Re: How many in your company can join systems to domain

[Steven Peck]

Our BYOD was mainly about phones.  Our CIO did an awesome job of it too.
He was talking away about it and then added... "and we know some people
have bad credit and stuff like that and can't afford a smart phone, so
we'll still have an old, you know, Black Berry they can carry".

Our BYOD policy you must sign to do this is looking to have a statement
indicating you will surrender your personal device with no password to the
Security' team for them to do an audit/image/etc if they deem it necessary
until they are done.

I told my boss I was planning on having bad credit.




On Wed, Jun 20, 2012 at 7:54 PM, Ken Schaefer  wrote:

> BYOD isn't going to be a "free for all". You bring your own laptop, but
> you'll access everything through VDI, or something else that keeps the
> company's system somewhat separate to your system.
>
> Windows RT is a differently kettle of fish IMHO - it's not an open
> platform.
>
> Cheers
> Ken
>
> -Original Message-
> From: Rankin, James R [mailto:kz2...@googlemail.com]
> Sent: Thursday, 21 June 2012 6:56 AM
> To: NT System Admin Issues
> Subject: Re: How many in your company can join systems to domain
>
> Think this was what I was referring to
>
>
> http://www.brianmadden.com/blogs/brianmadden/archive/2012/04/30/the-real-reason-microsoft-windows-rt-devices-won-t-be-able-to-join-ad-domains-hint-ad-is-not-about-systems-management-anymore.aspx
>
> The issue is the session the user uses is domain-joined, not the device
> itself
>
> I am on holiday so haven't had time to read it properly and ensure it said
> what I was thinking about
>
> ---Blackberried
>
> -Original Message-
> From: "Michael B. Smith" 
> Date: Wed, 20 Jun 2012 20:22:04
> To: NT System Admin Issues
> Reply-To: "NT System Admin Issues" 
> Subject:
> RE: How many in your company can join systems to domain
>
> I'm running way behind here, and some people may have already responded,
> but if he said that - well, I think it's just a crock.
>
> Domain membership provides a plethora of functionality.
>
> -Original Message-
> From: David Lum [mailto:david@nwea.org]
> Sent: Wednesday, June 20, 2012 3:39 PM
> To: NT System Admin Issues
> Subject: RE: How many in your company can join systems to domain
>
> Kind of makes it hard to use a GPO then, doesn't it?
>
> -Original Message-
> From: Rankin, James R [mailto:kz2...@googlemail.com]
> Sent: Wednesday, June 20, 2012 12:10 PM
> To: NT System Admin Issues
> Subject: Re: How many in your company can join systems to domain
>
> Wasn't there a good piece posted a while back (maybe from Brian Madden)
> about how having domain-joined computers is no longer strictly necessary?
>
> ---Blackberried
>
> -Original Message-
> From: "Kennedy, Jim" 
> Date: Wed, 20 Jun 2012 17:31:42
> To: NT System Admin Issues
> Reply-To: "NT System Admin Issues" 
> Subject:
> RE: How many in your company can join systems to domain
>
> I have thought about this before...so I am going to toss it out there and
> see how it gets swatted down.
>
> If a staff member brings in a home laptop and joins it to the domain is it
> more of a threat or less of a threat than not being in the domain and just
> plugged into the network. I ask because here after they reboot they will
> get all the patches, up to date AV software and no-one except IT Staff will
> be a local admin. Most won't even be able to get to a command prompt.
>
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: How many in your company can join systems to domain

[Crawford, Scott]

I'm pretty excited about Window 8 To Go for these scenarios.

-Original Message-
From: hotmail_b243df4f33245...@live.com 
[mailto:hotmail_b243df4f33245...@live.com] On Behalf Of Ken Schaefer
Sent: Wednesday, June 20, 2012 9:55 PM
To: NT System Admin Issues
Subject: RE: How many in your company can join systems to domain

BYOD isn't going to be a "free for all". You bring your own laptop, but you'll 
access everything through VDI, or something else that keeps the company's 
system somewhat separate to your system.

Windows RT is a differently kettle of fish IMHO - it's not an open platform.

Cheers
Ken

-Original Message-
From: Rankin, James R [mailto:kz2...@googlemail.com]
Sent: Thursday, 21 June 2012 6:56 AM
To: NT System Admin Issues
Subject: Re: How many in your company can join systems to domain

Think this was what I was referring to

http://www.brianmadden.com/blogs/brianmadden/archive/2012/04/30/the-real-reason-microsoft-windows-rt-devices-won-t-be-able-to-join-ad-domains-hint-ad-is-not-about-systems-management-anymore.aspx

The issue is the session the user uses is domain-joined, not the device itself

I am on holiday so haven't had time to read it properly and ensure it said what 
I was thinking about

---Blackberried

-Original Message-
From: "Michael B. Smith" 
Date: Wed, 20 Jun 2012 20:22:04
To: NT System Admin Issues
Reply-To: "NT System Admin Issues" 
Subject: RE: How many in your company 
can join systems to domain

I'm running way behind here, and some people may have already responded, but if 
he said that - well, I think it's just a crock.

Domain membership provides a plethora of functionality.

-Original Message-
From: David Lum [mailto:david@nwea.org]
Sent: Wednesday, June 20, 2012 3:39 PM
To: NT System Admin Issues
Subject: RE: How many in your company can join systems to domain

Kind of makes it hard to use a GPO then, doesn't it?

-Original Message-
From: Rankin, James R [mailto:kz2...@googlemail.com]
Sent: Wednesday, June 20, 2012 12:10 PM
To: NT System Admin Issues
Subject: Re: How many in your company can join systems to domain

Wasn't there a good piece posted a while back (maybe from Brian Madden) about 
how having domain-joined computers is no longer strictly necessary?

---Blackberried

-Original Message-
From: "Kennedy, Jim" 
Date: Wed, 20 Jun 2012 17:31:42
To: NT System Admin Issues
Reply-To: "NT System Admin Issues" 
Subject: RE: How many in your company 
can join systems to domain

I have thought about this before...so I am going to toss it out there and see 
how it gets swatted down.

If a staff member brings in a home laptop and joins it to the domain is it more 
of a threat or less of a threat than not being in the domain and just plugged 
into the network. I ask because here after they reboot they will get all the 
patches, up to date AV software and no-one except IT Staff will be a local 
admin. Most won't even be able to get to a command prompt.




~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Way OT: some of you might be interested in this kind of thing

[Steven Peck]

My wife makes me go to the gym which is how 'I" seem to be solving it.
/grumble.  :)
Steven Peck
http://www.blkmtn.org


On Wed, Jun 20, 2012 at 3:48 PM, Free, Bob  wrote:

>  The guy who designed the $4K walkstation started out with a treadmill
> and a bedside hospital tray for 1/10th the cost.
>
> ** **
>
> There are loads of examples and even some plans on the interwebs but I’m
> sure you knew that J
>
> ** **
>
> I was looking into standing desks and also wanted to do something similar
> for my recumbent bike couple years ago and I came across numerous articles
> for DIY treadmill desks. Looked around today and many more have cropped up
> since the NYT article. Maybe I need to get off my arse and do something
> about it. LOL
>
> ** **
>
> *From:* Michael B. Smith [mailto:mich...@smithcons.com]
> *Sent:* Wednesday, June 20, 2012 1:32 PM
>
> *To:* NT System Admin Issues
> *Subject:* RE: Way OT: some of you might be interested in this kind of
> thing
>
>  ** **
>
> I wouldn’t mind trying one, but that price is ridiculous. I’ve thought
> about setting up a (wooden) pedestal around my existing treadmill to see
> what I thought of it.
>
> ** **
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Sent:* Wednesday, June 20, 2012 1:12 PM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Way OT: some of you might be interested in this kind of
> thing
>
> ** **
>
> Someone would have to purchase that for me as a gift...
>
> ** **
>
> And I would forever question their money management skills...
> 
>
> *ASB*
>
> *http://XeeMe.com/AndrewBaker*
>
> *Harnessing the Advantages of Technology for the SMB market…*
>
> ** **
>
> On Wed, Jun 20, 2012 at 12:29 PM, Kurt Buff  wrote:**
> **
>
> It really is work related...
> http://store.steelcase.com/products/walkstation/
>
> I know I wouldn't mind having one for my workstation...
>
> Kurt
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: InfoSec compliance

[Steven Peck]

We gained a US government contract so we had to add specific instructions
required for handling certain accounts data to it per the contract.

Steven Peck
http://www.blkmtn.org



On Wed, Jun 20, 2012 at 1:11 PM, Kevin Lundy  wrote:

> Can you explain this update?
>
> On Wed, Jun 20, 2012 at 3:41 PM, Steven Peck  wrote:
>
>> HR paper work at time of hire.  The one change they did an update on,
>> they did a SharePoint app so your acknologement was tied to your user logon.
>>
>>
>> On Wed, Jun 20, 2012 at 11:57 AM, David Lum  wrote:
>>
>>> Assuming you guys have employees confirm they’ve read and understand the
>>> computer use policies, how do you guys deliver and track this so later you
>>> can say “look here’s our confirmation that you said you did read and
>>> understand it”?
>>>
>>> ** **
>>>
>>> E-mail?
>>>
>>> Web survery / test?
>>>
>>> Paper?
>>>
>>> Other?
>>>
>>> *David Lum*
>>> Systems Engineer // NWEATM
>>> Office 503.548.5229 //* *Cell (voice/text) 503.267.9764
>>>
>>> ** **
>>>
>>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>>> ~   ~
>>>
>>> ---
>>> To manage subscriptions click here:
>>> http://lyris.sunbelt-software.com/read/my_forums/
>>> or send an email to listmana...@lyris.sunbeltsoftware.com
>>> with the body: unsubscribe ntsysadmin
>>>
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: How many in your company can join systems to domain

[Ken Schaefer]

BYOD isn't going to be a "free for all". You bring your own laptop, but you'll 
access everything through VDI, or something else that keeps the company's 
system somewhat separate to your system.

Windows RT is a differently kettle of fish IMHO - it's not an open platform.

Cheers
Ken

-Original Message-
From: Rankin, James R [mailto:kz2...@googlemail.com] 
Sent: Thursday, 21 June 2012 6:56 AM
To: NT System Admin Issues
Subject: Re: How many in your company can join systems to domain

Think this was what I was referring to

http://www.brianmadden.com/blogs/brianmadden/archive/2012/04/30/the-real-reason-microsoft-windows-rt-devices-won-t-be-able-to-join-ad-domains-hint-ad-is-not-about-systems-management-anymore.aspx

The issue is the session the user uses is domain-joined, not the device itself

I am on holiday so haven't had time to read it properly and ensure it said what 
I was thinking about

---Blackberried

-Original Message-
From: "Michael B. Smith" 
Date: Wed, 20 Jun 2012 20:22:04
To: NT System Admin Issues
Reply-To: "NT System Admin Issues" 
Subject: RE: How many in your company 
can join systems to domain

I'm running way behind here, and some people may have already responded, but if 
he said that - well, I think it's just a crock.

Domain membership provides a plethora of functionality.

-Original Message-
From: David Lum [mailto:david@nwea.org]
Sent: Wednesday, June 20, 2012 3:39 PM
To: NT System Admin Issues
Subject: RE: How many in your company can join systems to domain

Kind of makes it hard to use a GPO then, doesn't it?

-Original Message-
From: Rankin, James R [mailto:kz2...@googlemail.com]
Sent: Wednesday, June 20, 2012 12:10 PM
To: NT System Admin Issues
Subject: Re: How many in your company can join systems to domain

Wasn't there a good piece posted a while back (maybe from Brian Madden) about 
how having domain-joined computers is no longer strictly necessary?

---Blackberried

-Original Message-
From: "Kennedy, Jim" 
Date: Wed, 20 Jun 2012 17:31:42
To: NT System Admin Issues
Reply-To: "NT System Admin Issues" 
Subject: RE: How many in your company 
can join systems to domain

I have thought about this before...so I am going to toss it out there and see 
how it gets swatted down.

If a staff member brings in a home laptop and joins it to the domain is it more 
of a threat or less of a threat than not being in the domain and just plugged 
into the network. I ask because here after they reboot they will get all the 
patches, up to date AV software and no-one except IT Staff will be a local 
admin. Most won't even be able to get to a command prompt.




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: How many in your company can join systems to domain

[Kennedy, Jim]

We have to do both. We have to control our environment and find a way to make 
BYOT work and be safe. Much as you did in your last paragraph.

My original point was poorly written on my part, I do not ALLOW people to join 
their computers to our domain. We isolate them. I was just raising the point 
that if you do something like NAC to control it's access until it meets specs 
it can work and might not be all bad. I have more control if it has my NAC 
agent, my SCCM agent and my rules applied to it. I was only pointing out it 
might be less of a threat than a non-joined computer.


From: Kurt Buff [kurt.b...@gmail.com]
Sent: Wednesday, June 20, 2012 6:19 PM
To: NT System Admin Issues
Subject: Re: How many in your company can join systems to domain

Yes, we can stop it, and should stop it.

If you don't control your environment, you can't control your destiny.

I do like the approach that Good and a couple of other vendors have
taken - they are device-agnostic, and strive to set a perimeter around
corporate info, keeping it separate from personal info. Definitely the
way to go, IMHO.

Kurt

On Wed, Jun 20, 2012 at 1:08 PM, Kennedy, Jim
 wrote:
> Get used to it.  BYOT is coming, we won't be able to stop it. Not sure we 
> should.
>
> -Original Message-
> From: David Lum [mailto:david@nwea.org]
> Sent: Wednesday, June 20, 2012 4:03 PM
> To: NT System Admin Issues
> Subject: RE: How many in your company can join systems to domain
>
> Kind of makes it hard to use a GPO then, doesn't it?
>
> -Original Message-
> From: Rankin, James R [mailto:kz2...@googlemail.com]
> Sent: Wednesday, June 20, 2012 12:10 PM
> To: NT System Admin Issues
> Subject: Re: How many in your company can join systems to domain
>
> Wasn't there a good piece posted a while back (maybe from Brian Madden) about 
> how having domain-joined computers is no longer strictly necessary?
>
> ---Blackberried
>
> -Original Message-
> From: "Kennedy, Jim" 
> Date: Wed, 20 Jun 2012 17:31:42
> To: NT System Admin Issues
> Reply-To: "NT System Admin Issues" 
> Subject: RE: How many in your company 
> can join systems to domain
>
> I have thought about this before...so I am going to toss it out there and see 
> how it gets swatted down.
>
> If a staff member brings in a home laptop and joins it to the domain is it 
> more of a threat or less of a threat than not being in the domain and just 
> plugged into the network. I ask because here after they reboot they will get 
> all the patches, up to date AV software and no-one except IT Staff will be a 
> local admin. Most won't even be able to get to a command prompt.
>
> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Wednesday, June 20, 2012 1:17 PM
> To: NT System Admin Issues
> Subject: Re: How many in your company can join systems to domain
>
> By default yes, unless you turn it off, which, IMHO, is the sane thing to 
> do...
>
> On Wed, Jun 20, 2012 at 8:30 AM, Webster  wrote:
>> I haven't had to deal with this in a long time but IIRC anyone who is
>> in Domain Users can join up to 10 computers to your domain.
>>
>> http://support.microsoft.com/kb/243327
>>
>>
>> Carl Webster
>>
>> Consultant and Citrix Technology Professional
>>
>> http://www.CarlWebster.com
>>
>>
>> From: David Lum 
>> Reply-To: NT Issues 
>> Date: Wednesday, June 20, 2012 8:19 AM
>> To: NT Issues 
>> Subject: How many in your company can join systems to domain
>>
>> Subject line pretty much says it. We have 600 employees and an IT
>> staff of 50-ish (including developers) and I swear all 50 can join
>> systems to the domain. Certainly 10 of them can and that seems like a lot.
>>
>>
>>
>> Brought up because these guys drive me crazy by loosely following
>> naming standards, not moving to the appropriate OU, and not putting
>> descriptions in AD.
>>
>> David Lum
>> Systems Engineer //
>> NWEATM
>> Office 503.548.5229//Cell (voice/text) 503.267.9764
>>
>>
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>>   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>>   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the bod

RE: InfoSec compliance

[Kennedy, Jim]

They sign ours when hired, and they click OK accepting the policy again every 
time they log in. Our lawyer was pretty happy to hear that we did that.

Our environment is a bit different than otherswe are a school district and 
our employment contract is very clear that we abide by the rules of the school 
district...that those rules are publish in the magic book for your review 
anytime you want...they are public recordso what works legally in our 
situation may not apply to others.


From: Kurt Buff [kurt.b...@gmail.com]
Sent: Wednesday, June 20, 2012 4:29 PM
To: NT System Admin Issues
Subject: Re: InfoSec compliance

They sign a paper when hired.

We haven't updated our policies in a long time. If we were to update
our policies, I think sending an email via Outlook with a voting
button on it would be a good way to do it.

Kurt

On Wed, Jun 20, 2012 at 11:57 AM, David Lum  wrote:
> Assuming you guys have employees confirm they’ve read and understand the
> computer use policies, how do you guys deliver and track this so later you
> can say “look here’s our confirmation that you said you did read and
> understand it”?
>
>
>
> E-mail?
>
> Web survery / test?
>
> Paper?
>
> Other?
>
> David Lum
> Systems Engineer // NWEATM
> Office 503.548.5229 // Cell (voice/text) 503.267.9764
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: How many in your company can join systems to domain

[Rankin, James R]

Many places that use thin clients don't have them domain-joined. But they are 
still (in the main) centrally-managed.

---Blackberried

-Original Message-
From: "Andrew S. Baker" 
Date: Wed, 20 Jun 2012 18:53:28 
To: NT System Admin Issues
Reply-To: "NT System Admin Issues" 
Subject: Re: How many in your company can join systems to domain

*>>In my opinion, the wild-and-wooly days of BYOD are already past. IT is
going to make you sign something that says IT can wipe your device if you
leave the company. And if they aren't yet, they will be darn soon.*

I don't think that's going to happen in most places.

I do think, however, that before we need to get to that showdown, the
vendors will figure out how to segregate corporate data from personal data
such that the necessary clearing of sensitive data can occur without
adverse impact to the employee's private data.

Plus, it is kind of unfair to put the onus of this security on the mobile
device when data leaves corporate networks by so many other means that are
less well regulated  (home machines for smaller firms, web access, cloud
storage, etc)

It's not like some organizations don't want to take advantage of BYOD
themselves -- significantly reducing their expenses for phone
communications and getting rid of a gazillion service contracts.

So, I think we'll find some good middle ground.

* *

*ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of
Technology for the SMB market…

*



On Wed, Jun 20, 2012 at 5:15 PM, Michael B. Smith wrote:

> Whether you call it "identity federation", "network access control",
> "domain join" or whatever - IT will require control of the devices
> consuming corporate content.
>
> In my opinion, the wild-and-wooly days of BYOD are already past. IT is
> going to make you sign something that says IT can wipe your device if you
> leave the company. And if they aren't yet, they will be darn soon.
>
> You put an SCCM agent (or an InTune agent) on a non-domain-joined machine,
> and except for authentication, it might as well be domain-joined.
> Authorization and access to many corporate resources can be controlled from
> that agent.
>
> And the comment that "those fancy Mac laptops" aren't on the domain --
> that's completely wrong. They call it "binding to the domain" instead of
> "joining the domain", but at my MORG and LORG customers, the Macs are on
> the domain just like the PCs.
>
> Long story short - I'm certainly not as famous as he is, but I disagree
> with him.
>
> -Original Message-
> From: Rankin, James R [mailto:kz2...@googlemail.com]
> Sent: Wednesday, June 20, 2012 4:56 PM
> To: NT System Admin Issues
> Subject: Re: How many in your company can join systems to domain
>
> Think this was what I was referring to
>
>
> http://www.brianmadden.com/blogs/brianmadden/archive/2012/04/30/the-real-reason-microsoft-windows-rt-devices-won-t-be-able-to-join-ad-domains-hint-ad-is-not-about-systems-management-anymore.aspx
>
> The issue is the session the user uses is domain-joined, not the device
> itself
>
> I am on holiday so haven't had time to read it properly and ensure it said
> what I was thinking about
>
> ---Blackberried
>
> -Original Message-
> From: "Michael B. Smith" 
> Date: Wed, 20 Jun 2012 20:22:04
> To: NT System Admin Issues
> Reply-To: "NT System Admin Issues" 
> Subject:
> RE: How many in your company can join systems to domain
>
> I'm running way behind here, and some people may have already responded,
> but if he said that - well, I think it's just a crock.
>
> Domain membership provides a plethora of functionality.
>
> -Original Message-
> From: David Lum [mailto:david@nwea.org]
> Sent: Wednesday, June 20, 2012 3:39 PM
> To: NT System Admin Issues
> Subject: RE: How many in your company can join systems to domain
>
> Kind of makes it hard to use a GPO then, doesn't it?
>
> -Original Message-
> From: Rankin, James R [mailto:kz2...@googlemail.com]
> Sent: Wednesday, June 20, 2012 12:10 PM
> To: NT System Admin Issues
> Subject: Re: How many in your company can join systems to domain
>
> Wasn't there a good piece posted a while back (maybe from Brian Madden)
> about how having domain-joined computers is no longer strictly necessary?
>
> ---Blackberried
>
> -Original Message-
> From: "Kennedy, Jim" 
> Date: Wed, 20 Jun 2012 17:31:42
> To: NT System Admin Issues
> Reply-To: "NT System Admin Issues" 
> Subject:
> RE: How many in your company can join systems to domain
>
> I have thought about this before...so I am going to toss it out there and
> see how it gets swatted down.
>
> If a staff member brings in a home laptop and joins it to the domain is it
> more of a threat or less of a threat than not being in the domain and just
> plugged into the network. I ask because here after they reboot they will
> get all the patches, up to date AV software and no-one except IT Staff will
> be a local admin. Most won't even be able to get to a command prompt.
>
> -

Re: How many in your company can join systems to domain

[Andrew S. Baker]

*>>In my opinion, the wild-and-wooly days of BYOD are already past. IT is
going to make you sign something that says IT can wipe your device if you
leave the company. And if they aren't yet, they will be darn soon.*

I don't think that's going to happen in most places.

I do think, however, that before we need to get to that showdown, the
vendors will figure out how to segregate corporate data from personal data
such that the necessary clearing of sensitive data can occur without
adverse impact to the employee's private data.

Plus, it is kind of unfair to put the onus of this security on the mobile
device when data leaves corporate networks by so many other means that are
less well regulated  (home machines for smaller firms, web access, cloud
storage, etc)

It's not like some organizations don't want to take advantage of BYOD
themselves -- significantly reducing their expenses for phone
communications and getting rid of a gazillion service contracts.

So, I think we'll find some good middle ground.

* *

*ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of
Technology for the SMB market…

*



On Wed, Jun 20, 2012 at 5:15 PM, Michael B. Smith wrote:

> Whether you call it "identity federation", "network access control",
> "domain join" or whatever - IT will require control of the devices
> consuming corporate content.
>
> In my opinion, the wild-and-wooly days of BYOD are already past. IT is
> going to make you sign something that says IT can wipe your device if you
> leave the company. And if they aren't yet, they will be darn soon.
>
> You put an SCCM agent (or an InTune agent) on a non-domain-joined machine,
> and except for authentication, it might as well be domain-joined.
> Authorization and access to many corporate resources can be controlled from
> that agent.
>
> And the comment that "those fancy Mac laptops" aren't on the domain --
> that's completely wrong. They call it "binding to the domain" instead of
> "joining the domain", but at my MORG and LORG customers, the Macs are on
> the domain just like the PCs.
>
> Long story short - I'm certainly not as famous as he is, but I disagree
> with him.
>
> -Original Message-
> From: Rankin, James R [mailto:kz2...@googlemail.com]
> Sent: Wednesday, June 20, 2012 4:56 PM
> To: NT System Admin Issues
> Subject: Re: How many in your company can join systems to domain
>
> Think this was what I was referring to
>
>
> http://www.brianmadden.com/blogs/brianmadden/archive/2012/04/30/the-real-reason-microsoft-windows-rt-devices-won-t-be-able-to-join-ad-domains-hint-ad-is-not-about-systems-management-anymore.aspx
>
> The issue is the session the user uses is domain-joined, not the device
> itself
>
> I am on holiday so haven't had time to read it properly and ensure it said
> what I was thinking about
>
> ---Blackberried
>
> -Original Message-
> From: "Michael B. Smith" 
> Date: Wed, 20 Jun 2012 20:22:04
> To: NT System Admin Issues
> Reply-To: "NT System Admin Issues" 
> Subject:
> RE: How many in your company can join systems to domain
>
> I'm running way behind here, and some people may have already responded,
> but if he said that - well, I think it's just a crock.
>
> Domain membership provides a plethora of functionality.
>
> -Original Message-
> From: David Lum [mailto:david@nwea.org]
> Sent: Wednesday, June 20, 2012 3:39 PM
> To: NT System Admin Issues
> Subject: RE: How many in your company can join systems to domain
>
> Kind of makes it hard to use a GPO then, doesn't it?
>
> -Original Message-
> From: Rankin, James R [mailto:kz2...@googlemail.com]
> Sent: Wednesday, June 20, 2012 12:10 PM
> To: NT System Admin Issues
> Subject: Re: How many in your company can join systems to domain
>
> Wasn't there a good piece posted a while back (maybe from Brian Madden)
> about how having domain-joined computers is no longer strictly necessary?
>
> ---Blackberried
>
> -Original Message-
> From: "Kennedy, Jim" 
> Date: Wed, 20 Jun 2012 17:31:42
> To: NT System Admin Issues
> Reply-To: "NT System Admin Issues" 
> Subject:
> RE: How many in your company can join systems to domain
>
> I have thought about this before...so I am going to toss it out there and
> see how it gets swatted down.
>
> If a staff member brings in a home laptop and joins it to the domain is it
> more of a threat or less of a threat than not being in the domain and just
> plugged into the network. I ask because here after they reboot they will
> get all the patches, up to date AV software and no-one except IT Staff will
> be a local admin. Most won't even be able to get to a command prompt.
>
> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Wednesday, June 20, 2012 1:17 PM
> To: NT System Admin Issues
> Subject: Re: How many in your company can join systems to domain
>
> By default yes, unless you turn it off, which, IMHO, is the sane thing to
> do...
>
> On Wed, Jun 20, 2012 at 8:30 AM, Webster  wrote:
>

Re: How many in your company can join systems to domain

[Andrew S. Baker]

We (in IT) can manage our environment, but rarely every control 100% of it.
  That's just life.

* *

*ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of
Technology for the SMB market…

*



On Wed, Jun 20, 2012 at 6:17 PM, Kurt Buff  wrote:

> Yes, we can stop it, and should stop it.
>
> If you don't control your environment, you can't control your destiny.
>
> I do like the approach that Good and a couple of other vendors have
> taken - they are device-agnostic, and strive to set a perimeter around
> corporate info, keeping it separate from personal info. Definitely the
> way to go, IMHO.
>
> Kurt
>
> On Wed, Jun 20, 2012 at 1:08 PM, Kennedy, Jim
>  wrote:
> > Get used to it.  BYOT is coming, we won't be able to stop it. Not sure
> we should.
> >
> > -Original Message-
> > From: David Lum [mailto:david@nwea.org]
> > Sent: Wednesday, June 20, 2012 4:03 PM
> > To: NT System Admin Issues
> > Subject: RE: How many in your company can join systems to domain
> >
> > Kind of makes it hard to use a GPO then, doesn't it?
> >
> > -Original Message-
> > From: Rankin, James R [mailto:kz2...@googlemail.com]
> > Sent: Wednesday, June 20, 2012 12:10 PM
> > To: NT System Admin Issues
> > Subject: Re: How many in your company can join systems to domain
> >
> > Wasn't there a good piece posted a while back (maybe from Brian Madden)
> about how having domain-joined computers is no longer strictly necessary?
> >
> > ---Blackberried
> >
> > -Original Message-
> > From: "Kennedy, Jim" 
> > Date: Wed, 20 Jun 2012 17:31:42
> > To: NT System Admin Issues
> > Reply-To: "NT System Admin Issues" <
> ntsysadmin@lyris.sunbelt-software.com>Subject: RE: How many in your
> company can join systems to domain
> >
> > I have thought about this before...so I am going to toss it out there
> and see how it gets swatted down.
> >
> > If a staff member brings in a home laptop and joins it to the domain is
> it more of a threat or less of a threat than not being in the domain and
> just plugged into the network. I ask because here after they reboot they
> will get all the patches, up to date AV software and no-one except IT Staff
> will be a local admin. Most won't even be able to get to a command prompt.
> >
> > -Original Message-
> > From: Kurt Buff [mailto:kurt.b...@gmail.com]
> > Sent: Wednesday, June 20, 2012 1:17 PM
> > To: NT System Admin Issues
> > Subject: Re: How many in your company can join systems to domain
> >
> > By default yes, unless you turn it off, which, IMHO, is the sane thing
> to do...
> >
> > On Wed, Jun 20, 2012 at 8:30 AM, Webster 
> wrote:
> >> I haven't had to deal with this in a long time but IIRC anyone who is
> >> in Domain Users can join up to 10 computers to your domain.
> >>
> >> http://support.microsoft.com/kb/243327
> >>
> >>
> >> Carl Webster
> >>
> >> Consultant and Citrix Technology Professional
> >>
> >> http://www.CarlWebster.com
> >>
> >>
> >> From: David Lum 
> >> Reply-To: NT Issues 
> >> Date: Wednesday, June 20, 2012 8:19 AM
> >> To: NT Issues 
> >> Subject: How many in your company can join systems to domain
> >>
> >> Subject line pretty much says it. We have 600 employees and an IT
> >> staff of 50-ish (including developers) and I swear all 50 can join
> >> systems to the domain. Certainly 10 of them can and that seems like a
> lot.
> >>
> >>
> >>
> >> Brought up because these guys drive me crazy by loosely following
> >> naming standards, not moving to the appropriate OU, and not putting
> >> descriptions in AD.
> >>
> >> David Lum
> >> Systems Engineer //
> >> NWEATM
> >> Office 503.548.5229//Cell (voice/text) 503.267.9764
> >>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: How many in your company can join systems to domain

[James Hill]

I second that.  I also think that the majority of the devices that have pushed 
in have been ipads.  Microsoft haven't had anything good enough to compete with 
them.

Soon there will be Surface and it will fill that hole.

James.

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Thursday, 21 June 2012 8:19 AM
To: NT System Admin Issues
Subject: Re: How many in your company can join systems to domain

Agreed.

On Wed, Jun 20, 2012 at 2:15 PM, Michael B. Smith  wrote:
> Whether you call it "identity federation", "network access control", "domain 
> join" or whatever - IT will require control of the devices consuming 
> corporate content.
>
> In my opinion, the wild-and-wooly days of BYOD are already past. IT is going 
> to make you sign something that says IT can wipe your device if you leave the 
> company. And if they aren't yet, they will be darn soon.
>
> You put an SCCM agent (or an InTune agent) on a non-domain-joined machine, 
> and except for authentication, it might as well be domain-joined. 
> Authorization and access to many corporate resources can be controlled from 
> that agent.
>
> And the comment that "those fancy Mac laptops" aren't on the domain -- that's 
> completely wrong. They call it "binding to the domain" instead of "joining 
> the domain", but at my MORG and LORG customers, the Macs are on the domain 
> just like the PCs.
>
> Long story short - I'm certainly not as famous as he is, but I disagree with 
> him.
>
> -Original Message-
> From: Rankin, James R [mailto:kz2...@googlemail.com]
> Sent: Wednesday, June 20, 2012 4:56 PM
> To: NT System Admin Issues
> Subject: Re: How many in your company can join systems to domain
>
> Think this was what I was referring to
>
> http://www.brianmadden.com/blogs/brianmadden/archive/2012/04/30/the-re
> al-reason-microsoft-windows-rt-devices-won-t-be-able-to-join-ad-domain
> s-hint-ad-is-not-about-systems-management-anymore.aspx
>
> The issue is the session the user uses is domain-joined, not the 
> device itself
>
> I am on holiday so haven't had time to read it properly and ensure it 
> said what I was thinking about
>
> ---Blackberried
>
> -Original Message-
> From: "Michael B. Smith" 
> Date: Wed, 20 Jun 2012 20:22:04
> To: NT System Admin Issues
> Reply-To: "NT System Admin Issues" 
> Subject: RE: How many in your 
> company can join systems to domain
>
> I'm running way behind here, and some people may have already responded, but 
> if he said that - well, I think it's just a crock.
>
> Domain membership provides a plethora of functionality.
>
> -Original Message-
> From: David Lum [mailto:david@nwea.org]
> Sent: Wednesday, June 20, 2012 3:39 PM
> To: NT System Admin Issues
> Subject: RE: How many in your company can join systems to domain
>
> Kind of makes it hard to use a GPO then, doesn't it?
>
> -Original Message-
> From: Rankin, James R [mailto:kz2...@googlemail.com]
> Sent: Wednesday, June 20, 2012 12:10 PM
> To: NT System Admin Issues
> Subject: Re: How many in your company can join systems to domain
>
> Wasn't there a good piece posted a while back (maybe from Brian Madden) about 
> how having domain-joined computers is no longer strictly necessary?
>
> ---Blackberried
>
> -Original Message-
> From: "Kennedy, Jim" 
> Date: Wed, 20 Jun 2012 17:31:42
> To: NT System Admin Issues
> Reply-To: "NT System Admin Issues" 
> Subject: RE: How many in your 
> company can join systems to domain
>
> I have thought about this before...so I am going to toss it out there and see 
> how it gets swatted down.
>
> If a staff member brings in a home laptop and joins it to the domain is it 
> more of a threat or less of a threat than not being in the domain and just 
> plugged into the network. I ask because here after they reboot they will get 
> all the patches, up to date AV software and no-one except IT Staff will be a 
> local admin. Most won't even be able to get to a command prompt.
>
> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Wednesday, June 20, 2012 1:17 PM
> To: NT System Admin Issues
> Subject: Re: How many in your company can join systems to domain
>
> By default yes, unless you turn it off, which, IMHO, is the sane thing to 
> do...
>
> On Wed, Jun 20, 2012 at 8:30 AM, Webster  wrote:
>> I haven't had to deal with this in a long time but IIRC anyone who is 
>> in Domain Users can join up to 10 computers to your domain.
>>
>> http://support.microsoft.com/kb/243327
>>
>>
>> Carl Webster
>>
>> Consultant and Citrix Technology Professional
>>
>> http://www.CarlWebster.com
>>
>>
>> From: David Lum 
>> Reply-To: NT Issues 
>> Date: Wednesday, June 20, 2012 8:19 AM
>> To: NT Issues 
>> Subject: How many in your company can join systems to domain
>>
>> Subject line pretty much says it. We have 600 employees and an IT 
>> staff of 50-ish (including developers) and I swear all 50 can join 
>> systems to the domain. Certainly 10 of them ca

Re: How many in your company can join systems to domain

[Kurt Buff]

Agreed.

On Wed, Jun 20, 2012 at 2:15 PM, Michael B. Smith  wrote:
> Whether you call it "identity federation", "network access control", "domain 
> join" or whatever - IT will require control of the devices consuming 
> corporate content.
>
> In my opinion, the wild-and-wooly days of BYOD are already past. IT is going 
> to make you sign something that says IT can wipe your device if you leave the 
> company. And if they aren't yet, they will be darn soon.
>
> You put an SCCM agent (or an InTune agent) on a non-domain-joined machine, 
> and except for authentication, it might as well be domain-joined. 
> Authorization and access to many corporate resources can be controlled from 
> that agent.
>
> And the comment that "those fancy Mac laptops" aren't on the domain -- that's 
> completely wrong. They call it "binding to the domain" instead of "joining 
> the domain", but at my MORG and LORG customers, the Macs are on the domain 
> just like the PCs.
>
> Long story short - I'm certainly not as famous as he is, but I disagree with 
> him.
>
> -Original Message-
> From: Rankin, James R [mailto:kz2...@googlemail.com]
> Sent: Wednesday, June 20, 2012 4:56 PM
> To: NT System Admin Issues
> Subject: Re: How many in your company can join systems to domain
>
> Think this was what I was referring to
>
> http://www.brianmadden.com/blogs/brianmadden/archive/2012/04/30/the-real-reason-microsoft-windows-rt-devices-won-t-be-able-to-join-ad-domains-hint-ad-is-not-about-systems-management-anymore.aspx
>
> The issue is the session the user uses is domain-joined, not the device itself
>
> I am on holiday so haven't had time to read it properly and ensure it said 
> what I was thinking about
>
> ---Blackberried
>
> -Original Message-
> From: "Michael B. Smith" 
> Date: Wed, 20 Jun 2012 20:22:04
> To: NT System Admin Issues
> Reply-To: "NT System Admin Issues" 
> Subject: RE: How many in your company 
> can join systems to domain
>
> I'm running way behind here, and some people may have already responded, but 
> if he said that - well, I think it's just a crock.
>
> Domain membership provides a plethora of functionality.
>
> -Original Message-
> From: David Lum [mailto:david@nwea.org]
> Sent: Wednesday, June 20, 2012 3:39 PM
> To: NT System Admin Issues
> Subject: RE: How many in your company can join systems to domain
>
> Kind of makes it hard to use a GPO then, doesn't it?
>
> -Original Message-
> From: Rankin, James R [mailto:kz2...@googlemail.com]
> Sent: Wednesday, June 20, 2012 12:10 PM
> To: NT System Admin Issues
> Subject: Re: How many in your company can join systems to domain
>
> Wasn't there a good piece posted a while back (maybe from Brian Madden) about 
> how having domain-joined computers is no longer strictly necessary?
>
> ---Blackberried
>
> -Original Message-
> From: "Kennedy, Jim" 
> Date: Wed, 20 Jun 2012 17:31:42
> To: NT System Admin Issues
> Reply-To: "NT System Admin Issues" 
> Subject: RE: How many in your company 
> can join systems to domain
>
> I have thought about this before...so I am going to toss it out there and see 
> how it gets swatted down.
>
> If a staff member brings in a home laptop and joins it to the domain is it 
> more of a threat or less of a threat than not being in the domain and just 
> plugged into the network. I ask because here after they reboot they will get 
> all the patches, up to date AV software and no-one except IT Staff will be a 
> local admin. Most won't even be able to get to a command prompt.
>
> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Wednesday, June 20, 2012 1:17 PM
> To: NT System Admin Issues
> Subject: Re: How many in your company can join systems to domain
>
> By default yes, unless you turn it off, which, IMHO, is the sane thing to 
> do...
>
> On Wed, Jun 20, 2012 at 8:30 AM, Webster  wrote:
>> I haven't had to deal with this in a long time but IIRC anyone who is
>> in Domain Users can join up to 10 computers to your domain.
>>
>> http://support.microsoft.com/kb/243327
>>
>>
>> Carl Webster
>>
>> Consultant and Citrix Technology Professional
>>
>> http://www.CarlWebster.com
>>
>>
>> From: David Lum 
>> Reply-To: NT Issues 
>> Date: Wednesday, June 20, 2012 8:19 AM
>> To: NT Issues 
>> Subject: How many in your company can join systems to domain
>>
>> Subject line pretty much says it. We have 600 employees and an IT
>> staff of 50-ish (including developers) and I swear all 50 can join
>> systems to the domain. Certainly 10 of them can and that seems like a lot.
>>
>>
>>
>> Brought up because these guys drive me crazy by loosely following
>> naming standards, not moving to the appropriate OU, and not putting
>> descriptions in AD.
>>
>> David Lum
>> Systems Engineer //
>> NWEATM
>> Office 503.548.5229//Cell (voice/text) 503.267.9764
>>
>>
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>> 

Re: How many in your company can join systems to domain

[Kurt Buff]

Yes, we can stop it, and should stop it.

If you don't control your environment, you can't control your destiny.

I do like the approach that Good and a couple of other vendors have
taken - they are device-agnostic, and strive to set a perimeter around
corporate info, keeping it separate from personal info. Definitely the
way to go, IMHO.

Kurt

On Wed, Jun 20, 2012 at 1:08 PM, Kennedy, Jim
 wrote:
> Get used to it.  BYOT is coming, we won't be able to stop it. Not sure we 
> should.
>
> -Original Message-
> From: David Lum [mailto:david@nwea.org]
> Sent: Wednesday, June 20, 2012 4:03 PM
> To: NT System Admin Issues
> Subject: RE: How many in your company can join systems to domain
>
> Kind of makes it hard to use a GPO then, doesn't it?
>
> -Original Message-
> From: Rankin, James R [mailto:kz2...@googlemail.com]
> Sent: Wednesday, June 20, 2012 12:10 PM
> To: NT System Admin Issues
> Subject: Re: How many in your company can join systems to domain
>
> Wasn't there a good piece posted a while back (maybe from Brian Madden) about 
> how having domain-joined computers is no longer strictly necessary?
>
> ---Blackberried
>
> -Original Message-
> From: "Kennedy, Jim" 
> Date: Wed, 20 Jun 2012 17:31:42
> To: NT System Admin Issues
> Reply-To: "NT System Admin Issues" 
> Subject: RE: How many in your company 
> can join systems to domain
>
> I have thought about this before...so I am going to toss it out there and see 
> how it gets swatted down.
>
> If a staff member brings in a home laptop and joins it to the domain is it 
> more of a threat or less of a threat than not being in the domain and just 
> plugged into the network. I ask because here after they reboot they will get 
> all the patches, up to date AV software and no-one except IT Staff will be a 
> local admin. Most won't even be able to get to a command prompt.
>
> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Wednesday, June 20, 2012 1:17 PM
> To: NT System Admin Issues
> Subject: Re: How many in your company can join systems to domain
>
> By default yes, unless you turn it off, which, IMHO, is the sane thing to 
> do...
>
> On Wed, Jun 20, 2012 at 8:30 AM, Webster  wrote:
>> I haven't had to deal with this in a long time but IIRC anyone who is
>> in Domain Users can join up to 10 computers to your domain.
>>
>> http://support.microsoft.com/kb/243327
>>
>>
>> Carl Webster
>>
>> Consultant and Citrix Technology Professional
>>
>> http://www.CarlWebster.com
>>
>>
>> From: David Lum 
>> Reply-To: NT Issues 
>> Date: Wednesday, June 20, 2012 8:19 AM
>> To: NT Issues 
>> Subject: How many in your company can join systems to domain
>>
>> Subject line pretty much says it. We have 600 employees and an IT
>> staff of 50-ish (including developers) and I swear all 50 can join
>> systems to the domain. Certainly 10 of them can and that seems like a lot.
>>
>>
>>
>> Brought up because these guys drive me crazy by loosely following
>> naming standards, not moving to the appropriate OU, and not putting
>> descriptions in AD.
>>
>> David Lum
>> Systems Engineer //
>> NWEATM
>> Office 503.548.5229//Cell (voice/text) 503.267.9764
>>
>>
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>>   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>>   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
> 

Re: How many in your company can join systems to domain

[Kurt Buff]

Your threat is that you allow personal machines on your production
network. Don't allow that...

Kurt

On Wed, Jun 20, 2012 at 10:31 AM, Kennedy, Jim
 wrote:
> I have thought about this before...so I am going to toss it out there and see 
> how it gets swatted down.
>
> If a staff member brings in a home laptop and joins it to the domain is it 
> more of a threat or less of a threat than not being in the domain and just 
> plugged into the network. I ask because here after they reboot they will get 
> all the patches, up to date AV software and no-one except IT Staff will be a 
> local admin. Most won't even be able to get to a command prompt.
>
> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Wednesday, June 20, 2012 1:17 PM
> To: NT System Admin Issues
> Subject: Re: How many in your company can join systems to domain
>
> By default yes, unless you turn it off, which, IMHO, is the sane thing to 
> do...
>
> On Wed, Jun 20, 2012 at 8:30 AM, Webster  wrote:
>> I haven't had to deal with this in a long time but IIRC anyone who is
>> in Domain Users can join up to 10 computers to your domain.
>>
>> http://support.microsoft.com/kb/243327
>>
>>
>> Carl Webster
>>
>> Consultant and Citrix Technology Professional
>>
>> http://www.CarlWebster.com
>>
>>
>> From: David Lum 
>> Reply-To: NT Issues 
>> Date: Wednesday, June 20, 2012 8:19 AM
>> To: NT Issues 
>> Subject: How many in your company can join systems to domain
>>
>> Subject line pretty much says it. We have 600 employees and an IT
>> staff of 50-ish (including developers) and I swear all 50 can join
>> systems to the domain. Certainly 10 of them can and that seems like a lot.
>>
>>
>>
>> Brought up because these guys drive me crazy by loosely following
>> naming standards, not moving to the appropriate OU, and not putting
>> descriptions in AD.
>>
>> David Lum
>> Systems Engineer //
>> NWEATM
>> Office 503.548.5229//Cell (voice/text) 503.267.9764
>>
>>
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>>   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>>   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: How many in your company can join systems to domain

[Michael B. Smith]

Whether you call it "identity federation", "network access control", "domain 
join" or whatever - IT will require control of the devices consuming corporate 
content.

In my opinion, the wild-and-wooly days of BYOD are already past. IT is going to 
make you sign something that says IT can wipe your device if you leave the 
company. And if they aren't yet, they will be darn soon.

You put an SCCM agent (or an InTune agent) on a non-domain-joined machine, and 
except for authentication, it might as well be domain-joined. Authorization and 
access to many corporate resources can be controlled from that agent.

And the comment that "those fancy Mac laptops" aren't on the domain -- that's 
completely wrong. They call it "binding to the domain" instead of "joining the 
domain", but at my MORG and LORG customers, the Macs are on the domain just 
like the PCs.

Long story short - I'm certainly not as famous as he is, but I disagree with 
him.

-Original Message-
From: Rankin, James R [mailto:kz2...@googlemail.com] 
Sent: Wednesday, June 20, 2012 4:56 PM
To: NT System Admin Issues
Subject: Re: How many in your company can join systems to domain

Think this was what I was referring to

http://www.brianmadden.com/blogs/brianmadden/archive/2012/04/30/the-real-reason-microsoft-windows-rt-devices-won-t-be-able-to-join-ad-domains-hint-ad-is-not-about-systems-management-anymore.aspx

The issue is the session the user uses is domain-joined, not the device itself

I am on holiday so haven't had time to read it properly and ensure it said what 
I was thinking about

---Blackberried

-Original Message-
From: "Michael B. Smith" 
Date: Wed, 20 Jun 2012 20:22:04
To: NT System Admin Issues
Reply-To: "NT System Admin Issues" 
Subject: RE: How many in your company 
can join systems to domain

I'm running way behind here, and some people may have already responded, but if 
he said that - well, I think it's just a crock.

Domain membership provides a plethora of functionality.

-Original Message-
From: David Lum [mailto:david@nwea.org]
Sent: Wednesday, June 20, 2012 3:39 PM
To: NT System Admin Issues
Subject: RE: How many in your company can join systems to domain

Kind of makes it hard to use a GPO then, doesn't it?

-Original Message-
From: Rankin, James R [mailto:kz2...@googlemail.com]
Sent: Wednesday, June 20, 2012 12:10 PM
To: NT System Admin Issues
Subject: Re: How many in your company can join systems to domain

Wasn't there a good piece posted a while back (maybe from Brian Madden) about 
how having domain-joined computers is no longer strictly necessary?

---Blackberried

-Original Message-
From: "Kennedy, Jim" 
Date: Wed, 20 Jun 2012 17:31:42
To: NT System Admin Issues
Reply-To: "NT System Admin Issues" 
Subject: RE: How many in your company 
can join systems to domain

I have thought about this before...so I am going to toss it out there and see 
how it gets swatted down.

If a staff member brings in a home laptop and joins it to the domain is it more 
of a threat or less of a threat than not being in the domain and just plugged 
into the network. I ask because here after they reboot they will get all the 
patches, up to date AV software and no-one except IT Staff will be a local 
admin. Most won't even be able to get to a command prompt.

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com]
Sent: Wednesday, June 20, 2012 1:17 PM
To: NT System Admin Issues
Subject: Re: How many in your company can join systems to domain

By default yes, unless you turn it off, which, IMHO, is the sane thing to do...

On Wed, Jun 20, 2012 at 8:30 AM, Webster  wrote:
> I haven't had to deal with this in a long time but IIRC anyone who is 
> in Domain Users can join up to 10 computers to your domain.
>
> http://support.microsoft.com/kb/243327
>
>
> Carl Webster
>
> Consultant and Citrix Technology Professional
>
> http://www.CarlWebster.com
>
>
> From: David Lum 
> Reply-To: NT Issues 
> Date: Wednesday, June 20, 2012 8:19 AM
> To: NT Issues 
> Subject: How many in your company can join systems to domain
>
> Subject line pretty much says it. We have 600 employees and an IT 
> staff of 50-ish (including developers) and I swear all 50 can join 
> systems to the domain. Certainly 10 of them can and that seems like a lot.
>
>
>
> Brought up because these guys drive me crazy by loosely following 
> naming standards, not moving to the appropriate OU, and not putting 
> descriptions in AD.
>
> David Lum
> Systems Engineer //
> NWEATM
> Office 503.548.5229//Cell (voice/text) 503.267.9764
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog

Re: InfoSec compliance

[Andrew S. Baker]

Physical signature at time of hire.
Outlook voting response every year following.

* *

*ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of
Technology for the SMB market…

*



On Wed, Jun 20, 2012 at 2:57 PM, David Lum  wrote:

> Assuming you guys have employees confirm they’ve read and understand the
> computer use policies, how do you guys deliver and track this so later you
> can say “look here’s our confirmation that you said you did read and
> understand it”?
>
> ** **
>
> E-mail?
>
> Web survery / test?
>
> Paper?
>
> Other?
>
> *David Lum*
> Systems Engineer // NWEATM
> Office 503.548.5229 //* *Cell (voice/text) 503.267.9764
>
> ** **
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: How many in your company can join systems to domain

[Rankin, James R]

Think this was what I was referring to

http://www.brianmadden.com/blogs/brianmadden/archive/2012/04/30/the-real-reason-microsoft-windows-rt-devices-won-t-be-able-to-join-ad-domains-hint-ad-is-not-about-systems-management-anymore.aspx

The issue is the session the user uses is domain-joined, not the device itself

I am on holiday so haven't had time to read it properly and ensure it said what 
I was thinking about

---Blackberried

-Original Message-
From: "Michael B. Smith" 
Date: Wed, 20 Jun 2012 20:22:04 
To: NT System Admin Issues
Reply-To: "NT System Admin Issues" 
Subject: RE: How many in your company 
can join systems to domain

I'm running way behind here, and some people may have already responded, but if 
he said that - well, I think it's just a crock.

Domain membership provides a plethora of functionality.

-Original Message-
From: David Lum [mailto:david@nwea.org] 
Sent: Wednesday, June 20, 2012 3:39 PM
To: NT System Admin Issues
Subject: RE: How many in your company can join systems to domain

Kind of makes it hard to use a GPO then, doesn't it?

-Original Message-
From: Rankin, James R [mailto:kz2...@googlemail.com]
Sent: Wednesday, June 20, 2012 12:10 PM
To: NT System Admin Issues
Subject: Re: How many in your company can join systems to domain

Wasn't there a good piece posted a while back (maybe from Brian Madden) about 
how having domain-joined computers is no longer strictly necessary?

---Blackberried

-Original Message-
From: "Kennedy, Jim" 
Date: Wed, 20 Jun 2012 17:31:42
To: NT System Admin Issues
Reply-To: "NT System Admin Issues" 
Subject: RE: How many in your company 
can join systems to domain

I have thought about this before...so I am going to toss it out there and see 
how it gets swatted down.

If a staff member brings in a home laptop and joins it to the domain is it more 
of a threat or less of a threat than not being in the domain and just plugged 
into the network. I ask because here after they reboot they will get all the 
patches, up to date AV software and no-one except IT Staff will be a local 
admin. Most won't even be able to get to a command prompt.

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com]
Sent: Wednesday, June 20, 2012 1:17 PM
To: NT System Admin Issues
Subject: Re: How many in your company can join systems to domain

By default yes, unless you turn it off, which, IMHO, is the sane thing to do...

On Wed, Jun 20, 2012 at 8:30 AM, Webster  wrote:
> I haven't had to deal with this in a long time but IIRC anyone who is 
> in Domain Users can join up to 10 computers to your domain.
>
> http://support.microsoft.com/kb/243327
>
>
> Carl Webster
>
> Consultant and Citrix Technology Professional
>
> http://www.CarlWebster.com
>
>
> From: David Lum 
> Reply-To: NT Issues 
> Date: Wednesday, June 20, 2012 8:19 AM
> To: NT Issues 
> Subject: How many in your company can join systems to domain
>
> Subject line pretty much says it. We have 600 employees and an IT 
> staff of 50-ish (including developers) and I swear all 50 can join 
> systems to the domain. Certainly 10 of them can and that seems like a lot.
>
>
>
> Brought up because these guys drive me crazy by loosely following 
> naming standards, not moving to the appropriate OU, and not putting 
> descriptions in AD.
>
> David Lum
> Systems Engineer //
> NWEATM
> Office 503.548.5229//Cell (voice/text) 503.267.9764
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to l

RE: InfoSec compliance

[Ralph Smith]

Paper signed on hire, annual training in which we review policies and
they sign a new paper.

 

From: David Lum [mailto:david@nwea.org] 
Sent: Wednesday, June 20, 2012 2:57 PM
To: NT System Admin Issues
Subject: InfoSec compliance

 

Assuming you guys have employees confirm they've read and understand the
computer use policies, how do you guys deliver and track this so later
you can say "look here's our confirmation that you said you did read and
understand it"?

 

E-mail?

Web survery / test?

Paper?

Other?

David Lum 
Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: How many in your company can join systems to domain

[Michael B. Smith]

I'm running way behind here, and some people may have already responded, but if 
he said that - well, I think it's just a crock.

Domain membership provides a plethora of functionality.

-Original Message-
From: David Lum [mailto:david@nwea.org] 
Sent: Wednesday, June 20, 2012 3:39 PM
To: NT System Admin Issues
Subject: RE: How many in your company can join systems to domain

Kind of makes it hard to use a GPO then, doesn't it?

-Original Message-
From: Rankin, James R [mailto:kz2...@googlemail.com]
Sent: Wednesday, June 20, 2012 12:10 PM
To: NT System Admin Issues
Subject: Re: How many in your company can join systems to domain

Wasn't there a good piece posted a while back (maybe from Brian Madden) about 
how having domain-joined computers is no longer strictly necessary?

---Blackberried

-Original Message-
From: "Kennedy, Jim" 
Date: Wed, 20 Jun 2012 17:31:42
To: NT System Admin Issues
Reply-To: "NT System Admin Issues" 
Subject: RE: How many in your company 
can join systems to domain

I have thought about this before...so I am going to toss it out there and see 
how it gets swatted down.

If a staff member brings in a home laptop and joins it to the domain is it more 
of a threat or less of a threat than not being in the domain and just plugged 
into the network. I ask because here after they reboot they will get all the 
patches, up to date AV software and no-one except IT Staff will be a local 
admin. Most won't even be able to get to a command prompt.

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com]
Sent: Wednesday, June 20, 2012 1:17 PM
To: NT System Admin Issues
Subject: Re: How many in your company can join systems to domain

By default yes, unless you turn it off, which, IMHO, is the sane thing to do...

On Wed, Jun 20, 2012 at 8:30 AM, Webster  wrote:
> I haven't had to deal with this in a long time but IIRC anyone who is 
> in Domain Users can join up to 10 computers to your domain.
>
> http://support.microsoft.com/kb/243327
>
>
> Carl Webster
>
> Consultant and Citrix Technology Professional
>
> http://www.CarlWebster.com
>
>
> From: David Lum 
> Reply-To: NT Issues 
> Date: Wednesday, June 20, 2012 8:19 AM
> To: NT Issues 
> Subject: How many in your company can join systems to domain
>
> Subject line pretty much says it. We have 600 employees and an IT 
> staff of 50-ish (including developers) and I swear all 50 can join 
> systems to the domain. Certainly 10 of them can and that seems like a lot.
>
>
>
> Brought up because these guys drive me crazy by loosely following 
> naming standards, not moving to the appropriate OU, and not putting 
> descriptions in AD.
>
> David Lum
> Systems Engineer //
> NWEATM
> Office 503.548.5229//Cell (voice/text) 503.267.9764
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana..

Re: InfoSec compliance

[Kevin Lundy]

Can you explain this update?

On Wed, Jun 20, 2012 at 3:41 PM, Steven Peck  wrote:

> HR paper work at time of hire.  The one change they did an update on, they
> did a SharePoint app so your acknologement was tied to your user logon.
>
>
> On Wed, Jun 20, 2012 at 11:57 AM, David Lum  wrote:
>
>> Assuming you guys have employees confirm they’ve read and understand the
>> computer use policies, how do you guys deliver and track this so later you
>> can say “look here’s our confirmation that you said you did read and
>> understand it”?
>>
>> ** **
>>
>> E-mail?
>>
>> Web survery / test?
>>
>> Paper?
>>
>> Other?
>>
>> *David Lum*
>> Systems Engineer // NWEATM
>> Office 503.548.5229 //* *Cell (voice/text) 503.267.9764
>>
>> ** **
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: How many in your company can join systems to domain

[Kennedy, Jim]

Get used to it.  BYOT is coming, we won't be able to stop it. Not sure we 
should.

-Original Message-
From: David Lum [mailto:david@nwea.org] 
Sent: Wednesday, June 20, 2012 4:03 PM
To: NT System Admin Issues
Subject: RE: How many in your company can join systems to domain

Kind of makes it hard to use a GPO then, doesn't it?

-Original Message-
From: Rankin, James R [mailto:kz2...@googlemail.com]
Sent: Wednesday, June 20, 2012 12:10 PM
To: NT System Admin Issues
Subject: Re: How many in your company can join systems to domain

Wasn't there a good piece posted a while back (maybe from Brian Madden) about 
how having domain-joined computers is no longer strictly necessary?

---Blackberried

-Original Message-
From: "Kennedy, Jim" 
Date: Wed, 20 Jun 2012 17:31:42
To: NT System Admin Issues
Reply-To: "NT System Admin Issues" 
Subject: RE: How many in your company 
can join systems to domain

I have thought about this before...so I am going to toss it out there and see 
how it gets swatted down.

If a staff member brings in a home laptop and joins it to the domain is it more 
of a threat or less of a threat than not being in the domain and just plugged 
into the network. I ask because here after they reboot they will get all the 
patches, up to date AV software and no-one except IT Staff will be a local 
admin. Most won't even be able to get to a command prompt.

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com]
Sent: Wednesday, June 20, 2012 1:17 PM
To: NT System Admin Issues
Subject: Re: How many in your company can join systems to domain

By default yes, unless you turn it off, which, IMHO, is the sane thing to do...

On Wed, Jun 20, 2012 at 8:30 AM, Webster  wrote:
> I haven't had to deal with this in a long time but IIRC anyone who is 
> in Domain Users can join up to 10 computers to your domain.
>
> http://support.microsoft.com/kb/243327
>
>
> Carl Webster
>
> Consultant and Citrix Technology Professional
>
> http://www.CarlWebster.com
>
>
> From: David Lum 
> Reply-To: NT Issues 
> Date: Wednesday, June 20, 2012 8:19 AM
> To: NT Issues 
> Subject: How many in your company can join systems to domain
>
> Subject line pretty much says it. We have 600 employees and an IT 
> staff of 50-ish (including developers) and I swear all 50 can join 
> systems to the domain. Certainly 10 of them can and that seems like a lot.
>
>
>
> Brought up because these guys drive me crazy by loosely following 
> naming standards, not moving to the appropriate OU, and not putting 
> descriptions in AD.
>
> David Lum
> Systems Engineer //
> NWEATM
> Office 503.548.5229//Cell (voice/text) 503.267.9764
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: How many in your company can join systems to domain

[Rankin, James R]

You'd have to read the article to get the context of it. Will see if I can find 
it later on

---Blackberried

-Original Message-
From: David Lum 
Date: Wed, 20 Jun 2012 19:38:42 
To: NT System Admin Issues
Reply-To: "NT System Admin Issues" 
Subject: RE: How many in your company 
can join systems to domain

Kind of makes it hard to use a GPO then, doesn't it?

-Original Message-
From: Rankin, James R [mailto:kz2...@googlemail.com] 
Sent: Wednesday, June 20, 2012 12:10 PM
To: NT System Admin Issues
Subject: Re: How many in your company can join systems to domain

Wasn't there a good piece posted a while back (maybe from Brian Madden) about 
how having domain-joined computers is no longer strictly necessary?

---Blackberried

-Original Message-
From: "Kennedy, Jim" 
Date: Wed, 20 Jun 2012 17:31:42
To: NT System Admin Issues
Reply-To: "NT System Admin Issues" 
Subject: RE: How many in your company 
can join systems to domain

I have thought about this before...so I am going to toss it out there and see 
how it gets swatted down.

If a staff member brings in a home laptop and joins it to the domain is it more 
of a threat or less of a threat than not being in the domain and just plugged 
into the network. I ask because here after they reboot they will get all the 
patches, up to date AV software and no-one except IT Staff will be a local 
admin. Most won't even be able to get to a command prompt.

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com]
Sent: Wednesday, June 20, 2012 1:17 PM
To: NT System Admin Issues
Subject: Re: How many in your company can join systems to domain

By default yes, unless you turn it off, which, IMHO, is the sane thing to do...

On Wed, Jun 20, 2012 at 8:30 AM, Webster  wrote:
> I haven't had to deal with this in a long time but IIRC anyone who is 
> in Domain Users can join up to 10 computers to your domain.
>
> http://support.microsoft.com/kb/243327
>
>
> Carl Webster
>
> Consultant and Citrix Technology Professional
>
> http://www.CarlWebster.com
>
>
> From: David Lum 
> Reply-To: NT Issues 
> Date: Wednesday, June 20, 2012 8:19 AM
> To: NT Issues 
> Subject: How many in your company can join systems to domain
>
> Subject line pretty much says it. We have 600 employees and an IT 
> staff of 50-ish (including developers) and I swear all 50 can join 
> systems to the domain. Certainly 10 of them can and that seems like a lot.
>
>
>
> Brought up because these guys drive me crazy by loosely following 
> naming standards, not moving to the appropriate OU, and not putting 
> descriptions in AD.
>
> David Lum
> Systems Engineer //
> NWEATM
> Office 503.548.5229//Cell (voice/text) 503.267.9764
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: InfoSec compliance

[Kurt Buff]

They sign a paper when hired.

We haven't updated our policies in a long time. If we were to update
our policies, I think sending an email via Outlook with a voting
button on it would be a good way to do it.

Kurt

On Wed, Jun 20, 2012 at 11:57 AM, David Lum  wrote:
> Assuming you guys have employees confirm they’ve read and understand the
> computer use policies, how do you guys deliver and track this so later you
> can say “look here’s our confirmation that you said you did read and
> understand it”?
>
>
>
> E-mail?
>
> Web survery / test?
>
> Paper?
>
> Other?
>
> David Lum
> Systems Engineer // NWEATM
> Office 503.548.5229 // Cell (voice/text) 503.267.9764
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: InfoSec compliance

[Kevin Lundy]

We have them sign paper as part of their new hire package and it is stored
in their employee file.

That's what we do.  Not necessarily what I think we should do!

On Wed, Jun 20, 2012 at 2:57 PM, David Lum  wrote:

> Assuming you guys have employees confirm they’ve read and understand the
> computer use policies, how do you guys deliver and track this so later you
> can say “look here’s our confirmation that you said you did read and
> understand it”?
>
> ** **
>
> E-mail?
>
> Web survery / test?
>
> Paper?
>
> Other?
>
> *David Lum*
> Systems Engineer // NWEATM
> Office 503.548.5229 //* *Cell (voice/text) 503.267.9764
>
> ** **
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: InfoSec compliance

[Ziots, Edward]

Web Site and test afterwards that is mandatory.

 

Z

 

Edward Ziots

CISSP, Security +, Network +

Security Engineer

Lifespan Organization

ezi...@lifespan.org

 

From: David Lum [mailto:david@nwea.org] 
Sent: Wednesday, June 20, 2012 2:57 PM
To: NT System Admin Issues
Subject: InfoSec compliance

 

Assuming you guys have employees confirm they've read and understand the
computer use policies, how do you guys deliver and track this so later
you can say "look here's our confirmation that you said you did read and
understand it"?

 

E-mail?

Web survery / test?

Paper?

Other?

David Lum 
Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Way OT: some of you might be interested in this kind of thing

[David Lum]

Ben made me laugh

-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com] 
Sent: Wednesday, June 20, 2012 12:16 PM
To: NT System Admin Issues
Subject: Re: Way OT: some of you might be interested in this kind of thing

On Wed, Jun 20, 2012 at 2:10 PM, Ben M. Schorr  wrote:
> I love how they very delicately say that their motor is designed to 
> handle "possible higher weights".

  They could have just said "Americans".

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: InfoSec compliance

[Steven Peck]

HR paper work at time of hire.  The one change they did an update on, they
did a SharePoint app so your acknologement was tied to your user logon.

On Wed, Jun 20, 2012 at 11:57 AM, David Lum  wrote:

> Assuming you guys have employees confirm they’ve read and understand the
> computer use policies, how do you guys deliver and track this so later you
> can say “look here’s our confirmation that you said you did read and
> understand it”?
>
> ** **
>
> E-mail?
>
> Web survery / test?
>
> Paper?
>
> Other?
>
> *David Lum*
> Systems Engineer // NWEATM
> Office 503.548.5229 //* *Cell (voice/text) 503.267.9764
>
> ** **
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: How many in your company can join systems to domain

[David Lum]

Kind of makes it hard to use a GPO then, doesn't it?

-Original Message-
From: Rankin, James R [mailto:kz2...@googlemail.com] 
Sent: Wednesday, June 20, 2012 12:10 PM
To: NT System Admin Issues
Subject: Re: How many in your company can join systems to domain

Wasn't there a good piece posted a while back (maybe from Brian Madden) about 
how having domain-joined computers is no longer strictly necessary?

---Blackberried

-Original Message-
From: "Kennedy, Jim" 
Date: Wed, 20 Jun 2012 17:31:42
To: NT System Admin Issues
Reply-To: "NT System Admin Issues" 
Subject: RE: How many in your company 
can join systems to domain

I have thought about this before...so I am going to toss it out there and see 
how it gets swatted down.

If a staff member brings in a home laptop and joins it to the domain is it more 
of a threat or less of a threat than not being in the domain and just plugged 
into the network. I ask because here after they reboot they will get all the 
patches, up to date AV software and no-one except IT Staff will be a local 
admin. Most won't even be able to get to a command prompt.

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com]
Sent: Wednesday, June 20, 2012 1:17 PM
To: NT System Admin Issues
Subject: Re: How many in your company can join systems to domain

By default yes, unless you turn it off, which, IMHO, is the sane thing to do...

On Wed, Jun 20, 2012 at 8:30 AM, Webster  wrote:
> I haven't had to deal with this in a long time but IIRC anyone who is 
> in Domain Users can join up to 10 computers to your domain.
>
> http://support.microsoft.com/kb/243327
>
>
> Carl Webster
>
> Consultant and Citrix Technology Professional
>
> http://www.CarlWebster.com
>
>
> From: David Lum 
> Reply-To: NT Issues 
> Date: Wednesday, June 20, 2012 8:19 AM
> To: NT Issues 
> Subject: How many in your company can join systems to domain
>
> Subject line pretty much says it. We have 600 employees and an IT 
> staff of 50-ish (including developers) and I swear all 50 can join 
> systems to the domain. Certainly 10 of them can and that seems like a lot.
>
>
>
> Brought up because these guys drive me crazy by loosely following 
> naming standards, not moving to the appropriate OU, and not putting 
> descriptions in AD.
>
> David Lum
> Systems Engineer //
> NWEATM
> Office 503.548.5229//Cell (voice/text) 503.267.9764
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Re-cabling

[Matthew W. Ross]

See this little guy, which I've used when I 'had to' make a ceiling drop for 6 
computers in a shop somewhere:

http://icc.com/products/products/6485-cat-5e-mobile-patch-box-6-port.aspx


--Matt Ross
Ephrata School District


- Original Message -
From: Matthew W. Ross
[mailto:mr...@ephrataschools.org]
To: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com]
Sent: Wed, 20 Jun 2012
11:23:24 -0700
Subject: Re: Re-cabling


> >   I don't know if that's still feasible for >= gig.  It uses all four
> > pairs, so you'd only get 6 ports per connector.  The cross-talk
> > requirements are also much stricter, so it may flat-out violate spec.
> 
> That doesn't mean some of us still don't send a Gig network over 4 pars of a
> Cat-5e or better 25-Pair. It's been known to happen. Sm:)e.
> 
> 
> --Matt Ross
> Ephrata School District
> 
> 
> - Original Message -
> From: Ben Scott
> [mailto:mailvor...@gmail.com]
> To: NT System Admin Issues
> [mailto:ntsysadmin@lyris.sunbelt-software.com]
> Sent: Wed, 20 Jun 2012
> 10:23:27 -0700
> Subject: Re: Re-cabling
> 
> 
> > On Wed, Jun 20, 2012 at 11:59 AM, Brian Desmond 
> > wrote:
> > > Rather than pulling cable all the way down in to the racks, you might
> want
> > > to think about putting a 24 or 48 port panel in the top (back) of each
> > rack
> > > and then running short patch cables from there. Then on the other end
> you
> > > can cross connect to the switch or whatever.
> > 
> >   Back in the days of =< 100 meg, you could buy CAT5 cables and patch
> > panels with 50-pin "telco" connectors.  So you could then connect 12
> > ports on a patch panel using a single cable.  This saved labor, cable
> > space, and made things neater, as you only had to run one or two trunk
> > cables to each rack.
> > 
> >   I don't know if that's still feasible for >= gig.  It uses all four
> > pairs, so you'd only get 6 ports per connector.  The cross-talk
> > requirements are also much stricter, so it may flat-out violate spec.
> > 
> >   But even if one can't do the single connector method, you can buy
> > cable assembles which bundle a bunch of 4-pair RJ-45 lines into a
> > single outer sheath.   That still might make cable management better.
> > 
> > -- Ben
> > 
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> > ~   ~
> > 
> > ---
> > To manage subscriptions click here:
> > http://lyris.sunbelt-software.com/read/my_forums/
> > or send an email to listmana...@lyris.sunbeltsoftware.com
> > with the body: unsubscribe ntsysadmin
> > 
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
> 
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
> 
> 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Re-cabling

[Ben Scott]

On Wed, Jun 20, 2012 at 2:23 PM, Steven M. Caesare  wrote:
>>   Back in the days of =< 100 meg, you could buy CAT5 cables and patch
>> panels with 50-pin "telco" connectors.
>
> We had switches with those instead of RJ-4s as well.. and had fan-out
> cables.  Without the intermediary patch panel, they are a pain.

  Yah, it's definitely something you have to plan for.  You can't just
throw it together, or assume one-size-fits-all.  For a big deployment,
though, it really could make a big difference.  I saw an installation
with a couple dozen racks using them, and it made the cabling a *lot*
neater.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Re-cabling

[Steven M. Caesare]

I think we got one or two without... so I wasn't sure it was every one
or not...

I wonder what their deal with them is...

-sc

> -Original Message-
> From: David Lum [mailto:david@nwea.org]
> Sent: Wednesday, June 20, 2012 2:25 PM
> To: NT System Admin Issues
> Subject: RE: Re-cabling
> 
> I got Skittles with every order, even ones of 10 cables or so.
> 
> -Original Message-
> From: Steven M. Caesare [mailto:scaes...@caesare.com]
> Sent: Wednesday, June 20, 2012 10:18 AM
> To: NT System Admin Issues
> Subject: RE: Re-cabling
> 
> And... deepsurplus has a habit of occasionally sending a pack of
skittles in your
> box as a bonus. Once we got like 8 packs in a big order.
> 
> -sc
> 
> > -Original Message-
> > From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
> > Sent: Wednesday, June 20, 2012 11:32 AM
> > To: NT System Admin Issues
> > Subject: Re: Re-cabling
> >
> > Looks like Deepsurplus.com beats Monoprice.com as well, which
> impresses me
> > a bit.
> >
> >
> > --Matt Ross
> > Ephrata School District
> >
> >
> > - Original Message -
> > From: Tom Miller
> > [mailto:tmil...@hnncsb.org]
> > To: NT System Admin Issues
> > [mailto:ntsysadmin@lyris.sunbelt-software.com]
> > Sent: Wed, 20 Jun 2012
> > 07:31:07 -0700
> > Subject: Re: Re-cabling
> >
> >
> > > Thanks guys.  Dave, deepsurplus.com is much cheaper than my normal
> > > vendor, cablestogo.  Thanks for the info.
> > >
> > > >>> Ben Scott  6/20/2012 10:20 AM >>>
> > > On Wed, Jun 20, 2012 at 9:27 AM, Tom Miller 
> wrote:
> > > > What are your preferences?   Cable color by rack, system, type,
> etc?  It's
> > > > just aesthetics but I'm looking for ideas.
> > >
> > >   If you want it to look pretty, use the same color for each
> > > rack/switch.  Otherwise that's more confusing than helpful.
> > >
> > >   Categorizing by VLAN or type of traffic makes some sense.  E.g.,
> > > yellow is DMZ, blue is main LAN, green is SAN, etc.
> > >
> > >   Using a rainbow spread to each rack makes some sense.  Makes it
> > > easier to tell cables apart when you're hunting for or tracing a
> > > particular cable.
> > >
> > >   There are some standards for cable sheath color coding, but the
> ones
> > > I'm aware of are all facility-wide in scope.  Most of your
> > > in-datacenter cabling would be the same color under such schemes.
> So
> > > I wouldn't call those helpful for this.
> > >
> > > -- Ben
> > >
> > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~
> > >   ~
> > >
> > > ---
> > > To manage subscriptions click here:
> > > http://lyris.sunbelt-software.com/read/my_forums/
> > > or send an email to listmana...@lyris.sunbeltsoftware.com
> > > with the body: unsubscribe ntsysadmin
> > >
> > >
> > > Confidentiality Notice:  This e-mail message, including
attachments,
> > > is for the sole use of the intended recipient(s) and may contain
> > > confidential and privileged information.  Any unauthorized review,
> > > use, disclosure, or distribution is prohibited.  If you are not
the
> > > intended recipient, please contact the sender by reply e-mail and
> > > destroy all copies of the original message.
> > >
> > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~
> > >   ~
> > >
> > > ---
> > > To manage subscriptions click here:
> > > http://lyris.sunbelt-software.com/read/my_forums/
> > > or send an email to listmana...@lyris.sunbeltsoftware.com
> > > with the body: unsubscribe ntsysadmin
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
> >   ~
> >
> > ---
> > To manage subscriptions click here: http://lyris.sunbelt-
> > software.com/read/my_forums/ or send an email to
> > listmana...@lyris.sunbeltsoftware.com
> > with the body: unsubscribe ntsysadmin
> 
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>   ~
> 
> ---
> To manage subscriptions click here: http://lyris.sunbelt-
> software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
> 
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>   ~
> 
> ---
> To manage subscriptions click here: http://lyris.sunbelt-
> software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Way OT: some of you might be interested in this kind of thing

[Ben Scott]

On Wed, Jun 20, 2012 at 2:10 PM, Ben M. Schorr  wrote:
> I love how they very delicately say that their motor is designed to handle
> “possible higher weights”.

  They could have just said "Americans".

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: How many in your company can join systems to domain

[Rankin, James R]

Wasn't there a good piece posted a while back (maybe from Brian Madden) about 
how having domain-joined computers is no longer strictly necessary?

---Blackberried

-Original Message-
From: "Kennedy, Jim" 
Date: Wed, 20 Jun 2012 17:31:42 
To: NT System Admin Issues
Reply-To: "NT System Admin Issues" 
Subject: RE: How many in your company 
can join systems to domain

I have thought about this before...so I am going to toss it out there and see 
how it gets swatted down.

If a staff member brings in a home laptop and joins it to the domain is it more 
of a threat or less of a threat than not being in the domain and just plugged 
into the network. I ask because here after they reboot they will get all the 
patches, up to date AV software and no-one except IT Staff will be a local 
admin. Most won't even be able to get to a command prompt.

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Wednesday, June 20, 2012 1:17 PM
To: NT System Admin Issues
Subject: Re: How many in your company can join systems to domain

By default yes, unless you turn it off, which, IMHO, is the sane thing to do...

On Wed, Jun 20, 2012 at 8:30 AM, Webster  wrote:
> I haven't had to deal with this in a long time but IIRC anyone who is 
> in Domain Users can join up to 10 computers to your domain.
>
> http://support.microsoft.com/kb/243327
>
>
> Carl Webster
>
> Consultant and Citrix Technology Professional
>
> http://www.CarlWebster.com
>
>
> From: David Lum 
> Reply-To: NT Issues 
> Date: Wednesday, June 20, 2012 8:19 AM
> To: NT Issues 
> Subject: How many in your company can join systems to domain
>
> Subject line pretty much says it. We have 600 employees and an IT 
> staff of 50-ish (including developers) and I swear all 50 can join 
> systems to the domain. Certainly 10 of them can and that seems like a lot.
>
>
>
> Brought up because these guys drive me crazy by loosely following 
> naming standards, not moving to the appropriate OU, and not putting 
> descriptions in AD.
>
> David Lum
> Systems Engineer //
> NWEATM
> Office 503.548.5229//Cell (voice/text) 503.267.9764
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: How many in your company can join systems to domain

[Ziots, Edward]

(1) You don’t know the status of the machine when it hits the network whether 
its in the domain or not. The risk of being in the domain and being 
compromised, is the credentials on this machine for domain logins can be 
harvested and used to attempt to escalate privilege or access other items (Your 
data) that it wouldn’t have had not being in the domain. 

Patches or not, if the box is compromised, then the patches and AV and that 
stuff isn't going to help too much if there is a rootkit on the machine... 
(Gather up your IT credentials, send them off, and then use those credentials 
to gain access up to owning your domain and its data then the game is over)

Z



Edward Ziots
CISSP, Security +, Network +
Security Engineer
Lifespan Organization
ezi...@lifespan.org


-Original Message-
From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] 
Sent: Wednesday, June 20, 2012 1:32 PM
To: NT System Admin Issues
Subject: RE: How many in your company can join systems to domain

I have thought about this before...so I am going to toss it out there and see 
how it gets swatted down.

If a staff member brings in a home laptop and joins it to the domain is it more 
of a threat or less of a threat than not being in the domain and just plugged 
into the network. I ask because here after they reboot they will get all the 
patches, up to date AV software and no-one except IT Staff will be a local 
admin. Most won't even be able to get to a command prompt.

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com]
Sent: Wednesday, June 20, 2012 1:17 PM
To: NT System Admin Issues
Subject: Re: How many in your company can join systems to domain

By default yes, unless you turn it off, which, IMHO, is the sane thing to do...

On Wed, Jun 20, 2012 at 8:30 AM, Webster  wrote:
> I haven't had to deal with this in a long time but IIRC anyone who is 
> in Domain Users can join up to 10 computers to your domain.
>
> http://support.microsoft.com/kb/243327
>
>
> Carl Webster
>
> Consultant and Citrix Technology Professional
>
> http://www.CarlWebster.com
>
>
> From: David Lum 
> Reply-To: NT Issues 
> Date: Wednesday, June 20, 2012 8:19 AM
> To: NT Issues 
> Subject: How many in your company can join systems to domain
>
> Subject line pretty much says it. We have 600 employees and an IT 
> staff of 50-ish (including developers) and I swear all 50 can join 
> systems to the domain. Certainly 10 of them can and that seems like a lot.
>
>
>
> Brought up because these guys drive me crazy by loosely following 
> naming standards, not moving to the appropriate OU, and not putting 
> descriptions in AD.
>
> David Lum
> Systems Engineer //
> NWEATM
> Office 503.548.5229//Cell (voice/text) 503.267.9764
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: How many in your company can join systems to domain

[Andrew S. Baker]

There is risk in both scenarios.   For most scenarios, the answer will be
more risk by joining the domain, but more details are needed to ascertain
which risk is greater, and the likelihood is that the answer would vary
over time.

Besides, this is almost a "which is worse, heart attack or stroke?"
question.  There's no good answer there.  Best to avoid both problems.

* *

*ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of
Technology for the SMB market…

*



On Wed, Jun 20, 2012 at 1:31 PM, Kennedy, Jim
wrote:

> I have thought about this before...so I am going to toss it out there and
> see how it gets swatted down.
>
> If a staff member brings in a home laptop and joins it to the domain is it
> more of a threat or less of a threat than not being in the domain and just
> plugged into the network. I ask because here after they reboot they will
> get all the patches, up to date AV software and no-one except IT Staff will
> be a local admin. Most won't even be able to get to a command prompt.
>
> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Wednesday, June 20, 2012 1:17 PM
> To: NT System Admin Issues
> Subject: Re: How many in your company can join systems to domain
>
> By default yes, unless you turn it off, which, IMHO, is the sane thing to
> do...
>
> On Wed, Jun 20, 2012 at 8:30 AM, Webster  wrote:
> > I haven't had to deal with this in a long time but IIRC anyone who is
> > in Domain Users can join up to 10 computers to your domain.
> >
> > http://support.microsoft.com/kb/243327
> >
> >
> > Carl Webster
> >
> > Consultant and Citrix Technology Professional
> >
> > http://www.CarlWebster.com
> >
> >
> > From: David Lum 
> > Reply-To: NT Issues 
> > Date: Wednesday, June 20, 2012 8:19 AM
> > To: NT Issues 
> > Subject: How many in your company can join systems to domain
> >
> > Subject line pretty much says it. We have 600 employees and an IT
> > staff of 50-ish (including developers) and I swear all 50 can join
> > systems to the domain. Certainly 10 of them can and that seems like a
> lot.
> >
> >
> >
> > Brought up because these guys drive me crazy by loosely following
> > naming standards, not moving to the appropriate OU, and not putting
> > descriptions in AD.
> >
> > David Lum
> > Systems Engineer //
> > NWEATM
> > Office 503.548.5229//Cell (voice/text) 503.267.9764
> >
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: How many in your company can join systems to domain

[David Lum]

Depends on your GPO's, some orgs don't replace admin group membership or lock 
anything down so in that environment one could bring their machine in, join it 
to the domain, and create havoc right?

Dave

-Original Message-
From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] 
Sent: Wednesday, June 20, 2012 10:32 AM
To: NT System Admin Issues
Subject: RE: How many in your company can join systems to domain

I have thought about this before...so I am going to toss it out there and see 
how it gets swatted down.

If a staff member brings in a home laptop and joins it to the domain is it more 
of a threat or less of a threat than not being in the domain and just plugged 
into the network. I ask because here after they reboot they will get all the 
patches, up to date AV software and no-one except IT Staff will be a local 
admin. Most won't even be able to get to a command prompt.

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com]
Sent: Wednesday, June 20, 2012 1:17 PM
To: NT System Admin Issues
Subject: Re: How many in your company can join systems to domain

By default yes, unless you turn it off, which, IMHO, is the sane thing to do...

On Wed, Jun 20, 2012 at 8:30 AM, Webster  wrote:
> I haven't had to deal with this in a long time but IIRC anyone who is 
> in Domain Users can join up to 10 computers to your domain.
>
> http://support.microsoft.com/kb/243327
>
>
> Carl Webster
>
> Consultant and Citrix Technology Professional
>
> http://www.CarlWebster.com
>
>
> From: David Lum 
> Reply-To: NT Issues 
> Date: Wednesday, June 20, 2012 8:19 AM
> To: NT Issues 
> Subject: How many in your company can join systems to domain
>
> Subject line pretty much says it. We have 600 employees and an IT 
> staff of 50-ish (including developers) and I swear all 50 can join 
> systems to the domain. Certainly 10 of them can and that seems like a lot.
>
>
>
> Brought up because these guys drive me crazy by loosely following 
> naming standards, not moving to the appropriate OU, and not putting 
> descriptions in AD.
>
> David Lum
> Systems Engineer //
> NWEATM
> Office 503.548.5229//Cell (voice/text) 503.267.9764
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: How many in your company can join systems to domain

[Brian Desmond]

Joining personal assets to the domain seems like a dicey move. You're right, 
they'll get policy and all that, but, they also lose control of the asset. If 
you were going to do this, I'd be making them sign something that basically 
says so long as they're doing P, Q, and R (e.g. domain join), they agree to IT 
policies X, Y, and Z (patching, a/v, etc.). 

Also factor in how you’re a/v in particular is licensed. 

Thanks,
Brian Desmond
br...@briandesmond.com

w – 312.625.1438 | c   – 312.731.3132

-Original Message-
From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] 
Sent: Wednesday, June 20, 2012 12:32 PM
To: NT System Admin Issues
Subject: RE: How many in your company can join systems to domain

I have thought about this before...so I am going to toss it out there and see 
how it gets swatted down.

If a staff member brings in a home laptop and joins it to the domain is it more 
of a threat or less of a threat than not being in the domain and just plugged 
into the network. I ask because here after they reboot they will get all the 
patches, up to date AV software and no-one except IT Staff will be a local 
admin. Most won't even be able to get to a command prompt.

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com]
Sent: Wednesday, June 20, 2012 1:17 PM
To: NT System Admin Issues
Subject: Re: How many in your company can join systems to domain

By default yes, unless you turn it off, which, IMHO, is the sane thing to do...

On Wed, Jun 20, 2012 at 8:30 AM, Webster  wrote:
> I haven't had to deal with this in a long time but IIRC anyone who is 
> in Domain Users can join up to 10 computers to your domain.
>
> http://support.microsoft.com/kb/243327
>
>
> Carl Webster
>
> Consultant and Citrix Technology Professional
>
> http://www.CarlWebster.com
>
>
> From: David Lum 
> Reply-To: NT Issues 
> Date: Wednesday, June 20, 2012 8:19 AM
> To: NT Issues 
> Subject: How many in your company can join systems to domain
>
> Subject line pretty much says it. We have 600 employees and an IT 
> staff of 50-ish (including developers) and I swear all 50 can join 
> systems to the domain. Certainly 10 of them can and that seems like a lot.
>
>
>
> Brought up because these guys drive me crazy by loosely following 
> naming standards, not moving to the appropriate OU, and not putting 
> descriptions in AD.
>
> David Lum
> Systems Engineer //
> NWEATM
> Office 503.548.5229//Cell (voice/text) 503.267.9764
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Re-cabling

[David Lum]

I got Skittles with every order, even ones of 10 cables or so. 

-Original Message-
From: Steven M. Caesare [mailto:scaes...@caesare.com] 
Sent: Wednesday, June 20, 2012 10:18 AM
To: NT System Admin Issues
Subject: RE: Re-cabling

And... deepsurplus has a habit of occasionally sending a pack of skittles in 
your box as a bonus. Once we got like 8 packs in a big order.

-sc

> -Original Message-
> From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
> Sent: Wednesday, June 20, 2012 11:32 AM
> To: NT System Admin Issues
> Subject: Re: Re-cabling
> 
> Looks like Deepsurplus.com beats Monoprice.com as well, which
impresses me
> a bit.
> 
> 
> --Matt Ross
> Ephrata School District
> 
> 
> - Original Message -
> From: Tom Miller
> [mailto:tmil...@hnncsb.org]
> To: NT System Admin Issues
> [mailto:ntsysadmin@lyris.sunbelt-software.com]
> Sent: Wed, 20 Jun 2012
> 07:31:07 -0700
> Subject: Re: Re-cabling
> 
> 
> > Thanks guys.  Dave, deepsurplus.com is much cheaper than my normal 
> > vendor, cablestogo.  Thanks for the info.
> >
> > >>> Ben Scott  6/20/2012 10:20 AM >>>
> > On Wed, Jun 20, 2012 at 9:27 AM, Tom Miller 
wrote:
> > > What are your preferences?   Cable color by rack, system, type,
etc?  It's
> > > just aesthetics but I'm looking for ideas.
> >
> >   If you want it to look pretty, use the same color for each 
> > rack/switch.  Otherwise that's more confusing than helpful.
> >
> >   Categorizing by VLAN or type of traffic makes some sense.  E.g., 
> > yellow is DMZ, blue is main LAN, green is SAN, etc.
> >
> >   Using a rainbow spread to each rack makes some sense.  Makes it 
> > easier to tell cables apart when you're hunting for or tracing a 
> > particular cable.
> >
> >   There are some standards for cable sheath color coding, but the
ones
> > I'm aware of are all facility-wide in scope.  Most of your 
> > in-datacenter cabling would be the same color under such schemes.
So
> > I wouldn't call those helpful for this.
> >
> > -- Ben
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
> >   ~
> >
> > ---
> > To manage subscriptions click here:
> > http://lyris.sunbelt-software.com/read/my_forums/
> > or send an email to listmana...@lyris.sunbeltsoftware.com
> > with the body: unsubscribe ntsysadmin
> >
> >
> > Confidentiality Notice:  This e-mail message, including attachments, 
> > is for the sole use of the intended recipient(s) and may contain 
> > confidential and privileged information.  Any unauthorized review, 
> > use, disclosure, or distribution is prohibited.  If you are not the 
> > intended recipient, please contact the sender by reply e-mail and 
> > destroy all copies of the original message.
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
> >   ~
> >
> > ---
> > To manage subscriptions click here:
> > http://lyris.sunbelt-software.com/read/my_forums/
> > or send an email to listmana...@lyris.sunbeltsoftware.com
> > with the body: unsubscribe ntsysadmin
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
> 
> ---
> To manage subscriptions click here: http://lyris.sunbelt- 
> software.com/read/my_forums/ or send an email to 
> listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Re-cabling

[Steven M. Caesare]

We had switches with those instead of RJ-4s as well.. and had fan-out
cables.

Without the intermediary patch panel, they are a pain. They might work
OK for the patch trunk though.

-sc

> -Original Message-
> From: Ben Scott [mailto:mailvor...@gmail.com]
> Sent: Wednesday, June 20, 2012 1:23 PM
> To: NT System Admin Issues
> Subject: Re: Re-cabling
> 
> On Wed, Jun 20, 2012 at 11:59 AM, Brian Desmond
>  wrote:
> > Rather than pulling cable all the way down in to the racks, you
might
> > want to think about putting a 24 or 48 port panel in the top (back)
of
> > each rack and then running short patch cables from there. Then on
the
> > other end you can cross connect to the switch or whatever.
> 
>   Back in the days of =< 100 meg, you could buy CAT5 cables and patch
> panels with 50-pin "telco" connectors.  So you could then connect 12
ports on a
> patch panel using a single cable.  This saved labor, cable space, and
made
> things neater, as you only had to run one or two trunk cables to each
rack.
> 
>   I don't know if that's still feasible for >= gig.  It uses all four
pairs, so you'd
> only get 6 ports per connector.  The cross-talk requirements are also
much
> stricter, so it may flat-out violate spec.
> 
>   But even if one can't do the single connector method, you can buy
cable
> assembles which bundle a bunch of 4-pair RJ-45 lines into a
> single outer sheath.   That still might make cable management better.
> 
> -- Ben
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>   ~
> 
> ---
> To manage subscriptions click here: http://lyris.sunbelt-
> software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Re-cabling

[Matthew W. Ross]

>   I don't know if that's still feasible for >= gig.  It uses all four
> pairs, so you'd only get 6 ports per connector.  The cross-talk
> requirements are also much stricter, so it may flat-out violate spec.

That doesn't mean some of us still don't send a Gig network over 4 pars of a 
Cat-5e or better 25-Pair. It's been known to happen. Sm:)e.


--Matt Ross
Ephrata School District


- Original Message -
From: Ben Scott
[mailto:mailvor...@gmail.com]
To: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com]
Sent: Wed, 20 Jun 2012
10:23:27 -0700
Subject: Re: Re-cabling


> On Wed, Jun 20, 2012 at 11:59 AM, Brian Desmond 
> wrote:
> > Rather than pulling cable all the way down in to the racks, you might want
> > to think about putting a 24 or 48 port panel in the top (back) of each
> rack
> > and then running short patch cables from there. Then on the other end you
> > can cross connect to the switch or whatever.
> 
>   Back in the days of =< 100 meg, you could buy CAT5 cables and patch
> panels with 50-pin "telco" connectors.  So you could then connect 12
> ports on a patch panel using a single cable.  This saved labor, cable
> space, and made things neater, as you only had to run one or two trunk
> cables to each rack.
> 
>   I don't know if that's still feasible for >= gig.  It uses all four
> pairs, so you'd only get 6 ports per connector.  The cross-talk
> requirements are also much stricter, so it may flat-out violate spec.
> 
>   But even if one can't do the single connector method, you can buy
> cable assembles which bundle a bunch of 4-pair RJ-45 lines into a
> single outer sheath.   That still might make cable management better.
> 
> -- Ben
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
> 
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
> 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Way OT: some of you might be interested in this kind of thing

[Chinnery, Paul]

Nice. (And anything that brings more money to MI is good.  Steelcase if hq'ed 
in Grand Rapids.)

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Wednesday, June 20, 2012 12:30 PM
To: NT System Admin Issues
Subject: Way OT: some of you might be interested in this kind of thing

It really is work related...
http://store.steelcase.com/products/walkstation/

I know I wouldn't mind having one for my workstation...

Kurt

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: How many in your company can join systems to domain

[Kennedy, Jim]

I have thought about this before...so I am going to toss it out there and see 
how it gets swatted down.

If a staff member brings in a home laptop and joins it to the domain is it more 
of a threat or less of a threat than not being in the domain and just plugged 
into the network. I ask because here after they reboot they will get all the 
patches, up to date AV software and no-one except IT Staff will be a local 
admin. Most won't even be able to get to a command prompt.

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Wednesday, June 20, 2012 1:17 PM
To: NT System Admin Issues
Subject: Re: How many in your company can join systems to domain

By default yes, unless you turn it off, which, IMHO, is the sane thing to do...

On Wed, Jun 20, 2012 at 8:30 AM, Webster  wrote:
> I haven't had to deal with this in a long time but IIRC anyone who is 
> in Domain Users can join up to 10 computers to your domain.
>
> http://support.microsoft.com/kb/243327
>
>
> Carl Webster
>
> Consultant and Citrix Technology Professional
>
> http://www.CarlWebster.com
>
>
> From: David Lum 
> Reply-To: NT Issues 
> Date: Wednesday, June 20, 2012 8:19 AM
> To: NT Issues 
> Subject: How many in your company can join systems to domain
>
> Subject line pretty much says it. We have 600 employees and an IT 
> staff of 50-ish (including developers) and I swear all 50 can join 
> systems to the domain. Certainly 10 of them can and that seems like a lot.
>
>
>
> Brought up because these guys drive me crazy by loosely following 
> naming standards, not moving to the appropriate OU, and not putting 
> descriptions in AD.
>
> David Lum
> Systems Engineer //
> NWEATM
> Office 503.548.5229//Cell (voice/text) 503.267.9764
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Re-cabling

[Daniel Chenault]

Toss all that cable in a steel drum, add some kerosene and light it. The 
plastic will burn away leaving the copper. Beer money!

Daniel Chenault
dchena...@lgnetworksinc.com
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Brian Desmond [mailto:br...@briandesmond.com]
Sent: Wednesday, June 20, 2012 11:52 AM
To: NT System Admin Issues
Subject: RE: Re-cabling

You should be able to have the patch panel work done ahead of time. Bring in a 
low voltage electrician to do it. They are incredibly fast at this stuff if 
they know what they’re doing and everything will be super neat, professional 
looking and tested. Then you just have to drop patch cables from the panels to 
the servers.

Don’t try and recycle the patch cables you’re using now. As you reconnect 
servers, cut the ends off the existing cables and just pull them out from the 
top and then from the switch along the race ways. No caught ends, no 
accidentally yanking something unplugged, and no knots to mess with.

Thanks,
Brian Desmond
br...@briandesmond.com

w – 312.625.1438 | c   – 312.731.3132

From: Tom Miller [mailto:tmil...@hnncsb.org]
Sent: Wednesday, June 20, 2012 11:26 AM
To: NT System Admin Issues
Subject: RE: Re-cabling

That's a great idea about the patch panel for each rack.

Agreed about the labeling.  I label everything here.  My team is lucky I don't 
stamp their foreheads with name tags.

>>> Brian Desmond mailto:br...@briandesmond.com>> 
>>> 6/20/2012 11:59 AM >>>
The labeling I agree is far more important. Get a good label printer that’s 
designed for cable labeling.

Rather than pulling cable all the way down in to the racks, you might want to 
think about putting a 24 or 48 port panel in the top (back) of each rack and 
then running short patch cables from there. Then on the other end you can cross 
connect to the switch or whatever.

Thanks,
Brian Desmond
br...@briandesmond.com

w – 312.625.1438 | c   – 312.731.3132

From: Steven Peck [mailto:sep...@gmail.com]
Sent: Wednesday, June 20, 2012 10:50 AM
To: NT System Admin Issues
Subject: Re: Re-cabling

As we have a redundant switched network our network team uses color coding 
religiously.

Off the top of my head it's something like:
Blue for primary network, green for the secondary (for the teamed networks)
Orange for backup
Red for rILO

They also label all connections, both ends.  They are not so concerned with 
what the system name is, as switch/port it is connected to.

Steven Peck
http://www.blkmtn.org



On Wed, Jun 20, 2012 at 7:20 AM, Ben Scott 
mailto:mailvor...@gmail.com>> wrote:
On Wed, Jun 20, 2012 at 9:27 AM, Tom Miller 
mailto:tmil...@hnncsb.org>> wrote:
> What are your preferences?   Cable color by rack, system, type, etc?  It's
> just aesthetics but I'm looking for ideas.
 If you want it to look pretty, use the same color for each
rack/switch.  Otherwise that's more confusing than helpful.

 Categorizing by VLAN or type of traffic makes some sense.  E.g.,
yellow is DMZ, blue is main LAN, green is SAN, etc.

 Using a rainbow spread to each rack makes some sense.  Makes it
easier to tell cables apart when you're hunting for or tracing a
particular cable.

 There are some standards for cable sheath color coding, but the ones
I'm aware of are all facility-wide in scope.  Most of your
in-datacenter cabling would be the same color under such schemes.  So
I wouldn't call those helpful for this.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


Confidentiality Notice: This e-mail message, including attachments, is for the 
sole use of the intended recipient(s) and may contain confidential and 
privileged information. Any unauthorized review, use, disclosure, or 
distribution is prohibited. If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
me

Re: Re-cabling

[Ben Scott]

On Wed, Jun 20, 2012 at 11:59 AM, Brian Desmond  wrote:
> Rather than pulling cable all the way down in to the racks, you might want
> to think about putting a 24 or 48 port panel in the top (back) of each rack
> and then running short patch cables from there. Then on the other end you
> can cross connect to the switch or whatever.

  Back in the days of =< 100 meg, you could buy CAT5 cables and patch
panels with 50-pin "telco" connectors.  So you could then connect 12
ports on a patch panel using a single cable.  This saved labor, cable
space, and made things neater, as you only had to run one or two trunk
cables to each rack.

  I don't know if that's still feasible for >= gig.  It uses all four
pairs, so you'd only get 6 ports per connector.  The cross-talk
requirements are also much stricter, so it may flat-out violate spec.

  But even if one can't do the single connector method, you can buy
cable assembles which bundle a bunch of 4-pair RJ-45 lines into a
single outer sheath.   That still might make cable management better.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Re-cabling

[Steven M. Caesare]

And... deepsurplus has a habit of occasionally sending a pack of
skittles in your box as a bonus. Once we got like 8 packs in a big
order.

-sc

> -Original Message-
> From: Matthew W. Ross [mailto:mr...@ephrataschools.org]
> Sent: Wednesday, June 20, 2012 11:32 AM
> To: NT System Admin Issues
> Subject: Re: Re-cabling
> 
> Looks like Deepsurplus.com beats Monoprice.com as well, which
impresses me
> a bit.
> 
> 
> --Matt Ross
> Ephrata School District
> 
> 
> - Original Message -
> From: Tom Miller
> [mailto:tmil...@hnncsb.org]
> To: NT System Admin Issues
> [mailto:ntsysadmin@lyris.sunbelt-software.com]
> Sent: Wed, 20 Jun 2012
> 07:31:07 -0700
> Subject: Re: Re-cabling
> 
> 
> > Thanks guys.  Dave, deepsurplus.com is much cheaper than my normal
> > vendor, cablestogo.  Thanks for the info.
> >
> > >>> Ben Scott  6/20/2012 10:20 AM >>>
> > On Wed, Jun 20, 2012 at 9:27 AM, Tom Miller 
wrote:
> > > What are your preferences?   Cable color by rack, system, type,
etc?  It's
> > > just aesthetics but I'm looking for ideas.
> >
> >   If you want it to look pretty, use the same color for each
> > rack/switch.  Otherwise that's more confusing than helpful.
> >
> >   Categorizing by VLAN or type of traffic makes some sense.  E.g.,
> > yellow is DMZ, blue is main LAN, green is SAN, etc.
> >
> >   Using a rainbow spread to each rack makes some sense.  Makes it
> > easier to tell cables apart when you're hunting for or tracing a
> > particular cable.
> >
> >   There are some standards for cable sheath color coding, but the
ones
> > I'm aware of are all facility-wide in scope.  Most of your
> > in-datacenter cabling would be the same color under such schemes.
So
> > I wouldn't call those helpful for this.
> >
> > -- Ben
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
> >   ~
> >
> > ---
> > To manage subscriptions click here:
> > http://lyris.sunbelt-software.com/read/my_forums/
> > or send an email to listmana...@lyris.sunbeltsoftware.com
> > with the body: unsubscribe ntsysadmin
> >
> >
> > Confidentiality Notice:  This e-mail message, including attachments,
> > is for the sole use of the intended recipient(s) and may contain
> > confidential and privileged information.  Any unauthorized review,
> > use, disclosure, or distribution is prohibited.  If you are not the
> > intended recipient, please contact the sender by reply e-mail and
> > destroy all copies of the original message.
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
> >   ~
> >
> > ---
> > To manage subscriptions click here:
> > http://lyris.sunbelt-software.com/read/my_forums/
> > or send an email to listmana...@lyris.sunbeltsoftware.com
> > with the body: unsubscribe ntsysadmin
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>   ~
> 
> ---
> To manage subscriptions click here: http://lyris.sunbelt-
> software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Re-cabling

[Sean Martin]

We're building a new Data Center and decided to introduce a couple of Xsigo 
VP780 Directors for IO aggregation and to maximize on network and fiber channel 
bandwidth. We're also retrofitting our existing Data Center with them for the 
build out of our virtualization environment (yes, we're way behind the times in 
regards to virtualization) and to retrofit our large blade/chassis 
infrastructure with infiniband switches (currently using pass-thru modules for 
ethernet and fiber channel). I've been very impressed with how easy it is to 
allocate vnics and vhbas to ESXi hosts but the biggest reward was reducing the 
mass cables from our rack mount servers and chassis'.

- Sean

On Jun 20, 2012, at 8:26 AM, "Tom Miller"  wrote:

> That's a great idea about the patch panel for each rack. 
>  
> Agreed about the labeling.  I label everything here.  My team is lucky I 
> don't stamp their foreheads with name tags.  
> 
> >>> Brian Desmond  6/20/2012 11:59 AM >>>
> The labeling I agree is far more important. Get a good label printer that’s 
> designed for cable labeling.
>  
> Rather than pulling cable all the way down in to the racks, you might want to 
> think about putting a 24 or 48 port panel in the top (back) of each rack and 
> then running short patch cables from there. Then on the other end you can 
> cross connect to the switch or whatever.
>  
> Thanks,
> Brian Desmond
> br...@briandesmond.com
>  
> w – 312.625.1438 | c   – 312.731.3132
>  
> From: Steven Peck [mailto:sep...@gmail.com] 
> Sent: Wednesday, June 20, 2012 10:50 AM
> To: NT System Admin Issues
> Subject: Re: Re-cabling
>  
> As we have a redundant switched network our network team uses color coding 
> religiously. 
>  
> Off the top of my head it's something like:
> Blue for primary network, green for the secondary (for the teamed networks) 
> Orange for backup
> Red for rILO
>  
> They also label all connections, both ends.  They are not so concerned with 
> what the system name is, as switch/port it is connected to. 
>  
> Steven Peck
> http://www.blkmtn.org
> 
> 
>  
> On Wed, Jun 20, 2012 at 7:20 AM, Ben Scott  wrote:
> On Wed, Jun 20, 2012 at 9:27 AM, Tom Miller  wrote:
> > What are your preferences?   Cable color by rack, system, type, etc?  It's
> > just aesthetics but I'm looking for ideas.
> 
>  If you want it to look pretty, use the same color for each
> rack/switch.  Otherwise that's more confusing than helpful.
> 
>  Categorizing by VLAN or type of traffic makes some sense.  E.g.,
> yellow is DMZ, blue is main LAN, green is SAN, etc.
> 
>  Using a rainbow spread to each rack makes some sense.  Makes it
> easier to tell cables apart when you're hunting for or tracing a
> particular cable.
> 
>  There are some standards for cable sheath color coding, but the ones
> I'm aware of are all facility-wide in scope.  Most of your
> in-datacenter cabling would be the same color under such schemes.  So
> I wouldn't call those helpful for this.
> 
> -- Ben
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
> 
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
> 
>  
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
> 
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
> 
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
> 
> 
> Confidentiality Notice: This e-mail message, including attachments, is for 
> the sole use of the intended recipient(s) and may contain confidential and 
> privileged information. Any unauthorized review, use, disclosure, or 
> distribution is prohibited. If you are not the intended recipient, please 
> contact the sender by reply e-mail and destroy all copies of the original 
> message.
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
> 
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyri

RE: Hiding Wireless SSID

[Ziots, Edward]

Too funny, but soo true...

Z

 

Edward Ziots

CISSP, Security +, Network +

Security Engineer

Lifespan Organization

ezi...@lifespan.org

 

From: Alan Davies [mailto:adav...@cls-services.com] 
Sent: Wednesday, June 20, 2012 12:32 PM
To: NT System Admin Issues
Subject: RE: Hiding Wireless SSID

 

They call that "audit" don't they!??  ;o)

 

 

*runs and ducks* ...

 

 

 

a

 

From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: 19 June 2012 14:28
To: NT System Admin Issues
Subject: RE: Hiding Wireless SSID

 

Gotta love that when someones lack of understanding and bad advice makes people 
that get it run around like a chicken with its head cut off. Been there, seen 
that...

 

Z

 

Edward Ziots

CISSP, Security +, Network +

Security Engineer

Lifespan Organization

ezi...@lifespan.org

 

From: Silvio L. Nisgoski [mailto:nisgo...@gmx.de] 
Sent: Monday, June 18, 2012 7:54 PM
To: NT System Admin Issues
Subject: Re: Hiding Wireless SSID

 

That is one of the reasons I choose to configure in the GPO and hide it.

 

When it is not hidden, a lot of wannabee "security experts" will just put it in 
their "consulting advice", and present themselves to the directors as having 
"discovered a huge security problem" and making me waste important time 
explaining the why´s and what´s to marketing and finance directors that don´t 
understand technology that much.

 

 

 

 

- Original Message - 

From: Hank .   

To: NT System Admin Issues 
  

Sent: Monday, June 18, 2012 1:16 PM

Subject: Re: Hiding Wireless SSID

 

I  absolutely never hide SSIDs since there is zero security benefit and 
just additional complexity for everyone. 

For some reason hiding SSIDs became the cute thing to do and the 
various talking heads picked up on it and added to their list of their "expert 
suggestions"...




On Mon, Jun 18, 2012 at 8:55 AM, David Lum  wrote:

How many of you folks do it, and why? It's my debate this week with one 
of my security folks, my slant being that hiding it gains nothing but 
unnecessary Service Desk involvement in helping folks configure wireless.

 


http://blogs.technet.com/b/steriley/archive/2007/10/16/myth-vs-reality-wireless-ssids.aspx

 

I also told said person to Google "Does hiding wireless SSID add 
security".

David Lum 
Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



WARNING:

The information in this email and any attachments is confidential and may be 
legally privileged.

 

If you are not the named addressee, you must not use, copy or disclose this 
email (including any attachments) or the information in it save to the named 
addressee nor take any action in reliance on it. If you receive this email or 
any attachments in error, please notify the sender immediately and then delete 
the same and any copies.

 

"CLS Services Ltd × Registered in England No 4132704 × Registered Office: 
Exchange Tower × One Harbour Exchange Square × London E14 9GE"

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com

Re: Anyone got a good link to the Remote Desktop Services (RDS) Application Compatibility Analyzer

[Andrew S. Baker]

Annoying reg wall.  Sigh.

* *

*ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of
Technology for the SMB market…

*



On Wed, Jun 20, 2012 at 9:11 AM, David Lum  wrote:

> How about this tool? Linked from the RDS team blog:
>
> http://www.quest.com/changebase/
>
> *David Lum*
> Systems Engineer // NWEATM
> Office 503.548.5229 //* *Cell (voice/text) 503.267.9764
>
> *From:* Dean Cunningham [mailto:dean.cunning...@gmail.com]
> *Sent:* Tuesday, June 19, 2012 3:41 PM
> *To:* NT System Admin Issues
> *Subject:* Re: Anyone got a good link to the Remote Desktop Services
> (RDS) Application Compatibility Analyzer
>
> ** **
>
> Hi Shauna,
>
>  
>
> I probably didn't explain it well enough . Thsi is the link that does not
> work to sownload the application
>
> https://connect.microsoft.com/tsappcompat/Downloads
>
>  
>
> Hi Carl,
>
>  
>
> Thanks for the link, I wil aheva read :)
>
>  
>
>  
>
>  
>
> On Wed, Jun 20, 2012 at 9:52 AM, Shauna Hensala  wrote:***
> *
>
> I can get to the link - and I didn't log in to anything.
>
>
> Shauna Hensala
>
>
>
> 
> --
>
> Date: Tue, 19 Jun 2012 17:14:56 +1200
>
>
> Subject: Anyone got a good link to the Remote Desktop Services (RDS)
> Application Compatibility Analyzer
>
> From: dean.cunning...@gmail.com
> To: ntsysadmin@lyris.sunbelt-software.com
>
> ** **
>
> Anyone got a good link to  the Remote Desktop Services (RDS) Application
> Compatibility Analyzer
>
>  
>
>
> http://blogs.msdn.com/b/rds/archive/2010/01/19/how-to-detect-rds-specific-application-compatibility-issues-by-using-the-rds-application-compatibility-analyzer.aspx
> 
>
>  
>
> Link does not work for me after logging in (mind you connect.microsoft.comis 
> new to me)
> 
>
> "The content that you requested cannot be found or you do not have
> permission to view it. "
>
>  
>
> Is this tool available anymore?
>
>  
>
> cheers
>
>  
>
>  
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Way OT: some of you might be interested in this kind of thing

[Sean Martin]

Our customer service center has a couple of these. They seem to get used fairly 
frequently.

- Sean

On Jun 20, 2012, at 8:29 AM, Kurt Buff  wrote:

> It really is work related...
> http://store.steelcase.com/products/walkstation/
> 
> I know I wouldn't mind having one for my workstation...
> 
> Kurt
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
> 
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Re-cabling

[Kevin Lundy]

This is exactly what we did.  We put 3 24 port panels.  One panel to
primary core, one panel to secondary core, and one panel to IP KVM.  Works
well for us.

On Wed, Jun 20, 2012 at 11:59 AM, Brian Desmond wrote:

>  *The labeling I agree is far more important. Get a good label printer
> that’s designed for cable labeling.*
>
> * *
>
> *Rather than pulling cable all the way down in to the racks, you might
> want to think about putting a 24 or 48 port panel in the top (back) of each
> rack and then running short patch cables from there. Then on the other end
> you can cross connect to the switch or whatever. *
>
> * *
>
> *Thanks,*
>
> *Brian Desmond*
>
> *br...@briandesmond.com*
>
> * *
>
> *w – 312.625.1438 | c   – 312.731.3132*
>
> * *
>
> *From:* Steven Peck [mailto:sep...@gmail.com]
> *Sent:* Wednesday, June 20, 2012 10:50 AM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Re-cabling
>
> ** **
>
> As we have a redundant switched network our network team uses color coding
> religiously.  
>
>  
>
> Off the top of my head it's something like:
>
> Blue for primary network, green for the secondary (for the teamed
> networks)  
>
> Orange for backup
>
> Red for rILO
>
>  
>
> They also label all connections, both ends.  They are not so concerned
> with what the system name is, as switch/port it is connected to.  
>
>  
>
> Steven Peck
>
> http://www.blkmtn.org
>
>
>
>  
>
> On Wed, Jun 20, 2012 at 7:20 AM, Ben Scott  wrote:**
> **
>
>  On Wed, Jun 20, 2012 at 9:27 AM, Tom Miller  wrote:
> > What are your preferences?   Cable color by rack, system, type, etc?
> It's
> > just aesthetics but I'm looking for ideas.
>
>  If you want it to look pretty, use the same color for each
> rack/switch.  Otherwise that's more confusing than helpful.
>
>  Categorizing by VLAN or type of traffic makes some sense.  E.g.,
> yellow is DMZ, blue is main LAN, green is SAN, etc.
>
>  Using a rainbow spread to each rack makes some sense.  Makes it
> easier to tell cables apart when you're hunting for or tracing a
> particular cable.
>
>  There are some standards for cable sheath color coding, but the ones
> I'm aware of are all facility-wide in scope.  Most of your
> in-datacenter cabling would be the same color under such schemes.  So
> I wouldn't call those helpful for this.
>
> -- Ben
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>  ** **
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Re-cabling

[Kurt Buff]

I have a smaller environment that you do - only two 4 post racks - but
I came up with a standard for cabling colors. Here's my copy/paste
from our wiki:

Patch cables in the server and data rooms will be colored according to
kind of connection. The following is a list of our standard colors
matched with the type of connection:

White:  Server connection to Layer 3 switch
Purple: Server iSCSI connection to SAN Switch
Red:Firewall or other untrusted connection to switch
Black:  Desktop connection to layer 2 switch
Green:  Switch to switch connections
Yellow: IT workstations or network/environmental monitoring
equipment connection to switch
Orange: IP phone and Shoretel equipment connection to switch
Pink:   Wireless Access Point connection to switch
Blue:   Test/Dev interconnects
Violet: Not yet used

The only ones I'm really married to are the red for untrusted
connections, orange for Shoretel (because that's the color of their
boxes) and yellow for IT functionality. The rest are pretty arbitrary.

Kurt

On Wed, Jun 20, 2012 at 6:27 AM, Tom Miller  wrote:
> Hi All,
>
> My main data center is a series of APC racks, 10 I think.  Cabling is a bit
> of a mess and I'm going to re-cable some weekend this summer.
>
> What are your preferences?   Cable color by rack, system, type, etc?  It's
> just aesthetics but I'm looking for ideas.  The core switches are about in
> the center, so I have cables coming from both sides.
>
> Thanks,
> Tom
>
>
>
> Confidentiality Notice: This e-mail message, including attachments, is for
> the sole use of the intended recipient(s) and may contain confidential and
> privileged information. Any unauthorized review, use, disclosure, or
> distribution is prohibited. If you are not the intended recipient, please
> contact the sender by reply e-mail and destroy all copies of the original
> message.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Re-cabling

[Daniel Chenault]

Lots of ways to skin this cat.
Red for unsecure links (i.e. public side of the router)
Yellow for infrastructure (routers, bridges, switches, NAS, etc)
Blue to servers
Purple for management (Dell/HP mgmt., switch mgmt., etc)
Green for workstations (which means any cable exiting the datacenter is green)
In short, I use color by function, bundle by rack

Daniel Chenault
dchena...@lgnetworksinc.com
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Tom Miller [mailto:tmil...@hnncsb.org]
Sent: Wednesday, June 20, 2012 8:28 AM
To: NT System Admin Issues
Subject: Re-cabling

Hi All,

My main data center is a series of APC racks, 10 I think.  Cabling is a bit of 
a mess and I'm going to re-cable some weekend this summer.

What are your preferences?   Cable color by rack, system, type, etc?  It's just 
aesthetics but I'm looking for ideas.  The core switches are about in the 
center, so I have cables coming from both sides.

Thanks,
Tom




Confidentiality Notice: This e-mail message, including attachments, is for the 
sole use of the intended recipient(s) and may contain confidential and 
privileged information. Any unauthorized review, use, disclosure, or 
distribution is prohibited. If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

Re: How many in your company can join systems to domain

[Kurt Buff]

By default yes, unless you turn it off, which, IMHO, is the sane thing to do...

On Wed, Jun 20, 2012 at 8:30 AM, Webster  wrote:
> I haven't had to deal with this in a long time but IIRC anyone who is in
> Domain Users can join up to 10 computers to your domain.
>
> http://support.microsoft.com/kb/243327
>
>
> Carl Webster
>
> Consultant and Citrix Technology Professional
>
> http://www.CarlWebster.com
>
>
> From: David Lum 
> Reply-To: NT Issues 
> Date: Wednesday, June 20, 2012 8:19 AM
> To: NT Issues 
> Subject: How many in your company can join systems to domain
>
> Subject line pretty much says it. We have 600 employees and an IT staff of
> 50-ish (including developers) and I swear all 50 can join systems to the
> domain. Certainly 10 of them can and that seems like a lot.
>
>
>
> Brought up because these guys drive me crazy by loosely following naming
> standards, not moving to the appropriate OU, and not putting descriptions in
> AD.
>
> David Lum
> Systems Engineer //
> NWEATM
> Office 503.548.5229//Cell (voice/text) 503.267.9764
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: How many in your company can join systems to domain

[Kurt Buff]

The infrastructure team in the US office (four, who are all DAs, which
is about 3 too many), and the single person in each overseas office
responsible for support - they've been delegated permissions on theird
OUs.

I've given them a powershell script which at least places the
workstation in the correct OU, but the overseas offices aren't
terribly good about their naming.

Kurt

On Wed, Jun 20, 2012 at 8:19 AM, David Lum  wrote:
> Subject line pretty much says it. We have 600 employees and an IT staff of
> 50-ish (including developers) and I swear all 50 can join systems to the
> domain. Certainly 10 of them can and that seems like a lot.
>
>
>
> Brought up because these guys drive me crazy by loosely following naming
> standards, not moving to the appropriate OU, and not putting descriptions in
> AD.
>
> David Lum
> Systems Engineer // NWEATM
> Office 503.548.5229 // Cell (voice/text) 503.267.9764
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Hiding Wireless SSID

[Alan Davies]

They call that "audit" don't they!??  ;o)

 

 

*runs and ducks* ...

 

 

 

a

 

From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: 19 June 2012 14:28
To: NT System Admin Issues
Subject: RE: Hiding Wireless SSID

 

Gotta love that when someones lack of understanding and bad advice makes people 
that get it run around like a chicken with its head cut off. Been there, seen 
that...

 

Z

 

Edward Ziots

CISSP, Security +, Network +

Security Engineer

Lifespan Organization

ezi...@lifespan.org

 

From: Silvio L. Nisgoski [mailto:nisgo...@gmx.de] 
Sent: Monday, June 18, 2012 7:54 PM
To: NT System Admin Issues
Subject: Re: Hiding Wireless SSID

 

That is one of the reasons I choose to configure in the GPO and hide it.

 

When it is not hidden, a lot of wannabee "security experts" will just put it in 
their "consulting advice", and present themselves to the directors as having 
"discovered a huge security problem" and making me waste important time 
explaining the why´s and what´s to marketing and finance directors that don´t 
understand technology that much.

 

 

 

 

- Original Message - 

From: Hank .   

To: NT System Admin Issues 
  

Sent: Monday, June 18, 2012 1:16 PM

Subject: Re: Hiding Wireless SSID

 

I  absolutely never hide SSIDs since there is zero security benefit and 
just additional complexity for everyone. 

For some reason hiding SSIDs became the cute thing to do and the 
various talking heads picked up on it and added to their list of their "expert 
suggestions"...





On Mon, Jun 18, 2012 at 8:55 AM, David Lum  wrote:

How many of you folks do it, and why? It's my debate this week with one 
of my security folks, my slant being that hiding it gains nothing but 
unnecessary Service Desk involvement in helping folks configure wireless.

 


http://blogs.technet.com/b/steriley/archive/2007/10/16/myth-vs-reality-wireless-ssids.aspx

 

I also told said person to Google "Does hiding wireless SSID add 
security".

David Lum 
Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



WARNING:
The information in this email and any attachments is confidential and may be 
legally privileged.

If you are not the named addressee, you must not use, copy or disclose this 
email (including any attachments) or the information in it save to the named 
addressee nor take any action in reliance on it. If you receive this email or 
any attachments in error, please notify the sender immediately and then delete 
the same and any copies.

"CLS Services Ltd × Registered in England No 4132704 × Registered Office: 
Exchange Tower × One Harbour Exchange Square × London E14 9GE"


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Way OT: some of you might be interested in this kind of thing

[Kurt Buff]

It really is work related...
http://store.steelcase.com/products/walkstation/

I know I wouldn't mind having one for my workstation...

Kurt

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Re-cabling

[Tom Miller]

That's a great idea about the patch panel for each rack.  
 
Agreed about the labeling.  I label everything here.  My team is lucky
I don't stamp their foreheads with name tags.  

>>> Brian Desmond  6/20/2012 11:59 AM >>>

The labeling I agree is far more important. Get a good label printer
that’s designed for cable labeling.
 
Rather than pulling cable all the way down in to the racks, you might
want to think about putting a 24 or 48 port panel in the top (back) of
each rack and then running short patch cables from there. Then on the
other end you can cross connect to the switch or whatever. 
 
Thanks,
Brian Desmond
br...@briandesmond.com
 
w – 312.625.1438 | c   – 312.731.3132
 
From: Steven Peck [mailto:sep...@gmail.com] 
Sent: Wednesday, June 20, 2012 10:50 AM
To: NT System Admin Issues
Subject: Re: Re-cabling
 

As we have a redundant switched network our network team uses color
coding religiously.  

 

Off the top of my head it's something like:

Blue for primary network, green for the secondary (for the teamed
networks)  

Orange for backup

Red for rILO

 

They also label all connections, both ends.  They are not so concerned
with what the system name is, as switch/port it is connected to.  

 

Steven Peck

http://www.blkmtn.org



 

On Wed, Jun 20, 2012 at 7:20 AM, Ben Scott 
wrote:


On Wed, Jun 20, 2012 at 9:27 AM, Tom Miller 
wrote:
> What are your preferences?   Cable color by rack, system, type, etc? 
It's
> just aesthetics but I'm looking for ideas.

 If you want it to look pretty, use the same color for each
rack/switch.  Otherwise that's more confusing than helpful.

 Categorizing by VLAN or type of traffic makes some sense.  E.g.,
yellow is DMZ, blue is main LAN, green is SAN, etc.

 Using a rainbow spread to each rack makes some sense.  Makes it
easier to tell cables apart when you're hunting for or tracing a
particular cable.

 There are some standards for cable sheath color coding, but the ones
I'm aware of are all facility-wide in scope.  Most of your
in-datacenter cabling would be the same color under such schemes.  So
I wouldn't call those helpful for this.

-- Ben


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
Confidentiality Notice:  This e-mail message, including attachments, is
for the sole use of the intended recipient(s) and may contain
confidential and privileged information.  Any unauthorized review, use,
disclosure, or distribution is prohibited.  If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all
copies of the original message.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Is it just me (KB2282241,KB2275950...)

[Mathew Shember]

The "1" is missing on the link.

http://support.microsoft.com/kb/228224

http://support.microsoft.com/kb/2282241


From: David Lum [mailto:david@nwea.org]
Sent: Wednesday, June 20, 2012 5:52 AM
To: NT System Admin Issues
Subject: RE: Is it just me (KB2282241,KB2275950...)

The link s I posted were from this page:
http://blogs.technet.com/b/glennl/archive/2009/08/21/w2k3-to-w2k8-active-directory-upgrade-considerations.aspx

And now most of them work - 3 of the 4 I posted now work again.

Dave

From: Ziots, Edward 
[mailto:ezi...@lifespan.org]
Sent: Wednesday, June 20, 2012 5:29 AM
To: NT System Admin Issues
Subject: RE: Is it just me (KB2282241,KB2275950...)

I only see that KB2282241
http://support.microsoft.com/kb/228224
Is not resolving to a page.

Z

Edward Ziots
CISSP, Security +, Network +
Security Engineer
Lifespan Organization
ezi...@lifespan.org

From: Manuel Santos [mailto:nel...@gmail.com]
Sent: Tuesday, June 19, 2012 6:09 PM
To: NT System Admin Issues
Subject: Re: Is it just me (KB2282241,KB2275950...)

Same here in Portugal
2012/6/19 Charlie Kaiser 
mailto:charl...@golden-eagle.org>>
Support.microsoft.com is dead here for me in AZ...

***
Charlie Kaiser
charl...@golden-eagle.org
Kingman, AZ
***


-Original Message-
From: David Lum [mailto:david@nwea.org]
Sent: Tuesday, June 19, 2012 2:25 PM
To: NT System Admin Issues
Subject: Is it just me (KB2282241,KB2275950...)

I can't view any of these KB articles, from two different networks I get
failures:

KB946405
http://support.microsoft.com/kb/946405



KB942564
http://support.microsoft.com/kb/942564



KB2275950
http://support.microsoft.com/kb/2275950



KB2282241
http://support.microsoft.com/kb/228224

David Lum
Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 
503.267.9764



~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: How many in your company can join systems to domain

[Rankin, James R]

I'm on the beach, so I'm out for testing purposes :-)

---Blackberried

-Original Message-
From: Webster 
Date: Wed, 20 Jun 2012 15:54:22 
To: NT System Admin Issues
Reply-To: "NT System Admin Issues" 
Subject: Re: How many in your company 
can join systems to domain

I believe this can be set via GPO but not where I can check it right now.  Have 
a meeting in 6 minutes.



Carl Webster

Consultant and Citrix Technology Professional

http://www.CarlWebster.com

From: , James Rankin 
mailto:kz2...@googlemail.com>>
Subject: Re: How many in your company can join systems to domain

Can you still control this by managing the user rights? Or am I still stuck in 
the NT4 days?
---Blackberried

From: Webster mailto:webs...@carlwebster.com>>
Subject: Re: How many in your company can join systems to domain

I haven't had to deal with this in a long time but IIRC anyone who is in Domain 
Users can join up to 10 computers to your domain.

http://support.microsoft.com/kb/243327



Carl Webster

Consultant and Citrix Technology Professional

http://www.CarlWebster.com

From: David Lum mailto:david@nwea.org>>
Subject: How many in your company can join systems to domain

Subject line pretty much says it. We have 600 employees and an IT staff of 
50-ish (including developers) and I swear all 50 can join systems to the 
domain. Certainly 10 of them can and that seems like a lot.

Brought up because these guys drive me crazy by loosely following naming 
standards, not moving to the appropriate OU, and not putting descriptions in AD.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Re-cabling

[Brian Desmond]

The labeling I agree is far more important. Get a good label printer that's 
designed for cable labeling.

Rather than pulling cable all the way down in to the racks, you might want to 
think about putting a 24 or 48 port panel in the top (back) of each rack and 
then running short patch cables from there. Then on the other end you can cross 
connect to the switch or whatever.

Thanks,
Brian Desmond
br...@briandesmond.com

w - 312.625.1438 | c   - 312.731.3132

From: Steven Peck [mailto:sep...@gmail.com]
Sent: Wednesday, June 20, 2012 10:50 AM
To: NT System Admin Issues
Subject: Re: Re-cabling

As we have a redundant switched network our network team uses color coding 
religiously.

Off the top of my head it's something like:
Blue for primary network, green for the secondary (for the teamed networks)
Orange for backup
Red for rILO

They also label all connections, both ends.  They are not so concerned with 
what the system name is, as switch/port it is connected to.

Steven Peck
http://www.blkmtn.org



On Wed, Jun 20, 2012 at 7:20 AM, Ben Scott 
mailto:mailvor...@gmail.com>> wrote:
On Wed, Jun 20, 2012 at 9:27 AM, Tom Miller 
mailto:tmil...@hnncsb.org>> wrote:
> What are your preferences?   Cable color by rack, system, type, etc?  It's
> just aesthetics but I'm looking for ideas.
 If you want it to look pretty, use the same color for each
rack/switch.  Otherwise that's more confusing than helpful.

 Categorizing by VLAN or type of traffic makes some sense.  E.g.,
yellow is DMZ, blue is main LAN, green is SAN, etc.

 Using a rainbow spread to each rack makes some sense.  Makes it
easier to tell cables apart when you're hunting for or tracing a
particular cable.

 There are some standards for cable sheath color coding, but the ones
I'm aware of are all facility-wide in scope.  Most of your
in-datacenter cabling would be the same color under such schemes.  So
I wouldn't call those helpful for this.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Re-cabling

[Steven Peck]

As we have a redundant switched network our network team uses color coding
religiously.

Off the top of my head it's something like:
Blue for primary network, green for the secondary (for the teamed
networks)
Orange for backup
Red for rILO

They also label all connections, both ends.  They are not so concerned with
what the system name is, as switch/port it is connected to.

Steven Peck
http://www.blkmtn.org



On Wed, Jun 20, 2012 at 7:20 AM, Ben Scott  wrote:

> On Wed, Jun 20, 2012 at 9:27 AM, Tom Miller  wrote:
> > What are your preferences?   Cable color by rack, system, type, etc?
> It's
> > just aesthetics but I'm looking for ideas.
>
>   If you want it to look pretty, use the same color for each
> rack/switch.  Otherwise that's more confusing than helpful.
>
>  Categorizing by VLAN or type of traffic makes some sense.  E.g.,
> yellow is DMZ, blue is main LAN, green is SAN, etc.
>
>  Using a rainbow spread to each rack makes some sense.  Makes it
> easier to tell cables apart when you're hunting for or tracing a
> particular cable.
>
>  There are some standards for cable sheath color coding, but the ones
> I'm aware of are all facility-wide in scope.  Most of your
> in-datacenter cabling would be the same color under such schemes.  So
> I wouldn't call those helpful for this.
>
> -- Ben
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: How many in your company can join systems to domain

[Jimmy Tran]

I believe by default a domain user can join a computer to a domain...

 

From: David Lum [mailto:david@nwea.org] 
Sent: Wednesday, June 20, 2012 8:19 AM
To: NT System Admin Issues
Subject: How many in your company can join systems to domain

 

Subject line pretty much says it. We have 600 employees and an IT staff
of 50-ish (including developers) and I swear all 50 can join systems to
the domain. Certainly 10 of them can and that seems like a lot.

 

Brought up because these guys drive me crazy by loosely following naming
standards, not moving to the appropriate OU, and not putting
descriptions in AD. 

David Lum 
Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: How many in your company can join systems to domain

[Rankin, James R]

Can you still control this by managing the user rights? Or am I still stuck in 
the NT4 days?

---Blackberried

-Original Message-
From: Webster 
Date: Wed, 20 Jun 2012 15:30:24 
To: NT System Admin Issues
Reply-To: "NT System Admin Issues" 
Subject: Re: How many in your company 
can join systems to domain

I haven't had to deal with this in a long time but IIRC anyone who is in Domain 
Users can join up to 10 computers to your domain.

http://support.microsoft.com/kb/243327



Carl Webster

Consultant and Citrix Technology Professional

http://www.CarlWebster.com

From: David Lum mailto:david@nwea.org>>
Reply-To: NT Issues 
mailto:ntsysadmin@lyris.sunbelt-software.com>>
Date: Wednesday, June 20, 2012 8:19 AM
To: NT Issues 
mailto:ntsysadmin@lyris.sunbelt-software.com>>
Subject: How many in your company can join systems to domain

Subject line pretty much says it. We have 600 employees and an IT staff of 
50-ish (including developers) and I swear all 50 can join systems to the 
domain. Certainly 10 of them can and that seems like a lot.

Brought up because these guys drive me crazy by loosely following naming 
standards, not moving to the appropriate OU, and not putting descriptions in AD.
David Lum
Systems Engineer // NWEATM
Office 503.548.5229//Cell (voice/text) 503.267.9764


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Web Filtering hits and misses, your ideas?

[Ziots, Edward]

Yeah looking to do the same, definitely need protection on mobile devices. 

Z

Edward Ziots
CISSP, Security +, Network +
Security Engineer
Lifespan Organization
ezi...@lifespan.org

-Original Message-
From: David Mazzaccaro [mailto:david.mazzacc...@hudsonmobility.com] 
Sent: Wednesday, June 20, 2012 8:30 AM
To: NT System Admin Issues
Subject: RE: Web Filtering hits and misses, your ideas?

One thing I forgot to mention about iPrism is that they offer a remote client 
that can protect your roaming laptops from wherever they may be getting online.
Seems to work well for us.


-Original Message-
From: Ziots, Edward [mailto:ezi...@lifespan.org]
Sent: Tuesday, June 19, 2012 2:20 PM
To: NT System Admin Issues
Subject: RE: Web Filtering hits and misses, your ideas?

Do you tie you Internet Usage Policy to the warnings they do get and does it 
track it by user accurately? 

Z

Edward Ziots
CISSP, Security +, Network +
Security Engineer
Lifespan Organization
ezi...@lifespan.org


-Original Message-
From: David Lum [mailto:david@nwea.org]
Sent: Tuesday, June 19, 2012 2:08 PM
To: NT System Admin Issues
Subject: RE: Web Filtering hits and misses, your ideas?

It doesn't prevent users from accepting every warning they get :-)

-Original Message-
From: Ziots, Edward [mailto:ezi...@lifespan.org]
Sent: Tuesday, June 19, 2012 11:05 AM
To: NT System Admin Issues
Subject: Web Filtering hits and misses, your ideas?

For those out there using various web filtering products ( Websense, Palo Alto, 
Iprism, etc etc) where do you feel that the current products are lacking 
(detection, coverage? Features) as it pertains to keeping malicious software 
from being downloaded to our corporate assets? 

Open for discussion in public or I would definitely like to hear your ideas in 
private also. 

Z

Edward Ziots
CISSP, Security +, Network +
Security Engineer
Lifespan Organization
ezi...@lifespan.org


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Re-cabling

[Matthew W. Ross]

Looks like Deepsurplus.com beats Monoprice.com as well, which impresses me a 
bit.


--Matt Ross
Ephrata School District


- Original Message -
From: Tom Miller
[mailto:tmil...@hnncsb.org]
To: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com]
Sent: Wed, 20 Jun 2012
07:31:07 -0700
Subject: Re: Re-cabling


> Thanks guys.  Dave, deepsurplus.com is much cheaper than my normal vendor,
> cablestogo.  Thanks for the info.
> 
> >>> Ben Scott  6/20/2012 10:20 AM >>>
> On Wed, Jun 20, 2012 at 9:27 AM, Tom Miller  wrote:
> > What are your preferences?   Cable color by rack, system, type, etc?  It's
> > just aesthetics but I'm looking for ideas.
> 
>   If you want it to look pretty, use the same color for each
> rack/switch.  Otherwise that's more confusing than helpful.
> 
>   Categorizing by VLAN or type of traffic makes some sense.  E.g.,
> yellow is DMZ, blue is main LAN, green is SAN, etc.
> 
>   Using a rainbow spread to each rack makes some sense.  Makes it
> easier to tell cables apart when you're hunting for or tracing a
> particular cable.
> 
>   There are some standards for cable sheath color coding, but the ones
> I'm aware of are all facility-wide in scope.  Most of your
> in-datacenter cabling would be the same color under such schemes.  So
> I wouldn't call those helpful for this.
> 
> -- Ben
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
> 
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
> 
> 
> Confidentiality Notice:  This e-mail message, including attachments, is for
> the sole use of the intended recipient(s) and may contain confidential and
> privileged information.  Any unauthorized review, use, disclosure, or
> distribution is prohibited.  If you are not the intended recipient, please
> contact the sender by reply e-mail and destroy all copies of the original
> message.
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
> 
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Re-cabling

[Tom Miller]

Thanks guys.  Dave, deepsurplus.com is much cheaper than my normal vendor, 
cablestogo.  Thanks for the info.

>>> Ben Scott  6/20/2012 10:20 AM >>>
On Wed, Jun 20, 2012 at 9:27 AM, Tom Miller  wrote:
> What are your preferences?   Cable color by rack, system, type, etc?  It's
> just aesthetics but I'm looking for ideas.

  If you want it to look pretty, use the same color for each
rack/switch.  Otherwise that's more confusing than helpful.

  Categorizing by VLAN or type of traffic makes some sense.  E.g.,
yellow is DMZ, blue is main LAN, green is SAN, etc.

  Using a rainbow spread to each rack makes some sense.  Makes it
easier to tell cables apart when you're hunting for or tracing a
particular cable.

  There are some standards for cable sheath color coding, but the ones
I'm aware of are all facility-wide in scope.  Most of your
in-datacenter cabling would be the same color under such schemes.  So
I wouldn't call those helpful for this.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


Confidentiality Notice:  This e-mail message, including attachments, is for the 
sole use of the intended recipient(s) and may contain confidential and 
privileged information.  Any unauthorized review, use, disclosure, or 
distribution is prohibited.  If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Re-cabling

[Ben Scott]

On Wed, Jun 20, 2012 at 9:27 AM, Tom Miller  wrote:
> What are your preferences?   Cable color by rack, system, type, etc?  It's
> just aesthetics but I'm looking for ideas.

  If you want it to look pretty, use the same color for each
rack/switch.  Otherwise that's more confusing than helpful.

  Categorizing by VLAN or type of traffic makes some sense.  E.g.,
yellow is DMZ, blue is main LAN, green is SAN, etc.

  Using a rainbow spread to each rack makes some sense.  Makes it
easier to tell cables apart when you're hunting for or tracing a
particular cable.

  There are some standards for cable sheath color coding, but the ones
I'm aware of are all facility-wide in scope.  Most of your
in-datacenter cabling would be the same color under such schemes.  So
I wouldn't call those helpful for this.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Re-cabling

[David Lum]

In my SMB's I use red for server connections, yellow for inter-building and 
from Internet, and blue or black for workstations. If I had switch-to-switch 
I'd use another color for that, too.
Have you bought the cables yet? We get ours from Deep Surplus 
http://deepsurplus.com, the quality is good and the price is cheaper than other 
places we've looked.
David Lum
Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764
From: Tom Miller [mailto:tmil...@hnncsb.org]
Sent: Wednesday, June 20, 2012 6:28 AM
To: NT System Admin Issues
Subject: Re-cabling

Hi All,

My main data center is a series of APC racks, 10 I think.  Cabling is a bit of 
a mess and I'm going to re-cable some weekend this summer.

What are your preferences?   Cable color by rack, system, type, etc?  It's just 
aesthetics but I'm looking for ideas.  The core switches are about in the 
center, so I have cables coming from both sides.

Thanks,
Tom




Confidentiality Notice: This e-mail message, including attachments, is for the 
sole use of the intended recipient(s) and may contain confidential and 
privileged information. Any unauthorized review, use, disclosure, or 
distribution is prohibited. If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re-cabling

[Tom Miller]

Hi All,
 
My main data center is a series of APC racks, 10 I think.  Cabling is a bit of 
a mess and I'm going to re-cable some weekend this summer.  
 
What are your preferences?   Cable color by rack, system, type, etc?  It's just 
aesthetics but I'm looking for ideas.  The core switches are about in the 
center, so I have cables coming from both sides.  
 
Thanks,
Tom
 
 

Confidentiality Notice:  This e-mail message, including attachments, is for the 
sole use of the intended recipient(s) and may contain confidential and 
privileged information.  Any unauthorized review, use, disclosure, or 
distribution is prohibited.  If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Anyone got a good link to the Remote Desktop Services (RDS) Application Compatibility Analyzer

[David Lum]

How about this tool? Linked from the RDS team blog:
http://www.quest.com/changebase/
David Lum
Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764
From: Dean Cunningham [mailto:dean.cunning...@gmail.com]
Sent: Tuesday, June 19, 2012 3:41 PM
To: NT System Admin Issues
Subject: Re: Anyone got a good link to the Remote Desktop Services (RDS) 
Application Compatibility Analyzer

Hi Shauna,

I probably didn't explain it well enough . Thsi is the link that does not work 
to sownload the application
https://connect.microsoft.com/tsappcompat/Downloads

Hi Carl,

Thanks for the link, I wil aheva read :)



On Wed, Jun 20, 2012 at 9:52 AM, Shauna Hensala 
mailto:she...@msn.com>> wrote:
I can get to the link - and I didn't log in to anything.


Shauna Hensala




Date: Tue, 19 Jun 2012 17:14:56 +1200

Subject: Anyone got a good link to the Remote Desktop Services (RDS) 
Application Compatibility Analyzer
From: dean.cunning...@gmail.com
To: 
ntsysadmin@lyris.sunbelt-software.com

Anyone got a good link to  the Remote Desktop Services (RDS) Application 
Compatibility Analyzer

http://blogs.msdn.com/b/rds/archive/2010/01/19/how-to-detect-rds-specific-application-compatibility-issues-by-using-the-rds-application-compatibility-analyzer.aspx

Link does not work for me after logging in (mind you 
connect.microsoft.com is new to me)
"The content that you requested cannot be found or you do not have permission 
to view it. "

Is this tool available anymore?

cheers


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Is it just me (KB2282241,KB2275950...)

[David Lum]

The link s I posted were from this page:
http://blogs.technet.com/b/glennl/archive/2009/08/21/w2k3-to-w2k8-active-directory-upgrade-considerations.aspx

And now most of them work - 3 of the 4 I posted now work again.

Dave

From: Ziots, Edward [mailto:ezi...@lifespan.org]
Sent: Wednesday, June 20, 2012 5:29 AM
To: NT System Admin Issues
Subject: RE: Is it just me (KB2282241,KB2275950...)

I only see that KB2282241
http://support.microsoft.com/kb/228224
Is not resolving to a page.

Z

Edward Ziots
CISSP, Security +, Network +
Security Engineer
Lifespan Organization
ezi...@lifespan.org

From: Manuel Santos [mailto:nel...@gmail.com]
Sent: Tuesday, June 19, 2012 6:09 PM
To: NT System Admin Issues
Subject: Re: Is it just me (KB2282241,KB2275950...)

Same here in Portugal
2012/6/19 Charlie Kaiser 
mailto:charl...@golden-eagle.org>>
Support.microsoft.com is dead here for me in AZ...

***
Charlie Kaiser
charl...@golden-eagle.org
Kingman, AZ
***


-Original Message-
From: David Lum [mailto:david@nwea.org]
Sent: Tuesday, June 19, 2012 2:25 PM
To: NT System Admin Issues
Subject: Is it just me (KB2282241,KB2275950...)

I can't view any of these KB articles, from two different networks I get
failures:

KB946405
http://support.microsoft.com/kb/946405



KB942564
http://support.microsoft.com/kb/942564



KB2275950
http://support.microsoft.com/kb/2275950



KB2282241
http://support.microsoft.com/kb/228224

David Lum
Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 
503.267.9764



~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Web Filtering hits and misses, your ideas?

[David Mazzaccaro]

One thing I forgot to mention about iPrism is that they offer a remote client 
that can protect your roaming laptops from wherever they may be getting online.
Seems to work well for us.


-Original Message-
From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Tuesday, June 19, 2012 2:20 PM
To: NT System Admin Issues
Subject: RE: Web Filtering hits and misses, your ideas?

Do you tie you Internet Usage Policy to the warnings they do get and does it 
track it by user accurately? 

Z

Edward Ziots
CISSP, Security +, Network +
Security Engineer
Lifespan Organization
ezi...@lifespan.org


-Original Message-
From: David Lum [mailto:david@nwea.org] 
Sent: Tuesday, June 19, 2012 2:08 PM
To: NT System Admin Issues
Subject: RE: Web Filtering hits and misses, your ideas?

It doesn't prevent users from accepting every warning they get :-)

-Original Message-
From: Ziots, Edward [mailto:ezi...@lifespan.org]
Sent: Tuesday, June 19, 2012 11:05 AM
To: NT System Admin Issues
Subject: Web Filtering hits and misses, your ideas?

For those out there using various web filtering products ( Websense, Palo Alto, 
Iprism, etc etc) where do you feel that the current products are lacking 
(detection, coverage? Features) as it pertains to keeping malicious software 
from being downloaded to our corporate assets? 

Open for discussion in public or I would definitely like to hear your ideas in 
private also. 

Z

Edward Ziots
CISSP, Security +, Network +
Security Engineer
Lifespan Organization
ezi...@lifespan.org


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Is it just me (KB2282241,KB2275950...)

[Ziots, Edward]

I only see that KB2282241
http://support.microsoft.com/kb/228224



Is not resolving to a page. 

 

Z

 

Edward Ziots

CISSP, Security +, Network +

Security Engineer

Lifespan Organization

ezi...@lifespan.org

 

From: Manuel Santos [mailto:nel...@gmail.com] 
Sent: Tuesday, June 19, 2012 6:09 PM
To: NT System Admin Issues
Subject: Re: Is it just me (KB2282241,KB2275950...)

 

Same here in Portugal

2012/6/19 Charlie Kaiser 

Support.microsoft.com is dead here for me in AZ...

***
Charlie Kaiser
charl...@golden-eagle.org
Kingman, AZ
***



-Original Message-
From: David Lum [mailto:david@nwea.org]
Sent: Tuesday, June 19, 2012 2:25 PM
To: NT System Admin Issues
Subject: Is it just me (KB2282241,KB2275950...)

I can't view any of these KB articles, from two different networks I get
failures:

KB946405
http://support.microsoft.com/kb/946405



KB942564
http://support.microsoft.com/kb/942564



KB2275950
http://support.microsoft.com/kb/2275950



KB2282241
http://support.microsoft.com/kb/228224

David Lum
Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764



~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin