RE: DNS Partial zone CNAMEs?
I figured it out. It would not take a blank CNAME, so I started looking at other record types and DNAME jumped out at me as a possible solution. Basically a CNAME for a domain name which would work if Google has an A record up for the targeted domain name, which they do. I put up a primary zone www.google.comhttp://www.google.com Then I put up a DNAME leaving the first line blank )alias name) so that it would use the parent domain. And the FQDN for the target host as nosslsearch.google.com. Tested it extensively Sunday from home on the VPN and then again here and everything is working as it should. All the other google servers resolve correctly and when they go to httpS://www.google.com it redirects them to the plain http. :banana: From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Monday, February 13, 2012 1:07 AM To: NT System Admin Issues Subject: Re: DNS Partial zone CNAMEs? Yeah, I'm not seeing a good way to do this at the DNS level. At least not with Windows DNS. Might be time to employ a proxy or application firewall and manage the traffic at that level. This is not strictly a DNS issue. ASB http://XeeMe.com/AndrewBaker Harnessing the Advantages of Technology for the SMB market... On Fri, Feb 10, 2012 at 12:47 PM, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com wrote: I don't know if you can define non glue/NS/SOA records in a stub. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438tel:312.625.1438 | c - 312.731.3132tel:312.731.3132 From: Andrew S. Baker [mailto:asbz...@gmail.commailto:asbz...@gmail.com] Sent: Friday, February 10, 2012 11:17 AM To: NT System Admin Issues Subject: Re: DNS Partial zone CNAMEs? What about using a Stub zone? I agree that it is annoying, though. ASB http://XeeMe.com/AndrewBaker Harnessing the Advantages of Technology for the SMB market... On Fri, Feb 10, 2012 at 11:51 AM, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com wrote: No it won't forward unless you have all the records. I don't see how this is scalable. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438tel:312.625.1438 | c - 312.731.3132tel:312.731.3132 From: Kennedy, Jim [mailto:kennedy...@elyriaschools.orgmailto:kennedy...@elyriaschools.org] Sent: Friday, February 10, 2012 9:45 AM To: NT System Admin Issues Subject: DNS Partial zone CNAMEs? Long story made somewhat short: We enforce safe search on google images with our filter. If a clever student hits https://www.google.com and searches for Excalibur Films images the safe search enforcement fails and they are going to get more than they should. And since I now know this, I will go to jail and my wife will be sad. So I need to do the below from Google: To utilize this solution, your school's network administrator would modify your DNS (Domain Name System) configuration to make Google domains, e.g. www.google.comhttp://www.google.com to be an alias or CNAME (canonical name) of nossl.google.comhttp://nossl.google.com. When we see search requests arriving over the nossl end point we will redirect these to a non-SSL search session. HTTP traffic and other services will not be affected. I am a bit puzzled on how to do this. If I toss up a zone for google.comhttp://google.com and put up a www.google.comhttp://www.google.com CNAME nossl.google.comhttp://nossl.google.com What happens when someone tries to hit mail.google.comhttp://mail.google.com? My zone lookup will fail...will my DNS server then hit my forwarders for mail.google.comhttp://mail.google.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: DNS Partial zone CNAMEs?
I mean impairing the network in terms of false positives (blocking legitimate access to secured services), false negatives (not adequately blocking prurient material), and otherwise providing a crappy, inconsistent result, rather than slowing it down. Especially with the profusion of cloud services, it is extremely hard to tie an IP address or block to the nature of services it provides... --Steve On Mon, Feb 13, 2012 at 12:55 AM, Andrew S. Baker asbz...@gmail.com wrote: There are plenty of devices that can inspect the traffic without impairing performance. * * *ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of Technology for the SMB market… * On Sun, Feb 12, 2012 at 10:58 PM, Steve Kradel skra...@zetetic.netwrote: They do have to traverse your network in a manageable way, anyway... up until the point that some wiseacre fires up a VPN or a tunnel/proxy, it's not so hard to grab port 53 traffic on its way out and quietly redirect it. However, the problem itself is extremely difficult to solve thoroughly. How can one possibly stay on top of the IPs that SSL is or isn't safe to, given that you cannot do any other meaningful inspection of the data (not even the hostname in the HTTPS request)? I know there are products that attempt to solve it without seriously impairing the network, but I can't imagine they're robust against a clever | determined kiddo. --Steve On Sun, Feb 12, 2012 at 10:22 PM, James Hill falc...@gmail.com wrote: This assumes that the students have to use your DNS as well. From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Saturday, 11 February 2012 1:45 AM To: NT System Admin Issues Subject: DNS Partial zone CNAMEs? Long story made somewhat short: We enforce safe search on google images with our filter. If a clever student hits https://www.google.com and searches for Excalibur Films images the safe search enforcement fails and they are going to get more than they should. And since I now know this, I will go to jail and my wife will be sad. So I need to do the below from Google: To utilize this solution, your school’s network administrator would modify your DNS (Domain Name System) configuration to make Google domains, e.g. www.google.com to be an alias or CNAME (canonical name) of nossl.google.com. When we see search requests arriving over the nossl end point we will redirect these to a non-SSL search session. HTTP traffic and other services will not be affected. I am a bit puzzled on how to do this. If I toss up a zone for google.com and put up a www.google.com CNAME nossl.google.com What happens when someone tries to hit mail.google.com? My zone lookup will fail…will my DNS server then hit my forwarders for mail.google.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Client requiring a VPN Connection to their network... Um?
I'd start by requesting sufficient testing time to verify that it's use doesn't compromise your systems which (if they allow it) gives you time to raise the red flags on your already discovered issues. John W. Cook Network Manager Partnership For Strong Families 5950 NW 1st Place Gainesville, Fl 32607 Office (352) 244-1610 Cell (352) 215-6944 MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4, MCVP From: Sam Cayze [mailto:sca...@gmail.com] Sent: Monday, February 13, 2012 9:33 AM To: NT System Admin Issues Subject: Client requiring a VPN Connection to their network... Um? Concerned about this, not sure how to proceed, and this is a first for me. A long time customer has suddenly required that we access their B2B portal via installing their VPN software, essentially connecting to their network in order to access the portal. (We in the past, and going forward, we utilize heavily). My concerns: They gave us 1 day notice. (Hardly, more like 12 hours). They emailed us Sunday and expected that I have the vpn clients installed on all PCs by the AM. I have no idea of their security on the tunnel, and what lies on their network that could seep onto our machines. Their tunnelling policy is not to my liking... It hijacks all our connections, so that our users would not be able to print, access email, file servers, our gateway, etc. (Which might be safer... the networks essentially can't talk to each other.) So there would be no way our users could get anything done with the connection active. By their short notice and poor planning, the poor documentation, and the badly configured installer they gave us, I just don't have much trust in the system and their security practices. I know this must happen elsewhere with B2B stuff, is there a model I should be following? Questions I should be asking? Agreements and security policies to be signed? I would sure think so. In the mean time, I'm going to set up a dumb-kiosk on an isolated network with the VPN software so my users can at least walk up to it and access what they need so our projects keep moving. I'm going to try and address my concerns with them, but from what I hear, their IT dept is quite hard to work with, if you can even get anyone to help. (It's a very large company). Any thoughts and suggestions would be highly appreciated. TIA. Sam ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin CONFIDENTIALITY STATEMENT: The information transmitted, or contained or attached to or with this Notice is intended only for the person or entity to which it is addressed and may contain Protected Health Information (PHI), confidential and/or privileged material. Any review, transmission, dissemination, or other use of, and taking any action in reliance upon this information by persons or entities other than the intended recipient without the express written consent of the sender are prohibited. This information may be protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other Federal and Florida laws. Improper or unauthorized use or disclosure of this information could result in civil and/or criminal penalties. Consider the environment. Please don't print this e-mail unless you really need to. This email and any attached files are confidential and intended solely for the intended recipient(s). If you are not the named recipient you should not read, distribute, copy or alter this email. Any views or opinions expressed in this email are those of the author and do not represent those of the company. Warning: Although precautions have been taken to make sure no viruses are present in this email, the company cannot accept responsibility for any loss or damage that arise from the use of this email or attachments. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Client requiring a VPN Connection to their network... Um?
I get this all the time. It's very common with my customers. I probably have (ok, I just checked) 83 VPN definitions in my network properties. I run a Win7 VM so that when it becomes a PITA, I can run the VPNs from the VM. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Sam Cayze [mailto:sca...@gmail.com] Sent: Monday, February 13, 2012 9:33 AM To: NT System Admin Issues Subject: Client requiring a VPN Connection to their network... Um? Concerned about this, not sure how to proceed, and this is a first for me. A long time customer has suddenly required that we access their B2B portal via installing their VPN software, essentially connecting to their network in order to access the portal. (We in the past, and going forward, we utilize heavily). My concerns: They gave us 1 day notice. (Hardly, more like 12 hours). They emailed us Sunday and expected that I have the vpn clients installed on all PCs by the AM. I have no idea of their security on the tunnel, and what lies on their network that could seep onto our machines. Their tunnelling policy is not to my liking... It hijacks all our connections, so that our users would not be able to print, access email, file servers, our gateway, etc. (Which might be safer... the networks essentially can't talk to each other.) So there would be no way our users could get anything done with the connection active. By their short notice and poor planning, the poor documentation, and the badly configured installer they gave us, I just don't have much trust in the system and their security practices. I know this must happen elsewhere with B2B stuff, is there a model I should be following? Questions I should be asking? Agreements and security policies to be signed? I would sure think so. In the mean time, I'm going to set up a dumb-kiosk on an isolated network with the VPN software so my users can at least walk up to it and access what they need so our projects keep moving. I'm going to try and address my concerns with them, but from what I hear, their IT dept is quite hard to work with, if you can even get anyone to help. (It's a very large company). Any thoughts and suggestions would be highly appreciated. TIA. Sam ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Client requiring a VPN Connection to their network... Um?
The usual way of doing this would be to have a VPN tunnel between your edge firewall and theirs and to use your firewall to acl access between the networks. From: Sam Cayze [mailto:sca...@gmail.com] Sent: 13 February 2012 14:33 To: NT System Admin Issues Subject: Client requiring a VPN Connection to their network... Um? Concerned about this, not sure how to proceed, and this is a first for me. A long time customer has suddenly required that we access their B2B portal via installing their VPN software, essentially connecting to their network in order to access the portal. (We in the past, and going forward, we utilize heavily). My concerns: They gave us 1 day notice. (Hardly, more like 12 hours). They emailed us Sunday and expected that I have the vpn clients installed on all PCs by the AM. I have no idea of their security on the tunnel, and what lies on their network that could seep onto our machines. Their tunnelling policy is not to my liking... It hijacks all our connections, so that our users would not be able to print, access email, file servers, our gateway, etc. (Which might be safer... the networks essentially can't talk to each other.) So there would be no way our users could get anything done with the connection active. By their short notice and poor planning, the poor documentation, and the badly configured installer they gave us, I just don't have much trust in the system and their security practices. I know this must happen elsewhere with B2B stuff, is there a model I should be following? Questions I should be asking? Agreements and security policies to be signed? I would sure think so. In the mean time, I'm going to set up a dumb-kiosk on an isolated network with the VPN software so my users can at least walk up to it and access what they need so our projects keep moving. I'm going to try and address my concerns with them, but from what I hear, their IT dept is quite hard to work with, if you can even get anyone to help. (It's a very large company). Any thoughts and suggestions would be highly appreciated. TIA. Sam ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England Registered in England and Wales No. 402570 VAT Registration GB 100 1464 84 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Client requiring a VPN Connection to their network... Um?
It's normal to have lots of VPN connections set up as a consultant -- but one business, requiring the general staff of another business, to install their (default-gateway-stealing) VPN package to access a web portal or somesuch? Blech... not secure or supportable. Kiosk mode to start, and set up an infrastructure VPN tunnel long-term if possible... --Steve On Mon, Feb 13, 2012 at 9:47 AM, Michael B. Smith mich...@smithcons.com wrote: I get this all the time. It’s very common with my customers. I probably have (ok, I just checked) 83 VPN definitions in my network properties. I run a Win7 VM so that when it becomes a PITA, I can run the VPNs from the VM. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Sam Cayze [mailto:sca...@gmail.com] Sent: Monday, February 13, 2012 9:33 AM To: NT System Admin Issues Subject: Client requiring a VPN Connection to their network... Um? Concerned about this, not sure how to proceed, and this is a first for me. A long time customer has suddenly required that we access their B2B portal via installing their VPN software, essentially connecting to their network in order to access the portal. (We in the past, and going forward, we utilize heavily). My concerns: They gave us 1 day notice. (Hardly, more like 12 hours). They emailed us Sunday and expected that I have the vpn clients installed on all PCs by the AM. I have no idea of their security on the tunnel, and what lies on their network that could seep onto our machines. Their tunnelling policy is not to my liking... It hijacks all our connections, so that our users would not be able to print, access email, file servers, our gateway, etc. (Which might be safer... the networks essentially can't talk to each other.) So there would be no way our users could get anything done with the connection active. By their short notice and poor planning, the poor documentation, and the badly configured installer they gave us, I just don't have much trust in the system and their security practices. I know this must happen elsewhere with B2B stuff, is there a model I should be following? Questions I should be asking? Agreements and security policies to be signed? I would sure think so. In the mean time, I'm going to set up a dumb-kiosk on an isolated network with the VPN software so my users can at least walk up to it and access what they need so our projects keep moving. I'm going to try and address my concerns with them, but from what I hear, their IT dept is quite hard to work with, if you can even get anyone to help. (It's a very large company). Any thoughts and suggestions would be highly appreciated. TIA. Sam ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: DNS Partial zone CNAMEs?
Awesome... :) I played with a few DNS options for about 10 min last night before giving up. LOL Thanks for your perseverance (of course, you were well motivated for this) :::files for future use::: * * *ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of Technology for the SMB market… * On Mon, Feb 13, 2012 at 9:19 AM, Kennedy, Jim kennedy...@elyriaschools.orgwrote: I figured it out. It would not take a blank CNAME, so I started looking at other record types and DNAME jumped out at me as a possible solution. Basically a CNAME for a domain name which would work if Google has an A record up for the targeted domain name, which they do. ** ** I put up a primary zone www.google.com Then I put up a DNAME leaving the first line blank )alias name) so that it would use the parent domain. And the FQDN for the target host as nosslsearch.google.com. Tested it extensively Sunday from home on the VPN and then again here and everything is working as it should. All the other google servers resolve correctly and when they go to httpS://www.google.com it redirects them to the plain http. ** ** :banana: ** ** ** ** *From:* Andrew S. Baker [mailto:asbz...@gmail.com] *Sent:* Monday, February 13, 2012 1:07 AM *To:* NT System Admin Issues *Subject:* Re: DNS Partial zone CNAMEs? ** ** Yeah, I'm not seeing a good way to do this at the DNS level. At least not with Windows DNS. ** ** Might be time to employ a proxy or application firewall and manage the traffic at that level. This is not strictly a DNS issue. ** ** *ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of Technology for the SMB market…* On Fri, Feb 10, 2012 at 12:47 PM, Brian Desmond br...@briandesmond.com wrote: *I don’t know if you can define non glue/NS/SOA records in a stub. * * * *Thanks,* *Brian Desmond* *br...@briandesmond.com* * * *w – 312.625.1438 | c – 312.731.3132* * * *From:* Andrew S. Baker [mailto:asbz...@gmail.com] *Sent:* Friday, February 10, 2012 11:17 AM *To:* NT System Admin Issues *Subject:* Re: DNS Partial zone CNAMEs? What about using a Stub zone? I agree that it is annoying, though. *ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of Technology for the SMB market…* ** ** On Fri, Feb 10, 2012 at 11:51 AM, Brian Desmond br...@briandesmond.com wrote: *No it won’t forward unless you have all the records. I don’t see how this is scalable. * * * *Thanks,* *Brian Desmond* *br...@briandesmond.com* * * *w – 312.625.1438 | c – 312.731.3132* * * *From:* Kennedy, Jim [mailto:kennedy...@elyriaschools.org] *Sent:* Friday, February 10, 2012 9:45 AM *To:* NT System Admin Issues *Subject:* DNS Partial zone CNAMEs? Long story made somewhat short: We enforce safe search on google images with our filter. If a clever student hits https://www.google.com and searches for Excalibur Films images the safe search enforcement fails and they are going to get more than they should. And since I now know this, I will go to jail and my wife will be sad. So I need to do the below from Google: To utilize this solution, your school’s network administrator would modify your DNS (Domain Name System) configuration to make Google domains, e.g. www.google.com to be an alias or CNAME (canonical name) of nossl.google.com. When we see search requests arriving over the nossl end point we will redirect these to a non-SSL search session. HTTP traffic and other services will not be affected. I am a bit puzzled on how to do this. If I toss up a zone for google.comand put up a www.google.com CNAME nossl.google.com What happens when someone tries to hit mail.google.com? My zone lookup will fail…will my DNS server then hit my forwarders for mail.google.com ** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Mobile phone management
I could see Motorola buying them. No other reason for this statement other than a gut feeling. Regards, Don Guyer Directory and Messaging Services Catholic Health East, ITSS From: Ben M. Schorr [mailto:b...@rolandschorr.com] Sent: Saturday, February 11, 2012 8:39 PM To: NT System Admin Issues Subject: RE: Mobile phone management I seriously doubt that RIM sees 2013 in its current configuration. I think somebody is going to buy them (in whole or in part) by then. Ben M. Schorr Roland Schorr Tower www.rolandschorr.comhttp://www.rolandschorr.com | www.officeforlawyers.comhttp://www.officeforlawyers.com | Twitter: @bschorr From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Saturday, February 11, 2012 18:20 To: NT System Admin Issues Subject: Re: Mobile phone management Most don't think RIM will ever fix RIM in time... ASB http://XeeMe.com/AndrewBaker Harnessing the Advantages of Technology for the SMB market... On Fri, Feb 10, 2012 at 5:50 PM, Rod Trent rodtr...@myitforum.commailto:rodtr...@myitforum.com wrote: Do you really think RIM will ever fix BES? From: Jeff Brown [mailto:jbr...@webcoindustries.commailto:jbr...@webcoindustries.com] Sent: Friday, February 10, 2012 5:02 PM To: NT System Admin Issues Subject: RE: Mobile phone management RIM is touting the ability to manage iPhones from a new BES management program. If you are dumping BB's altogether that won't matte much to you. ActiveSync lets you wipe connected devices, so you don't need anything else if that's all the management you need. From: Heaton, Joseph@DFG [mailto:jhea...@dfg.ca.gov]mailto:[mailto:jhea...@dfg.ca.gov] Sent: Friday, February 10, 2012 2:46 PM To: NT System Admin Issues Subject: Mobile phone management How are you guys managing mobile devices? We are currently pretty much only Blackberry, but when we move to Active Directory and Exchange, BES is not coming with us, so we're going to be using Androids, iPhones, and Windows Mobile. I've looked very briefly at Mobile Device Manager, but that's going away with Config Mgr 2012, which we will be upgrading to at some point. We will obviously want remote wipe function, and someone just mentioned FIPS to me, also, which is an encryption? Any help would be greatly appreciated, and I will go back and hit Google again, while I wait. Thanks, Joe ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin Confidentiality Notice: This e-mail, including any attachments is the property of Catholic Health East and is intended for the sole use of the intended recipient(s). It may contain information that is privileged and confidential. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please delete this message, and reply to the sender regarding the error in a separate email. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Client requiring a VPN Connection to their network... Um?
I agree. That's the way I do it here. Set up the tunnel and lock it down to just those machines that need access. From: paul.hutchi...@mira.co.uk To: ntsysadmin@lyris.sunbelt-software.com Subject: RE: Client requiring a VPN Connection to their network... Um? Date: Mon, 13 Feb 2012 14:50:50 + The usual way of doing this would be to have a VPN tunnel between your edge firewall and theirs and to use your firewall to acl access between the networks. From: Sam Cayze [mailto:sca...@gmail.com] Sent: 13 February 2012 14:33 To: NT System Admin Issues Subject: Client requiring a VPN Connection to their network... Um? Concerned about this, not sure how to proceed, and this is a first for me. A long time customer has suddenly required that we access their B2B portal via installing their VPN software, essentially connecting to their network in order to access the portal. (We in the past, and going forward, we utilize heavily). My concerns: They gave us 1 day notice. (Hardly, more like 12 hours). They emailed us Sunday and expected that I have the vpn clients installed on all PCs by the AM. I have no idea of their security on the tunnel, and what lies on their network that could seep onto our machines. Their tunnelling policy is not to my liking... It hijacks all our connections, so that our users would not be able to print, access email, file servers, our gateway, etc. (Which might be safer... the networks essentially can't talk to each other.) So there would be no way our users could get anything done with the connection active. By their short notice and poor planning, the poor documentation, and the badly configured installer they gave us, I just don't have much trust in the system and their security practices. I know this must happen elsewhere with B2B stuff, is there a model I should be following? Questions I should be asking? Agreements and security policies to be signed? I would sure think so. In the mean time, I'm going to set up a dumb-kiosk on an isolated network with the VPN software so my users can at least walk up to it and access what they need so our projects keep moving. I'm going to try and address my concerns with them, but from what I hear, their IT dept is quite hard to work with, if you can even get anyone to help. (It's a very large company). Any thoughts and suggestions would be highly appreciated. TIA. Sam ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, EnglandRegistered in England and Wales No. 402570VAT Registration GB 100 1464 84 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Client requiring a VPN Connection to their network... Um?
Last I knew (and this factored into my response), Sam worked for a consulting company. I could, of course, be misremembering. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: Steve Kradel [mailto:skra...@zetetic.net] Sent: Monday, February 13, 2012 10:03 AM To: NT System Admin Issues Subject: Re: Client requiring a VPN Connection to their network... Um? It's normal to have lots of VPN connections set up as a consultant -- but one business, requiring the general staff of another business, to install their (default-gateway-stealing) VPN package to access a web portal or somesuch? Blech... not secure or supportable. Kiosk mode to start, and set up an infrastructure VPN tunnel long-term if possible... --Steve On Mon, Feb 13, 2012 at 9:47 AM, Michael B. Smith mich...@smithcons.com wrote: I get this all the time. It's very common with my customers. I probably have (ok, I just checked) 83 VPN definitions in my network properties. I run a Win7 VM so that when it becomes a PITA, I can run the VPNs from the VM. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Sam Cayze [mailto:sca...@gmail.com] Sent: Monday, February 13, 2012 9:33 AM To: NT System Admin Issues Subject: Client requiring a VPN Connection to their network... Um? Concerned about this, not sure how to proceed, and this is a first for me. A long time customer has suddenly required that we access their B2B portal via installing their VPN software, essentially connecting to their network in order to access the portal. (We in the past, and going forward, we utilize heavily). My concerns: They gave us 1 day notice. (Hardly, more like 12 hours). They emailed us Sunday and expected that I have the vpn clients installed on all PCs by the AM. I have no idea of their security on the tunnel, and what lies on their network that could seep onto our machines. Their tunnelling policy is not to my liking... It hijacks all our connections, so that our users would not be able to print, access email, file servers, our gateway, etc. (Which might be safer... the networks essentially can't talk to each other.) So there would be no way our users could get anything done with the connection active. By their short notice and poor planning, the poor documentation, and the badly configured installer they gave us, I just don't have much trust in the system and their security practices. I know this must happen elsewhere with B2B stuff, is there a model I should be following? Questions I should be asking? Agreements and security policies to be signed? I would sure think so. In the mean time, I'm going to set up a dumb-kiosk on an isolated network with the VPN software so my users can at least walk up to it and access what they need so our projects keep moving. I'm going to try and address my concerns with them, but from what I hear, their IT dept is quite hard to work with, if you can even get anyone to help. (It's a very large company). Any thoughts and suggestions would be highly appreciated. TIA. Sam ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Mobile phone management
Moto is being bought by Google. So I don't see Moto making any moves until the Google purchase is approved and then the deal is finalized. If Moto added RIM right now that would start the process of Justice Dept. approval all over. From: Guyer, Donald [mailto:dgu...@che.org] Sent: Monday, February 13, 2012 10:15 AM To: NT System Admin Issues Subject: RE: Mobile phone management I could see Motorola buying them. No other reason for this statement other than a gut feeling. Regards, Don Guyer Directory and Messaging Services Catholic Health East, ITSS From: Ben M. Schorr [mailto:b...@rolandschorr.com]mailto:[mailto:b...@rolandschorr.com] Sent: Saturday, February 11, 2012 8:39 PM To: NT System Admin Issues Subject: RE: Mobile phone management I seriously doubt that RIM sees 2013 in its current configuration. I think somebody is going to buy them (in whole or in part) by then. Ben M. Schorr Roland Schorr Tower www.rolandschorr.comhttp://www.rolandschorr.com | www.officeforlawyers.comhttp://www.officeforlawyers.com | Twitter: @bschorr From: Andrew S. Baker [mailto:asbz...@gmail.com]mailto:[mailto:asbz...@gmail.com] Sent: Saturday, February 11, 2012 18:20 To: NT System Admin Issues Subject: Re: Mobile phone management Most don't think RIM will ever fix RIM in time... ASB http://XeeMe.com/AndrewBaker Harnessing the Advantages of Technology for the SMB market... On Fri, Feb 10, 2012 at 5:50 PM, Rod Trent rodtr...@myitforum.commailto:rodtr...@myitforum.com wrote: Do you really think RIM will ever fix BES? From: Jeff Brown [mailto:jbr...@webcoindustries.commailto:jbr...@webcoindustries.com] Sent: Friday, February 10, 2012 5:02 PM To: NT System Admin Issues Subject: RE: Mobile phone management RIM is touting the ability to manage iPhones from a new BES management program. If you are dumping BB's altogether that won't matte much to you. ActiveSync lets you wipe connected devices, so you don't need anything else if that's all the management you need. From: Heaton, Joseph@DFG [mailto:jhea...@dfg.ca.gov]mailto:[mailto:jhea...@dfg.ca.gov] Sent: Friday, February 10, 2012 2:46 PM To: NT System Admin Issues Subject: Mobile phone management How are you guys managing mobile devices? We are currently pretty much only Blackberry, but when we move to Active Directory and Exchange, BES is not coming with us, so we're going to be using Androids, iPhones, and Windows Mobile. I've looked very briefly at Mobile Device Manager, but that's going away with Config Mgr 2012, which we will be upgrading to at some point. We will obviously want remote wipe function, and someone just mentioned FIPS to me, also, which is an encryption? Any help would be greatly appreciated, and I will go back and hit Google again, while I wait. Thanks, Joe ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin Confidentiality Notice: This e-mail, including any attachments is the property of Catholic Health East and is intended for the sole use of the intended recipient(s). It may contain information that is privileged and confidential. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please delete this message, and reply to the sender regarding the error in a separate email. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Mobile phone management
You mean you could see Google buying them since Google is buying Motorola. From: Guyer, Donald [mailto:dgu...@che.org] Sent: Monday, February 13, 2012 10:15 AM To: NT System Admin Issues Subject: RE: Mobile phone management I could see Motorola buying them. No other reason for this statement other than a gut feeling. Regards, Don Guyer Directory and Messaging Services Catholic Health East, ITSS From: Ben M. Schorr [mailto:b...@rolandschorr.com] Sent: Saturday, February 11, 2012 8:39 PM To: NT System Admin Issues Subject: RE: Mobile phone management I seriously doubt that RIM sees 2013 in its current configuration. I think somebody is going to buy them (in whole or in part) by then. Ben M. Schorr Roland Schorr Tower http://www.rolandschorr.com www.rolandschorr.com | http://www.officeforlawyers.com www.officeforlawyers.com | Twitter: @bschorr From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Saturday, February 11, 2012 18:20 To: NT System Admin Issues Subject: Re: Mobile phone management Most don't think RIM will ever fix RIM in time... ASB http://XeeMe.com/AndrewBaker http://XeeMe.com/AndrewBaker Harnessing the Advantages of Technology for the SMB market. On Fri, Feb 10, 2012 at 5:50 PM, Rod Trent rodtr...@myitforum.com wrote: Do you really think RIM will ever fix BES? From: Jeff Brown [mailto: mailto:jbr...@webcoindustries.com jbr...@webcoindustries.com] Sent: Friday, February 10, 2012 5:02 PM To: NT System Admin Issues Subject: RE: Mobile phone management RIM is touting the ability to manage iPhones from a new BES management program. If you are dumping BB's altogether that won't matte much to you. ActiveSync lets you wipe connected devices, so you don't need anything else if that's all the management you need. From: Heaton, Joseph@DFG mailto:[mailto:jhea...@dfg.ca.gov] [mailto:jhea...@dfg.ca.gov] Sent: Friday, February 10, 2012 2:46 PM To: NT System Admin Issues Subject: Mobile phone management How are you guys managing mobile devices? We are currently pretty much only Blackberry, but when we move to Active Directory and Exchange, BES is not coming with us, so we're going to be using Androids, iPhones, and Windows Mobile. I've looked very briefly at Mobile Device Manager, but that's going away with Config Mgr 2012, which we will be upgrading to at some point. We will obviously want remote wipe function, and someone just mentioned FIPS to me, also, which is an encryption? Any help would be greatly appreciated, and I will go back and hit Google again, while I wait. Thanks, Joe ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin Confidentiality Notice: This e-mail, including any attachments is the property of Catholic Health East and is intended for the sole use of the intended recipient(s). It may contain information that is privileged and confidential. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please delete this message, and reply to the sender regarding the error in a separate email. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Mobile phone management
Right now Google/Motorolla is in a weird place regulatorywise until the buy out is complete, so I don't see Motorolla doing it. On Mon, Feb 13, 2012 at 7:23 AM, Kennedy, Jim kennedy...@elyriaschools.orgwrote: Moto is being bought by Google. So I don’t see Moto making any moves until the Google purchase is approved and then the deal is finalized. If Moto added RIM right now that would start the process of Justice Dept. approval all over. ** ** *From:* Guyer, Donald [mailto:dgu...@che.org] *Sent:* Monday, February 13, 2012 10:15 AM *To:* NT System Admin Issues *Subject:* RE: Mobile phone management ** ** I could see Motorola buying them. No other reason for this statement other than a gut feeling. ** ** Regards, ** ** Don Guyer Directory and Messaging Services Catholic Health East, ITSS ** ** *From:* Ben M. Schorr [mailto:b...@rolandschorr.com] *Sent:* Saturday, February 11, 2012 8:39 PM *To:* NT System Admin Issues *Subject:* RE: Mobile phone management ** ** I seriously doubt that RIM sees 2013 in its current configuration. I think somebody is going to buy them (in whole or in part) by then. ** ** Ben M. Schorr Roland Schorr Tower www.rolandschorr.com | www.officeforlawyers.com | Twitter: @bschorr ** ** *From:* Andrew S. Baker [mailto:asbz...@gmail.com] *Sent:* Saturday, February 11, 2012 18:20 *To:* NT System Admin Issues *Subject:* Re: Mobile phone management ** ** Most don't think RIM will ever fix RIM in time... *ASB* *http://XeeMe.com/AndrewBaker* http://XeeMe.com/AndrewBaker *Harnessing the Advantages of Technology for the SMB market…* ** ** On Fri, Feb 10, 2012 at 5:50 PM, Rod Trent rodtr...@myitforum.com wrote: Do you really think RIM will ever fix BES? *From:* Jeff Brown [mailto:jbr...@webcoindustries.com] *Sent:* Friday, February 10, 2012 5:02 PM *To:* NT System Admin Issues *Subject:* RE: Mobile phone management RIM is touting the ability to manage iPhones from a new BES management program. If you are dumping BB’s altogether that won’t matte much to you. ActiveSync lets you wipe connected devices, so you don’t need anything else if that’s all the management you need. *From:* Heaton, Joseph@DFG [mailto:jhea...@dfg.ca.gov] *Sent:* Friday, February 10, 2012 2:46 PM *To:* NT System Admin Issues *Subject:* Mobile phone management How are you guys managing mobile devices? We are currently pretty much only Blackberry, but when we move to Active Directory and Exchange, BES is not coming with us, so we’re going to be using Androids, iPhones, and Windows Mobile. I’ve looked very briefly at Mobile Device Manager, but that’s going away with Config Mgr 2012, which we will be upgrading to at some point. We will obviously want remote wipe function, and someone just mentioned FIPS to me, also, which is an encryption? Any help would be greatly appreciated, and I will go back and hit Google again, while I wait. Thanks, Joe ** ** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin Confidentiality Notice: This e-mail, including any attachments is the property of Catholic Health East and is intended for the sole use of the intended recipient(s). It may contain information that is privileged and confidential. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please delete this message, and reply to the sender regarding the error in a separate email. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T
Re: DNS Partial zone CNAMEs?
You should make a blog post about this one. On Mon, Feb 13, 2012 at 6:19 AM, Kennedy, Jim kennedy...@elyriaschools.orgwrote: I figured it out. It would not take a blank CNAME, so I started looking at other record types and DNAME jumped out at me as a possible solution. Basically a CNAME for a domain name which would work if Google has an A record up for the targeted domain name, which they do. ** ** I put up a primary zone www.google.com Then I put up a DNAME leaving the first line blank )alias name) so that it would use the parent domain. And the FQDN for the target host as nosslsearch.google.com. Tested it extensively Sunday from home on the VPN and then again here and everything is working as it should. All the other google servers resolve correctly and when they go to httpS://www.google.com it redirects them to the plain http. ** ** :banana: ** ** ** ** *From:* Andrew S. Baker [mailto:asbz...@gmail.com] *Sent:* Monday, February 13, 2012 1:07 AM *To:* NT System Admin Issues *Subject:* Re: DNS Partial zone CNAMEs? ** ** Yeah, I'm not seeing a good way to do this at the DNS level. At least not with Windows DNS. ** ** Might be time to employ a proxy or application firewall and manage the traffic at that level. This is not strictly a DNS issue. ** ** *ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of Technology for the SMB market…* On Fri, Feb 10, 2012 at 12:47 PM, Brian Desmond br...@briandesmond.com wrote: *I don’t know if you can define non glue/NS/SOA records in a stub. * * * *Thanks,* *Brian Desmond* *br...@briandesmond.com* * * *w – 312.625.1438 | c – 312.731.3132* * * *From:* Andrew S. Baker [mailto:asbz...@gmail.com] *Sent:* Friday, February 10, 2012 11:17 AM *To:* NT System Admin Issues *Subject:* Re: DNS Partial zone CNAMEs? What about using a Stub zone? I agree that it is annoying, though. *ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of Technology for the SMB market…* ** ** On Fri, Feb 10, 2012 at 11:51 AM, Brian Desmond br...@briandesmond.com wrote: *No it won’t forward unless you have all the records. I don’t see how this is scalable. * * * *Thanks,* *Brian Desmond* *br...@briandesmond.com* * * *w – 312.625.1438 | c – 312.731.3132* * * *From:* Kennedy, Jim [mailto:kennedy...@elyriaschools.org] *Sent:* Friday, February 10, 2012 9:45 AM *To:* NT System Admin Issues *Subject:* DNS Partial zone CNAMEs? Long story made somewhat short: We enforce safe search on google images with our filter. If a clever student hits https://www.google.com and searches for Excalibur Films images the safe search enforcement fails and they are going to get more than they should. And since I now know this, I will go to jail and my wife will be sad. So I need to do the below from Google: To utilize this solution, your school’s network administrator would modify your DNS (Domain Name System) configuration to make Google domains, e.g. www.google.com to be an alias or CNAME (canonical name) of nossl.google.com. When we see search requests arriving over the nossl end point we will redirect these to a non-SSL search session. HTTP traffic and other services will not be affected. I am a bit puzzled on how to do this. If I toss up a zone for google.comand put up a www.google.com CNAME nossl.google.com What happens when someone tries to hit mail.google.com? My zone lookup will fail…will my DNS server then hit my forwarders for mail.google.com ** ** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Mobile phone management
Ahhh, unaware of that until now. #gut_feeling_cleared Regards, Don Guyer Directory and Messaging Services Catholic Health East, ITSS From: Rod Trent [mailto:rodtr...@myitforum.com] Sent: Monday, February 13, 2012 10:33 AM To: NT System Admin Issues Subject: RE: Mobile phone management You mean you could see Google buying them since Google is buying Motorola. From: Guyer, Donald [mailto:dgu...@che.org] Sent: Monday, February 13, 2012 10:15 AM To: NT System Admin Issues Subject: RE: Mobile phone management I could see Motorola buying them. No other reason for this statement other than a gut feeling. Regards, Don Guyer Directory and Messaging Services Catholic Health East, ITSS From: Ben M. Schorr [mailto:b...@rolandschorr.com]mailto:[mailto:b...@rolandschorr.com] Sent: Saturday, February 11, 2012 8:39 PM To: NT System Admin Issues Subject: RE: Mobile phone management I seriously doubt that RIM sees 2013 in its current configuration. I think somebody is going to buy them (in whole or in part) by then. Ben M. Schorr Roland Schorr Tower www.rolandschorr.comhttp://www.rolandschorr.com | www.officeforlawyers.comhttp://www.officeforlawyers.com | Twitter: @bschorr From: Andrew S. Baker [mailto:asbz...@gmail.com]mailto:[mailto:asbz...@gmail.com] Sent: Saturday, February 11, 2012 18:20 To: NT System Admin Issues Subject: Re: Mobile phone management Most don't think RIM will ever fix RIM in time... ASB http://XeeMe.com/AndrewBaker Harnessing the Advantages of Technology for the SMB market... On Fri, Feb 10, 2012 at 5:50 PM, Rod Trent rodtr...@myitforum.commailto:rodtr...@myitforum.com wrote: Do you really think RIM will ever fix BES? From: Jeff Brown [mailto:jbr...@webcoindustries.commailto:jbr...@webcoindustries.com] Sent: Friday, February 10, 2012 5:02 PM To: NT System Admin Issues Subject: RE: Mobile phone management RIM is touting the ability to manage iPhones from a new BES management program. If you are dumping BB's altogether that won't matte much to you. ActiveSync lets you wipe connected devices, so you don't need anything else if that's all the management you need. From: Heaton, Joseph@DFG [mailto:jhea...@dfg.ca.gov]mailto:[mailto:jhea...@dfg.ca.gov] Sent: Friday, February 10, 2012 2:46 PM To: NT System Admin Issues Subject: Mobile phone management How are you guys managing mobile devices? We are currently pretty much only Blackberry, but when we move to Active Directory and Exchange, BES is not coming with us, so we're going to be using Androids, iPhones, and Windows Mobile. I've looked very briefly at Mobile Device Manager, but that's going away with Config Mgr 2012, which we will be upgrading to at some point. We will obviously want remote wipe function, and someone just mentioned FIPS to me, also, which is an encryption? Any help would be greatly appreciated, and I will go back and hit Google again, while I wait. Thanks, Joe ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin Confidentiality Notice: This e-mail, including any attachments is the property of Catholic Health East and is intended for the sole use of the intended recipient(s). It may contain information that is privileged and confidential. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please delete this message, and reply to the sender regarding the error in a separate email. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin Confidentiality Notice: This e-mail, including any attachments is the property of Catholic Health East and is intended for the sole use of the intended recipient(s).
Re: DNS Partial zone CNAMEs?
On Mon, Feb 13, 2012 at 9:19 AM, Kennedy, Jim kennedy...@elyriaschools.org wrote: I put up a primary zone www.google.com Then I put up a DNAME leaving the first line blank )alias name) so that it would use the parent domain. And the FQDN for the target host as nosslsearch.google.com. I presume you mean something like this? www.google.com. SOA blah blah blah DNAME nosslsearch.google.com. I'm not sure that use case -- a DNAME for the current label -- is expected. It seems to be something of a misapplication. DNAME was, as far as I know, intended to map *child* domains to a new target, not the zone apex. Your use case isn't mentioned explicitly in RFC-2672http://tools.ietf.org/html/rfc2672, as far as I can tell. It would appear to run contrary to Section 4.1 Step 3.c (page 4), which states in part: If at some label, a match is impossible (i.e., the corresponding label does not exist), look to see whether the last label matched has a DNAME record. Since you have to have other records (like SOA) defined for the zone apex, the label exists and should be matched as such. Now, obviously, it works anyway, but one should be wary of depending on undefined behavior. A later change may fix it to stop working, or some other software may choke. I'm not saying don't do it. (I'm also not saying *do* do it.) I just want to point it out. And my reading of RFC-2672 may be wrong. DNAME isn't something I've played with myself. If you want, I can ask over on the DNS ops list. Most of the heavy-hitters in DNS land are subscribed (including the principle authors of the specs, the reference implementation, and several other major implementations), so that's as close to authorative it can get without it being formally specified. OTOH, if you're going to do it anyway, it's academic. :) If you do want me to ask, please let me know what version and service pack of Windows you're running on your servers, and your typical client population. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Client requiring a VPN Connection to their network... Um?
+1 on everything ASB said. In particular, I'd definitely want some ingress/egress control over that VPN tunnel. You're potentially letting anything on their network in to your network (like malware or corporate espionage), and anything on your network out to their network (like your private data). If they insist on doing it this way exactly, I'd use a stand-alone computer, segregated from the corporate network. (Or a VM the same way.) I would not trust their VPN policy (which they control and can change/screw up) to protect my corporate assets. On Mon, Feb 13, 2012 at 10:24 AM, Andrew S. Baker asbz...@gmail.com wrote: Here's how I would proceed: - Immediately send them a note thanking them for their new found dedication to security, but indicating that it will take some time to comply, as you have change management procedures that you need to implement. - Express your concerns about the nature of the VPN software, and request that they provide you with information about the tunnel. (Point out to them that if two of your vendors were to make this sort of request, you'd have all sorts of problems) - Indicate that you would greatly prefer a site-to-site VPN that you can control at your border devices to ensure that *your* network is also protected. Even better if this is already in your corporate security policy. - Get your management to talk to their management and indicate the unreasonableness of the request both in principle and from a timing perspective. - Let us know who the vendor/partner is, so we can duly avoid them, or ensure that our contracts with them mitigate operational risk. *I know this must happen elsewhere with B2B stuff, is there a model I should be following?* I've had other B2B vendors try it, and in 90% of the cases, I've successfully done the above. In the other 10%, I've setup a single TS machine (or workstation, depending on volume) and connected *that* to the partner/vendor network instead. Virtualization will be helpful here, as will your management team. Having a good security policy and change management process are a plus here as well. They should be able to understand that, if they're a big company. Oh, and you're not interested in dealing with their IT team primarily -- speak to someone closer to the money. * * *ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of Technology for the SMB market… * On Mon, Feb 13, 2012 at 9:32 AM, Sam Cayze sca...@gmail.com wrote: Concerned about this, not sure how to proceed, and this is a first for me. A long time customer has suddenly required that we access their B2B portal via installing their VPN software, essentially connecting to their network in order to access the portal. (We in the past, and going forward, we utilize heavily). My concerns: They gave us 1 day notice. (Hardly, more like 12 hours). They emailed us Sunday and expected that I have the vpn clients installed on all PCs by the AM. I have no idea of their security on the tunnel, and what lies on their network that could seep onto our machines. Their tunnelling policy is not to my liking... It hijacks all our connections, so that our users would not be able to print, access email, file servers, our gateway, etc. (Which might be safer... the networks essentially can't talk to each other.) So there would be no way our users could get anything done with the connection active. By their short notice and poor planning, the poor documentation, and the badly configured installer they gave us, I just don't have much trust in the system and their security practices. I know this must happen elsewhere with B2B stuff, is there a model I should be following? Questions I should be asking? Agreements and security policies to be signed? I would sure think so. In the mean time, I'm going to set up a dumb-kiosk on an isolated network with the VPN software so my users can at least walk up to it and access what they need so our projects keep moving. I'm going to try and address my concerns with them, but from what I hear, their IT dept is quite hard to work with, if you can even get anyone to help. (It's a very large company). Any thoughts and suggestions would be highly appreciated. TIA. Sam ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe
RE: DNS Partial zone CNAMEs?
No www.google.comhttp://www.google.com in my record, that is the zone name. Where you have your example record below change the left column to read 'same as parent folder' all the way down including the DNAME. In addition to what you show I also have all my name servers in that record of course. Actually, if you want to ask a question the one that is on my mind is why wouldn't it take the CNAME record when I wanted to add it. It seems to me it should have and that was the suggested solution. Over on another list some of the people are still scratching their head as to why it errored on me when I tried to add the CNAME...leaving the alias blank (same as parent folder) and adding nosslsearch.google.com for the target FQDN. Error was: A new record cannot be created. An alias (CNAME) record cannot be added to this DNS name. The DNS name contains records that are incompatible with the CNAME record. 2008 R2 integrated DNS. I found references to this error on google with other people trying to do basically the same thing I was trying to do. The fix was to remove all the other records in that zone. My problem was that other than the SOA and NS records I had no other records to remove. The behavior on this seemed to have changed starting with 2003 and up. From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Monday, February 13, 2012 11:50 AM To: NT System Admin Issues Subject: Re: DNS Partial zone CNAMEs? On Mon, Feb 13, 2012 at 9:19 AM, Kennedy, Jim kennedy...@elyriaschools.orgmailto:kennedy...@elyriaschools.org wrote: I put up a primary zone www.google.comhttp://www.google.com Then I put up a DNAME leaving the first line blank )alias name) so that it would use the parent domain. And the FQDN for the target host as nosslsearch.google.comhttp://nosslsearch.google.com. I presume you mean something like this? www.google.comhttp://www.google.com. SOA blah blah blah DNAME nosslsearch.google.comhttp://nosslsearch.google.com. I'm not sure that use case -- a DNAME for the current label -- is expected. It seems to be something of a misapplication. DNAME was, as far as I know, intended to map child domains to a new target, not the zone apex. Your use case isn't mentioned explicitly in RFC-2672http://tools.ietf.org/html/rfc2672, as far as I can tell. It would appear to run contrary to Section 4.1 Step 3.c (page 4), which states in part: If at some label, a match is impossible (i.e., the corresponding label does not exist), look to see whether the last label matched has a DNAME record. Since you have to have other records (like SOA) defined for the zone apex, the label exists and should be matched as such. Now, obviously, it works anyway, but one should be wary of depending on undefined behavior. A later change may fix it to stop working, or some other software may choke. I'm not saying don't do it. (I'm also not saying do do it.) I just want to point it out. And my reading of RFC-2672 may be wrong. DNAME isn't something I've played with myself. If you want, I can ask over on the DNS ops list. Most of the heavy-hitters in DNS land are subscribed (including the principle authors of the specs, the reference implementation, and several other major implementations), so that's as close to authorative it can get without it being formally specified. OTOH, if you're going to do it anyway, it's academic. :) If you do want me to ask, please let me know what version and service pack of Windows you're running on your servers, and your typical client population. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Terminal Server HA Configuration
If you have a SAN available, run VMWare ESX on your servers. You'll have to pay a bit extra for automatic failover. Or, you can use the free version and manually switch your virtuals over in case of failure. Ken Cornetet 812.482.8499 To err is human - to moo, bovine. From: Robert Jackson [mailto:r...@walkermartyn.co.uk] Sent: Monday, February 13, 2012 12:25 PM To: NT System Admin Issues Subject: Terminal Server HA Configuration We are about to get 2 brand new servers to be used as Terminal Servers running Windows 2008 Server R2 Enterprise Edition. I'm looking for the best way to have them configured for resilience and high availability. I don't know if we should just have them as 2 separate servers (one being an Acronis clone of the other) or whether some form of clustering/load balancing would be best? Regards, Rab. = Robert Jackson Phone: +44 (0) 141 332 7999 IT Manager Fax: +44 (0) 141 331 2820 Walker Martyn Ltd 1 Park Circus PlaceEmail: r...@walkermartyn.co.ukmailto:r...@walkermartyn.co.uk Glasgow G3 6AH, Scotland Web: http://www.walkermartyn.co.ukhttp://www.walkermartyn.co.uk/ = The information in this internet E-mail is confidential and is intended solely for the addressee. Access, copying or re-use of information in it by anyone else is unauthorised. Any views or opinions presented are solely those of the author and do not necessarily represent those of Walker Martyn Ltd or any of its affiliates. If you are not the intended recipient please contact administra...@walkermartyn.co.ukmailto:administra...@walkermartyn.co.uk. Walker Martyn Ltd, company number SC197533. Company is registered in Scotland and has its registered office at 1 Park Circus Place, Glasgow G3 6AH, UK. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Allowing or not Allowing iTunes on corporate computers????
I've seen a legal accounting package that will only sync with iPhones via iTunes (if you aren't using ActiveSync.) On Sun, Feb 12, 2012 at 7:59 PM, Michael B. Smith mich...@smithcons.comwrote: There are a few - very few but they exist - exceptions to that. I have one legal client that can only access cases from one of their reference libraries on iTunes. Two of my University clients post classes on iTunes. (Then again, the University is a false positive in the USA - they have to offer so much fake freedom that it's ridiculous.) Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Sunday, February 12, 2012 5:53 PM To: NT System Admin Issues Subject: Re: Allowing or not Allowing iTunes on corporate computers On Sun, Feb 12, 2012 at 14:38, justino garcia jgarciaitl...@gmail.com wrote: iTunes removal has come up in our office. What is norm are you allowing iTunes on the network? What are your organization's policies? If there is no policy on this, it's time to get one - speak to your HR manager and other relevant staff (probably including the company lawyer) about setting up a policy. That is what should drive your decisions like this. Now, if you're wanting my personal/professional opinion - iTunes' security record sucks. Also, iTunes isn't needed for anything legitimate that users might have, iPhone and iPad included, because those can be activated on either a personal computer, or if the devices is company-issued, on a computer that is dedicated to the purpose and under the direct control of IT. Given that, iTunes should not be present on end-user machines. But that's just my opinion. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- -cynicalgeek- cynicalgeekatgmail.com -- ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Client requiring a VPN Connection to their network... Um?
If all else fails, set up as many machines as necessary in a DMZ, and hook them up to an IP KVM. If all you need is one machine, a Lantronix Spider would be worth investigating. Several of the other ideas will be more workable, but this will also work, albeit at some expense. Kurt On Mon, Feb 13, 2012 at 06:32, Sam Cayze sca...@gmail.com wrote: Concerned about this, not sure how to proceed, and this is a first for me. A long time customer has suddenly required that we access their B2B portal via installing their VPN software, essentially connecting to their network in order to access the portal. (We in the past, and going forward, we utilize heavily). My concerns: They gave us 1 day notice. (Hardly, more like 12 hours). They emailed us Sunday and expected that I have the vpn clients installed on all PCs by the AM. I have no idea of their security on the tunnel, and what lies on their network that could seep onto our machines. Their tunnelling policy is not to my liking... It hijacks all our connections, so that our users would not be able to print, access email, file servers, our gateway, etc. (Which might be safer... the networks essentially can't talk to each other.) So there would be no way our users could get anything done with the connection active. By their short notice and poor planning, the poor documentation, and the badly configured installer they gave us, I just don't have much trust in the system and their security practices. I know this must happen elsewhere with B2B stuff, is there a model I should be following? Questions I should be asking? Agreements and security policies to be signed? I would sure think so. In the mean time, I'm going to set up a dumb-kiosk on an isolated network with the VPN software so my users can at least walk up to it and access what they need so our projects keep moving. I'm going to try and address my concerns with them, but from what I hear, their IT dept is quite hard to work with, if you can even get anyone to help. (It's a very large company). Any thoughts and suggestions would be highly appreciated. TIA. Sam ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: DNS Partial zone CNAMEs?
You name it, we got it. Win 7, XP and 2008 R2 RDS. SP 1 on 7 and 2008 R2. 3 on XP. And I would say mostly Win 7. Oh, and we got Ipad 2 but deep down I hope they break. Because a CNAME must be the only Resource Record defined for a given domain name. So SOA and NS are considered resource records? Because that is all that is in that zone. From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Monday, February 13, 2012 1:50 PM To: NT System Admin Issues Subject: Re: DNS Partial zone CNAMEs? On Mon, Feb 13, 2012 at 12:53 PM, Kennedy, Jim kennedy...@elyriaschools.orgmailto:kennedy...@elyriaschools.org wrote: I presume you mean something like this? www.google.comhttp://www.google.com/. SOA blah blah blah DNAME nosslsearch.google.comhttp://nosslsearch.google.com/. No www.google.comhttp://www.google.com in my record, that is the zone name. You can't have a Resource Record without a domain name. It's simply not possible in the protocol. When the GUI shows you the zone, the domain name is implicit. :) At the protocol level, zones don't exist explicitly. They're a higher level construct, implied by the the existence of certain records. Where you have your example record below change the left column to read 'same as parent folder' all the way down including the DNAME. Same thing. :) I was using the standard notation for DNS records, which is defined in RFC-1035 Section 5http://tools.ietf.org/html/rfc1035#section-5. It's sometimes called zone file or master file. In that format, if the LHS (left-hand-side) is blank, the LHS of the previous record is implied. In addition to what you show I also have all my name servers in that record of course. Right, right. I did leave that out. :) Actually, if you want to ask a question the one that is on my mind is why wouldn't it take the CNAME record when I wanted to add it. It seems to me it should have and that was the suggested solution. Over on another list some of the people are still scratching their head as to why it errored on me when I tried to add the CNAME...leaving the alias blank (same as parent folder) and adding nosslsearch.google.comhttp://nosslsearch.google.com for the target FQDN. Because a CNAME must be the only Resource Record defined for a given domain name. I explained thishttp://www.mail-archive.com/ntsysadmin@lyris.sunbelt-software.com/msg109449.html earlier in this thread. :-) 2008 R2 integrated DNS. What Service Pack? What about the clients? For example, are they mostly Win 7/Vista? Or is it a typical school where anything can happen and often does? :) My problem was that other than the SOA and NS records I had no other records to remove. The behavior on this seemed to have changed starting with 2003 and up. See what I mean about depending on undefined (or invalid) behavior? Then someones goes and fixes their code, and the thing you were depending on doesn't work anymore. :-) Get me the story on the clients and I'll ask over on dns-ops. I'm curious myself, now. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Picking up file server tuning again
Ran PAL against the log. Um, wow. It's a freaking christmas tree - red and yellow all over the place in CPU and disk. Who should I be talking with to analyze this? A sample of the issues shown - all of which show up in more than one time slice - some in every or almost every slice: o- More than 50% Processor Utilization o- More than 30% privileged (kernel) mode CPU usage o- More than 2 packets are waiting in the output queue o- Greater than 25ms physical disk READ response times o- Greater than 25ms physical disk WRITE response times o- More than 80% of Pool Paged Kernel Memory Used o- More than 2 I/O's are waiting on the physical disk o- 20 (Processor(_Total)\DPC Rate) o- More than 30% Interrupt Time o- Greater than 1000 page inputs per second (Memory\Pages Input/sec) Some things that showed no alerts: o- Memory\Available MBytes o- Memory\Free System Page Table Entrie o- Memory\Pages/sec o- Memory\System Cache Resident Bytes o- Memory\Cache Bytes o- Memory\% Committed Bytes In Use o- Network Interface(*)\% Network Utilization MS TCP Loopback interface VMware Accelerated AMD PCNet Adapter VMware Accelerated AMD PCNet Adapter#1 o- Network Interface(*)\Packets Outbound Errors MS TCP Loopback interface VMware Accelerated AMD PCNet Adapter VMware Accelerated AMD PCNet Adapter#1 Kurt On Fri, Feb 10, 2012 at 16:04, Brian Desmond br...@briandesmond.com wrote: Rather than trying to do this yourself, check out PAL - http://pal.codeplex.com/. It will setup all the right counters for you and crunch the data. Thanks, Brian Desmond br...@briandesmond.com w – 312.625.1438 | c – 312.731.3132 -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Friday, February 10, 2012 4:43 PM To: NT System Admin Issues Subject: Picking up file server tuning again I'm getting back to monitoring my situation with the file server again, and just finished a perfmon session covering the 3rd through the 7th of this month. Simultaneously, I set up perfmon on the same workstation to monitor the backup server. If anyone cares to help, I'd be deeply appreciative. I set up perfmon on a Win7 VM on an ESXi 4.1 host to take measurements at 60 second intervals of a whole bunch of counters, many of them probably just noise. I'll describe the history of the configuration first, however: The file server is a Win2k3 R2 VM running on a ESX 3.5 host with 16g of RAM - it's one of 10 VMs, and is definitely the heaviest hitter in terms of disk I/O. About 2.5-3 months ago we noticed that the time to completion for the weekly full backups spiked dramatically. Prior to that time, the fulls would start around 7pm on a Friday, and finish by about 7pm on Sunday. Now they take until Thursday or Friday to complete. This coincided with some changes to the environment: I had to move the VM to a new host (it was a manual copy - we don't have vmotion licensed and configured for these hosts) and at about that time I also had to expand 2 of the 4 LUNS. Finally, the OS drive for the VM on the old host was on a LUN on our Lefthand unit - I had to migrate it to the local disk storage on the new home for the VM. The 4 data drives for this VM are attached via the MSFT iSCSI client running on the VM, not through VMWare's iSCSI client. So, at that point, all of the LUNS were on the Lefthand SAN, which is a 3-node cluster, and we use 2-way replication for all LUNS. The 2 LUNS that were expanded went to 2tb or slightly beyond. The Lefthand has two NSM 2060s and a P4300G2, with 6 and 8 disks each, respectively - a total of 20 disks Since that time, I've also added in our EMC VNXe 3100 with 6 disks in it in a RAID6 array. I mention this because this means that all of the file systems on the VNXe are clean and defragged. Currently, I've migrated 3 of the 4 data LUNs for the VM to the EMC. I made sure to align the partitions on the EMC to a megabyte boundary. So, to make this simpler to visualize, a little table: c: - local disk on ESX 3.5, 40gb, 23.6gb free j: - iSCSI LUN on Lefthand, 2.5tb, 900gb free k: - iSCSI LUN on VNXe, 1.98tb, 336gb free l: - iSCSI LUN on VNXe, 1tb, 79gb free m: - iSCSI LUN on VNXe 750gb, 425gb free I tried to capture separate disk queue stats for each LUN, but in spite of selecting and adding each drive letter separately in the perfmon interface, all I got was _Total. Selected stats are as follows: PhysicalDisk counters Current disk queue length - average 0.483, maximum 33.000 Average disk read queue length - 0.037, maximum 1.294 %disk time - average 34.068, maximum 153.877 Average disk write queue length - average 0.645, maximum 2.828 Average disk queue length - average 0.681, maximum 3.078 I have more data on PhysicalDisk, and data on other objects, including Memory, NetworkInterface, Paging File, Processor and Server Work Queues. If anyone has thoughts, I'd surely like to hear
Re: Picking up file server tuning again
On Sat, Feb 11, 2012 at 01:33, Paul Hutchings paul.hutchi...@mira.co.uk wrote: You've mentioned that backups are slow, but not how you're doing the backups? We use Ultrabac, and do a d2d2t Where I would start along with things like perfmon is with a simple, straight multi-threaded file copy - see how much you can actually send over the LAN from the source file server to a variety of destinations. For example if you're on gig ethernet end to end and you're consistently able to get 100MB/Sec (for example) doing a multi-threaded robocopy then I think you can reasonably safely say your problem is with tuning the backup software. I think a robocopy of data to the backup server will be sufficient to judge in this case. Given the PAL output, it's likely a machine issue. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Picking up file server tuning again
That's a busy box. I'd suggest moving to a 64-bit OS. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Monday, February 13, 2012 3:00 PM To: NT System Admin Issues Subject: Re: Picking up file server tuning again Ran PAL against the log. Um, wow. It's a freaking christmas tree - red and yellow all over the place in CPU and disk. Who should I be talking with to analyze this? A sample of the issues shown - all of which show up in more than one time slice - some in every or almost every slice: o- More than 50% Processor Utilization o- More than 30% privileged (kernel) mode CPU usage o- More than 2 packets are waiting in the output queue o- Greater than 25ms physical disk READ response times o- Greater than 25ms physical disk WRITE response times o- More than 80% of Pool Paged Kernel Memory Used o- More than 2 I/O's are waiting on the physical disk o- 20 (Processor(_Total)\DPC Rate) o- More than 30% Interrupt Time o- Greater than 1000 page inputs per second (Memory\Pages Input/sec) Some things that showed no alerts: o- Memory\Available MBytes o- Memory\Free System Page Table Entrie o- Memory\Pages/sec o- Memory\System Cache Resident Bytes o- Memory\Cache Bytes o- Memory\% Committed Bytes In Use o- Network Interface(*)\% Network Utilization MS TCP Loopback interface VMware Accelerated AMD PCNet Adapter VMware Accelerated AMD PCNet Adapter#1 o- Network Interface(*)\Packets Outbound Errors MS TCP Loopback interface VMware Accelerated AMD PCNet Adapter VMware Accelerated AMD PCNet Adapter#1 Kurt On Fri, Feb 10, 2012 at 16:04, Brian Desmond br...@briandesmond.com wrote: Rather than trying to do this yourself, check out PAL - http://pal.codeplex.com/. It will setup all the right counters for you and crunch the data. Thanks, Brian Desmond br...@briandesmond.com w – 312.625.1438 | c – 312.731.3132 -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Friday, February 10, 2012 4:43 PM To: NT System Admin Issues Subject: Picking up file server tuning again I'm getting back to monitoring my situation with the file server again, and just finished a perfmon session covering the 3rd through the 7th of this month. Simultaneously, I set up perfmon on the same workstation to monitor the backup server. If anyone cares to help, I'd be deeply appreciative. I set up perfmon on a Win7 VM on an ESXi 4.1 host to take measurements at 60 second intervals of a whole bunch of counters, many of them probably just noise. I'll describe the history of the configuration first, however: The file server is a Win2k3 R2 VM running on a ESX 3.5 host with 16g of RAM - it's one of 10 VMs, and is definitely the heaviest hitter in terms of disk I/O. About 2.5-3 months ago we noticed that the time to completion for the weekly full backups spiked dramatically. Prior to that time, the fulls would start around 7pm on a Friday, and finish by about 7pm on Sunday. Now they take until Thursday or Friday to complete. This coincided with some changes to the environment: I had to move the VM to a new host (it was a manual copy - we don't have vmotion licensed and configured for these hosts) and at about that time I also had to expand 2 of the 4 LUNS. Finally, the OS drive for the VM on the old host was on a LUN on our Lefthand unit - I had to migrate it to the local disk storage on the new home for the VM. The 4 data drives for this VM are attached via the MSFT iSCSI client running on the VM, not through VMWare's iSCSI client. So, at that point, all of the LUNS were on the Lefthand SAN, which is a 3-node cluster, and we use 2-way replication for all LUNS. The 2 LUNS that were expanded went to 2tb or slightly beyond. The Lefthand has two NSM 2060s and a P4300G2, with 6 and 8 disks each, respectively - a total of 20 disks Since that time, I've also added in our EMC VNXe 3100 with 6 disks in it in a RAID6 array. I mention this because this means that all of the file systems on the VNXe are clean and defragged. Currently, I've migrated 3 of the 4 data LUNs for the VM to the EMC. I made sure to align the partitions on the EMC to a megabyte boundary. So, to make this simpler to visualize, a little table: c: - local disk on ESX 3.5, 40gb, 23.6gb free j: - iSCSI LUN on Lefthand, 2.5tb, 900gb free k: - iSCSI LUN on VNXe, 1.98tb, 336gb free l: - iSCSI LUN on VNXe, 1tb, 79gb free m: - iSCSI LUN on VNXe 750gb, 425gb free I tried to capture separate disk queue stats for each LUN, but in spite of selecting and adding each drive letter separately in the perfmon interface, all I got was _Total. Selected stats are as follows: PhysicalDisk counters Current disk queue length - average 0.483, maximum 33.000 Average disk read queue length - 0.037, maximum 1.294 %disk time - average 34.068, maximum
Re: DNS Partial zone CNAMEs?
On Mon, Feb 13, 2012 at 2:26 PM, Kennedy, Jim kennedy...@elyriaschools.orgwrote: You name it, we got it. Win 7, XP and 2008 R2 RDS. SP 1 on 7 and 2008 R2. 3 on XP. And I would say mostly Win 7. Okay. I'll raise the question and see what people say. DNAME is relatively new, and I know I've seen comments about the corner cases being vague already, so I suspect this fits into that. Oh, and we got Ipad 2 but deep down I hope they break. LOL. :-) “ Because a CNAME *must* be the only Resource Record defined for a given domain name.” ** ** So SOA and NS are considered resource records? Because that is all that is in that zone. Correct. Fundamentally, you can think of a DNS query as a function (like a function in computer programming or mathematics). You give the function a domain name. The function returns zero or more resource records associated with that name. For example, I'll use the DIG utility (part of the ISC BIND distribution; available for free for Windows) to query all the records for your domain (my typing in green): *dig +noall +ans +nottl +nocl ANY elyriaschools.org. @ns1.dnspark.net.* elyriaschools.org. SOA ns2.dnspark.net. hostm... elyriaschools.org. NS ns2.dnspark.net. elyriaschools.org. TXT google-site-verificat... elyriaschools.org. MX 0 mail.elyriaschools.org. elyriaschools.org. NS ns3.dnspark.net. elyriaschools.org. A 208.108.90.210 elyriaschools.org. NS ns4.dnspark.net. elyriaschools.org. NS ns5.dnspark.net. elyriaschools.org. NS ns1.dnspark.net. Each line in the above is a resource record (RR). (I've truncated long lines, but they may still wrap.) The LHS (left hand side) is the domain name being queried for. The thing in the middle is the type of record. The RHS (right hand side) is the data for that record. This is all DNS can do -- take a domain name, and return some records. All this zone stuff matters if you're going to understand why certain records get used where they do, but it's not present in the data on the wire. Note also that www.elyriaschools.org. is just as much a domain name as elyriaschools.org. is. People tend to think of the second-level domain (2LD) as *the* domain name, and things like www as something else, but from the protocol's point of view, all names are equal. More examples *dig +noall +ans +nottl +nocl ANY www.elyriaschools.org. @ns1.dnspark.net. * www.elyriaschools.org. A 208.108.90.210 *dig +noall +ans +nottl +nocl ANY mail.elyriaschools.org. @ns1.dnspark.net .* mail.elyriaschools.org. A 208.108.90.199 mail.elyriaschools.org. MX 0 mail.elyriaschools.org. Hope this helps. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Warn Your Users
* Warn Your Users 1) This week, you will see a wave of Whitney Houston malware coming through, all trying to capitalize on her death. Think Before You Click! 2) Miscreants are sending tons of Valentines Day spam, laced with malicious links. Think Before You Click! 3) Viruses tend to come into end-user's mailboxes between 8 and 9am EST. I told you three times... Think Before You Click! Warm regards, Stu ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Variable that has spaces when enumerated, plus...
Got it. I knew as soon as I hit send I'd find it... Quotes around the entire shooting match, including the variable.. Dave From: David Lum [mailto:david@nwea.org] Sent: Monday, February 13, 2012 1:30 PM To: NT System Admin Issues Subject: Variable that has spaces when enumerated, plus... I am trying to copy a file to %appdata%\Acrobat\This will blow up via batch file - predictably I get invalid arguments when I run file with said command in it. I can't find my notes on how I've done this before. What combination of quotes will get me what I need? Maybe I need to have a blog to keep my stuff available in one place :-) David Lum Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Variable that has spaces when enumerated, plus...
%appdata%\acrobat should be fine, should it not, for a copy destination? Sent from my SR-71 Blackbird -Original Message- From: David Lum david@nwea.org Date: Mon, 13 Feb 2012 21:29:33 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com Reply-To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.comSubject: Variable that has spaces when enumerated, plus... I am trying to copy a file to %appdata%\Acrobat\This will blow up via batch file - predictably I get invalid arguments when I run file with said command in it. I can't find my notes on how I've done this before. What combination of quotes will get me what I need? Maybe I need to have a blog to keep my stuff available in one place :-) David Lum Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Warn Your Users
On Mon, Feb 13, 2012 at 3:56 PM, Stu Sjouwerman s...@sunbelt-software.com wrote: I told you three times... Think Before You Click! Given a choice between dancing pigs and security, users will pick dancing pigs every time. (http://en.wikipedia.org/wiki/Dancing_pigs) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Anyone using HP MSM 760 procurve wireless?
Anyone out there on the list using HP Procurve MSM controllers and access points? Specifically either wiht schools or Apple clients? J myhosting.com - Premium Microsoft® Windows® and Linux web and application hosting - http://link.myhosting.com/myhosting ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Picking up file server tuning again
It *is* a busy box, and migrating the iSCSI LUNs to a 64bit server is something I've definitely considered. I have a Dell R310 with 16gb RAM that I could use, but it's already got 9 active VMs, although they're not heavy hitters. AFAICT, probably the highest-use machines on the ESXi 4.1 box are the secondary DC (no FSMO roles, but does do DNS and WINS) and the issuing CA box. It's currently a VM on what I believe to be an underpowered ESX 3.5 box - I think it's possible that it's simply starved for resources on that ESX box. I'm sure there's something out there like perfmon for VMware that I can use to capture performance over time - I'd like to measure and analyze the performance of the ESX 3.5 box while the backups are happening against the file server. I'm also considering moving the Win2k3 file server VM to the ESX box and seeing if the situation improves. Kurt On Mon, Feb 13, 2012 at 12:08, Michael B. Smith mich...@smithcons.com wrote: That's a busy box. I'd suggest moving to a 64-bit OS. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Monday, February 13, 2012 3:00 PM To: NT System Admin Issues Subject: Re: Picking up file server tuning again Ran PAL against the log. Um, wow. It's a freaking christmas tree - red and yellow all over the place in CPU and disk. Who should I be talking with to analyze this? A sample of the issues shown - all of which show up in more than one time slice - some in every or almost every slice: o- More than 50% Processor Utilization o- More than 30% privileged (kernel) mode CPU usage o- More than 2 packets are waiting in the output queue o- Greater than 25ms physical disk READ response times o- Greater than 25ms physical disk WRITE response times o- More than 80% of Pool Paged Kernel Memory Used o- More than 2 I/O's are waiting on the physical disk o- 20 (Processor(_Total)\DPC Rate) o- More than 30% Interrupt Time o- Greater than 1000 page inputs per second (Memory\Pages Input/sec) Some things that showed no alerts: o- Memory\Available MBytes o- Memory\Free System Page Table Entrie o- Memory\Pages/sec o- Memory\System Cache Resident Bytes o- Memory\Cache Bytes o- Memory\% Committed Bytes In Use o- Network Interface(*)\% Network Utilization MS TCP Loopback interface VMware Accelerated AMD PCNet Adapter VMware Accelerated AMD PCNet Adapter#1 o- Network Interface(*)\Packets Outbound Errors MS TCP Loopback interface VMware Accelerated AMD PCNet Adapter VMware Accelerated AMD PCNet Adapter#1 Kurt On Fri, Feb 10, 2012 at 16:04, Brian Desmond br...@briandesmond.com wrote: Rather than trying to do this yourself, check out PAL - http://pal.codeplex.com/. It will setup all the right counters for you and crunch the data. Thanks, Brian Desmond br...@briandesmond.com w – 312.625.1438 | c – 312.731.3132 -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Friday, February 10, 2012 4:43 PM To: NT System Admin Issues Subject: Picking up file server tuning again I'm getting back to monitoring my situation with the file server again, and just finished a perfmon session covering the 3rd through the 7th of this month. Simultaneously, I set up perfmon on the same workstation to monitor the backup server. If anyone cares to help, I'd be deeply appreciative. I set up perfmon on a Win7 VM on an ESXi 4.1 host to take measurements at 60 second intervals of a whole bunch of counters, many of them probably just noise. I'll describe the history of the configuration first, however: The file server is a Win2k3 R2 VM running on a ESX 3.5 host with 16g of RAM - it's one of 10 VMs, and is definitely the heaviest hitter in terms of disk I/O. About 2.5-3 months ago we noticed that the time to completion for the weekly full backups spiked dramatically. Prior to that time, the fulls would start around 7pm on a Friday, and finish by about 7pm on Sunday. Now they take until Thursday or Friday to complete. This coincided with some changes to the environment: I had to move the VM to a new host (it was a manual copy - we don't have vmotion licensed and configured for these hosts) and at about that time I also had to expand 2 of the 4 LUNS. Finally, the OS drive for the VM on the old host was on a LUN on our Lefthand unit - I had to migrate it to the local disk storage on the new home for the VM. The 4 data drives for this VM are attached via the MSFT iSCSI client running on the VM, not through VMWare's iSCSI client. So, at that point, all of the LUNS were on the Lefthand SAN, which is a 3-node cluster, and we use 2-way replication for all LUNS. The 2 LUNS that were expanded went to 2tb or slightly beyond. The Lefthand has two NSM 2060s and a P4300G2, with 6 and 8 disks each, respectively - a total of 20 disks Since that
Re: DNS Partial zone CNAMEs?
Okay, the consensus on dns-ops is that this is broken and shouldn't work. Specifically, a construct of the following form is invalid: www.example.com. SOA blah blah blah www.example.com. NS ns1.example.com. www.example.com. DNAME elsewhere.example.net. The problem is that DNAME is intended to apply to *child* names of the LHS name (record owner). It should *not* apply to the owner name itself. This is made explict in the next draft of the DNAME specification, which states: a DNAME RR redirects DNS names subordinate to its owner name; *the owner name* of a DNAME is *not redirected* itself (emphasis added). (draft-ietf-dnsext-rfc2672bis-dname-25, section 2.3http://tools.ietf.org/html/draft-ietf-dnsext-rfc2672bis-dname-25#section-2.3 ) So, while you're of course free to do this anyway, it may cause demons to fly out of your nose http://catb.org/jargon/html/N/nasal-demons.html. More likely, some future hotfix or Service Pack may take it away. That's especially likely if the proposed client-side support for DNAME ever makes it out of committee. You Have Been Warned(TM). :-) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: DNS Partial zone CNAMEs?
Well, then it can be documented to management as temporarily mitigated with work around until funding for a more permanent solution is obtained and may break during security updates to product by vendor. The reason for 'security updates' phrase is to discourage 'never upgrade'. :) On Mon, Feb 13, 2012 at 2:48 PM, Ben Scott mailvor...@gmail.com wrote: Okay, the consensus on dns-ops is that this is broken and shouldn't work. Specifically, a construct of the following form is invalid: www.example.com. SOA blah blah blah www.example.com. NS ns1.example.com. www.example.com. DNAME elsewhere.example.net. The problem is that DNAME is intended to apply to *child* names of the LHS name (record owner). It should *not* apply to the owner name itself. This is made explict in the next draft of the DNAME specification, which states: a DNAME RR redirects DNS names subordinate to its owner name; *the owner name* of a DNAME is *not redirected* itself (emphasis added). (draft-ietf-dnsext-rfc2672bis-dname-25, section 2.3http://tools.ietf.org/html/draft-ietf-dnsext-rfc2672bis-dname-25#section-2.3 ) So, while you're of course free to do this anyway, it may cause demons to fly out of your nose http://catb.org/jargon/html/N/nasal-demons.html. More likely, some future hotfix or Service Pack may take it away. That's especially likely if the proposed client-side support for DNAME ever makes it out of committee. You Have Been Warned(TM). :-) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Picking up file server tuning again
Well, the kernel mode, paged pool, and interrupt time are items that will be specifically reduced with an x64 OS. The I/O situation is indicative of disk queuing which is hypervisor related. Dunno how you optimize that in VMware, there are a number of potentials in Hyper-V. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Monday, February 13, 2012 5:33 PM To: NT System Admin Issues Subject: Re: Picking up file server tuning again It *is* a busy box, and migrating the iSCSI LUNs to a 64bit server is something I've definitely considered. I have a Dell R310 with 16gb RAM that I could use, but it's already got 9 active VMs, although they're not heavy hitters. AFAICT, probably the highest-use machines on the ESXi 4.1 box are the secondary DC (no FSMO roles, but does do DNS and WINS) and the issuing CA box. It's currently a VM on what I believe to be an underpowered ESX 3.5 box - I think it's possible that it's simply starved for resources on that ESX box. I'm sure there's something out there like perfmon for VMware that I can use to capture performance over time - I'd like to measure and analyze the performance of the ESX 3.5 box while the backups are happening against the file server. I'm also considering moving the Win2k3 file server VM to the ESX box and seeing if the situation improves. Kurt On Mon, Feb 13, 2012 at 12:08, Michael B. Smith mich...@smithcons.com wrote: That's a busy box. I'd suggest moving to a 64-bit OS. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Monday, February 13, 2012 3:00 PM To: NT System Admin Issues Subject: Re: Picking up file server tuning again Ran PAL against the log. Um, wow. It's a freaking christmas tree - red and yellow all over the place in CPU and disk. Who should I be talking with to analyze this? A sample of the issues shown - all of which show up in more than one time slice - some in every or almost every slice: o- More than 50% Processor Utilization o- More than 30% privileged (kernel) mode CPU usage o- More than 2 packets are waiting in the output queue o- Greater than 25ms physical disk READ response times o- Greater than 25ms physical disk WRITE response times o- More than 80% of Pool Paged Kernel Memory Used o- More than 2 I/O's are waiting on the physical disk o- 20 (Processor(_Total)\DPC Rate) o- More than 30% Interrupt Time o- Greater than 1000 page inputs per second (Memory\Pages Input/sec) Some things that showed no alerts: o- Memory\Available MBytes o- Memory\Free System Page Table Entrie o- Memory\Pages/sec o- Memory\System Cache Resident Bytes o- Memory\Cache Bytes o- Memory\% Committed Bytes In Use o- Network Interface(*)\% Network Utilization MS TCP Loopback interface VMware Accelerated AMD PCNet Adapter VMware Accelerated AMD PCNet Adapter#1 o- Network Interface(*)\Packets Outbound Errors MS TCP Loopback interface VMware Accelerated AMD PCNet Adapter VMware Accelerated AMD PCNet Adapter#1 Kurt On Fri, Feb 10, 2012 at 16:04, Brian Desmond br...@briandesmond.com wrote: Rather than trying to do this yourself, check out PAL - http://pal.codeplex.com/. It will setup all the right counters for you and crunch the data. Thanks, Brian Desmond br...@briandesmond.com w – 312.625.1438 | c – 312.731.3132 -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Friday, February 10, 2012 4:43 PM To: NT System Admin Issues Subject: Picking up file server tuning again I'm getting back to monitoring my situation with the file server again, and just finished a perfmon session covering the 3rd through the 7th of this month. Simultaneously, I set up perfmon on the same workstation to monitor the backup server. If anyone cares to help, I'd be deeply appreciative. I set up perfmon on a Win7 VM on an ESXi 4.1 host to take measurements at 60 second intervals of a whole bunch of counters, many of them probably just noise. I'll describe the history of the configuration first, however: The file server is a Win2k3 R2 VM running on a ESX 3.5 host with 16g of RAM - it's one of 10 VMs, and is definitely the heaviest hitter in terms of disk I/O. About 2.5-3 months ago we noticed that the time to completion for the weekly full backups spiked dramatically. Prior to that time, the fulls would start around 7pm on a Friday, and finish by about 7pm on Sunday. Now they take until Thursday or Friday to complete. This coincided with some changes to the environment: I had to move the VM to a new host (it was a manual copy - we don't have vmotion licensed and configured for these hosts) and at about that time I also had to expand 2 of the 4 LUNS. Finally, the OS drive for the VM on the old host
Re: Allowing or not Allowing iTunes on corporate computers????
Here here I agree on both points. I fought this at last $dayjob$ with our resident MacHead telling me that security was only a problem on Windows boxes and I should spend $100k switching the office to Mac's as Mac's could not and never would get any malware. Jon On Sun, Feb 12, 2012 at 5:53 PM, Kurt Buff kurt.b...@gmail.com wrote: On Sun, Feb 12, 2012 at 14:38, justino garcia jgarciaitl...@gmail.com wrote: iTunes removal has come up in our office. What is norm are you allowing iTunes on the network? What are your organization's policies? If there is no policy on this, it's time to get one - speak to your HR manager and other relevant staff (probably including the company lawyer) about setting up a policy. That is what should drive your decisions like this. Now, if you're wanting my personal/professional opinion - iTunes' security record sucks. Also, iTunes isn't needed for anything legitimate that users might have, iPhone and iPad included, because those can be activated on either a personal computer, or if the devices is company-issued, on a computer that is dedicated to the purpose and under the direct control of IT. Given that, iTunes should not be present on end-user machines. But that's just my opinion. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Anyone using HP MSM 760 procurve wireless?
I'm using the MSM 710 but not at a school or with Mac clients. On Feb 13, 2012 4:18 PM, jesse-r...@wi.rr.com jesse-r...@wi.rr.com wrote: Anyone out there on the list using HP Procurve MSM controllers and access points? Specifically either wiht schools or Apple clients? J myhosting.com - Premium Microsoft® Windows® and Linux web and application hosting - http://link.myhosting.com/myhosting ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Home Antivirus
About 50% of the PCs I clean for people have McAfee installed. Definitely not at the top of the list for me. Was that spam anyway? :) From: Richard Stovall [mailto:rich...@gmail.com] Sent: Monday, February 13, 2012 7:45 PM To: NT System Admin Issues Subject: Home Antivirus Hurry up! Time's almost out on the deal to get McAfee free for 3PCs. http://preview.tinyurl.com/77u2zry ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Home Antivirus
On Mon, Feb 13, 2012 at 7:45 PM, Richard Stovall rich...@gmail.com wrote: Hurry up! Time's almost out on the deal to get McAfee free for 3PCs. http://preview.tinyurl.com/77u2zry Receive a $55 prepaid card by mail from McAfee! Expires on 2/15/12 So in two days, the Internet will be a safer place. ;-) If I'm going the free AV route, I'd prolly go MS Security Essentials. While it's limited in features, it does stop malware and spyware, and updates happen with Windows Update. For all of WU's problems, other things all seem to suck more. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Computer safety and security best practices...
I feel like many of the malware infections I come across could have been easily avoided if the end user was just a little better informed. I’ve wanted to put together some tutorials for staff here at the school and also for my clients, that would help them to be more security conscious while browsing the web, etc. I already have a quite a few ideas for topics to cover and some online resources that I’m looking at too, but would like to make sure I don’t leave anything out. I’d like to make this training mandatory for school staff but of course clients would have to be made to see the value of it. Do you guys already do training like this for end users or do you point them to any online materials? Thanks, Mike ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Home Antivirus
Lol, sorry, I thought your mail account might have been hijacked by a spammer. Don’t forgot to use those sarcasm tags next time. :) From: Richard Stovall [mailto:rich...@gmail.com] Sent: Monday, February 13, 2012 8:01 PM To: NT System Admin Issues Subject: Re: Home Antivirus Not unless sarcasm is spam. In that case, I stand guilty. On Mon, Feb 13, 2012 at 7:51 PM, ntsysadmin ntsysad...@rccs.orgmailto:ntsysad...@rccs.org wrote: About 50% of the PCs I clean for people have McAfee installed. Definitely not at the top of the list for me. Was that spam anyway? :) From: Richard Stovall [mailto:rich...@gmail.commailto:rich...@gmail.com] Sent: Monday, February 13, 2012 7:45 PM To: NT System Admin Issues Subject: Home Antivirus Hurry up! Time's almost out on the deal to get McAfee free for 3PCs. http://preview.tinyurl.com/77u2zry ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Computer safety and security best practices...
Look at what SunBelt/GFI has to offer they have a full class for this I believe. Always good to support the hand that keeps this list up. Jon On Mon, Feb 13, 2012 at 8:15 PM, ntsysadmin ntsysad...@rccs.org wrote: I feel like many of the malware infections I come across could have been easily avoided if the end user was just a little better informed. I’ve wanted to put together some tutorials for staff here at the school and also for my clients, that would help them to be more security conscious while browsing the web, etc. ** ** I already have a quite a few ideas for topics to cover and some online resources that I’m looking at too, but would like to make sure I don’t leave anything out. I’d like to make this training mandatory for school staff but of course clients would have to be made to see the value of it.* *** ** ** Do you guys already do training like this for end users or do you point them to any online materials? ** ** Thanks, ** ** Mike ** ** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Computer safety and security best practices...
Stu does this through his new-ish company, KnowBe4 http://www.knowbe4.com/ Jonathan On Feb 13, 2012 8:22 PM, ntsysadmin ntsysad...@rccs.org wrote: I feel like many of the malware infections I come across could have been easily avoided if the end user was just a little better informed. I’ve wanted to put together some tutorials for staff here at the school and also for my clients, that would help them to be more security conscious while browsing the web, etc. ** ** I already have a quite a few ideas for topics to cover and some online resources that I’m looking at too, but would like to make sure I don’t leave anything out. I’d like to make this training mandatory for school staff but of course clients would have to be made to see the value of it.* *** ** ** Do you guys already do training like this for end users or do you point them to any online materials? ** ** Thanks, ** ** Mike ** ** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
I think I've asked this before...
but I don't remember seeing an answer - apologies if someone answered and I missed it... This is a followup to the file server tuning thread, BTW... So, I've got a underperforming Win2k3 R2 VM that talks with several iSCSI LUNs. One strategy to overcome the performance issue is to spin up a 64bit Win2k8 R2 VM, shut down the old VM and pick up the iSCSI LUNs on the new VM. Are there any NTFS or other mismatch issues that I need to be aware of in such a move? I've poked around a bit and haven't seen anything, but I might well have missed something crucial. Just trying to get my ducks in a row. Thanks, Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Home Antivirus
TAANSTAFL On Monday, February 13, 2012, Richard Stovall rich...@gmail.com wrote: But it's not McAfee!! Which, right now, is McFree! (After rebate.) On Mon, Feb 13, 2012 at 8:03 PM, Ben Scott mailvor...@gmail.com wrote: On Mon, Feb 13, 2012 at 7:45 PM, Richard Stovall rich...@gmail.com wrote: Hurry up! Time's almost out on the deal to get McAfee free for 3PCs. http://preview.tinyurl.com/77u2zry Receive a $55 prepaid card by mail from McAfee! Expires on 2/15/12 So in two days, the Internet will be a safer place. ;-) If I'm going the free AV route, I'd prolly go MS Security Essentials. While it's limited in features, it does stop malware and spyware, and updates happen with Windows Update. For all of WU's problems, other things all seem to suck more. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Picking up file server tuning again
Thanks. I'll continue to poke around, and ask a few more questions. Kurt On Mon, Feb 13, 2012 at 16:18, Michael B. Smith mich...@smithcons.com wrote: Well, the kernel mode, paged pool, and interrupt time are items that will be specifically reduced with an x64 OS. The I/O situation is indicative of disk queuing which is hypervisor related. Dunno how you optimize that in VMware, there are a number of potentials in Hyper-V. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Monday, February 13, 2012 5:33 PM To: NT System Admin Issues Subject: Re: Picking up file server tuning again It *is* a busy box, and migrating the iSCSI LUNs to a 64bit server is something I've definitely considered. I have a Dell R310 with 16gb RAM that I could use, but it's already got 9 active VMs, although they're not heavy hitters. AFAICT, probably the highest-use machines on the ESXi 4.1 box are the secondary DC (no FSMO roles, but does do DNS and WINS) and the issuing CA box. It's currently a VM on what I believe to be an underpowered ESX 3.5 box - I think it's possible that it's simply starved for resources on that ESX box. I'm sure there's something out there like perfmon for VMware that I can use to capture performance over time - I'd like to measure and analyze the performance of the ESX 3.5 box while the backups are happening against the file server. I'm also considering moving the Win2k3 file server VM to the ESX box and seeing if the situation improves. Kurt On Mon, Feb 13, 2012 at 12:08, Michael B. Smith mich...@smithcons.com wrote: That's a busy box. I'd suggest moving to a 64-bit OS. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Monday, February 13, 2012 3:00 PM To: NT System Admin Issues Subject: Re: Picking up file server tuning again Ran PAL against the log. Um, wow. It's a freaking christmas tree - red and yellow all over the place in CPU and disk. Who should I be talking with to analyze this? A sample of the issues shown - all of which show up in more than one time slice - some in every or almost every slice: o- More than 50% Processor Utilization o- More than 30% privileged (kernel) mode CPU usage o- More than 2 packets are waiting in the output queue o- Greater than 25ms physical disk READ response times o- Greater than 25ms physical disk WRITE response times o- More than 80% of Pool Paged Kernel Memory Used o- More than 2 I/O's are waiting on the physical disk o- 20 (Processor(_Total)\DPC Rate) o- More than 30% Interrupt Time o- Greater than 1000 page inputs per second (Memory\Pages Input/sec) Some things that showed no alerts: o- Memory\Available MBytes o- Memory\Free System Page Table Entrie o- Memory\Pages/sec o- Memory\System Cache Resident Bytes o- Memory\Cache Bytes o- Memory\% Committed Bytes In Use o- Network Interface(*)\% Network Utilization MS TCP Loopback interface VMware Accelerated AMD PCNet Adapter VMware Accelerated AMD PCNet Adapter#1 o- Network Interface(*)\Packets Outbound Errors MS TCP Loopback interface VMware Accelerated AMD PCNet Adapter VMware Accelerated AMD PCNet Adapter#1 Kurt On Fri, Feb 10, 2012 at 16:04, Brian Desmond br...@briandesmond.com wrote: Rather than trying to do this yourself, check out PAL - http://pal.codeplex.com/. It will setup all the right counters for you and crunch the data. Thanks, Brian Desmond br...@briandesmond.com w – 312.625.1438 | c – 312.731.3132 -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Friday, February 10, 2012 4:43 PM To: NT System Admin Issues Subject: Picking up file server tuning again I'm getting back to monitoring my situation with the file server again, and just finished a perfmon session covering the 3rd through the 7th of this month. Simultaneously, I set up perfmon on the same workstation to monitor the backup server. If anyone cares to help, I'd be deeply appreciative. I set up perfmon on a Win7 VM on an ESXi 4.1 host to take measurements at 60 second intervals of a whole bunch of counters, many of them probably just noise. I'll describe the history of the configuration first, however: The file server is a Win2k3 R2 VM running on a ESX 3.5 host with 16g of RAM - it's one of 10 VMs, and is definitely the heaviest hitter in terms of disk I/O. About 2.5-3 months ago we noticed that the time to completion for the weekly full backups spiked dramatically. Prior to that time, the fulls would start around 7pm on a Friday, and finish by about 7pm on Sunday. Now they take until Thursday or Friday to complete. This coincided with some changes to the environment: I had to move the VM to a new host (it was a manual copy
Re: Home Antivirus
Any comments on AVG? I’ve been using it for several years and it hasn’t failed me yet! MMF From: Cynicalgeek Sent: Monday, February 13, 2012 7:27 PM To: NT System Admin Issues Subject: Re: Home Antivirus The same things that infect MSSE also infect McAfee, Norton, et al. If you're going the paid route, supposedly Kaspersky is the absolute best. I've been using MSSE for almost 2.5 years and have been very pleased. On Mon, Feb 13, 2012 at 8:03 PM, Ben Scott mailvor...@gmail.com wrote: On Mon, Feb 13, 2012 at 7:45 PM, Richard Stovall rich...@gmail.com wrote: Hurry up! Time's almost out on the deal to get McAfee free for 3PCs. http://preview.tinyurl.com/77u2zry Receive a $55 prepaid card by mail from McAfee! Expires on 2/15/12 So in two days, the Internet will be a safer place. ;-) If I'm going the free AV route, I'd prolly go MS Security Essentials. While it's limited in features, it does stop malware and spyware, and updates happen with Windows Update. For all of WU's problems, other things all seem to suck more. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- -cynicalgeek- cynicalgeekatgmail.com -- ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: DNS Partial zone CNAMEs?
I really appreciate this and hate to impose more butdid anyone have any ideas how to skin this cat. Bottom line is I need to CNAME www.google.com to nosslsearch.google.com without having to run all of Google's DNS in house manually. I skin this cat or I kill Google Docs for our students, and it actually is really helpful for them, it helps a LOT. And I like to deliver stuff to users that helps, minus the demons flying out of my nose of course. Or I allow Google Docs and block Google search, that would be even worse. I am even open to putting up another DNS server that can CNAME this record and fall over to root for the rest of google...then direct my AD DNS to that on a conditional forwarder. The original suggestion to do this came from Google specifically for the situation I am in. Get search off SSL so the filter can append the request with safe search mode. I would be surprised if their solution totally misses the mark. Again, I really appreciate your help on this. Free ticket to Derbycon this fall if you want to go, just ping me. Ticket to get in, not an airplane ticket. :) From: Ben Scott [mailvor...@gmail.com] Sent: Monday, February 13, 2012 5:48 PM To: NT System Admin Issues Subject: Re: DNS Partial zone CNAMEs? Okay, the consensus on dns-ops is that this is broken and shouldn't work. Specifically, a construct of the following form is invalid: www.example.comhttp://www.example.com. SOA blah blah blah www.example.comhttp://www.example.com. NS ns1.example.comhttp://ns1.example.com. www.example.comhttp://www.example.com. DNAME elsewhere.example.nethttp://elsewhere.example.net. The problem is that DNAME is intended to apply to child names of the LHS name (record owner). It should not apply to the owner name itself. This is made explict in the next draft of the DNAME specification, which states: a DNAME RR redirects DNS names subordinate to its owner name; the owner name of a DNAME is not redirected itself (emphasis added). (draft-ietf-dnsext-rfc2672bis-dname-25, section 2.3http://tools.ietf.org/html/draft-ietf-dnsext-rfc2672bis-dname-25#section-2.3) So, while you're of course free to do this anyway, it may cause demons to fly out of your nosehttp://catb.org/jargon/html/N/nasal-demons.html. More likely, some future hotfix or Service Pack may take it away. That's especially likely if the proposed client-side support for DNAME ever makes it out of committee. You Have Been Warned(TM). :-) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Computer safety and security best practices...
Someone just told me about that site the other day. That will be one of my resources. Thanks! From: Jonathan [mailto:ncm...@gmail.com] Sent: Monday, February 13, 2012 8:35 PM To: NT System Admin Issues Subject: Re: Computer safety and security best practices... Stu does this through his new-ish company, KnowBe4 http://www.knowbe4.com/ Jonathan On Feb 13, 2012 8:22 PM, ntsysadmin ntsysad...@rccs.orgmailto:ntsysad...@rccs.org wrote: I feel like many of the malware infections I come across could have been easily avoided if the end user was just a little better informed. I've wanted to put together some tutorials for staff here at the school and also for my clients, that would help them to be more security conscious while browsing the web, etc. I already have a quite a few ideas for topics to cover and some online resources that I'm looking at too, but would like to make sure I don't leave anything out. I'd like to make this training mandatory for school staff but of course clients would have to be made to see the value of it. Do you guys already do training like this for end users or do you point them to any online materials? Thanks, Mike ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: I think I've asked this before...
On Mon, Feb 13, 2012 at 8:35 PM, Kurt Buff kurt.b...@gmail.com wrote: Are there any NTFS or other mismatch issues that I need to be aware of in such a move? [moving iSCSI LUNs between VMs] The scenario is essentially the same as moving physical disks from one computer to another. For the most part, you should be fine. The one exception I'm aware of would be if you have machine-local principles (users, groups, etc.) in ACLs on the disks. The new box will have a different machine SID, and won't recognize those principles by name. Instead you'll get the numeric SID thing. Domain principles will be unaffected. Now, if you're running any particular *software* off those disks, well, that depends on the software. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: I think I've asked this before...
Are you going to give the new machine the same name as the old one? Jon On Mon, Feb 13, 2012 at 8:35 PM, Kurt Buff kurt.b...@gmail.com wrote: but I don't remember seeing an answer - apologies if someone answered and I missed it... This is a followup to the file server tuning thread, BTW... So, I've got a underperforming Win2k3 R2 VM that talks with several iSCSI LUNs. One strategy to overcome the performance issue is to spin up a 64bit Win2k8 R2 VM, shut down the old VM and pick up the iSCSI LUNs on the new VM. Are there any NTFS or other mismatch issues that I need to be aware of in such a move? I've poked around a bit and haven't seen anything, but I might well have missed something crucial. Just trying to get my ducks in a row. Thanks, Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Home Antivirus
AVG is too processor intensive. For security and low profile MSE works great. MMF mmfree...@ameritech.net wrote: Any comments on AVG? I’ve been using it for several years and it hasn’t failed me yet! MMF From: Cynicalgeek Sent: Monday, February 13, 2012 7:27 PM To: NT System Admin Issues Subject: Re: Home Antivirus The same things that infect MSSE also infect McAfee, Norton, et al. If you're going the paid route, supposedly Kaspersky is the absolute best. I've been using MSSE for almost 2.5 years and have been very pleased. On Mon, Feb 13, 2012 at 8:03 PM, Ben Scott mailvor...@gmail.com wrote: On Mon, Feb 13, 2012 at 7:45 PM, Richard Stovall rich...@gmail.com wrote: Hurry up! Time's almost out on the deal to get McAfee free for 3PCs. http://preview.tinyurl.com/77u2zry Receive a $55 prepaid card by mail from McAfee! Expires on 2/15/12 So in two days, the Internet will be a safer place. ;-) If I'm going the free AV route, I'd prolly go MS Security Essentials. While it's limited in features, it does stop malware and spyware, and updates happen with Windows Update. For all of WU's problems, other things all seem to suck more. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- -cynicalgeek- cynicalgeekatgmail.com -- ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- Sent from Kaiten Mail for Android. Please excuse my brevity. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Cron for Windows 2008
Sorry for the late response, but here's a quick and dirt piece of code I call psget.ps1 #stinger is used here as an example only $yourURL = http://downloadcenter.mcafee.com/products/mcafee-avert/stinger/stinger.exe; $yourFile = c:\temp\stinger.exe $webclient = New-Object Net.WebClient $webclient.DownloadFile($yourURL,$yourFile) echo Your download is now complete! Hope that helps! Rubens On Thu, Feb 2, 2012 at 12:58 AM, Harry Singh hbo...@gmail.com wrote: I'd for one be very interested in knowing what is the PS equivalent to wget. On Wednesday, February 1, 2012, Richard Stovall rich...@gmail.com wrote: I used to run wget from a powershell script using a scheduled task. (Then I figured out how to do the same thing with just powershell and got rid of wget.) On Wed, Feb 1, 2012 at 7:18 PM, Rod Trent rodtr...@myitforum.com wrote: Need to run a wget command. Rod Trent thismessage:/mail/u/0/s/?view=attth=1353beed23172452attid=0.1disp=embrealattid=c1ce1794ec09ac12_0.1zwthismessage:/mail/u/0/s/?view=attth=1353beed23172452attid=0.2disp=embrealattid=c1ce1794ec09ac12_0.2zwthismessage:/mail/u/0/s/?view=attth=1353beed23172452attid=0.3disp=embrealattid=c1ce1794ec09ac12_0.3zwthismessage:/mail/u/0/s/?view=attth=1353beed23172452attid=0.4disp=embrealattid=c1ce1794ec09ac12_0.4zw From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Wednesday, February 01, 2012 6:01 PM To: NT System Admin Issues Subject: RE: Cron for Windows 2008 I gotta ask – what’s wrong with Task Scheduler? It was basically re-written for LH and has lots of nice features and functionality now… Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Rod Trent [mailto:rodtr...@myitforum.com] Sent: Wednesday, February 01, 2012 5:53 PM To: NT System Admin Issues Subject: Cron for Windows 2008 Anyone running Cron jobs on Windows 2008? I need a good, stable Cron app. Hopefully something that can be run as a service, but not required. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: I think I've asked this before...
Local ACLs will be broke (vs. domain-based ACLs). Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Monday, February 13, 2012 8:36 PM To: NT System Admin Issues Subject: I think I've asked this before... but I don't remember seeing an answer - apologies if someone answered and I missed it... This is a followup to the file server tuning thread, BTW... So, I've got a underperforming Win2k3 R2 VM that talks with several iSCSI LUNs. One strategy to overcome the performance issue is to spin up a 64bit Win2k8 R2 VM, shut down the old VM and pick up the iSCSI LUNs on the new VM. Are there any NTFS or other mismatch issues that I need to be aware of in such a move? I've poked around a bit and haven't seen anything, but I might well have missed something crucial. Just trying to get my ducks in a row. Thanks, Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Home Antivirus
I had lost faith in AVG a few years ago, but it seems to work better now. I do have one client that uses the business version with success. I often install the free version for home users whose PCs I’ve just cleaned up. It’s hard to tell someone that the AV they just paid for is worthless and they need to buy something else. Installing the free AVG product makes this a little less painful. I also like to install the free Secunia PSI scanner for home users, to try to help them stay up to date on patches. Any comments on that program? Thanks, Mike From: MMF [mailto:mmfree...@ameritech.net] Sent: Monday, February 13, 2012 8:55 PM To: NT System Admin Issues Subject: Re: Home Antivirus Any comments on AVG? I’ve been using it for several years and it hasn’t failed me yet! MMF From: Cynicalgeekmailto:cynicalg...@gmail.com Sent: Monday, February 13, 2012 7:27 PM To: NT System Admin Issuesmailto:ntsysadmin@lyris.sunbelt-software.com Subject: Re: Home Antivirus The same things that infect MSSE also infect McAfee, Norton, et al. If you're going the paid route, supposedly Kaspersky is the absolute best. I've been using MSSE for almost 2.5 years and have been very pleased. On Mon, Feb 13, 2012 at 8:03 PM, Ben Scott mailvor...@gmail.commailto:mailvor...@gmail.com wrote: On Mon, Feb 13, 2012 at 7:45 PM, Richard Stovall rich...@gmail.commailto:rich...@gmail.com wrote: Hurry up! Time's almost out on the deal to get McAfee free for 3PCs. http://preview.tinyurl.com/77u2zry Receive a $55 prepaid card by mail from McAfee! Expires on 2/15/12 So in two days, the Internet will be a safer place. ;-) If I'm going the free AV route, I'd prolly go MS Security Essentials. While it's limited in features, it does stop malware and spyware, and updates happen with Windows Update. For all of WU's problems, other things all seem to suck more. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- -cynicalgeek- cynicalgeekatgmail.comhttp://gmail.com -- ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Home Antivirus
From personal experience it does not matter how good the anti-malware software is if you have users (home or corp) that run as administrators regularly, fight you tooth and nail on patching the machine, and download/install all the neat stuff on the web they will get hit by something. Previous $dayjob$ once I got administration approval to pull admin privileges, start patching on a regular basis, and require proof of need to install anything not on the standard software list with proof that it was not going to open up the internal network to a virus most of the anti-malware software will keep things under control. Most homeowners prefer to run with admin privileges, fight patching, and install all kinds of garbage they really don't need. Those are the ones that get hit repeatably but malware. Jon On Mon, Feb 13, 2012 at 8:55 PM, MMF mmfree...@ameritech.net wrote: Any comments on AVG? I’ve been using it for several years and it hasn’t failed me yet! MMF *From:* Cynicalgeek cynicalg...@gmail.com *Sent:* Monday, February 13, 2012 7:27 PM *To:* NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com *Subject:* Re: Home Antivirus The same things that infect MSSE also infect McAfee, Norton, et al. If you're going the paid route, supposedly Kaspersky is the absolute best. I've been using MSSE for almost 2.5 years and have been very pleased. On Mon, Feb 13, 2012 at 8:03 PM, Ben Scott mailvor...@gmail.com wrote: On Mon, Feb 13, 2012 at 7:45 PM, Richard Stovall rich...@gmail.com wrote: Hurry up! Time's almost out on the deal to get McAfee free for 3PCs. http://preview.tinyurl.com/77u2zry Receive a $55 prepaid card by mail from McAfee! Expires on 2/15/12 So in two days, the Internet will be a safer place. ;-) If I'm going the free AV route, I'd prolly go MS Security Essentials. While it's limited in features, it does stop malware and spyware, and updates happen with Windows Update. For all of WU's problems, other things all seem to suck more. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- -cynicalgeek- cynicalgeekatgmail.com -- ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: I think I've asked this before...
I switched from a 2003 to 2008 server a few years ago. It was not R2 or 64 bit but from an ACL perspective I had no problems. I just added the LUNs and setup the shares and was done. On Monday, February 13, 2012, Kurt Buff kurt.b...@gmail.com wrote: but I don't remember seeing an answer - apologies if someone answered and I missed it... This is a followup to the file server tuning thread, BTW... So, I've got a underperforming Win2k3 R2 VM that talks with several iSCSI LUNs. One strategy to overcome the performance issue is to spin up a 64bit Win2k8 R2 VM, shut down the old VM and pick up the iSCSI LUNs on the new VM. Are there any NTFS or other mismatch issues that I need to be aware of in such a move? I've poked around a bit and haven't seen anything, but I might well have missed something crucial. Just trying to get my ducks in a row. Thanks, Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Home Antivirus
That's the same reason I dropped Avast! for SME. Rod Trent wrote: AVG is too processor intensive. For security and low profile MSE works great. MMF mmfree...@ameritech.net wrote: Any comments on AVG? I’ve been using it for several years and it hasn’t failed me yet! MMF *From:* Cynicalgeek mailto:cynicalg...@gmail.com *Sent:* Monday, February 13, 2012 7:27 PM *To:* NT System Admin Issues mailto:ntsysadmin@lyris.sunbelt-software.com *Subject:* Re: Home Antivirus The same things that infect MSSE also infect McAfee, Norton, et al. If you're going the paid route, supposedly Kaspersky is the absolute best. I've been using MSSE for almost 2.5 years and have been very pleased. On Mon, Feb 13, 2012 at 8:03 PM, Ben Scott mailvor...@gmail.com mailto:mailvor...@gmail.com wrote: On Mon, Feb 13, 2012 at 7:45 PM, Richard Stovall rich...@gmail.com mailto:rich...@gmail.com wrote: Hurry up! Time's almost out on the deal to get McAfee free for 3PCs. http://preview.tinyurl.com/77u2zry Receive a $55 prepaid card by mail from McAfee! Expires on 2/15/12 So in two days, the Internet will be a safer place. ;-) If I'm going the free AV route, I'd prolly go MS Security Essentials. While it's limited in features, it does stop malware and spyware, and updates happen with Windows Update. For all of WU's problems, other things all seem to suck more. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com mailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- -cynicalgeek- cynicalgeekatgmail.com http://gmail.com -- ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com mailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com mailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- Sent from Kaiten Mail for Android. Please excuse my brevity. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com mailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: I think I've asked this before...
On Mon, Feb 13, 2012 at 18:07, Ben Scott mailvor...@gmail.com wrote: On Mon, Feb 13, 2012 at 8:35 PM, Kurt Buff kurt.b...@gmail.com wrote: Are there any NTFS or other mismatch issues that I need to be aware of in such a move? [moving iSCSI LUNs between VMs] The scenario is essentially the same as moving physical disks from one computer to another. For the most part, you should be fine. The one exception I'm aware of would be if you have machine-local principles (users, groups, etc.) in ACLs on the disks. The new box will have a different machine SID, and won't recognize those principles by name. Instead you'll get the numeric SID thing. Domain principles will be unaffected. Now, if you're running any particular *software* off those disks, well, that depends on the software. Ah - I don't think that would be affected by OS version differences, but it does make a difference, and I do have one or two local accounts. That shouldn't be an issue, as I can recreate them easily enough. Thanks, Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: I think I've asked this before...
Yeah - shouldn't be a problem to fix. On Mon, Feb 13, 2012 at 18:27, Michael B. Smith mich...@smithcons.com wrote: Local ACLs will be broke (vs. domain-based ACLs). Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Monday, February 13, 2012 8:36 PM To: NT System Admin Issues Subject: I think I've asked this before... but I don't remember seeing an answer - apologies if someone answered and I missed it... This is a followup to the file server tuning thread, BTW... So, I've got a underperforming Win2k3 R2 VM that talks with several iSCSI LUNs. One strategy to overcome the performance issue is to spin up a 64bit Win2k8 R2 VM, shut down the old VM and pick up the iSCSI LUNs on the new VM. Are there any NTFS or other mismatch issues that I need to be aware of in such a move? I've poked around a bit and haven't seen anything, but I might well have missed something crucial. Just trying to get my ducks in a row. Thanks, Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: I think I've asked this before...
Oh, yes. There's a *large* cache of directories that are targets of an web site on another machine, and it would be deemed too difficult to do the search and replace for that, and for all of the desktop links that users have saved locally. Kurt On Mon, Feb 13, 2012 at 18:11, Jon Harris jk.har...@gmail.com wrote: Are you going to give the new machine the same name as the old one? Jon On Mon, Feb 13, 2012 at 8:35 PM, Kurt Buff kurt.b...@gmail.com wrote: but I don't remember seeing an answer - apologies if someone answered and I missed it... This is a followup to the file server tuning thread, BTW... So, I've got a underperforming Win2k3 R2 VM that talks with several iSCSI LUNs. One strategy to overcome the performance issue is to spin up a 64bit Win2k8 R2 VM, shut down the old VM and pick up the iSCSI LUNs on the new VM. Are there any NTFS or other mismatch issues that I need to be aware of in such a move? I've poked around a bit and haven't seen anything, but I might well have missed something crucial. Just trying to get my ducks in a row. Thanks, Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Home Antivirus
How much less likely is one to get infected running as a non-admin? Does it depend on the OS? I ask because I've cleaned up infections on Windows7 Pro PCs where the user was definitely not running as an admin. One PC in question was also set up to require additional credentials for any software installation. We never did determine the source of the malware. Thanks, Mike From: Jon Harris [mailto:jk.har...@gmail.com] Sent: Monday, February 13, 2012 9:42 PM To: NT System Admin Issues Subject: Re: Home Antivirus From personal experience it does not matter how good the anti-malware software is if you have users (home or corp) that run as administrators regularly, fight you tooth and nail on patching the machine, and download/install all the neat stuff on the web they will get hit by something. Previous $dayjob$ once I got administration approval to pull admin privileges, start patching on a regular basis, and require proof of need to install anything not on the standard software list with proof that it was not going to open up the internal network to a virus most of the anti-malware software will keep things under control. Most homeowners prefer to run with admin privileges, fight patching, and install all kinds of garbage they really don't need. Those are the ones that get hit repeatably but malware. Jon On Mon, Feb 13, 2012 at 8:55 PM, MMF mmfree...@ameritech.netmailto:mmfree...@ameritech.net wrote: Any comments on AVG? I've been using it for several years and it hasn't failed me yet! MMF From: Cynicalgeekmailto:cynicalg...@gmail.com Sent: Monday, February 13, 2012 7:27 PM To: NT System Admin Issuesmailto:ntsysadmin@lyris.sunbelt-software.com Subject: Re: Home Antivirus The same things that infect MSSE also infect McAfee, Norton, et al. If you're going the paid route, supposedly Kaspersky is the absolute best. I've been using MSSE for almost 2.5 years and have been very pleased. On Mon, Feb 13, 2012 at 8:03 PM, Ben Scott mailvor...@gmail.commailto:mailvor...@gmail.com wrote: On Mon, Feb 13, 2012 at 7:45 PM, Richard Stovall rich...@gmail.commailto:rich...@gmail.com wrote: Hurry up! Time's almost out on the deal to get McAfee free for 3PCs. http://preview.tinyurl.com/77u2zry Receive a $55 prepaid card by mail from McAfee! Expires on 2/15/12 So in two days, the Internet will be a safer place. ;-) If I'm going the free AV route, I'd prolly go MS Security Essentials. While it's limited in features, it does stop malware and spyware, and updates happen with Windows Update. For all of WU's problems, other things all seem to suck more. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- -cynicalgeek- cynicalgeekatgmail.comhttp://gmail.com -- ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: I think I've asked this before...
Shares will need to be reshared. Whilst upgrading to 2008 R2 is going to be in the cards sooner or later, you should really determine root cause before you throw a dart in the air and hope for a band aid. Thanks, Brian Desmond br...@briandesmond.com w – 312.625.1438 | c – 312.731.3132 -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Monday, February 13, 2012 7:36 PM To: NT System Admin Issues Subject: I think I've asked this before... but I don't remember seeing an answer - apologies if someone answered and I missed it... This is a followup to the file server tuning thread, BTW... So, I've got a underperforming Win2k3 R2 VM that talks with several iSCSI LUNs. One strategy to overcome the performance issue is to spin up a 64bit Win2k8 R2 VM, shut down the old VM and pick up the iSCSI LUNs on the new VM. Are there any NTFS or other mismatch issues that I need to be aware of in such a move? I've poked around a bit and haven't seen anything, but I might well have missed something crucial. Just trying to get my ducks in a row. Thanks, Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Picking up file server tuning again
Well, the % Interrupts/DPC Time/Kernel Mode CPU time isn't necessarily going to be fixed by x64. It may very well mean you've got some crappy drivers in play. The disk stuff indicates the disk is not fast enough to keep up with demand. You can solve that with more spindles or faster spindles. Page Pool utilization will be resolved by x64 (or even x86 on 2008). That's indicative of crappy drivers, large tokens, and/or people doing things like using PSTs off file shares. Thanks, Brian Desmond br...@briandesmond.com w – 312.625.1438 | c – 312.731.3132 -Original Message- From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Monday, February 13, 2012 6:18 PM To: NT System Admin Issues Subject: RE: Picking up file server tuning again Well, the kernel mode, paged pool, and interrupt time are items that will be specifically reduced with an x64 OS. The I/O situation is indicative of disk queuing which is hypervisor related. Dunno how you optimize that in VMware, there are a number of potentials in Hyper-V. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Monday, February 13, 2012 5:33 PM To: NT System Admin Issues Subject: Re: Picking up file server tuning again It *is* a busy box, and migrating the iSCSI LUNs to a 64bit server is something I've definitely considered. I have a Dell R310 with 16gb RAM that I could use, but it's already got 9 active VMs, although they're not heavy hitters. AFAICT, probably the highest-use machines on the ESXi 4.1 box are the secondary DC (no FSMO roles, but does do DNS and WINS) and the issuing CA box. It's currently a VM on what I believe to be an underpowered ESX 3.5 box - I think it's possible that it's simply starved for resources on that ESX box. I'm sure there's something out there like perfmon for VMware that I can use to capture performance over time - I'd like to measure and analyze the performance of the ESX 3.5 box while the backups are happening against the file server. I'm also considering moving the Win2k3 file server VM to the ESX box and seeing if the situation improves. Kurt On Mon, Feb 13, 2012 at 12:08, Michael B. Smith mich...@smithcons.com wrote: That's a busy box. I'd suggest moving to a 64-bit OS. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Monday, February 13, 2012 3:00 PM To: NT System Admin Issues Subject: Re: Picking up file server tuning again Ran PAL against the log. Um, wow. It's a freaking christmas tree - red and yellow all over the place in CPU and disk. Who should I be talking with to analyze this? A sample of the issues shown - all of which show up in more than one time slice - some in every or almost every slice: o- More than 50% Processor Utilization o- More than 30% privileged (kernel) mode CPU usage o- More than 2 packets are waiting in the output queue o- Greater than 25ms physical disk READ response times o- Greater than 25ms physical disk WRITE response times o- More than 80% of Pool Paged Kernel Memory Used o- More than 2 I/O's are waiting on the physical disk o- 20 (Processor(_Total)\DPC Rate) o- More than 30% Interrupt Time o- Greater than 1000 page inputs per second (Memory\Pages Input/sec) Some things that showed no alerts: o- Memory\Available MBytes o- Memory\Free System Page Table Entrie o- Memory\Pages/sec o- Memory\System Cache Resident Bytes o- Memory\Cache Bytes o- Memory\% Committed Bytes In Use o- Network Interface(*)\% Network Utilization MS TCP Loopback interface VMware Accelerated AMD PCNet Adapter VMware Accelerated AMD PCNet Adapter#1 o- Network Interface(*)\Packets Outbound Errors MS TCP Loopback interface VMware Accelerated AMD PCNet Adapter VMware Accelerated AMD PCNet Adapter#1 Kurt On Fri, Feb 10, 2012 at 16:04, Brian Desmond br...@briandesmond.com wrote: Rather than trying to do this yourself, check out PAL - http://pal.codeplex.com/. It will setup all the right counters for you and crunch the data. Thanks, Brian Desmond br...@briandesmond.com w – 312.625.1438 | c – 312.731.3132 -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Friday, February 10, 2012 4:43 PM To: NT System Admin Issues Subject: Picking up file server tuning again I'm getting back to monitoring my situation with the file server again, and just finished a perfmon session covering the 3rd through the 7th of this month. Simultaneously, I set up perfmon on the same workstation to monitor the backup server. If anyone cares to help, I'd be deeply appreciative. I set up perfmon on a Win7 VM on an ESXi 4.1 host to take measurements at 60 second intervals of a whole bunch of counters, many of them probably just noise. I'll describe the
Re: I think I've asked this before...
On Mon, Feb 13, 2012 at 10:03 PM, Kurt Buff kurt.b...@gmail.com wrote: Oh, yes. There's a *large* cache of directories that are targets of an web site on another machine, and it would be deemed too difficult to do the search and replace for that, and for all of the desktop links that users have saved locally. To avoid this problem in the future: Investigate DFS. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: I think I've asked this before...
On Mon, Feb 13, 2012 at 10:22 PM, Brian Desmond br...@briandesmond.com wrote: Whilst upgrading to 2008 R2 is going to be in the cards sooner or later, you should really determine root cause before you throw a dart in the air and hope for a band aid. Root cause? This is IT. We don't do that here. ;-) Update drivers. Upgrade the OS. Repartition the drive. Resize the paging file. Defrag. CHKDSK. Log on as local admin. Change the desktop background. Perturb the problem out of existence! ;-) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: I think I've asked this before...
On Mon, Feb 13, 2012 at 19:22, Brian Desmond br...@briandesmond.com wrote: Shares will need to be reshared. Got that covered. - that's about the easiest thing. I was looking for incompatibilities in NTFS implementation between OS version more than standard details like this, and from what others have said there either aren't any or they're insignificant. Whilst upgrading to 2008 R2 is going to be in the cards sooner or later, you should really determine root cause before you throw a dart in the air and hope for a band aid. Love the mixed metaphor. Let me know if the details I shared in the other thread suggest anything to you, or if I need to provide more info. Thanks, Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: DNS Partial zone CNAMEs?
You can do as I've suggested, and use a firewall that denies port 443 for www.google.com, Others have suggested that a web proxy would be an alternative, especially one that can deny URLs with a bare IP address, and I'd agree that this is also going to prove useful. DNS is not your answer. Kurt On Mon, Feb 13, 2012 at 17:53, Kennedy, Jim kennedy...@elyriaschools.org wrote: I really appreciate this and hate to impose more butdid anyone have any ideas how to skin this cat. Bottom line is I need to CNAME www.google.com to nosslsearch.google.com without having to run all of Google's DNS in house manually. I skin this cat or I kill Google Docs for our students, and it actually is really helpful for them, it helps a LOT. And I like to deliver stuff to users that helps, minus the demons flying out of my nose of course. Or I allow Google Docs and block Google search, that would be even worse. I am even open to putting up another DNS server that can CNAME this record and fall over to root for the rest of google...then direct my AD DNS to that on a conditional forwarder. The original suggestion to do this came from Google specifically for the situation I am in. Get search off SSL so the filter can append the request with safe search mode. I would be surprised if their solution totally misses the mark. Again, I really appreciate your help on this. Free ticket to Derbycon this fall if you want to go, just ping me. Ticket to get in, not an airplane ticket. :) From: Ben Scott [mailvor...@gmail.com] Sent: Monday, February 13, 2012 5:48 PM To: NT System Admin Issues Subject: Re: DNS Partial zone CNAMEs? Okay, the consensus on dns-ops is that this is broken and shouldn't work. Specifically, a construct of the following form is invalid: www.example.comhttp://www.example.com. SOA blah blah blah www.example.comhttp://www.example.com. NS ns1.example.comhttp://ns1.example.com. www.example.comhttp://www.example.com. DNAME elsewhere.example.nethttp://elsewhere.example.net. The problem is that DNAME is intended to apply to child names of the LHS name (record owner). It should not apply to the owner name itself. This is made explict in the next draft of the DNAME specification, which states: a DNAME RR redirects DNS names subordinate to its owner name; the owner name of a DNAME is not redirected itself (emphasis added). (draft-ietf-dnsext-rfc2672bis-dname-25, section 2.3http://tools.ietf.org/html/draft-ietf-dnsext-rfc2672bis-dname-25#section-2.3) So, while you're of course free to do this anyway, it may cause demons to fly out of your nosehttp://catb.org/jargon/html/N/nasal-demons.html. More likely, some future hotfix or Service Pack may take it away. That's especially likely if the proposed client-side support for DNAME ever makes it out of committee. You Have Been Warned(TM). :-) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Picking up file server tuning again
PSTs on file shares - it's been a while since I looked at that issue. Crappy drivers are a small possibility - it is a P2V of an old machine. I'm not sure that the number of spindles has anything to do with it, and in any case there isn't anything I can do about that for a while. Can you explain what you mean by large tokens? Is that related to token bloat in AD, or is it something else? Thanks, Kurt On Mon, Feb 13, 2012 at 19:25, Brian Desmond br...@briandesmond.com wrote: Well, the % Interrupts/DPC Time/Kernel Mode CPU time isn't necessarily going to be fixed by x64. It may very well mean you've got some crappy drivers in play. The disk stuff indicates the disk is not fast enough to keep up with demand. You can solve that with more spindles or faster spindles. Page Pool utilization will be resolved by x64 (or even x86 on 2008). That's indicative of crappy drivers, large tokens, and/or people doing things like using PSTs off file shares. Thanks, Brian Desmond br...@briandesmond.com w – 312.625.1438 | c – 312.731.3132 -Original Message- From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Monday, February 13, 2012 6:18 PM To: NT System Admin Issues Subject: RE: Picking up file server tuning again Well, the kernel mode, paged pool, and interrupt time are items that will be specifically reduced with an x64 OS. The I/O situation is indicative of disk queuing which is hypervisor related. Dunno how you optimize that in VMware, there are a number of potentials in Hyper-V. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Monday, February 13, 2012 5:33 PM To: NT System Admin Issues Subject: Re: Picking up file server tuning again It *is* a busy box, and migrating the iSCSI LUNs to a 64bit server is something I've definitely considered. I have a Dell R310 with 16gb RAM that I could use, but it's already got 9 active VMs, although they're not heavy hitters. AFAICT, probably the highest-use machines on the ESXi 4.1 box are the secondary DC (no FSMO roles, but does do DNS and WINS) and the issuing CA box. It's currently a VM on what I believe to be an underpowered ESX 3.5 box - I think it's possible that it's simply starved for resources on that ESX box. I'm sure there's something out there like perfmon for VMware that I can use to capture performance over time - I'd like to measure and analyze the performance of the ESX 3.5 box while the backups are happening against the file server. I'm also considering moving the Win2k3 file server VM to the ESX box and seeing if the situation improves. Kurt On Mon, Feb 13, 2012 at 12:08, Michael B. Smith mich...@smithcons.com wrote: That's a busy box. I'd suggest moving to a 64-bit OS. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Monday, February 13, 2012 3:00 PM To: NT System Admin Issues Subject: Re: Picking up file server tuning again Ran PAL against the log. Um, wow. It's a freaking christmas tree - red and yellow all over the place in CPU and disk. Who should I be talking with to analyze this? A sample of the issues shown - all of which show up in more than one time slice - some in every or almost every slice: o- More than 50% Processor Utilization o- More than 30% privileged (kernel) mode CPU usage o- More than 2 packets are waiting in the output queue o- Greater than 25ms physical disk READ response times o- Greater than 25ms physical disk WRITE response times o- More than 80% of Pool Paged Kernel Memory Used o- More than 2 I/O's are waiting on the physical disk o- 20 (Processor(_Total)\DPC Rate) o- More than 30% Interrupt Time o- Greater than 1000 page inputs per second (Memory\Pages Input/sec) Some things that showed no alerts: o- Memory\Available MBytes o- Memory\Free System Page Table Entrie o- Memory\Pages/sec o- Memory\System Cache Resident Bytes o- Memory\Cache Bytes o- Memory\% Committed Bytes In Use o- Network Interface(*)\% Network Utilization MS TCP Loopback interface VMware Accelerated AMD PCNet Adapter VMware Accelerated AMD PCNet Adapter#1 o- Network Interface(*)\Packets Outbound Errors MS TCP Loopback interface VMware Accelerated AMD PCNet Adapter VMware Accelerated AMD PCNet Adapter#1 Kurt On Fri, Feb 10, 2012 at 16:04, Brian Desmond br...@briandesmond.com wrote: Rather than trying to do this yourself, check out PAL - http://pal.codeplex.com/. It will setup all the right counters for you and crunch the data. Thanks, Brian Desmond br...@briandesmond.com w – 312.625.1438 | c – 312.731.3132 -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Friday, February 10, 2012 4:43 PM To: NT System Admin Issues
Re: Computer safety and security best practices...
See this site, from SANS: http://www.securingthehuman.org/resources/newsletters/ouch On Mon, Feb 13, 2012 at 17:15, ntsysadmin ntsysad...@rccs.org wrote: I feel like many of the malware infections I come across could have been easily avoided if the end user was just a little better informed. I’ve wanted to put together some tutorials for staff here at the school and also for my clients, that would help them to be more security conscious while browsing the web, etc. I already have a quite a few ideas for topics to cover and some online resources that I’m looking at too, but would like to make sure I don’t leave anything out. I’d like to make this training mandatory for school staff but of course clients would have to be made to see the value of it. Do you guys already do training like this for end users or do you point them to any online materials? Thanks, Mike ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Computer safety and security best practices...
Wow, that looks like an excellent resource! It will take me a while to go through it all. Thanks, Mike -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Tuesday, February 14, 2012 12:16 AM To: NT System Admin Issues Subject: Re: Computer safety and security best practices... See this site, from SANS: http://www.securingthehuman.org/resources/newsletters/ouch On Mon, Feb 13, 2012 at 17:15, ntsysadmin ntsysad...@rccs.org wrote: I feel like many of the malware infections I come across could have been easily avoided if the end user was just a little better informed. I’ve wanted to put together some tutorials for staff here at the school and also for my clients, that would help them to be more security conscious while browsing the web, etc. I already have a quite a few ideas for topics to cover and some online resources that I’m looking at too, but would like to make sure I don’t leave anything out. I’d like to make this training mandatory for school staff but of course clients would have to be made to see the value of it. Do you guys already do training like this for end users or do you point them to any online materials? Thanks, Mike ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Picking up file server tuning again
Yes. Security tokens are stored in Paged Pool. When you get the token bloat issue (well if you start approaching it), you will start seeing issues on x86 application servers where they are running out of paged pool. If you look at a report of paged pool consumers, you'll find the Toke tag at the top. # of spindles is going to directly correlate to disk queue lengths and latency. If you have 2 spindles which can do 100 IOPS each, and you are throwing 225 IOPS at them, you will have a problem. If you add a third spindle, now you have 75 IOPS head room. Thanks, Brian Desmond br...@briandesmond.com w – 312.625.1438 | c – 312.731.3132 -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Monday, February 13, 2012 11:13 PM To: NT System Admin Issues Subject: Re: Picking up file server tuning again PSTs on file shares - it's been a while since I looked at that issue. Crappy drivers are a small possibility - it is a P2V of an old machine. I'm not sure that the number of spindles has anything to do with it, and in any case there isn't anything I can do about that for a while. Can you explain what you mean by large tokens? Is that related to token bloat in AD, or is it something else? Thanks, Kurt On Mon, Feb 13, 2012 at 19:25, Brian Desmond br...@briandesmond.com wrote: Well, the % Interrupts/DPC Time/Kernel Mode CPU time isn't necessarily going to be fixed by x64. It may very well mean you've got some crappy drivers in play. The disk stuff indicates the disk is not fast enough to keep up with demand. You can solve that with more spindles or faster spindles. Page Pool utilization will be resolved by x64 (or even x86 on 2008). That's indicative of crappy drivers, large tokens, and/or people doing things like using PSTs off file shares. Thanks, Brian Desmond br...@briandesmond.com w – 312.625.1438 | c – 312.731.3132 -Original Message- From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Monday, February 13, 2012 6:18 PM To: NT System Admin Issues Subject: RE: Picking up file server tuning again Well, the kernel mode, paged pool, and interrupt time are items that will be specifically reduced with an x64 OS. The I/O situation is indicative of disk queuing which is hypervisor related. Dunno how you optimize that in VMware, there are a number of potentials in Hyper-V. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Monday, February 13, 2012 5:33 PM To: NT System Admin Issues Subject: Re: Picking up file server tuning again It *is* a busy box, and migrating the iSCSI LUNs to a 64bit server is something I've definitely considered. I have a Dell R310 with 16gb RAM that I could use, but it's already got 9 active VMs, although they're not heavy hitters. AFAICT, probably the highest-use machines on the ESXi 4.1 box are the secondary DC (no FSMO roles, but does do DNS and WINS) and the issuing CA box. It's currently a VM on what I believe to be an underpowered ESX 3.5 box - I think it's possible that it's simply starved for resources on that ESX box. I'm sure there's something out there like perfmon for VMware that I can use to capture performance over time - I'd like to measure and analyze the performance of the ESX 3.5 box while the backups are happening against the file server. I'm also considering moving the Win2k3 file server VM to the ESX box and seeing if the situation improves. Kurt On Mon, Feb 13, 2012 at 12:08, Michael B. Smith mich...@smithcons.com wrote: That's a busy box. I'd suggest moving to a 64-bit OS. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Monday, February 13, 2012 3:00 PM To: NT System Admin Issues Subject: Re: Picking up file server tuning again Ran PAL against the log. Um, wow. It's a freaking christmas tree - red and yellow all over the place in CPU and disk. Who should I be talking with to analyze this? A sample of the issues shown - all of which show up in more than one time slice - some in every or almost every slice: o- More than 50% Processor Utilization o- More than 30% privileged (kernel) mode CPU usage o- More than 2 packets are waiting in the output queue o- Greater than 25ms physical disk READ response times o- Greater than 25ms physical disk WRITE response times o- More than 80% of Pool Paged Kernel Memory Used o- More than 2 I/O's are waiting on the physical disk o- 20 (Processor(_Total)\DPC Rate) o- More than 30% Interrupt Time o- Greater than 1000 page inputs per second (Memory\Pages Input/sec) Some things that showed no alerts: o- Memory\Available MBytes o- Memory\Free System Page Table Entrie o- Memory\Pages/sec o- Memory\System Cache Resident Bytes o- Memory\Cache
RE: I think I've asked this before...
Based on the details in your other thread, upgrading to an x64 OS and also increasing the RAM and CPU allocated to your VM is likely a good plan. Thanks, Brian Desmond br...@briandesmond.com w – 312.625.1438 | c – 312.731.3132 -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Monday, February 13, 2012 10:16 PM To: NT System Admin Issues Subject: Re: I think I've asked this before... On Mon, Feb 13, 2012 at 19:22, Brian Desmond br...@briandesmond.com wrote: Shares will need to be reshared. Got that covered. - that's about the easiest thing. I was looking for incompatibilities in NTFS implementation between OS version more than standard details like this, and from what others have said there either aren't any or they're insignificant. Whilst upgrading to 2008 R2 is going to be in the cards sooner or later, you should really determine root cause before you throw a dart in the air and hope for a band aid. Love the mixed metaphor. Let me know if the details I shared in the other thread suggest anything to you, or if I need to provide more info. Thanks, Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Home Antivirus
Haven't noticed AVG being that bad on CPU lately, but that might be because I rarely watch it run on single cores. But with lower CPU intensity comes lesser detection. See the virusbtn RAP chart. MSSE has not been in the same league with the other well-known names (the well known names that score well) for a while. It's stayed in the same general spot while the others have improved. However, I'd take it MSSE in a heartbeat over McAfee or Norton. From: Rod Trent [mailto:rodtr...@myitforum.com] Sent: Monday, February 13, 2012 9:23 PM To: NT System Admin Issues Subject: Re: Home Antivirus AVG is too processor intensive. For security and low profile MSE works great. MMF mmfree...@ameritech.net wrote: Any comments on AVG? I’ve been using it for several years and it hasn’t failed me yet! MMF From: Cynicalgeek mailto:cynicalg...@gmail.com Sent: Monday, February 13, 2012 7:27 PM To: NT System Admin Issues mailto:ntsysadmin@lyris.sunbelt-software.com Subject: Re: Home Antivirus The same things that infect MSSE also infect McAfee, Norton, et al. If you're going the paid route, supposedly Kaspersky is the absolute best. I've been using MSSE for almost 2.5 years and have been very pleased. On Mon, Feb 13, 2012 at 8:03 PM, Ben Scott mailvor...@gmail.com wrote: On Mon, Feb 13, 2012 at 7:45 PM, Richard Stovall rich...@gmail.com wrote: Hurry up! Time's almost out on the deal to get McAfee free for 3PCs. http://preview.tinyurl.com/77u2zry Receive a $55 prepaid card by mail from McAfee! Expires on 2/15/12 So in two days, the Internet will be a safer place. ;-) If I'm going the free AV route, I'd prolly go MS Security Essentials. While it's limited in features, it does stop malware and spyware, and updates happen with Windows Update. For all of WU's problems, other things all seem to suck more. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- -cynicalgeek- cynicalgeekatgmail.com -- ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- Sent from Kaiten Mail for Android. Please excuse my brevity. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Home Antivirus
One doesn't have to be an admin to infect one's own user profile. That's also why non-admins can install Chrome - it installs into the user profile. But a non-admin has a better chance of avoiding a rootkit. Carl From: ntsysadmin [mailto:ntsysad...@rccs.org] Sent: Monday, February 13, 2012 10:10 PM To: NT System Admin Issues Subject: RE: Home Antivirus How much less likely is one to get infected running as a non-admin? Does it depend on the OS? I ask because I've cleaned up infections on Windows7 Pro PCs where the user was definitely not running as an admin. One PC in question was also set up to require additional credentials for any software installation. We never did determine the source of the malware. Thanks, Mike From: Jon Harris [mailto:jk.har...@gmail.com] Sent: Monday, February 13, 2012 9:42 PM To: NT System Admin Issues Subject: Re: Home Antivirus From personal experience it does not matter how good the anti-malware software is if you have users (home or corp) that run as administrators regularly, fight you tooth and nail on patching the machine, and download/install all the neat stuff on the web they will get hit by something. Previous $dayjob$ once I got administration approval to pull admin privileges, start patching on a regular basis, and require proof of need to install anything not on the standard software list with proof that it was not going to open up the internal network to a virus most of the anti-malware software will keep things under control. Most homeowners prefer to run with admin privileges, fight patching, and install all kinds of garbage they really don't need. Those are the ones that get hit repeatably but malware. Jon On Mon, Feb 13, 2012 at 8:55 PM, MMF mmfree...@ameritech.net wrote: Any comments on AVG? I've been using it for several years and it hasn't failed me yet! MMF From: Cynicalgeek mailto:cynicalg...@gmail.com Sent: Monday, February 13, 2012 7:27 PM To: NT System Admin Issues mailto:ntsysadmin@lyris.sunbelt-software.com Subject: Re: Home Antivirus The same things that infect MSSE also infect McAfee, Norton, et al. If you're going the paid route, supposedly Kaspersky is the absolute best. I've been using MSSE for almost 2.5 years and have been very pleased. On Mon, Feb 13, 2012 at 8:03 PM, Ben Scott mailvor...@gmail.com wrote: On Mon, Feb 13, 2012 at 7:45 PM, Richard Stovall rich...@gmail.com wrote: Hurry up! Time's almost out on the deal to get McAfee free for 3PCs. http://preview.tinyurl.com/77u2zry Receive a $55 prepaid card by mail from McAfee! Expires on 2/15/12 So in two days, the Internet will be a safer place. ;-) If I'm going the free AV route, I'd prolly go MS Security Essentials. While it's limited in features, it does stop malware and spyware, and updates happen with Windows Update. For all of WU's problems, other things all seem to suck more. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- -cynicalgeek- cynicalgeekatgmail.com -- ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin