Re: Is there a way...

[Andrew S. Baker]

You can try *%~f0*

* *

*ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of
Technology for the SMB market…

*



On Thu, Jun 7, 2012 at 1:45 PM, David Lum  wrote:

> Only the fact that whomever I send it to has to change it. Trivial for us,
> but I’m betting someone will screw it up and call me J
>
> ** **
>
> The %0\..\ is how you call an executable from a the same location as where
> the batch file is running if the batch file has been called via UNC. Most
> commonly seen in legacy logon batch files:
>
> ** **
>
> @echo off
>
> %0\..\wkix.exe %0\..\Login.k2k
>
> ** **
>
> As long as these two files are in the same folder that the script was
> called from, this will call WKIX.EXE and pass Login.k2k to WKIX.EXE.  It
> won’t care what domain controller the system has logged in to.
>
> ** **
>
> Dave
>
> ** **
>
> ** **
>
> *From:* Crawford, Scott [mailto:crawfo...@evangel.edu]
> *Sent:* Thursday, June 07, 2012 10:26 AM
>
> *To:* NT System Admin Issues
> *Subject:* RE: Is there a way...
>
> ** **
>
> What don’t you like about it?  seems pretty straightforward to me.
>
> ** **
>
> What’s the %0 trick, btw. As far as I know, that just returns the name of
> the batch file.
>
> ** **
>
> *From:* David Lum [mailto:david@nwea.org]
> *Sent:* Thursday, June 07, 2012 12:20 PM
>
> *To:* NT System Admin Issues
> *Subject:* RE: Is there a way...
>
> ** **
>
> That does work. I don’t like it, but it works (I need to distribute this
> batch file, but this might work OK).
>
> ** **
>
> Dave
>
> ** **
>
> *From:* Ken Cornetet [mailto:ken.corne...@kimball.com]
> *Sent:* Thursday, June 07, 2012 9:52 AM
> *To:* NT System Admin Issues
> *Subject:* RE: Is there a way...
>
> ** **
>
> What about 
>
> for /f "tokens=1-5 " %%d in (‘%LOGONSERVER%\NETLOGON\FILEVER
> "%SystemRoot%\system32\Macromed\Flash\Flash*.ocx" /A /D') do set
> FLASHVER=%%g
>
> ** **
>
> ** **
>
> ** **
>
> *From:* David Lum [mailto:david@nwea.org]
> *Sent:* Thursday, June 07, 2012 12:22 PM
> *To:* NT System Admin Issues
> *Subject:* RE: Is there a way...
>
> ** **
>
> I need to figure out a way to make this work?
>
> ** **
>
> FILEVER.EXE is in \NETLOGON.   If I map a drive it works (B: =
> \\DC\netlogon)
>
> ** **
>
> for /f "tokens=1-5 " %%d in ('B:\FILEVER
> "%SystemRoot%\system32\Macromed\Flash\Flash*.ocx" /A /D') do set
> FLASHVER=%%g
>
> * *
>
> If I try and use the %0\..\ trick it does not
>
> for /f "tokens=1-5 " %%d in ('%0\..\FILEVER
> "%SystemRoot%\system32\Macromed\Flash\Flash*.ocx" /A /D') do set
> FLASHVER=%%g
>
> ** **
>
> *David Lum*
> Systems Engineer // NWEATM
> Office 503.548.5229 //* *Cell (voice/text) 503.267.9764
>
> ** **
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: To notify, or not notify (LinkedIn)

[Andrew S. Baker]

Exactly.  LinkedIn goes way beyond "online resume site."

Oh, and don't forget about authentication to other sites.

* *

*ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of
Technology for the SMB market…

*



On Thu, Jun 7, 2012 at 11:32 AM, Ziots, Edward  wrote:

> Actually the emails and passwords in linked in, and the information you
> have posted about yourself has a lot of value (spear-phishing attacks,
> company reputation hit ( use your accounts to spread stuff on linked in
> about your company or other companies in a negative light) I could go on
> with the scenario but you definitely don’t want to be a target on that.
> (Grounds for termination, etc)
>
> ** **
>
> Z
>
> ** **
>
> Edward Ziots
>
> CISSP, Security +, Network +
>
> Security Engineer
>
> Lifespan Organization
>
> ezi...@lifespan.org
>
> ** **
>
> *From:* David Lum [mailto:david@nwea.org]
> *Sent:* Thursday, June 07, 2012 11:14 AM
>
> *To:* NT System Admin Issues
> *Subject:* FW: To notify, or not notify (LinkedIn)
>
> ** **
>
> Here’s the discussion this morning with one of our Service Desk guys.
>
>  
>
> _
>
> *Sent:* Thursday, June 07, 2012 7:48 AM
> *To:* David Lum
> *Subject:* RE: To notify, or not notify (LinkedIn)
>
>  
>
> David, this is *EXACTLY* what I was looking for.  Thank you very much!
>
>  
>
> No more comments from the peanut gallery here.  J
>
> _
> *From:* David Lum
> *Sent:* Thursday, June 07, 2012 7:45 AM
> *Subject:* RE: To notify, or not notify (LinkedIn)
>
>  
>
> Good questions!
>
>  
>
>- How do we make the decision about what gets set out and what doesn’t*
>***
>
> Experience – it’s part of why our wages are a far more than minimum-wage -
> we’re paid to think, not just fill in checkboxes. For something more
> concrete: “if it's business-oriented and heavily used by said business then
> a notification should go out, if not, then no”. If in doubt: Ask. There was
> discussion between three departments that happened before the LinkedIn
> notice was sent out, for example.
>
>  
>
>- Do we have a clearly defined idea of where it ends
>
> I do, see above.
>
>  
>
>- Several users are utilizing Dropbox and putting company
>property/product on that site.  If it was hacked, that would be a lot worse
>than losing your “online resume” from LinkedIn, in my opinion.  
>
> If so then I would hope that if you heard about Dropbox passwords being
> posted on the Internet that you would want to send out a note to the org,
> right? On the other hand this is one reason we DON’T want users using
> Google, Dropbox, etc for corporate business – we don’t have control of the
> security. This is one area that most employees seem to grasp…
>
>  
>
>- Is Service Desk expected to field calls regarding non-NWEA items
>(LinkedIn for example)
>
> If it’s about communications **we** send out, then yes. If we know what
> we’re doing (and we do) it should be trivial to respond to these. It’s our
> job to support our staff, even if some things are beyond our direct control.
> 
>
>  
>
>- Do we need to survey the Org and find a “list” of all the business
>related apps/sites and actively monitor them?
>
> No, we’re paid to understand and know our environment. If we don’t know
> the majority of what’s on users’ machines and what websites are commonly
> used by our staff then we’re not doing our job. Do we know EVERY site they
> use? No. The key phrase is “commonly used”.
>
>  
>
> Dave
>
> _
>
> *Sent:* Thursday, June 07, 2012 7:23 AM
> *To:* David Lum
> *Subject:* RE: To notify, or not notify (LinkedIn)
>
>  
>
>  
>
> David,
>
> Thank you for your follow up and feeling concerned about our reaction.
> Let me state, I wasn’t upset with the decision, I think what you did was a
> good thing.  Here’s the angle I am coming from:
>
>  
>
>- How do we make the decision about what gets set out and what doesn’t*
>***
>- Is Service Desk expected to field calls regarding non-NWEA items
>(LinkedIn for example)
>
>  
>
> I am not trying to knock the fact we sent it out, even if I was acting in
> a joking manor yesterday.  What I am trying to do is play the other side
> and ask questions that I feel really do need to be asked.  Where do we
> stop?  Yesterday when we were all talking, Dropbox was tossed out and it
> didn’t seem to get the same response as LinkedIn.  Several users are
> utilizing Dropbox and putting company property/product on that site.  If it
> was hacked, that would be a lot worse than losing your “online resume” from
> LinkedIn, in my opinion.  
>
>
> So what I am trying to drill down to is; how do we make these decisions,
> how do we support this when they happen an

RE: ADP spam

[Maglinger, Paul]

Yes, we got it here too.

From: Chinnery, Paul [mailto:pa...@mmcwm.com]
Sent: Thursday, June 07, 2012 2:14 PM
To: NT System Admin Issues
Subject: ADP spam

Has anyone gotten an email with the subject:  ADP Funding Notification - Debit 
Draft ?

We had a few mailboxes hit today.  From the header information, it's coming 
from Korea.  What happens if you click the link (and, yes, one of my users did 
and was very apologetic afterwards), it took her to a sewing site.  Googled the 
phrase and it  came up with a few sites.  Totally unrelated, just looks like 
those sites were hacked.  She was wise enough not to try to login with her 
credentials.  The link, on one of the sites, is to a domain in Brazil.


Paul Chinnery
Network Admin
Memorial Medical Center
231.845.2319




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: ADP spam

[Kurt Buff]

Yup. I had one user forward me the email asking about it. It had the
following in it (I've replaced the dots with plusmarks)

https://www+flexdirect+adp+com/client/login.aspx actually goes to
http://melanienrico+altervista+org/HJmdFqbF/index.html

It provided me with an opportunity to demonstrate what to look for to
the user, and he was very appreciative.

Kurt

On Thu, Jun 7, 2012 at 12:13 PM, Chinnery, Paul  wrote:
> Has anyone gotten an email with the subject:  ADP Funding Notification -
> Debit Draft ?
>
> We had a few mailboxes hit today.  From the header information, it's coming
> from Korea.  What happens if you click the link (and, yes, one of my users
> did and was very apologetic afterwards), it took her to a sewing site.
> Googled the phrase and it  came up with a few sites.  Totally unrelated,
> just looks like those sites were hacked.  She was wise enough not to try to
> login with her credentials.  The link, on one of the sites, is to a domain
> in Brazil.
>
>
> Paul Chinnery
> Network Admin
> Memorial Medical Center
> 231.845.2319
>
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Is there a way...

[David Lum]

Oh wait, I are an ID10T!   I replaced %LOGONSERVER% with my server name, making 
it no longer a variable!!  DOY.  Works fine with the variable %LOGONSERVER% in 
there too.

NEVERMIND. Thank you Scott and everyone else that contributed!

Dave

From: Crawford, Scott [mailto:crawfo...@evangel.edu]
Sent: Thursday, June 07, 2012 11:06 AM
To: NT System Admin Issues
Subject: RE: Is there a way...

What are you expecting they'll have to change?

Interesting. I'll have to play with %0 a bit, but I don't think I've had 
problems calling batch files from a UNC path that reference .exe in that same 
path.  Maybe it's an old limitation.

From: David Lum [mailto:david@nwea.org]
Sent: Thursday, June 07, 2012 12:45 PM
To: NT System Admin Issues
Subject: RE: Is there a way...

Only the fact that whomever I send it to has to change it. Trivial for us, but 
I'm betting someone will screw it up and call me :)

The %0\..\ is how you call an executable from a the same location as where the 
batch file is running if the batch file has been called via UNC. Most commonly 
seen in legacy logon batch files:

@echo off
%0\..\wkix.exe %0\..\Login.k2k

As long as these two files are in the same folder that the script was called 
from, this will call WKIX.EXE and pass Login.k2k to WKIX.EXE.  It won't care 
what domain controller the system has logged in to.

Dave


From: Crawford, Scott 
[mailto:crawfo...@evangel.edu]
Sent: Thursday, June 07, 2012 10:26 AM
To: NT System Admin Issues
Subject: RE: Is there a way...

What don't you like about it?  seems pretty straightforward to me.

What's the %0 trick, btw. As far as I know, that just returns the name of the 
batch file.

From: David Lum [mailto:david@nwea.org]
Sent: Thursday, June 07, 2012 12:20 PM
To: NT System Admin Issues
Subject: RE: Is there a way...

That does work. I don't like it, but it works (I need to distribute this batch 
file, but this might work OK).

Dave

From: Ken Cornetet 
[mailto:ken.corne...@kimball.com]
Sent: Thursday, June 07, 2012 9:52 AM
To: NT System Admin Issues
Subject: RE: Is there a way...

What about
for /f "tokens=1-5 " %%d in ('%LOGONSERVER%\NETLOGON\FILEVER 
"%SystemRoot%\system32\Macromed\Flash\Flash*.ocx" /A /D') do set FLASHVER=%%g



From: David Lum [mailto:david@nwea.org]
Sent: Thursday, June 07, 2012 12:22 PM
To: NT System Admin Issues
Subject: RE: Is there a way...

I need to figure out a way to make this work?

FILEVER.EXE is in \NETLOGON.   If I map a drive it works (B: = 
\\DC\netlogon)

for /f "tokens=1-5 " %%d in ('B:\FILEVER 
"%SystemRoot%\system32\Macromed\Flash\Flash*.ocx" /A /D') do set FLASHVER=%%g

If I try and use the %0\..\ trick it does not
for /f "tokens=1-5 " %%d in ('%0\..\FILEVER 
"%SystemRoot%\system32\Macromed\Flash\Flash*.ocx" /A /D') do set FLASHVER=%%g

David Lum
Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ 

RE: Is there a way...

[Crawford, Scott]

What are you expecting they'll have to change?

Interesting. I'll have to play with %0 a bit, but I don't think I've had 
problems calling batch files from a UNC path that reference .exe in that same 
path.  Maybe it's an old limitation.

From: David Lum [mailto:david@nwea.org]
Sent: Thursday, June 07, 2012 12:45 PM
To: NT System Admin Issues
Subject: RE: Is there a way...

Only the fact that whomever I send it to has to change it. Trivial for us, but 
I'm betting someone will screw it up and call me :)

The %0\..\ is how you call an executable from a the same location as where the 
batch file is running if the batch file has been called via UNC. Most commonly 
seen in legacy logon batch files:

@echo off
%0\..\wkix.exe %0\..\Login.k2k

As long as these two files are in the same folder that the script was called 
from, this will call WKIX.EXE and pass Login.k2k to WKIX.EXE.  It won't care 
what domain controller the system has logged in to.

Dave


From: Crawford, Scott 
[mailto:crawfo...@evangel.edu]
Sent: Thursday, June 07, 2012 10:26 AM
To: NT System Admin Issues
Subject: RE: Is there a way...

What don't you like about it?  seems pretty straightforward to me.

What's the %0 trick, btw. As far as I know, that just returns the name of the 
batch file.

From: David Lum [mailto:david@nwea.org]
Sent: Thursday, June 07, 2012 12:20 PM
To: NT System Admin Issues
Subject: RE: Is there a way...

That does work. I don't like it, but it works (I need to distribute this batch 
file, but this might work OK).

Dave

From: Ken Cornetet 
[mailto:ken.corne...@kimball.com]
Sent: Thursday, June 07, 2012 9:52 AM
To: NT System Admin Issues
Subject: RE: Is there a way...

What about
for /f "tokens=1-5 " %%d in ('%LOGONSERVER%\NETLOGON\FILEVER 
"%SystemRoot%\system32\Macromed\Flash\Flash*.ocx" /A /D') do set FLASHVER=%%g



From: David Lum [mailto:david@nwea.org]
Sent: Thursday, June 07, 2012 12:22 PM
To: NT System Admin Issues
Subject: RE: Is there a way...

I need to figure out a way to make this work?

FILEVER.EXE is in \NETLOGON.   If I map a drive it works (B: = 
\\DC\netlogon)

for /f "tokens=1-5 " %%d in ('B:\FILEVER 
"%SystemRoot%\system32\Macromed\Flash\Flash*.ocx" /A /D') do set FLASHVER=%%g

If I try and use the %0\..\ trick it does not
for /f "tokens=1-5 " %%d in ('%0\..\FILEVER 
"%SystemRoot%\system32\Macromed\Flash\Flash*.ocx" /A /D') do set FLASHVER=%%g

David Lum
Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Is there a way...

[David Lum]

Only the fact that whomever I send it to has to change it. Trivial for us, but 
I'm betting someone will screw it up and call me :)

The %0\..\ is how you call an executable from a the same location as where the 
batch file is running if the batch file has been called via UNC. Most commonly 
seen in legacy logon batch files:

@echo off
%0\..\wkix.exe %0\..\Login.k2k

As long as these two files are in the same folder that the script was called 
from, this will call WKIX.EXE and pass Login.k2k to WKIX.EXE.  It won't care 
what domain controller the system has logged in to.

Dave


From: Crawford, Scott [mailto:crawfo...@evangel.edu]
Sent: Thursday, June 07, 2012 10:26 AM
To: NT System Admin Issues
Subject: RE: Is there a way...

What don't you like about it?  seems pretty straightforward to me.

What's the %0 trick, btw. As far as I know, that just returns the name of the 
batch file.

From: David Lum [mailto:david@nwea.org]
Sent: Thursday, June 07, 2012 12:20 PM
To: NT System Admin Issues
Subject: RE: Is there a way...

That does work. I don't like it, but it works (I need to distribute this batch 
file, but this might work OK).

Dave

From: Ken Cornetet 
[mailto:ken.corne...@kimball.com]
Sent: Thursday, June 07, 2012 9:52 AM
To: NT System Admin Issues
Subject: RE: Is there a way...

What about
for /f "tokens=1-5 " %%d in ('%LOGONSERVER%\NETLOGON\FILEVER 
"%SystemRoot%\system32\Macromed\Flash\Flash*.ocx" /A /D') do set FLASHVER=%%g



From: David Lum [mailto:david@nwea.org]
Sent: Thursday, June 07, 2012 12:22 PM
To: NT System Admin Issues
Subject: RE: Is there a way...

I need to figure out a way to make this work?

FILEVER.EXE is in \NETLOGON.   If I map a drive it works (B: = 
\\DC\netlogon)

for /f "tokens=1-5 " %%d in ('B:\FILEVER 
"%SystemRoot%\system32\Macromed\Flash\Flash*.ocx" /A /D') do set FLASHVER=%%g

If I try and use the %0\..\ trick it does not
for /f "tokens=1-5 " %%d in ('%0\..\FILEVER 
"%SystemRoot%\system32\Macromed\Flash\Flash*.ocx" /A /D') do set FLASHVER=%%g

David Lum
Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Is there a way...

[David Lum]

That does work. I don't like it, but it works (I need to distribute this batch 
file, but this might work OK).

Dave

From: Ken Cornetet [mailto:ken.corne...@kimball.com]
Sent: Thursday, June 07, 2012 9:52 AM
To: NT System Admin Issues
Subject: RE: Is there a way...

What about
for /f "tokens=1-5 " %%d in ('%LOGONSERVER%\NETLOGON\FILEVER 
"%SystemRoot%\system32\Macromed\Flash\Flash*.ocx" /A /D') do set FLASHVER=%%g



From: David Lum [mailto:david@nwea.org]
Sent: Thursday, June 07, 2012 12:22 PM
To: NT System Admin Issues
Subject: RE: Is there a way...

I need to figure out a way to make this work?

FILEVER.EXE is in \NETLOGON.   If I map a drive it works (B: = 
\\DC\netlogon)

for /f "tokens=1-5 " %%d in ('B:\FILEVER 
"%SystemRoot%\system32\Macromed\Flash\Flash*.ocx" /A /D') do set FLASHVER=%%g

If I try and use the %0\..\ trick it does not
for /f "tokens=1-5 " %%d in ('%0\..\FILEVER 
"%SystemRoot%\system32\Macromed\Flash\Flash*.ocx" /A /D') do set FLASHVER=%%g

David Lum
Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: EvenReporter (10.1.344) as the syslog forwarder

[Ben Scott]

On Thu, Jun 7, 2012 at 10:02 AM, Michael B. Smith  wrote:
>
> The format of event logs changes in Windows 2008 and this also included a
> change to the format of the basic Win32_NTLogEvent. A new field called
> “InsertionStrings” was added that contains data which is unique to a given
> event log entry. The reason for this is that it represents a significant
> optimization in the amount of space consumed by the average event log item.

  While it may be that more fields are exposed via APIs now, as far as
I know, the Event Log has always worked that way internally.

Long winded explanation:

  The "Description" field consists of a "format string" and zero or
more "insertion strings".  The format string is generic for a given
event ID.  The insertion strings contain the info that varies with
each event.

  For example, say there was an event ID for a file-not-found sort of
event.  The "File not found" part would be the format string.  The
specific file name that was attempted would be an insertion string.

  The insertion strings are stored as part of each event record, in
the log.  The format strings come from resource DLLs, which are
specified via registry entries.

  Event Viewer assembles them into a single message when you view the
log.  That's why if you don't have the needed DLLs and/or reg entries,
you get a generic message like "The description for Event ID X could
not be
found."

 Reasons given for doing this include space optimization (as MBS says)
and also localization.  For example, two different people could view
the same log file, and as long as they have localized DLLs on their
PCs, they would each see the messages in their native languages.

  References:

MSKB 165959
"Reading a File Saved with the Event Viewer of Another Computer"
http://support.microsoft.com/kb/165959
Applies to NT 4.0

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Is there a way...

[Ken Cornetet]

What about
for /f "tokens=1-5 " %%d in ('%LOGONSERVER%\NETLOGON\FILEVER 
"%SystemRoot%\system32\Macromed\Flash\Flash*.ocx" /A /D') do set FLASHVER=%%g



From: David Lum [mailto:david@nwea.org]
Sent: Thursday, June 07, 2012 12:22 PM
To: NT System Admin Issues
Subject: RE: Is there a way...

I need to figure out a way to make this work?

FILEVER.EXE is in \NETLOGON.   If I map a drive it works (B: = 
\\DC\netlogon)

for /f "tokens=1-5 " %%d in ('B:\FILEVER 
"%SystemRoot%\system32\Macromed\Flash\Flash*.ocx" /A /D') do set FLASHVER=%%g

If I try and use the %0\..\ trick it does not
for /f "tokens=1-5 " %%d in ('%0\..\FILEVER 
"%SystemRoot%\system32\Macromed\Flash\Flash*.ocx" /A /D') do set FLASHVER=%%g

David Lum
Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Powershell and dos batch

[Steven Peck]

If you want to hear an interesting inteview regarding PowerShell v3, what
got fixed, what didn't and some of the why certain things are different
then here's the discussion with Jeffrey Snover.  I heard interviews with
him before and he's pretty funny as well as fairly straight forward about
what got fixed and why certain descians were made.

http://powerscripting.wordpress.com/2012/05/21/episode-186-the-scripting-games-winners-with-jeffrey-snover-and-ed-wilson/


Also, for those on this list starting out with PowerShell, bookmark this
link:
http://social.technet.microsoft.com/wiki/contents/articles/183.windows-powershell-survival-guide-en-us.aspx
It's well maintained.

Steven Peck
http://www.blkmtn.org



On Wed, Jun 6, 2012 at 5:23 PM, Damien Solodow
wrote:

>  That’s what I was afraid of. I hope that Exchange won’t require a new
> version or SP to support 3.0 as I’d hate to have my management tools broken.
> 
>
> ** **
>
> DAMIEN SOLODOW
>
> Systems Engineer
>
> 317.447.6033 (office)
>
> 317.447.6014 (fax)
>
> HARRISON COLLEGE
>
> ** **
>
> *From:* Michael B. Smith [mailto:mich...@smithcons.com]
> *Sent:* Wednesday, June 06, 2012 8:17 PM
>
> *To:* NT System Admin Issues
> *Subject:* RE: Powershell and dos batch
>
>  ** **
>
> Pretty much everything will require updates.
>
> ** **
>
> *From:* Damien Solodow [mailto:damien.solo...@harrison.edu]
> *Sent:* Wednesday, June 06, 2012 7:45 PM
> *To:* NT System Admin Issues
> *Subject:* RE: Powershell and dos batch
>
> ** **
>
> Who reads those? ;)
>
> And yeah, I did read through the ones for the most recent 3.0 RC. I did
> like the number of “this will now throw an error because it should have
> before”
>
> ** **
>
> On a related note, any idea how existing modules like Exchange 2010 and
> the MS AD module will work with 3.0? I’ll wager the Citrix and VMware ones
> will need updates, and I know there is a workaround required with
> SharePoint 2010…
>
> ** **
>
> DAMIEN SOLODOW
>
> Systems Engineer
>
> 317.447.6033 (office)
>
> 317.447.6014 (fax)
>
> HARRISON COLLEGE
>
> ** **
>
> *From:* Michael B. Smith [mailto:mich...@smithcons.com]
> *Sent:* Wednesday, June 06, 2012 6:44 PM
> *To:* NT System Admin Issues
> *Subject:* RE: Powershell and dos batch
>
> ** **
>
> OH NO THEY AREN’T fully backward compatible.  Read your release notes.
>
> ** **
>
> *From:* Damien Solodow [mailto:damien.solo...@harrison.edu]
> *Sent:* Wednesday, June 06, 2012 5:41 PM
> *To:* NT System Admin Issues
> *Subject:* RE: Powershell and dos batch
>
> ** **
>
> I blame MBS. ;)
>
> ** **
>
> I think it’s because the newer versions are fully backward compatible so
> there is no reason for parallel installs. So by putting it in the same
> directory scripts and the like invoking powershell aren’t broken by new
> versions.
>
> ** **
>
> DAMIEN SOLODOW
>
> Systems Engineer
>
> 317.447.6033 (office)
>
> 317.447.6014 (fax)
>
> HARRISON COLLEGE
>
> ** **
>
> *From:* Miller Bonnie L. [mailto:mille...@mukilteo.wednet.edu]
> *Sent:* Wednesday, June 06, 2012 4:49 PM
> *To:* NT System Admin Issues
> *Subject:* RE: Powershell and dos batch
>
> ** **
>
> Ah, did not know that!  I wonder who thought up that gem?  =)
>
> ** **
>
> *From:* Damien Solodow [mailto:damien.solo...@harrison.edu]
> *Sent:* Wednesday, June 06, 2012 12:47 PM
> *To:* NT System Admin Issues
> *Subject:* Re: Powershell and dos batch
>
> ** **
>
> Actually all current powershell versions (including the forthcoming 3.0)
> install in that path.
> --
> Sent using BlackBerry
>
>  
>
> *From*: Miller Bonnie L. 
> [mailto:mille...@mukilteo.wednet.edu]
>
> *Sent*: Wednesday, June 06, 2012 02:47 PM
> *To*: NT System Admin Issues 
> *Subject*: RE: Powershell and dos batch
>  
>
> Do they require Powershell v2?  I see you are using v1.0.
>
> ** **
>
> *From:* itli...@imcu.com [mailto:itli...@imcu.com ]
> *Sent:* Wednesday, June 06, 2012 10:36 AM
> *To:* NT System Admin Issues
> *Subject:* RE: Powershell and dos batch
>
> ** **
>
> I did what you said.
>
> Here is my error so far.
>
> The term 'GET-BEJob' is not recognized as the name of a cmdlet, function,
> scri
>
> t file, or operable program. Check the spelling of the name, or if a path
> was
>
> ncluded, verify that the path is correct and try again.
>
> At C:\WINDOWS\system32\WindowsPowerShell\v1.0\BackupJob.ps1:1 char:33
>
> + Import-module BEMCLI | GET-BEJob   "Test-Full" | START-BEJob
>
> + CategoryInfo  : ObjectNotFound: (GET-BEJob:String) [],
> CommandNo
>
>tFoundException
>
> + FullyQualifiedErrorId : CommandNotFoundException
>
> ** **
>
> *From:* Damien Solodow 
> [mailto:damien.solo...@harrison.edu]
>
> *Posted At:* Wednesday, June 06, 2012 1:18 PM
> *Posted To:* itli...@imcu.com
> *Conversation:* Powershell and dos batch
> *Subject:* RE: Powershell and dos batch*

Invoke-Command and multiple ScriptBlocks

[Joseph L. Casale]

I have a series of files I source that contain scriptblocks assigned to a 
variable. In my script I
am referencing these vars as the argument to -ScriptBlocks and as I have not 
found a way to
used named arguments my scriptblock param set uses positional references.

Now the issue is several scriptblocks share some code, so I am at a loss as to 
pass in args
if I use which ever technique to combine them before passing it into 
Invoke-Command how do
you handle the args now?

Anyone know how to pass named args into Invoke-Command?

Thanks!
jlc
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: To notify, or not notify (LinkedIn)

[Ziots, Edward]

Actually the emails and passwords in linked in, and the information you have 
posted about yourself has a lot of value (spear-phishing attacks, company 
reputation hit ( use your accounts to spread stuff on linked in about your 
company or other companies in a negative light) I could go on with the scenario 
but you definitely don’t want to be a target on that. (Grounds for termination, 
etc)

 

Z

 

Edward Ziots

CISSP, Security +, Network +

Security Engineer

Lifespan Organization

ezi...@lifespan.org

 

From: David Lum [mailto:david@nwea.org] 
Sent: Thursday, June 07, 2012 11:14 AM
To: NT System Admin Issues
Subject: FW: To notify, or not notify (LinkedIn)

 

Here’s the discussion this morning with one of our Service Desk guys.

 

_

Sent: Thursday, June 07, 2012 7:48 AM
To: David Lum 
Subject: RE: To notify, or not notify (LinkedIn)

 

David, this is EXACTLY what I was looking for.  Thank you very much!

 

No more comments from the peanut gallery here.  J

_
From: David Lum 
Sent: Thursday, June 07, 2012 7:45 AM
Subject: RE: To notify, or not notify (LinkedIn)

 

Good questions!

 

*   How do we make the decision about what gets set out and what doesn’t

Experience – it’s part of why our wages are a far more than minimum-wage - 
we’re paid to think, not just fill in checkboxes. For something more concrete: 
“if it's business-oriented and heavily used by said business then a 
notification should go out, if not, then no”. If in doubt: Ask. There was 
discussion between three departments that happened before the LinkedIn notice 
was sent out, for example.

 

*   Do we have a clearly defined idea of where it ends

I do, see above.

 

*   Several users are utilizing Dropbox and putting company 
property/product on that site.  If it was hacked, that would be a lot worse 
than losing your “online resume” from LinkedIn, in my opinion.  

If so then I would hope that if you heard about Dropbox passwords being posted 
on the Internet that you would want to send out a note to the org, right? On 
the other hand this is one reason we DON’T want users using Google, Dropbox, 
etc for corporate business – we don’t have control of the security. This is one 
area that most employees seem to grasp…

 

*   Is Service Desk expected to field calls regarding non-NWEA items 
(LinkedIn for example)

If it’s about communications *we* send out, then yes. If we know what we’re 
doing (and we do) it should be trivial to respond to these. It’s our job to 
support our staff, even if some things are beyond our direct control.

 

*   Do we need to survey the Org and find a “list” of all the business 
related apps/sites and actively monitor them?

No, we’re paid to understand and know our environment. If we don’t know the 
majority of what’s on users’ machines and what websites are commonly used by 
our staff then we’re not doing our job. Do we know EVERY site they use? No. The 
key phrase is “commonly used”.

 

Dave

_

Sent: Thursday, June 07, 2012 7:23 AM
To: David Lum 
Subject: RE: To notify, or not notify (LinkedIn)

 

 

David,

Thank you for your follow up and feeling concerned about our reaction.  Let me 
state, I wasn’t upset with the decision, I think what you did was a good thing. 
 Here’s the angle I am coming from:

 

*   How do we make the decision about what gets set out and what doesn’t
*   Is Service Desk expected to field calls regarding non-NWEA items 
(LinkedIn for example)

 

I am not trying to knock the fact we sent it out, even if I was acting in a 
joking manor yesterday.  What I am trying to do is play the other side and ask 
questions that I feel really do need to be asked.  Where do we stop?  Yesterday 
when we were all talking, Dropbox was tossed out and it didn’t seem to get the 
same response as LinkedIn.  Several users are utilizing Dropbox and putting 
company property/product on that site.  If it was hacked, that would be a lot 
worse than losing your “online resume” from LinkedIn, in my opinion.  


So what I am trying to drill down to is; how do we make these decisions, how do 
we support this when they happen and do we need to survey the Org and find a 
“list” of all the business related apps/sites and actively monitor them?

 

And if all this is “above my pay grade” , then disregard my 7:00 am rambling J

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-s

RE: To notify, or not notify (LinkedIn)

[Louis, Joe]

I agree David. I made a direct call to the marketing people telling them to 
change the passwords and then sent a warning out to our management staff.

While it is not our site, it affects our business...technology wise. And since 
the call went out to help crack the posted hashes, there would certainly be 
more people looking at it.

Most companies use social media for communication to their customers, prospects 
and future hires. Our employees use sites like LinkedIn for networking. It 
would be pretty detrimental to a company's image if someone took over a 
manager's account or the business account and started posting at will.  As one 
that wears many hats, somehow that would reflect poorly on me if I hadn't 
raised the flag; especially if our account(s) were breeched. I think it was (or 
would only be) prudent to send out the FYI.

I did get a few "Thanks/Done" emails back, so I know someone looked at it.

--
Joe Louis
Systems Network Manager
Guardian Security Services

From: David Lum [mailto:david@nwea.org]
Sent: Wednesday, June 06, 2012 5:07 PM
To: NT System Admin Issues
Subject: To notify, or not notify (LinkedIn)

We fired off an advisory e-mail to our staff about LinkedIn and recommending 
they change their password, and included links to both the LinkedIn Tweet and 
the CNet article. After the e-mail went out I got bombed by our Service Desk 
guys (it was my recommendation to send it) asking why we would want to do such 
a thing since "it's not our website".

I felt the scope was sufficient and the business use adequate enough to warrant 
notifying our employees. I had folks above me agree with me (else it wouldn't 
have been sent), and the front line guys disagree. This is one of those 
judgment calls where everyone is going to handle it differently.

Did any of you guys send a note out to your staff?
David Lum
Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

FW: To notify, or not notify (LinkedIn)

[David Lum]

Here’s the discussion this morning with one of our Service Desk guys.

_

Sent: Thursday, June 07, 2012 7:48 AM
To: David Lum
Subject: RE: To notify, or not notify (LinkedIn)

David, this is EXACTLY what I was looking for.  Thank you very much!

No more comments from the peanut gallery here.  ☺
_
From: David Lum
Sent: Thursday, June 07, 2012 7:45 AM
Subject: RE: To notify, or not notify (LinkedIn)

Good questions!

•   How do we make the decision about what gets set out and what doesn’t
Experience – it’s part of why our wages are a far more than minimum-wage - 
we’re paid to think, not just fill in checkboxes. For something more concrete: 
“if it's business-oriented and heavily used by said business then a 
notification should go out, if not, then no”. If in doubt: Ask. There was 
discussion between three departments that happened before the LinkedIn notice 
was sent out, for example.

•   Do we have a clearly defined idea of where it ends
I do, see above.

•   Several users are utilizing Dropbox and putting company 
property/product on that site.  If it was hacked, that would be a lot worse 
than losing your “online resume” from LinkedIn, in my opinion.
If so then I would hope that if you heard about Dropbox passwords being posted 
on the Internet that you would want to send out a note to the org, right? On 
the other hand this is one reason we DON’T want users using Google, Dropbox, 
etc for corporate business – we don’t have control of the security. This is one 
area that most employees seem to grasp…

•   Is Service Desk expected to field calls regarding non-NWEA items 
(LinkedIn for example)
If it’s about communications *we* send out, then yes. If we know what we’re 
doing (and we do) it should be trivial to respond to these. It’s our job to 
support our staff, even if some things are beyond our direct control.

•   Do we need to survey the Org and find a “list” of all the business 
related apps/sites and actively monitor them?
No, we’re paid to understand and know our environment. If we don’t know the 
majority of what’s on users’ machines and what websites are commonly used by 
our staff then we’re not doing our job. Do we know EVERY site they use? No. The 
key phrase is “commonly used”.

Dave
_

Sent: Thursday, June 07, 2012 7:23 AM
To: David Lum
Subject: RE: To notify, or not notify (LinkedIn)


David,
Thank you for your follow up and feeling concerned about our reaction.  Let me 
state, I wasn’t upset with the decision, I think what you did was a good thing. 
 Here’s the angle I am coming from:

•   How do we make the decision about what gets set out and what doesn’t
•   Is Service Desk expected to field calls regarding non-NWEA items 
(LinkedIn for example)

I am not trying to knock the fact we sent it out, even if I was acting in a 
joking manor yesterday.  What I am trying to do is play the other side and ask 
questions that I feel really do need to be asked.  Where do we stop?  Yesterday 
when we were all talking, Dropbox was tossed out and it didn’t seem to get the 
same response as LinkedIn.  Several users are utilizing Dropbox and putting 
company property/product on that site.  If it was hacked, that would be a lot 
worse than losing your “online resume” from LinkedIn, in my opinion.

So what I am trying to drill down to is; how do we make these decisions, how do 
we support this when they happen and do we need to survey the Org and find a 
“list” of all the business related apps/sites and actively monitor them?

And if all this is “above my pay grade” , then disregard my 7:00 am rambling ☺



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: To notify, or not notify (LinkedIn)

[David Lum]

Like Kurt, I had people thank us for sending that out.

From: Cameron Cooper [mailto:ccoo...@aurico.com]
Sent: Thursday, June 07, 2012 7:53 AM
To: NT System Admin Issues
Subject: RE: To notify, or not notify (LinkedIn)

We did and like John mentioned, didn’t receive any replies about it.

Regards,

Cameron

_
Cameron Cooper | IT Manager | Aurico
Direct: 847.890.4021 | Cell: 224.688.2854 | Fax: 847.255.1896
ccoo...@aurico.com | 
www.aurico.com

From: John Cook [mailto:john.c...@pfsf.org]
Sent: Wednesday, June 06, 2012 5:04 PM
To: NT System Admin Issues
Subject: Re: To notify, or not notify (LinkedIn)

I did, it went without a reply which means they probably ignored it like most 
other warnings I send out.
John W. Cook
Network Operations Manager
Partnership for Strong Families

From: David Lum [mailto:david@nwea.org]
Sent: Wednesday, June 06, 2012 05:07 PM
To: NT System Admin Issues 
mailto:ntsysadmin@lyris.sunbelt-software.com>>
Subject: To notify, or not notify (LinkedIn)

We fired off an advisory e-mail to our staff about LinkedIn and recommending 
they change their password, and included links to both the LinkedIn Tweet and 
the CNet article. After the e-mail went out I got bombed by our Service Desk 
guys (it was my recommendation to send it) asking why we would want to do such 
a thing since “it’s not our website�.

I felt the scope was sufficient and the business use adequate enough to warrant 
notifying our employees. I had folks above me agree with me (else it wouldn’t 
have been sent), and the front line guys disagree. This is one of those 
judgment calls where everyone is going to handle it differently.

Did any of you guys send a note out to your staff?
David Lum
Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

This email and any attached files are confidential and intended solely for the 
intended recipient(s). If you are not the named recipient you should not read, 
distribute, copy or alter this email. Any views or opinions expressed in this 
email are those of the author and do not represent those of the company. 
Warning: Although precautions have been taken to make sure no viruses are 
present in this email, the company cannot accept responsibility for any loss or 
damage that arise from the use of this email or attachments.


CONFIDENTIALITY STATEMENT: The information transmitted, or contained or 
attached to or with this Notice is intended only for the person or entity to 
which it is addressed and may contain Protected Health Information (PHI), 
confidential and/or privileged material. Any review, transmission, 
dissemination, or other use of, and taking any action in reliance upon this 
information by persons or entities other than the intended recipient without 
the express written consent of the sender are prohibited. This information may 
be protected by the Health Insurance Portability and Accountability Act of 1996 
(HIPAA), and other Federal and Florida laws. Improper or unauthorized use or 
disclosure of this information could result in civil and/or criminal penalties.
Consider the environment. Please don't print this e-mail unless you really need 
to.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



CONFIDENTIALITY NOTICE: This email message is intended only for the person or 
entity to which it is addressed and may contain confidential material. Any 
unauthorized review, use, disclosure, downloading, copying or distribution is 
prohibited. If you are not the intended recipient, please contact the sender by 
reply email and permanently delete all copies of the original message. If you 
are the intended recipient but do not wish to receive communications through 
this medium, please advise the sender immediately.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
wi

RE: To notify, or not notify (LinkedIn)

[Cameron Cooper]

We did and like John mentioned, didn’t receive any replies about it.

Regards,

Cameron

_
Cameron Cooper | IT Manager | Aurico
Direct: 847.890.4021 | Cell: 224.688.2854 | Fax: 847.255.1896
ccoo...@aurico.com | 
www.aurico.com

From: John Cook [mailto:john.c...@pfsf.org]
Sent: Wednesday, June 06, 2012 5:04 PM
To: NT System Admin Issues
Subject: Re: To notify, or not notify (LinkedIn)

I did, it went without a reply which means they probably ignored it like most 
other warnings I send out.
John W. Cook
Network Operations Manager
Partnership for Strong Families

From: David Lum [mailto:david@nwea.org]
Sent: Wednesday, June 06, 2012 05:07 PM
To: NT System Admin Issues 
mailto:ntsysadmin@lyris.sunbelt-software.com>>
Subject: To notify, or not notify (LinkedIn)

We fired off an advisory e-mail to our staff about LinkedIn and recommending 
they change their password, and included links to both the LinkedIn Tweet and 
the CNet article. After the e-mail went out I got bombed by our Service Desk 
guys (it was my recommendation to send it) asking why we would want to do such 
a thing since “it’s not our website�.

I felt the scope was sufficient and the business use adequate enough to warrant 
notifying our employees. I had folks above me agree with me (else it wouldn’t 
have been sent), and the front line guys disagree. This is one of those 
judgment calls where everyone is going to handle it differently.

Did any of you guys send a note out to your staff?
David Lum
Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

This email and any attached files are confidential and intended solely for the 
intended recipient(s). If you are not the named recipient you should not read, 
distribute, copy or alter this email. Any views or opinions expressed in this 
email are those of the author and do not represent those of the company. 
Warning: Although precautions have been taken to make sure no viruses are 
present in this email, the company cannot accept responsibility for any loss or 
damage that arise from the use of this email or attachments.


CONFIDENTIALITY STATEMENT: The information transmitted, or contained or 
attached to or with this Notice is intended only for the person or entity to 
which it is addressed and may contain Protected Health Information (PHI), 
confidential and/or privileged material. Any review, transmission, 
dissemination, or other use of, and taking any action in reliance upon this 
information by persons or entities other than the intended recipient without 
the express written consent of the sender are prohibited. This information may 
be protected by the Health Insurance Portability and Accountability Act of 1996 
(HIPAA), and other Federal and Florida laws. Improper or unauthorized use or 
disclosure of this information could result in civil and/or criminal penalties.
Consider the environment. Please don't print this e-mail unless you really need 
to.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



CONFIDENTIALITY NOTICE: This email message is intended only for the person or 
entity to which it is addressed and may contain confidential material. Any 
unauthorized review, use, disclosure, downloading, copying or distribution is 
prohibited. If you are not the intended recipient, please contact the sender by 
reply email and permanently delete all copies of the original message. If you 
are the intended recipient but do not wish to receive communications through 
this medium, please advise the sender immediately.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: EvenReporter (10.1.344) as the syslog forwarder

[Christopher Bodnar]

Thanks Michael, 

I hear what  you are saying, but our domain controllers are all still 
Windows Server 2003. So I don't that that's the issue.



Christopher Bodnar 
Enterprise Achitect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   "Michael B. Smith" 
To: "NT System Admin Issues" 
Date:   06-07-12 10:03 AM
Subject:RE: EvenReporter (10.1.344) as the syslog forwarder



Christopher –
 
The format of event logs changes in Windows 2008 and this also included a 
change to the format of the basic Win32_NTLogEvent. A new field called 
“InsertionStrings” was added that contains data which is unique to a given 
event log entry. The reason for this is that it represents a significant 
optimization in the amount of space consumed by the average event log 
item. Database normalization, if that means anything to you.
 
Tools that deal with raw Win32_NTLogEvent records need to know how to deal 
with this.
 
(The only reason I know this is that I recently had to update one of my 
own tools for this change. It’s a simple change.)
 
Since EventReporter is now at version 12, if I were to guess, your version 
doesn’t know how to properly deal with this change. I’d be asking the 
question on the EventReporter forums or their support personnel.
 
Regards,
Michael B.
 
From: Andrew S. Baker [mailto:asbz...@gmail.com] 
Sent: Thursday, June 07, 2012 9:45 AM
To: NT System Admin Issues
Subject: Re: EvenReporter (10.1.344) as the syslog forwarder
 
Nope, not using that one.
 
I use the free EvtSys 4.4.3

ASB
http://XeeMe.com/AndrewBaker
Harnessing the Advantages of Technology for the SMB market…


On Thu, Jun 7, 2012 at 8:57 AM, Christopher Bodnar <
christopher_bod...@glic.com> wrote:
Thought I'd throw this out there one more time: 


We are using EvenReporter (10.1.344) as the syslog forwarder to get the 
windows security logs into our SIEM (Nitro). Anyone else using this? 
Problem is with resolving the SIDs and GUIDs on the domain controllers. 


Thanks 

Christopher Bodnar  
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
<>

Re: More fallout from Flame

[Kurt Buff]

On Wed, Jun 6, 2012 at 7:19 PM, Ben Scott  wrote:
> On Wed, Jun 6, 2012 at 4:53 PM, Kurt Buff  wrote:
>> And, IMHO, more evidence that application whitelisting is really required...
>> http://www.wired.com/threatlevel/2012/06/internet-security-fail/
>
>  So long as you're not using Microsoft's code signing infrastructure
> as part of your whitelisting solution...
>
> -- Ben

But of course - there are several alternatives for that, though. Using
your own PKI, or using 3rd party hashes (CERT and I think SANS have
them) would be better.

Kurt

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: To notify, or not notify (LinkedIn)

[Ziots, Edward]

Yep, that definitely, doesn't surprise me, about shared passwords, but
its better to get the information out their than not.  Big Black eye to
Linked in. 

 

Z

 

Edward Ziots

CISSP, Security +, Network +

Security Engineer

Lifespan Organization

ezi...@lifespan.org

 

From: Ben M. Schorr [mailto:b...@rolandschorr.com] 
Sent: Thursday, June 07, 2012 9:28 AM
To: NT System Admin Issues
Subject: RE: To notify, or not notify (LinkedIn)

 

Yes, we did notify. And I got a response from one user thanking me
because he used the same password for LinkedIn *AND* his bank...so he
was scurrying off to change his banking password too.

 

Ben M. Schorr

Roland Schorr & Tower

www.rolandschorr.com | www.officeforlawyers.com | Twitter: @bschorr

 

From: David Lum [mailto:david@nwea.org  ]

Sent: Wednesday, June 06, 2012 14:07
To: NT System Admin Issues
Subject: To notify, or not notify (LinkedIn)

 

We fired off an advisory e-mail to our staff about LinkedIn and
recommending they change their password, and included links to both the
LinkedIn Tweet and the CNet article. After the e-mail went out I got
bombed by our Service Desk guys (it was my recommendation to send it)
asking why we would want to do such a thing since "it's not our
website".

 

I felt the scope was sufficient and the business use adequate enough to
warrant notifying our employees. I had folks above me agree with me
(else it wouldn't have been sent), and the front line guys disagree.
This is one of those judgment calls where everyone is going to handle it
differently.

 

Did any of you guys send a note out to your staff?

David Lum 
Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: EvenReporter (10.1.344) as the syslog forwarder

[Michael B. Smith]

Christopher -

The format of event logs changes in Windows 2008 and this also included a 
change to the format of the basic Win32_NTLogEvent. A new field called 
"InsertionStrings" was added that contains data which is unique to a given 
event log entry. The reason for this is that it represents a significant 
optimization in the amount of space consumed by the average event log item. 
Database normalization, if that means anything to you.

Tools that deal with raw Win32_NTLogEvent records need to know how to deal with 
this.

(The only reason I know this is that I recently had to update one of my own 
tools for this change. It's a simple change.)

Since EventReporter is now at version 12, if I were to guess, your version 
doesn't know how to properly deal with this change. I'd be asking the question 
on the EventReporter forums or their support personnel.

Regards,
Michael B.

From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Thursday, June 07, 2012 9:45 AM
To: NT System Admin Issues
Subject: Re: EvenReporter (10.1.344) as the syslog forwarder

Nope, not using that one.

I use the free EvtSys 4.4.3
ASB

http://XeeMe.com/AndrewBaker

Harnessing the Advantages of Technology for the SMB market...



On Thu, Jun 7, 2012 at 8:57 AM, Christopher Bodnar 
mailto:christopher_bod...@glic.com>> wrote:
Thought I'd throw this out there one more time:


We are using EvenReporter (10.1.344) as the syslog forwarder to get the windows 
security logs into our SIEM (Nitro). Anyone else using this? Problem is with 
resolving the SIDs and GUIDs on the domain controllers.


Thanks
Christopher Bodnar


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: EvenReporter (10.1.344) as the syslog forwarder

[Andrew S. Baker]

Nope, not using that one.

I use the free EvtSys 4.4.3

* *

*ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of
Technology for the SMB market…

*



On Thu, Jun 7, 2012 at 8:57 AM, Christopher Bodnar <
christopher_bod...@glic.com> wrote:

> Thought I'd throw this out there one more time:
>
>
> We are using EvenReporter (10.1.344) as the syslog forwarder to get the
> windows security logs into our SIEM (Nitro). Anyone else using this?
> Problem is with resolving the SIDs and GUIDs on the domain controllers.
>
>
> Thanks
>  *Christopher Bodnar *
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: To notify, or not notify (LinkedIn)

[Ben M. Schorr]

Yes, we did notify. And I got a response from one user thanking me because he 
used the same password for LinkedIn *AND* his bank...so he was scurrying off to 
change his banking password too.

Ben M. Schorr
Roland Schorr & Tower
www.rolandschorr.com | 
www.officeforlawyers.com | Twitter: @bschorr

From: David Lum [mailto:david@nwea.org]
Sent: Wednesday, June 06, 2012 14:07
To: NT System Admin Issues
Subject: To notify, or not notify (LinkedIn)

We fired off an advisory e-mail to our staff about LinkedIn and recommending 
they change their password, and included links to both the LinkedIn Tweet and 
the CNet article. After the e-mail went out I got bombed by our Service Desk 
guys (it was my recommendation to send it) asking why we would want to do such 
a thing since "it's not our website".

I felt the scope was sufficient and the business use adequate enough to warrant 
notifying our employees. I had folks above me agree with me (else it wouldn't 
have been sent), and the front line guys disagree. This is one of those 
judgment calls where everyone is going to handle it differently.

Did any of you guys send a note out to your staff?
David Lum
Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Is there a way...

[David Lum]

4.2.2.3 is hard coded - they want Internet responsiveness and that's an IP that 
work. It's a poor test but all I can think of w/out requiring some additional 
software. PowerShell is out because I can't assume any of the XP machines will 
have it installed - this tool will go to environments I have no control over.

-Original Message-
From: Angus Scott-Fleming [mailto:angu...@geoapps.com] 
Sent: Wednesday, June 06, 2012 2:41 PM
To: NT System Admin Issues
Subject: Re: Is there a way...

On 24 May 2012 at 21:08, David Lum  wrote:

> In batch to take this output:
> ---
> W32i DLL ENU 11.2.202.235 shp flash32_11_2_202_235.ocx
> Reply from 4.2.2.3: bytes=32 time=24ms TTL=53
> ---
> And end up with this in a .TXT file?
> ---
> 11.2.202.235 , 24ms
> ---
> I'm wondering if a FOR loop can be leveraged?

Is the 4.2.2.3 hard-coded or is that the IP of the system being checked?

FWIW on XP the FOR syntax Scott C. provided to scavenge the OCX version didn't 
work.  The following syntax works on XP from the command-line to collect the 
version number:

for /f "tokens=1-5 usebackq" %i in (`filever 
"%SystemRoot%\system32\Macromed\Flash\Flash*.ocx"`) do set FLashV=%m


--
Angus Scott-Fleming
GeoApps, Tucson, Arizona
1-520-290-5038
Security Blog: http://geoapps.com/





~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: To notify, or not notify (LinkedIn)

[David L Herrick]

YES

From: Ziots, Edward [mailto:ezi...@lifespan.org]
Sent: Thursday, June 07, 2012 5:51 AM
To: NT System Admin Issues
Subject: RE: To notify, or not notify (LinkedIn)

Yep just heard about that also,

Z

Edward Ziots
CISSP, Security +, Network +
Security Engineer
Lifespan Organization
ezi...@lifespan.org

From: Maglinger, Paul 
[mailto:pmaglin...@scvl.com]
Sent: Thursday, June 07, 2012 8:01 AM
To: NT System Admin Issues
Subject: RE: To notify, or not notify (LinkedIn)

Yes, because although we preach and preach, users still use the same passwords 
for everything they can get away with.  Plus, I think it shows them that we are 
looking out for them and not just the company.

From: David Lum [mailto:david@nwea.org]
Sent: Wednesday, June 06, 2012 4:07 PM
To: NT System Admin Issues
Subject: To notify, or not notify (LinkedIn)

We fired off an advisory e-mail to our staff about LinkedIn and recommending 
they change their password, and included links to both the LinkedIn Tweet and 
the CNet article. After the e-mail went out I got bombed by our Service Desk 
guys (it was my recommendation to send it) asking why we would want to do such 
a thing since "it's not our website".

I felt the scope was sufficient and the business use adequate enough to warrant 
notifying our employees. I had folks above me agree with me (else it wouldn't 
have been sent), and the front line guys disagree. This is one of those 
judgment calls where everyone is going to handle it differently.

Did any of you guys send a note out to your staff?
David Lum
Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

EvenReporter (10.1.344) as the syslog forwarder

[Christopher Bodnar]

Thought I'd throw this out there one more time:


We are using EvenReporter (10.1.344) as the syslog forwarder to get the 
windows security logs into our SIEM (Nitro). Anyone else using this? 
Problem is with resolving the SIDs and GUIDs on the domain controllers. 


Thanks

Christopher Bodnar 
Enterprise Achitect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 





-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

RE: To notify, or not notify (LinkedIn)

[Ziots, Edward]

Yep just heard about that also, 

 

Z

 

Edward Ziots

CISSP, Security +, Network +

Security Engineer

Lifespan Organization

ezi...@lifespan.org

 

From: Maglinger, Paul [mailto:pmaglin...@scvl.com] 
Sent: Thursday, June 07, 2012 8:01 AM
To: NT System Admin Issues
Subject: RE: To notify, or not notify (LinkedIn)

 

Yes, because although we preach and preach, users still use the same
passwords for everything they can get away with.  Plus, I think it shows
them that we are looking out for them and not just the company.

 

From: David Lum [mailto:david@nwea.org] 
Sent: Wednesday, June 06, 2012 4:07 PM
To: NT System Admin Issues
Subject: To notify, or not notify (LinkedIn)

 

We fired off an advisory e-mail to our staff about LinkedIn and
recommending they change their password, and included links to both the
LinkedIn Tweet and the CNet article. After the e-mail went out I got
bombed by our Service Desk guys (it was my recommendation to send it)
asking why we would want to do such a thing since "it's not our
website".

 

I felt the scope was sufficient and the business use adequate enough to
warrant notifying our employees. I had folks above me agree with me
(else it wouldn't have been sent), and the front line guys disagree.
This is one of those judgment calls where everyone is going to handle it
differently.

 

Did any of you guys send a note out to your staff?

David Lum 
Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: OT: RIP Ray

[Webster]

You shouldn't talk about WJR behind his back! :)



Carl Webster

Consultant and Citrix Technology Professional

http://www.CarlWebster.com

From: Christopher Bodnar 
mailto:christopher_bod...@glic.com>>
Subject: RE: OT: RIP Ray

Something Wicked This way Comes


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: OT: RIP Ray

[Christopher Bodnar]

Something Wicked This way Comes



Christopher Bodnar 
Enterprise Achitect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   "Maglinger, Paul" 
To: "NT System Admin Issues" 
Date:   06-07-12 08:08 AM
Subject:RE: OT: RIP Ray



A few really.  We had to read Fahrenheit 451 in school.  I was already 
hooked on sci-fi, but that got me started on Bradbury.


-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Wednesday, June 06, 2012 5:00 PM
To: NT System Admin Issues
Subject: Re: OT: RIP Ray

Which book would you like to be?

Kurt

On Wed, Jun 6, 2012 at 1:20 PM, Christopher Bodnar
 wrote:
>
>
> 
http://www.thedailybeast.com/articles/2012/06/06/ray-bradbury-dead-at-91-taught-generations-of-readers-how-to-dream.html

>
>
>
>
> Christopher Bodnar
> Enterprise Achitect I, Corporate Office of Technology:Enterprise
> Architecture and Engineering Services
> Tel 610-807-6459
> 3900 Burgess Place, Bethlehem, PA 18017
> christopher_bod...@glic.com
>
>
>
> The Guardian Life Insurance Company of America
>
> www.guardianlife.com
>
>
> - This message, and any
> attachments to it, may contain information that is privileged, 
confidential,
> and exempt from disclosure under applicable law. If the reader of this
> message is not the intended recipient, you are notified that any use,
> dissemination, distribution, copying, or communication of this message 
is
> strictly prohibited. If you have received this message in error, please
> notify the sender immediately by return e-mail and delete the message 
and
> any attachments. Thank you.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

RE: OT: RIP Ray

[Maglinger, Paul]

A few really.  We had to read Fahrenheit 451 in school.  I was already hooked 
on sci-fi, but that got me started on Bradbury.


-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Wednesday, June 06, 2012 5:00 PM
To: NT System Admin Issues
Subject: Re: OT: RIP Ray

Which book would you like to be?

Kurt

On Wed, Jun 6, 2012 at 1:20 PM, Christopher Bodnar
 wrote:
>
>
> http://www.thedailybeast.com/articles/2012/06/06/ray-bradbury-dead-at-91-taught-generations-of-readers-how-to-dream.html
>
>
>
>
> Christopher Bodnar
> Enterprise Achitect I, Corporate Office of Technology:Enterprise
> Architecture and Engineering Services
> Tel 610-807-6459
> 3900 Burgess Place, Bethlehem, PA 18017
> christopher_bod...@glic.com
>
>
>
> The Guardian Life Insurance Company of America
>
> www.guardianlife.com
>
>
> - This message, and any
> attachments to it, may contain information that is privileged, confidential,
> and exempt from disclosure under applicable law. If the reader of this
> message is not the intended recipient, you are notified that any use,
> dissemination, distribution, copying, or communication of this message is
> strictly prohibited. If you have received this message in error, please
> notify the sender immediately by return e-mail and delete the message and
> any attachments. Thank you.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: To notify, or not notify (LinkedIn)

[Maglinger, Paul]

Yes, because although we preach and preach, users still use the same passwords 
for everything they can get away with.  Plus, I think it shows them that we are 
looking out for them and not just the company.

From: David Lum [mailto:david@nwea.org]
Sent: Wednesday, June 06, 2012 4:07 PM
To: NT System Admin Issues
Subject: To notify, or not notify (LinkedIn)

We fired off an advisory e-mail to our staff about LinkedIn and recommending 
they change their password, and included links to both the LinkedIn Tweet and 
the CNet article. After the e-mail went out I got bombed by our Service Desk 
guys (it was my recommendation to send it) asking why we would want to do such 
a thing since "it's not our website".

I felt the scope was sufficient and the business use adequate enough to warrant 
notifying our employees. I had folks above me agree with me (else it wouldn't 
have been sent), and the front line guys disagree. This is one of those 
judgment calls where everyone is going to handle it differently.

Did any of you guys send a note out to your staff?
David Lum
Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin