Sjouwerman 
mailto:s...@sunbelt-software.com>> wrote:
I'm referring to Whitelisting in the context of security.  About 10 years ago, 
the ratio
"Good code" versus malware was perhaps 90 good 10 bad.  In that scenario, it 
makes
sense to keep the bad code out. But over the last 10 years, with automated 
malware
variant generation, the tables have turned, and there is actually more malware 
than
good code out there. So in -that- scenario it might make sense to only allow 
"good code"
and implement application control. Only that which is allowed, will run.

I'd like your feedback - input - discussion on this !

Warm regards,

Stu

-Original Message-
From: Matthew W. Ross 
[mailto:mr...@ephrataschools.org]
Sent: Monday, November 14, 2011 11:22 AM
To: NT System Admin Issues
Subject: Re: Whitelisting Pros & Cons?

Are you asking about web content filtering, email filtering, or some other type 
of "whitelisting?"


--Matt Ross
Ephrata School District


- Original Message -
From: Stu Sjouwerman
[mailto:s...@sunbelt-software.com]
To: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com]
Sent: Mon, 14 Nov 2011
08:14:57 -0800
Subject: Whitelisting Pros & Cons?
> Guys, I am writing an article for WServerNews, and would like your
> public input.
>
> What is your experience with Whitelisting, which products you
> tried/use, and what experience you are having with this, likes and hates are 
> all welcome !!
>
> Warm regards,
>
> Stu
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to 
> listmana...@lyris.sunbeltsoftware.com
> with t

Re: Disabling but not deleting AD accounts unil Jan 1

[Jon Harris]

I used to keep them around but with very long passwords, disabled, in a
separate OU with all kinds of restrictions on them, and put their status as
user.  I had to do this for audit reasons and because some times I had to
re-enable the account to get information off of various backup sources.

Jon

On Mon, Nov 14, 2011 at 11:48 AM, David Lum  wrote:

> I have our internal auditor asking if we can keep disabled AD accounts
> around for a calendar year and ditch them on Jan 1 of each year. The reason
> is she can pull reports from AD regarding security audit information, etc.
> 
>
> ** **
>
> My kneejerk to me is to kill ‘em, but having them disabled in their own OU
> (I kind of feel like they should be in a non-delegated OU too) doesn’t give
> me that big of a heartache. Anyone care to share their opinion?
>
> *David Lum*
> Systems Engineer // NWEATM
> Office 503.548.5229 //* *Cell (voice/text) 503.267.9764
>
> ** **
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Disabling but not deleting AD accounts unil Jan 1

[Steven Peck]

We move them to an OU for 90 days.  We have a scripted process that runs
daily (or weekly) and anything older then 90 days nukes their home
directories and the account.  The mailboxes then float off on the deleted
item policy 30 days later.

On Tue, Nov 15, 2011 at 4:07 PM, Jon Harris  wrote:

> I used to keep them around but with very long passwords, disabled, in a
> separate OU with all kinds of restrictions on them, and put their status as
> user.  I had to do this for audit reasons and because some times I had to
> re-enable the account to get information off of various backup sources.
>
> Jon
>
> On Mon, Nov 14, 2011 at 11:48 AM, David Lum  wrote:
>
>> I have our internal auditor asking if we can keep disabled AD accounts
>> around for a calendar year and ditch them on Jan 1 of each year. The reason
>> is she can pull reports from AD regarding security audit information, etc.
>> 
>>
>> ** **
>>
>> My kneejerk to me is to kill ‘em, but having them disabled in their own
>> OU (I kind of feel like they should be in a non-delegated OU too) doesn’t
>> give me that big of a heartache. Anyone care to share their opinion?
>>
>> *David Lum*
>> Systems Engineer // NWEATM
>> Office 503.548.5229 //* *Cell (voice/text) 503.267.9764
>>
>> ** **
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Would you drop AV for Whitelisting / Application Control?

[Andrew S. Baker]

Just as virtually all primarily blacklist-focused solutions provide some
options for whitelisting, and other options for malware detection beyond
signatures, so too do most whitelist-focused solutions offer ways of
restricting application access beyond their primary approach.

I think what most people are saying is  "whitelist tools and technologies
are the best way to deal with host-based malware going forward" and what
you appear to be hearing is "*a whitelist* is the only way to deal with
host-based malware going forward".

Subtle difference.

Also, to take your analogy a little further, the reason we're having this
discussion is that most AV products don't actually identify behavior --
they simply track physical malware characteristics.  This is why zero day
vulnerabilities get by them.  Unless Uncle Louie had a rapsheet before he
got to your house, he'd actually manage to do some damage before the police
blotter report was updated.

And, given that the list of strangers showing up to do dumb things still
outnumber the list of not-already-banned-family-members who would do dumb
things, my view of the relatively uselessness of most AV products today
still stands.

* *

*ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of
Technology for the SMB market…

*



On Tue, Nov 15, 2011 at 6:38 PM, Crawford, Scott wrote:

>  It’s not a question of whitelist or AV (blacklist). Both are necessary.
> Whitelisting is very effective at controlling what exe, dll, com, etc. are
> allowed to run. But, malware can also exist as malformed data files such as
> pdf, jpeg, mp3.  For these, blacklisting is needed since its extremely
> impractical to whitelist every data file you’d like to open.
>
> ** **
>
> The analogy I like is home access. It’s pretty impractical to maintain a
> list of criminals that you won’t allow into your house. It’s much easier to
> keep a mental list of friends and family who are welcome to come in. In
> that sense, you’re whitelisting access to your house. But, even though
> Uncle Louie may be on the whitelist, if he comes over drunk one night and
> starts swinging a bat at my wife, I’m not gonna let him stick around just
> because he’s been whitelisted. My failsafe blacklist of unacceptable
> behavior is going to dictate that I kick him out.
>
> ** **
>
> *From:* Stu Sjouwerman [mailto:s...@sunbelt-software.com]
> *Sent:* Tuesday, November 15, 2011 1:19 PM
> *To:* NT System Admin Issues
> *Subject:* Would you drop AV for Whitelisting / Application Control?
>
> ** **
>
> So I’m asking a bunch of questions here, because I’m looking at writing
> this
>
> story from a few different angles. If the ratio Malware to good code is 80
> – 20
>
> (which it is +/- at the moment) why not drop AV all together and lock down
> those
>
> workstations and only allow good code to run?   Saves budget.
>
> ** **
>
> Your view? Input?
>
>
> Stu 
>
> ** **
>
> ** **
>
> ** **
>
> ** **
>
> ** **
>
> *From:* Stu Sjouwerman
> *Sent:* Tuesday, November 15, 2011 2:10 PM
> *To:* NT System Admin Issues
> *Subject:* RE: Whitelisting Pros & Cons?
>
> ** **
>
> Oh, this an acquisition, that is why it’s having such a high score!   LOL
> 
>
> ** **
>
> *From:* Doug Hampshire [mailto:dhampsh...@gmail.com]
> *Sent:* Tuesday, November 15, 2011 1:13 PM
> *To:* NT System Admin Issues
> *Subject:* Re: Whitelisting Pros & Cons?
>
> ** **
>
> Clearly these results are flawed if McAfee Anything gets higher than a -3
> in any category. :-)
>
> On Mon, Nov 14, 2011 at 5:16 PM, Stu Sjouwerman 
> wrote:
>
> Thanks Micheal. Anyone experience with any of the Whitelisting products in
> this InfoWorld Review?
>
>  
>
>
> http://www.infoworld.com/d/security-central/test-center-review-whitelisting-security-offers-salvation-835?
> 
>
>  
>
>  
>
> *Bit9 Parity Suite 5.01*
>
> *10*
>
> *8*
>
> *9*
>
> *9*
>
> *10*
>
> *9.4*
>
> *EXCELLENT*
>
> *30%*
>
> *15%*
>
> *25%*
>
> *10%*
>
> *20%*
>
> *CoreTrace Bouncer 5*
>
> *9*
>
> *9*
>
> *9*
>
> *8*
>
> *9*
>
> *8.9*
>
> *VERY GOOD*
>
> *30%*
>
> *15%*
>
> *25%*
>
> *10%*
>
> *20%*
>
> *Lumension Application Control*
>
> *8*
>
> *9*
>
> *8*
>
> *9*
>
> *9*
>
> *8.5*
>
> *VERY GOOD*
>
> *30%*
>
> *15%*
>
> *25%*
>
> *10%*
>
> *20%*
>
> *McAfee Application Control 5.0*
>
> *9*
>
> *9*
>
> *9*
>
> *8*
>
> *8*
>
> *8.7*
>
> *VERY GOOD*
>
> *30%*
>
> *15%*
>
> *25%*
>
> *10%*
>
> *20%*
>
> *SignaCert Enterprise Trust Services 3.0*
>
>  
>
>  
>
>  
>
> *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com]
> *Sent:* Monday, November 14, 2011 5:10 PM
>
>
> *To:* NT System Admin Issues
> *Subject:* Re: Whitelisting Pros & Cons?
>
>  
>
> Whitelisting is the future IMHO.  You cant trus

RE: OT - converting a VMware VM back to a physical box

[Benjamin Zachary]

No sysprep..

We used the personal version of Ghost8, and put it in with the ultimate boot
cd ... so booted off the UBCD w/ ghost on it, and then did a straight ghost
2 ghost copy. I would say I did this about 5-10 times in the early
virtualization days as proof of concept.

When we first started virtualizing vmware convertor was several thousand
dollars and I was tasked with finding ways around it. using a boot disk with
ghost, pre-installing physical or vmware drivers I could migrate boxes (not
live) and they worked everytime as long as I had the right drivers
pre-installed.


-Original Message-
From: Mike Leone [mailto:oozerd...@gmail.com] 
Sent: Tuesday, November 15, 2011 10:00 AM
To: NT System Admin Issues
Subject: Re: OT - converting a VMware VM back to a physical box

On 11/14/2011 10:20 PM, Benjamin Zachary wrote:
> In the past years back, we would install the driver controller 
> (Raid/HP/Dell
> etc) into the 2000/2003 vm, then ghost it from VM to physical. Usually 
> this got us at least into booting and then re-detected all the new 
> hardware , several reboots later we were okay (drivers loading, 
> rebooting etc). if any issues you just turn the vm back on , having 
> the drivers loaded doesn't matter.

Hmmm  pre-installing disk and NIC drivers into the currently running VM
first. There's an idea .. and you didn't sysprep first?

How did you "ghost it from VM to physical"? We don't have an Enterprise
version of Ghost, or a Ghost server.
>
> Platespin comes to mind ... for p2v and v2p ... Symantec made a 
> similar product in the early days I don't know if it still exists. I 
> think its built into Backup Exec today.
>
There will be no budget for any purchases. Yes, I've asked. Repeatedly ...


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin