TMG 2010 and ASA 5510
I have a TMG2010 that I have put into my DMZ hosted by my ASA 5510. I am trying to publish a generate dumb website for testing prior to doing my OWA and I am getting actively refused errors back 10061 instead of to the website. Where do I start looking, on the ASA because it is the next hop or on the IIS server setting on my internal network? Thanks David ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Listing all groups / finding a group on shared folders security
I have this problem. I have an AD group that has just a name and no description, no notes, no nothing. (it was apparently created like 7 years ago). I don't know what it does, or what it is used for. I *suspect* that it's used to control ACLs to a share, but I don't know that for sure. And it occurred to me that I don't know how to find out what share it might be providing security for. I guess what I am asking is: how can I go through all the folders on a file server, and list out the user and group names on the security of the folders (or shares, I suppose)? Is there a utility that does that? A script I would have to run against the whole folder structure? Ideally, tell it the group name I'm looking for, and have it come back and say \\this-server\that-folder? I'm looking for a free utility, BTW - I know there are a lot of security programs for purchase that can tell me this, and in fact we will be looking at one in a few weeks. But even if we purchased such software, it would be a while to implement, etc. And I'd like to answer at least this one request now. This is why I harp on about using the description and notes fields in AD, both for users and groups ... it makes my life a lot easier when someone asks me for a list like this ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Listing all groups / finding a group on shared folders security
DUMPSEC. Free. http://www.systemtools.com/somarsoft/index.html -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Thursday, September 27, 2012 7:27 AM To: NT System Admin Issues Subject: Listing all groups / finding a group on shared folders security I have this problem. I have an AD group that has just a name and no description, no notes, no nothing. (it was apparently created like 7 years ago). I don't know what it does, or what it is used for. I *suspect* that it's used to control ACLs to a share, but I don't know that for sure. And it occurred to me that I don't know how to find out what share it might be providing security for. I guess what I am asking is: how can I go through all the folders on a file server, and list out the user and group names on the security of the folders (or shares, I suppose)? Is there a utility that does that? A script I would have to run against the whole folder structure? Ideally, tell it the group name I'm looking for, and have it come back and say \\this-server\that-folder? I'm looking for a free utility, BTW - I know there are a lot of security programs for purchase that can tell me this, and in fact we will be looking at one in a few weeks. But even if we purchased such software, it would be a while to implement, etc. And I'd like to answer at least this one request now. This is why I harp on about using the description and notes fields in AD, both for users and groups ... it makes my life a lot easier when someone asks me for a list like this ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Listing all groups / finding a group on shared folders security
BTW, I know *EXACTLY* How you feel. We have a lot of groups created before I was here and the description says simply for access to files. Along the same lines, how do folks here go about auditing security groups and knowing if they are still valid or if the members list is still appropriate? As in, how do you track/audit if the appropriate group memberships were changed when Jill moved from sales to accounting? -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Thursday, September 27, 2012 7:27 AM To: NT System Admin Issues Subject: Listing all groups / finding a group on shared folders security I have this problem. I have an AD group that has just a name and no description, no notes, no nothing. (it was apparently created like 7 years ago). I don't know what it does, or what it is used for. I *suspect* that it's used to control ACLs to a share, but I don't know that for sure. And it occurred to me that I don't know how to find out what share it might be providing security for. I guess what I am asking is: how can I go through all the folders on a file server, and list out the user and group names on the security of the folders (or shares, I suppose)? Is there a utility that does that? A script I would have to run against the whole folder structure? Ideally, tell it the group name I'm looking for, and have it come back and say \\this-server\that-folder? I'm looking for a free utility, BTW - I know there are a lot of security programs for purchase that can tell me this, and in fact we will be looking at one in a few weeks. But even if we purchased such software, it would be a while to implement, etc. And I'd like to answer at least this one request now. This is why I harp on about using the description and notes fields in AD, both for users and groups ... it makes my life a lot easier when someone asks me for a list like this ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Listing all groups / finding a group on shared folders security
Thanks. For some reason, I seem to only get Access Denied when I point it as some share, even tho I have access to that share. DUMPSEC.exe /computer=\\File-Server /rpt=dir=\\File-Server\DOCS /outfile=D:\DOCS.dcl If I browse to \\File-Server\DOCS, I can see everything, all files and subdirectories. But the report only says Access Denied, and I can't figure out why. I am running it from an Administrator prompt. Am I just being moronically stupid this morning?? I was expecting to see all folders under the \\File-Server\Docs share, and all the users/groups on it's Security tab. (not that I don't want a share report). On Thu, Sep 27, 2012 at 10:32 AM, David Lum david@nwea.org wrote: DUMPSEC. Free. http://www.systemtools.com/somarsoft/index.html -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Thursday, September 27, 2012 7:27 AM To: NT System Admin Issues Subject: Listing all groups / finding a group on shared folders security I have this problem. I have an AD group that has just a name and no description, no notes, no nothing. (it was apparently created like 7 years ago). I don't know what it does, or what it is used for. I *suspect* that it's used to control ACLs to a share, but I don't know that for sure. And it occurred to me that I don't know how to find out what share it might be providing security for. I guess what I am asking is: how can I go through all the folders on a file server, and list out the user and group names on the security of the folders (or shares, I suppose)? Is there a utility that does that? A script I would have to run against the whole folder structure? Ideally, tell it the group name I'm looking for, and have it come back and say \\this-server\that-folder? I'm looking for a free utility, BTW - I know there are a lot of security programs for purchase that can tell me this, and in fact we will be looking at one in a few weeks. But even if we purchased such software, it would be a while to implement, etc. And I'd like to answer at least this one request now. This is why I harp on about using the description and notes fields in AD, both for users and groups ... it makes my life a lot easier when someone asks me for a list like this ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Listing all groups / finding a group on shared folders security
You are talking about certification and recertification. All part of Identity and Access Management. Like anything else it all depends on the size of your company, $$$, resources. Some places have a manual process (spreadsheets, home grown DB, etc). Then there are the bigger players in this field: Aveksa SailPoint IBM All of these tie directly into your directories (LDAP, Domino, AD, RACF, etc...) And deal with the life cycle of your identities. None of them are easy or cheap, but if you really need to do this and do it well, they are the way to go. Christopher Bodnar Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.com The Guardian Life Insurance Company of America www.guardianlife.com From: David Lum david@nwea.org To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Date: 09/27/2012 10:45 AM Subject:RE: Listing all groups / finding a group on shared folders security BTW, I know *EXACTLY* How you feel. We have a lot of groups created before I was here and the description says simply for access to files. Along the same lines, how do folks here go about auditing security groups and knowing if they are still valid or if the members list is still appropriate? As in, how do you track/audit if the appropriate group memberships were changed when Jill moved from sales to accounting? -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Thursday, September 27, 2012 7:27 AM To: NT System Admin Issues Subject: Listing all groups / finding a group on shared folders security I have this problem. I have an AD group that has just a name and no description, no notes, no nothing. (it was apparently created like 7 years ago). I don't know what it does, or what it is used for. I *suspect* that it's used to control ACLs to a share, but I don't know that for sure. And it occurred to me that I don't know how to find out what share it might be providing security for. I guess what I am asking is: how can I go through all the folders on a file server, and list out the user and group names on the security of the folders (or shares, I suppose)? Is there a utility that does that? A script I would have to run against the whole folder structure? Ideally, tell it the group name I'm looking for, and have it come back and say \\this-server\that-folder? I'm looking for a free utility, BTW - I know there are a lot of security programs for purchase that can tell me this, and in fact we will be looking at one in a few weeks. But even if we purchased such software, it would be a while to implement, etc. And I'd like to answer at least this one request now. This is why I harp on about using the description and notes fields in AD, both for users and groups ... it makes my life a lot easier when someone asks me for a list like this ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin - This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadminimage/jpeg
RE: Listing all groups / finding a group on shared folders security
You need to audit changes of membership and validate they are appropriate. You can roll your own processes or use 3rd party software. Every group needs to have an owner identified that attests to its membership and necessity periodically. Identifying the purpose of the group has already been covered but it is equally as important. You can roll your own processes or use 3rd party software. You need to have provisioning/de-provisioning processes that manage access to resources for both on-boarding and MACs. Security groups are a big part of that process but there are also a lot of other elements to consider. You can roll your own processes or use 3rd party software. The part I kept repeating can be as simple as some process documentation in a very small shop, a large home-grown collection of tools and processes or a suite of 3rd party software that operates in the Identity, Access and Asset management spaces. In mid to large shops you usually see a combination of all three. You will note the word repeated most often is process. I call it the P-word at work. Anyone who comes to me for solutions has heard it over and over. It's usually fairly easy to come up with a technical solution, maintaining the care and feeding for its lifetime (which is often way longer than you might imagine) with minimal additional effort and keeping all the compliance folks happy is the time consuming part. I tell them all the time that its 90% planning and 10% block and tackle. A lot of people didn't have rigorous processes for maintaining groups back in the day and now find themselves in this boat so don't feel alone. -Original Message- From: David Lum [mailto:david@nwea.org] Sent: Thursday, September 27, 2012 7:45 AM To: NT System Admin Issues Subject: RE: Listing all groups / finding a group on shared folders security BTW, I know *EXACTLY* How you feel. We have a lot of groups created before I was here and the description says simply for access to files. Along the same lines, how do folks here go about auditing security groups and knowing if they are still valid or if the members list is still appropriate? As in, how do you track/audit if the appropriate group memberships were changed when Jill moved from sales to accounting? -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Thursday, September 27, 2012 7:27 AM To: NT System Admin Issues Subject: Listing all groups / finding a group on shared folders security I have this problem. I have an AD group that has just a name and no description, no notes, no nothing. (it was apparently created like 7 years ago). I don't know what it does, or what it is used for. I *suspect* that it's used to control ACLs to a share, but I don't know that for sure. And it occurred to me that I don't know how to find out what share it might be providing security for. I guess what I am asking is: how can I go through all the folders on a file server, and list out the user and group names on the security of the folders (or shares, I suppose)? Is there a utility that does that? A script I would have to run against the whole folder structure? Ideally, tell it the group name I'm looking for, and have it come back and say \\this-server\that-folder? I'm looking for a free utility, BTW - I know there are a lot of security programs for purchase that can tell me this, and in fact we will be looking at one in a few weeks. But even if we purchased such software, it would be a while to implement, etc. And I'd like to answer at least this one request now. This is why I harp on about using the description and notes fields in AD, both for users and groups ... it makes my life a lot easier when someone asks me for a list like this ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin PGE is committed to protecting our customers' privacy. To learn more, please visit http://www.pge.com/about/company/privacy/customer/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Listing all groups / finding a group on shared folders security
That's why I name my groups descriptively. If the group is for read-only access by US staff to the HR directory in the departments share on the home file server, I name it as US-HomeDepartmentsHR-RO If the group is for read-write access by the UK staff to a SQL database name CustomerProfiles in the machine named CRM01, the name will be UK-CRM01SQLCustomerProfiles-RW Does this generate a lot of groups? Likely yes, depending on the environment. But if the resource needs specific rights granted, then a specific group is needed. The good thing about this is that you can then populate those descriptive groups with the base groups for departments or workgroups, and when someone moves to a new position, you remove them from their no longer relevant groups, and add them to the newly relevant groups. So, for instance, when Ralph in accounting moves from AP to AR, you remove him from the AP group and add him to the AR group, and he automatically inherits all of the permissions needed, while losing the permissions that no longer apply. This also applies to cross-functional groups, which can be viewed as sort of meta-departements. Kurt On Thu, Sep 27, 2012 at 7:45 AM, David Lum david@nwea.org wrote: BTW, I know *EXACTLY* How you feel. We have a lot of groups created before I was here and the description says simply for access to files. Along the same lines, how do folks here go about auditing security groups and knowing if they are still valid or if the members list is still appropriate? As in, how do you track/audit if the appropriate group memberships were changed when Jill moved from sales to accounting? -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Thursday, September 27, 2012 7:27 AM To: NT System Admin Issues Subject: Listing all groups / finding a group on shared folders security I have this problem. I have an AD group that has just a name and no description, no notes, no nothing. (it was apparently created like 7 years ago). I don't know what it does, or what it is used for. I *suspect* that it's used to control ACLs to a share, but I don't know that for sure. And it occurred to me that I don't know how to find out what share it might be providing security for. I guess what I am asking is: how can I go through all the folders on a file server, and list out the user and group names on the security of the folders (or shares, I suppose)? Is there a utility that does that? A script I would have to run against the whole folder structure? Ideally, tell it the group name I'm looking for, and have it come back and say \\this-server\that-folder? I'm looking for a free utility, BTW - I know there are a lot of security programs for purchase that can tell me this, and in fact we will be looking at one in a few weeks. But even if we purchased such software, it would be a while to implement, etc. And I'd like to answer at least this one request now. This is why I harp on about using the description and notes fields in AD, both for users and groups ... it makes my life a lot easier when someone asks me for a list like this ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Listing all groups / finding a group on shared folders security
Oh, if I could only get us there. Actually that's an achievable goal these days since they've given me the AD throne. Getting there! -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Thursday, September 27, 2012 10:04 AM To: NT System Admin Issues Subject: Re: Listing all groups / finding a group on shared folders security That's why I name my groups descriptively. If the group is for read-only access by US staff to the HR directory in the departments share on the home file server, I name it as US-HomeDepartmentsHR-RO If the group is for read-write access by the UK staff to a SQL database name CustomerProfiles in the machine named CRM01, the name will be UK-CRM01SQLCustomerProfiles-RW Does this generate a lot of groups? Likely yes, depending on the environment. But if the resource needs specific rights granted, then a specific group is needed. The good thing about this is that you can then populate those descriptive groups with the base groups for departments or workgroups, and when someone moves to a new position, you remove them from their no longer relevant groups, and add them to the newly relevant groups. So, for instance, when Ralph in accounting moves from AP to AR, you remove him from the AP group and add him to the AR group, and he automatically inherits all of the permissions needed, while losing the permissions that no longer apply. This also applies to cross-functional groups, which can be viewed as sort of meta-departements. Kurt On Thu, Sep 27, 2012 at 7:45 AM, David Lum david@nwea.org wrote: BTW, I know *EXACTLY* How you feel. We have a lot of groups created before I was here and the description says simply for access to files. Along the same lines, how do folks here go about auditing security groups and knowing if they are still valid or if the members list is still appropriate? As in, how do you track/audit if the appropriate group memberships were changed when Jill moved from sales to accounting? -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Thursday, September 27, 2012 7:27 AM To: NT System Admin Issues Subject: Listing all groups / finding a group on shared folders security I have this problem. I have an AD group that has just a name and no description, no notes, no nothing. (it was apparently created like 7 years ago). I don't know what it does, or what it is used for. I *suspect* that it's used to control ACLs to a share, but I don't know that for sure. And it occurred to me that I don't know how to find out what share it might be providing security for. I guess what I am asking is: how can I go through all the folders on a file server, and list out the user and group names on the security of the folders (or shares, I suppose)? Is there a utility that does that? A script I would have to run against the whole folder structure? Ideally, tell it the group name I'm looking for, and have it come back and say \\this-server\that-folder? I'm looking for a free utility, BTW - I know there are a lot of security programs for purchase that can tell me this, and in fact we will be looking at one in a few weeks. But even if we purchased such software, it would be a while to implement, etc. And I'd like to answer at least this one request now. This is why I harp on about using the description and notes fields in AD, both for users and groups ... it makes my life a lot easier when someone asks me for a list like this ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Server 2012 - System Center 2012?
Well the other part is dev teams can do a lot with pre-release code and such but they really can't be solid until RTM. Now, RTM is code release right? How much is left for documentation, etc now? The System Center Suite is an incredibly large complex set of interralated moving parts. One thing I am lookat now myself is can the 'promise' of some of the TechEd 2012 Private Cloud video's be made real. We have a fairly mature VMware environment and being able to partially integrate the VMware environment into SCOM/SCVMM/SCCM would be really cool. I saw the video's where they demo it with vSphere 4. Hopefully the service pack will allow 5/5.1. But there is a lack of technical docs on the actual implementation. I just finishing putting together the hardware at home to try and see if I can make it work like the video's. This will get me two things, one a solution at work and the other, content for blog posts :) Steven Peck http://www.blkmtn.org On Wed, Sep 26, 2012 at 8:25 PM, Ryan Finnesey r...@finnesey.com wrote: I can agree with that, I am in a unique situation where I am deploying a completely new infrastructure and have decided to deploy everything on Server 2012. All and all I have been very happy with 2012. ** ** Cheers Ryan ** ** ** ** *From:* Michael B. Smith [mailto:mich...@smithcons.com] *Sent:* Wednesday, September 26, 2012 8:50 PM *To:* NT System Admin Issues *Subject:* RE: Server 2012 - System Center 2012? ** ** No… doesn’t even make good sense for them to do so. ** ** Companies, at least those with some level of operational maturity, need to have a chance to begin testing a deployment of a new server OS and evaluating it before they begin the process of putting critical business applications on that new operating system. ** ** *From:* Ryan Finnesey [mailto:r...@finnesey.com r...@finnesey.com] *Sent:* Wednesday, September 26, 2012 8:02 PM *To:* NT System Admin Issues *Subject:* RE: Server 2012 - System Center 2012? ** ** I would of thought they would have had all the service packs ready when they released Server 2012 but maybe I am just trying to push the envelope a bit too quickly. ** ** *From:* Heaton, Joseph@DFG [mailto:jhea...@dfg.ca.gov] *Sent:* Wednesday, September 26, 2012 2:30 PM *To:* NT System Admin Issues *Subject:* RE: Server 2012 - System Center 2012? ** ** Yep. Same with Config Mgr. ** ** On a side note, Exchange 2010 SP3 is going to be coming out, which will allow Exchange 2013 boxes in your 2010 environment, and allow Exch 2010 on Server 2012. So, Exchange doesn’t work on Server 2012 at the moment, either. ** ** Joe Heaton ITB – Enterprise Server Support ** ** *From:* Ryan Finnesey [mailto:r...@finnesey.com r...@finnesey.com] *Sent:* Tuesday, September 25, 2012 1:41 PM *To:* Heaton, Joseph@DFG; NT System Admin Issues *Subject:* Server 2012 - System Center 2012? ** ** Am I correct that I cannot use System Center 2012 – DPM or OM with Server 2012 until System Center 2012 SP1 is released? ** ** Cheers Ryan ** ** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here:
Re: Listing all groups / finding a group on shared folders security
On Thu, Sep 27, 2012 at 1:04 PM, Kurt Buff kurt.b...@gmail.com wrote: That's why I name my groups descriptively. If the group is for read-only access by US staff to the HR directory in the departments share on the home file server, I name it as US-HomeDepartmentsHR-RO I do the same. Well, we do the same ... now. So I have groups like Finance_RWXD and Police_ScannedDocuments_RO and so forth. But back then, apparently not ... The good thing about this is that you can then populate those descriptive groups with the base groups for departments or workgroups, and when someone moves to a new position, you remove them from their no longer relevant groups, and add them to the newly relevant groups. So, for instance, when Ralph in accounting moves from AP to AR, you remove him from the AP group and add him to the AR group, and he automatically inherits all of the permissions needed, while losing the permissions that no longer apply. This also applies to cross-functional groups, which can be viewed as sort of meta-departements. Yeah, we do things that way, too. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Listing all groups / finding a group on shared folders security
On Thu, Sep 27, 2012 at 1:04 PM, Kurt Buff kurt.b...@gmail.com wrote: The good thing about this is that you can then populate those descriptive groups with the base groups for departments or workgroups, and when someone moves to a new position, you remove them from their no longer relevant groups, and add them to the newly relevant groups. So, for instance, when Ralph in accounting moves from AP to AR, you remove him from the AP group and add him to the AR group, and he automatically inherits all of the permissions needed, while losing the permissions that no longer apply. This also applies to cross-functional groups, which can be viewed as sort of meta-departements. What we also do - we have a group for department members, and a group for non-department members who need access to another department's files. So we have Dept-Finance, and those folks get RWXD access to the Finance folder hierarchy. And we have another group Finance_RO, which is used as security to specific sub-folders of Finance, by users not in the Finance department but who happen to need access to some files in the Finance folder hierarchy (like reports or budget files or project status reports, etc) So everybody gets a Dept-somewhere, which is assigned via drive mappings in a GPO. If you need access into Finance, and you are not a member of the Finance dept, you map your own drive letters. Yeah, I have a whole bunch of groups, effectively at least 2 per department - one for department members, one for non-department members. Sometimes more, as we have _RWXD and _RO groups, depending, etc. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Listing all groups / finding a group on shared folders security
Yeah - once a group has been used promiscuously for permissions, its hard to track it all down. I still have some groups that were generated of 10 years ago in the NT4 domain that I'll get around to tracking down and eliminating - someday... Kurt On Thu, Sep 27, 2012 at 10:57 AM, David Lum david@nwea.org wrote: Oh, if I could only get us there. Actually that's an achievable goal these days since they've given me the AD throne. Getting there! -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Thursday, September 27, 2012 10:04 AM To: NT System Admin Issues Subject: Re: Listing all groups / finding a group on shared folders security That's why I name my groups descriptively. If the group is for read-only access by US staff to the HR directory in the departments share on the home file server, I name it as US-HomeDepartmentsHR-RO If the group is for read-write access by the UK staff to a SQL database name CustomerProfiles in the machine named CRM01, the name will be UK-CRM01SQLCustomerProfiles-RW Does this generate a lot of groups? Likely yes, depending on the environment. But if the resource needs specific rights granted, then a specific group is needed. The good thing about this is that you can then populate those descriptive groups with the base groups for departments or workgroups, and when someone moves to a new position, you remove them from their no longer relevant groups, and add them to the newly relevant groups. So, for instance, when Ralph in accounting moves from AP to AR, you remove him from the AP group and add him to the AR group, and he automatically inherits all of the permissions needed, while losing the permissions that no longer apply. This also applies to cross-functional groups, which can be viewed as sort of meta-departements. Kurt On Thu, Sep 27, 2012 at 7:45 AM, David Lum david@nwea.org wrote: BTW, I know *EXACTLY* How you feel. We have a lot of groups created before I was here and the description says simply for access to files. Along the same lines, how do folks here go about auditing security groups and knowing if they are still valid or if the members list is still appropriate? As in, how do you track/audit if the appropriate group memberships were changed when Jill moved from sales to accounting? -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Thursday, September 27, 2012 7:27 AM To: NT System Admin Issues Subject: Listing all groups / finding a group on shared folders security I have this problem. I have an AD group that has just a name and no description, no notes, no nothing. (it was apparently created like 7 years ago). I don't know what it does, or what it is used for. I *suspect* that it's used to control ACLs to a share, but I don't know that for sure. And it occurred to me that I don't know how to find out what share it might be providing security for. I guess what I am asking is: how can I go through all the folders on a file server, and list out the user and group names on the security of the folders (or shares, I suppose)? Is there a utility that does that? A script I would have to run against the whole folder structure? Ideally, tell it the group name I'm looking for, and have it come back and say \\this-server\that-folder? I'm looking for a free utility, BTW - I know there are a lot of security programs for purchase that can tell me this, and in fact we will be looking at one in a few weeks. But even if we purchased such software, it would be a while to implement, etc. And I'd like to answer at least this one request now. This is why I harp on about using the description and notes fields in AD, both for users and groups ... it makes my life a lot easier when someone asks me for a list like this ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ---
Re: Listing all groups / finding a group on shared folders security
On Thu, Sep 27, 2012 at 11:17 AM, Michael Leone oozerd...@gmail.com wrote: On Thu, Sep 27, 2012 at 1:04 PM, Kurt Buff kurt.b...@gmail.com wrote: The good thing about this is that you can then populate those descriptive groups with the base groups for departments or workgroups, and when someone moves to a new position, you remove them from their no longer relevant groups, and add them to the newly relevant groups. So, for instance, when Ralph in accounting moves from AP to AR, you remove him from the AP group and add him to the AR group, and he automatically inherits all of the permissions needed, while losing the permissions that no longer apply. This also applies to cross-functional groups, which can be viewed as sort of meta-departements. What we also do - we have a group for department members, and a group for non-department members who need access to another department's files. So we have Dept-Finance, and those folks get RWXD access to the Finance folder hierarchy. And we have another group Finance_RO, which is used as security to specific sub-folders of Finance, by users not in the Finance department but who happen to need access to some files in the Finance folder hierarchy (like reports or budget files or project status reports, etc) So everybody gets a Dept-somewhere, which is assigned via drive mappings in a GPO. If you need access into Finance, and you are not a member of the Finance dept, you map your own drive letters. Yeah, I have a whole bunch of groups, effectively at least 2 per department - one for department members, one for non-department members. Sometimes more, as we have _RWXD and _RO groups, depending, etc. Exactly. In addition, I have specified on the file server that permissions will not be applied further down the directory tree than two levels underneath a share. Thus, on the D: drive on the file server, there is a share called Departments. Permissions will only be applied to \\fileserver\Departments\Finance\PublicDocuments or \\fileserver\Departments\Finance\PrivateDocuments - if a directory needs different permissions, it gets created as a sibling at that level, such as \\fileserver\Departments\Finance\ManagerForms. Saves a lot of headache. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Everyone is the IT department
Consider that you are not his audience... On Thu, Sep 27, 2012 at 3:21 PM, David Lum david@nwea.org wrote: I disagree with this guy, but maybe because I’m so oldschool.. ** ** “Dion Hinchcliffe, an analyst at the Dachis Group and a frequent blogger on the changing enterprise, says it's time for IT to acknowledge they can't control users. Everyone in an organization is the IT department. There's really no gatekeeper anymore. Hinchcliffe, who's delivering a keynote at the CITE One-Day Forum in New York City on October 10, says that users are driving technology adoption in two critical areas: communciations, and self-service IT -- particularly in the form of mobile apps delivered through public app stores. The latter is particularly hard for some IT shops to accept, but it's reality, says Hinchcliffe. IT depts are being disintermediated in a relentless way, and so quickly they can't even react to it. There are millions of apps in these app stores, they're disposable and free, they're easy to throw away if you want to. He continues, We're all consumers. That's the whole point of consumerization. We're all smart enough, we have tools, we can select and acquire software in minutes, try a whole bunch of things, and find the perfect thing for the task at hand. That cycle cant be supported by bureaucracy. Full article here: ** ** http://www.citeworld.com/consumerization/20680/dion-hinchcliffe-everyone-IT?utm_source=feedburnerutm_medium=feedutm_campaign=Feed%3A+citeworld%2Frss+%28CITEworld%29 ** ** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Everyone is the IT department
Bollocks. Cars are getting easier to use but I am no mechanic. I can drive like a maniac, but I know nothing about engines. Users are driving trends and demanding more choice, but they still need people to keep them out of trouble and to enable modern software in a way that empowers them work-wise without affecting their productivity. The landscape is changing - I am currently deploying solutions to allow users to install software without admin rights - but as long as I can't repair an engine then users aren't IT departments. IMHO, etc. ---Blackberried -Original Message- From: David Lum david@nwea.org Date: Thu, 27 Sep 2012 19:21:47 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com Reply-To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.comSubject: Everyone is the IT department I disagree with this guy, but maybe because I'm so oldschool.. Dion Hinchcliffe, an analyst at the Dachis Group and a frequent blogger on the changing enterprise, says it's time for IT to acknowledge they can't control users. Everyone in an organization is the IT department. There's really no gatekeeper anymore. Hinchcliffe, who's delivering a keynote at the CITE One-Day Forum in New York City on October 10, says that users are driving technology adoption in two critical areas: communciations, and self-service IT -- particularly in the form of mobile apps delivered through public app stores. The latter is particularly hard for some IT shops to accept, but it's reality, says Hinchcliffe. IT depts are being disintermediated in a relentless way, and so quickly they can't even react to it. There are millions of apps in these app stores, they're disposable and free, they're easy to throw away if you want to. He continues, We're all consumers. That's the whole point of consumerization. We're all smart enough, we have tools, we can select and acquire software in minutes, try a whole bunch of things, and find the perfect thing for the task at hand. That cycle cant be supported by bureaucracy. Full article here: http://www.citeworld.com/consumerization/20680/dion-hinchcliffe-everyone-IT?utm_source=feedburnerutm_medium=feedutm_campaign=Feed%3A+citeworld%2Frss+%28CITEworld%29 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Everyone is the IT department
A lot of people believe that the ultimate destination of the consumerization of IT is that there is no more IT. I believe that they are wrong. From: David Lum [mailto:david@nwea.org] Sent: Thursday, September 27, 2012 3:22 PM To: NT System Admin Issues Subject: Everyone is the IT department I disagree with this guy, but maybe because I'm so oldschool.. Dion Hinchcliffe, an analyst at the Dachis Group and a frequent blogger on the changing enterprise, says it's time for IT to acknowledge they can't control users. Everyone in an organization is the IT department. There's really no gatekeeper anymore. Hinchcliffe, who's delivering a keynote at the CITE One-Day Forum in New York City on October 10, says that users are driving technology adoption in two critical areas: communciations, and self-service IT -- particularly in the form of mobile apps delivered through public app stores. The latter is particularly hard for some IT shops to accept, but it's reality, says Hinchcliffe. IT depts are being disintermediated in a relentless way, and so quickly they can't even react to it. There are millions of apps in these app stores, they're disposable and free, they're easy to throw away if you want to. He continues, We're all consumers. That's the whole point of consumerization. We're all smart enough, we have tools, we can select and acquire software in minutes, try a whole bunch of things, and find the perfect thing for the task at hand. That cycle cant be supported by bureaucracy. Full article here: http://www.citeworld.com/consumerization/20680/dion-hinchcliffe-everyone-IT?utm_source=feedburnerutm_medium=feedutm_campaign=Feed%3A+citeworld%2Frss+%28CITEworld%29 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Everyone is the IT department
It's already been discussed and solved. http://xkcd.com/627/ From: David Lum [mailto:david@nwea.org] Sent: Thursday, September 27, 2012 2:22 PM To: NT System Admin Issues Subject: Everyone is the IT department I disagree with this guy, but maybe because I'm so oldschool.. Dion Hinchcliffe, an analyst at the Dachis Group and a frequent blogger on the changing enterprise, says it's time for IT to acknowledge they can't control users. Everyone in an organization is the IT department. There's really no gatekeeper anymore. Hinchcliffe, who's delivering a keynote at the CITE One-Day Forum in New York City on October 10, says that users are driving technology adoption in two critical areas: communciations, and self-service IT -- particularly in the form of mobile apps delivered through public app stores. The latter is particularly hard for some IT shops to accept, but it's reality, says Hinchcliffe. IT depts are being disintermediated in a relentless way, and so quickly they can't even react to it. There are millions of apps in these app stores, they're disposable and free, they're easy to throw away if you want to. He continues, We're all consumers. That's the whole point of consumerization. We're all smart enough, we have tools, we can select and acquire software in minutes, try a whole bunch of things, and find the perfect thing for the task at hand. That cycle cant be supported by bureaucracy. Full article here: http://www.citeworld.com/consumerization/20680/dion-hinchcliffe-everyone-IT?utm_source=feedburnerutm_medium=feedutm_campaign=Feed%3A+citeworld%2Frss+%28CITEworld%29 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Everyone is the IT department
On Thu, Sep 27, 2012 at 12:21 PM, David Lum david@nwea.org wrote: I disagree with this guy, but maybe because I’m so oldschool.. “Dion Hinchcliffe, an analyst at the Dachis Group and a frequent blogger on the changing enterprise, says it's time for IT to acknowledge they can't control users. Everyone in an organization is the IT department. There's really no gatekeeper anymore. Hinchcliffe, who's delivering a keynote at the CITE One-Day Forum in New York City on October 10, says that users are driving technology adoption in two critical areas: communciations, and self-service IT -- particularly in the form of mobile apps delivered through public app stores. The latter is particularly hard for some IT shops to accept, but it's reality, says Hinchcliffe. IT depts are being disintermediated in a relentless way, and so quickly they can't even react to it. There are millions of apps in these app stores, they're disposable and free, they're easy to throw away if you want to. He continues, We're all consumers. That's the whole point of consumerization. We're all smart enough, we have tools, we can select and acquire software in minutes, try a whole bunch of things, and find the perfect thing for the task at hand. That cycle cant be supported by bureaucracy. Full article here: http://www.citeworld.com/consumerization/20680/dion-hinchcliffe-everyone-IT?utm_source=feedburnerutm_medium=feedutm_campaign=Feed%3A+citeworld%2Frss+%28CITEworld%29 We're all smart enough No. On second though: Hahahahahahahaha - hell now. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Everyone is the IT department
More like Apocalypse Now ---Blackberried -Original Message- From: Jonathan Link jonathan.l...@gmail.com Date: Thu, 27 Sep 2012 16:18:35 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com Reply-To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.comSubject: Re: Everyone is the IT department On Thu, Sep 27, 2012 at 4:15 PM, Kurt Buff kurt.b...@gmail.com wrote: On second though: Hahahahahahahaha - hell now. Is that like serenity now? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Everyone is the IT department
I guess I should say I don't find this any different than any IT article one of our directors brings to my attention, because he read it in the WSJ. My routine is usually to explain how we're already doing it, why we're not doing it or how much it will really cost us to do it (right). On Thu, Sep 27, 2012 at 3:25 PM, Jonathan Link jonathan.l...@gmail.comwrote: Consider that you are not his audience... On Thu, Sep 27, 2012 at 3:21 PM, David Lum david@nwea.org wrote: I disagree with this guy, but maybe because I’m so oldschool.. ** ** “Dion Hinchcliffe, an analyst at the Dachis Group and a frequent blogger on the changing enterprise, says it's time for IT to acknowledge they can't control users. Everyone in an organization is the IT department. There's really no gatekeeper anymore. Hinchcliffe, who's delivering a keynote at the CITE One-Day Forum in New York City on October 10, says that users are driving technology adoption in two critical areas: communciations, and self-service IT -- particularly in the form of mobile apps delivered through public app stores. The latter is particularly hard for some IT shops to accept, but it's reality, says Hinchcliffe. IT depts are being disintermediated in a relentless way, and so quickly they can't even react to it. There are millions of apps in these app stores, they're disposable and free, they're easy to throw away if you want to. He continues, We're all consumers. That's the whole point of consumerization. We're all smart enough, we have tools, we can select and acquire software in minutes, try a whole bunch of things, and find the perfect thing for the task at hand. That cycle cant be supported by bureaucracy. Full article here: ** ** http://www.citeworld.com/consumerization/20680/dion-hinchcliffe-everyone-IT?utm_source=feedburnerutm_medium=feedutm_campaign=Feed%3A+citeworld%2Frss+%28CITEworld%29 ** ** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Everyone is the IT department
My dad has that printed out next to the computers and he does in fact use it. On the article. It's obvious he doesn't actually work in a job with or on computers. Nor does he work with or in a regulated industry. IT NEVER controlled it's users, a businesses management did. IT often took the blame for various implementations things and sometimes they were at fault for their own practices but it's never really been ITs job to 'control' their users. It's IT's job to implement company policies so that a company can get work done. That said, we control our users access to the infrastructure they 'need' to use any BYOD items (which we still don't have a policy for). I see a BYOD policy working for us with a certain segment of our user population. Senior management. Sales. Special directors or managers. Some IT support and/or development teams. I do not see the vast majority or regular employees even wanting to embrace this just due to their job function. I am in fact sure that none of them have the remotest interest in performing their jobs on a screen the size of a phone or tablet. I don't see anything new in this article. It's an idea that has been floating around for many years now and there is always some new 'standard bearer' calling for trample on the 'old' and make way for the 'new'... yet here we still are having built the infrastructure for the 'new' wondering why 'that guy' is babling about random stuff again. Steven Peck http://www.blkmtn.org On Thu, Sep 27, 2012 at 12:50 PM, N Parr npar...@mortonind.com wrote: ** It's already been discussed and solved. http://xkcd.com/627/ -- *From:* David Lum [mailto:david@nwea.org] *Sent:* Thursday, September 27, 2012 2:22 PM *To:* NT System Admin Issues *Subject:* Everyone is the IT department I disagree with this guy, but maybe because I’m so oldschool.. ** ** “Dion Hinchcliffe, an analyst at the Dachis Group and a frequent blogger on the changing enterprise, says it's time for IT to acknowledge they can't control users. Everyone in an organization is the IT department. There's really no gatekeeper anymore. Hinchcliffe, who's delivering a keynote at the CITE One-Day Forum in New York City on October 10, says that users are driving technology adoption in two critical areas: communciations, and self-service IT -- particularly in the form of mobile apps delivered through public app stores. The latter is particularly hard for some IT shops to accept, but it's reality, says Hinchcliffe. IT depts are being disintermediated in a relentless way, and so quickly they can't even react to it. There are millions of apps in these app stores, they're disposable and free, they're easy to throw away if you want to. He continues, We're all consumers. That's the whole point of consumerization. We're all smart enough, we have tools, we can select and acquire software in minutes, try a whole bunch of things, and find the perfect thing for the task at hand. That cycle cant be supported by bureaucracy. Full article here: ** ** http://www.citeworld.com/consumerization/20680/dion-hinchcliffe-everyone-IT?utm_source=feedburnerutm_medium=feedutm_campaign=Feed%3A+citeworld%2Frss+%28CITEworld%29 ** ** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Everyone is the IT department
I like my fat fingers... On Thu, Sep 27, 2012 at 1:18 PM, Jonathan Link jonathan.l...@gmail.com wrote: On Thu, Sep 27, 2012 at 4:15 PM, Kurt Buff kurt.b...@gmail.com wrote: On second though: Hahahahahahahaha - hell now. Is that like serenity now? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Everyone is the IT department
This reminds me of the old days when IT meant mainframes and terminals. User groups started setting up their own LANs and escaping our control. Various disasters relating to bad updates, security issues and such eventually brought the LANs under IT control. We are repeating history here, probably with the same results. Linda On Thu, Sep 27, 2012 at 3:21 PM, David Lum david@nwea.org wrote: I disagree with this guy, but maybe because I’m so oldschool.. ** ** “Dion Hinchcliffe, an analyst at the Dachis Group and a frequent blogger on the changing enterprise, says it's time for IT to acknowledge they can't control users. Everyone in an organization is the IT department. There's really no gatekeeper anymore. Hinchcliffe, who's delivering a keynote at the CITE One-Day Forum in New York City on October 10, says that users are driving technology adoption in two critical areas: communciations, and self-service IT -- particularly in the form of mobile apps delivered through public app stores. The latter is particularly hard for some IT shops to accept, but it's reality, says Hinchcliffe. IT depts are being disintermediated in a relentless way, and so quickly they can't even react to it. There are millions of apps in these app stores, they're disposable and free, they're easy to throw away if you want to. He continues, We're all consumers. That's the whole point of consumerization. We're all smart enough, we have tools, we can select and acquire software in minutes, try a whole bunch of things, and find the perfect thing for the task at hand. That cycle cant be supported by bureaucracy. Full article here: ** ** http://www.citeworld.com/consumerization/20680/dion-hinchcliffe-everyone-IT?utm_source=feedburnerutm_medium=feedutm_campaign=Feed%3A+citeworld%2Frss+%28CITEworld%29 ** ** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: IIS7 User Credential Injection
Web/IIS (and other) developer here... URL authorization is for restricting access to certain URLs for particular roles and users. It gets along with basic/forms/Windows integrated authentication but is not itself an authentication method. At a very basic level, if all content is available to all of your authenticated users, just make sure that anonymous access is only permitted to your login form, perhaps some Javascript resources, CSS, etc. The default authorization rule should deny user='?' and perhaps allow user='*'. Preferably the application should serve most requests for content through a controller that can carry out further access checks or auditing, rather than linking directly to static content. URL authorization is a pretty rudimentary way to secure things--more of a first pass than a solution to a problem of any sophistication. --Steve On Thu, Sep 27, 2012 at 12:03 PM, John Bonner john.bon...@bmgi.com wrote: Hello, I’m not sure if what I am thinking is doable but here is my problem and proposed solution. Problem: Legacy system that IS being replaced. I emphasize is because it really is. We have committed/spent money on hardware and software…but as a global company these things take time. So we have an old web based system(third party) that provided clients with access to material we created etc. Each client gets their own site *BUT* the content material we create is duplicated for each site even though it is exactly the same regardless of the client. Moving forward we can no longer do it this way…which is fine with everyone. No need to preach to the choir on this one. We would like to move the content to a central repository and then update the sites to point to the same location for a file. We of course need it to be secured so it can’t be spidered / crawled / or url spoofed. There are a lot of people who would like to get our intellectual property for nothing. Solution: Create a folder CommonContent (whatever) on the web server. Create a new web in IIS for that content. Turn off anonymous access and turn on Basic, Windows, or URL authorization. URL Authorization seems just what the doctor ordered as long as it can’t be seen clear text. Now all the content is secured. How do I get the existing web sites to access the single web repository? I mean I can update their link url’s. What I am really asking is how do I get the existing sites to pass credentials? So I am off to Google and learn about IIS URL authorization but any input or other ideas would be greatly appreciated. JB ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Everyone is the IT department
We are agents of change and we must change with the technology or become marginalized. From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, September 27, 2012 8:32 PM To: NT System Admin Issues Subject: Re: Everyone is the IT department The one caution for IT professionals in all this is that those who could not make the transition from mainframe to mini and from mini to PC, ultimately lost out personally. The overall ranks of IT swelled, but many missed the boat because they misread/resisted the changing trends. ASB http://XeeMe.com/AndrewBaker Harnessing the Advantages of Technology for the SMB market... On Thu, Sep 27, 2012 at 5:06 PM, Linda Jones linda.jone...@gmail.commailto:linda.jone...@gmail.com wrote: This reminds me of the old days when IT meant mainframes and terminals. User groups started setting up their own LANs and escaping our control. Various disasters relating to bad updates, security issues and such eventually brought the LANs under IT control. We are repeating history here, probably with the same results. Linda On Thu, Sep 27, 2012 at 3:21 PM, David Lum david@nwea.orgmailto:david@nwea.org wrote: I disagree with this guy, but maybe because I'm so oldschool.. Dion Hinchcliffe, an analyst at the Dachis Group and a frequent blogger on the changing enterprise, says it's time for IT to acknowledge they can't control users. Everyone in an organization is the IT department. There's really no gatekeeper anymore. Hinchcliffe, who's delivering a keynote at the CITE One-Day Forum in New York City on October 10, says that users are driving technology adoption in two critical areas: communciations, and self-service IT -- particularly in the form of mobile apps delivered through public app stores. The latter is particularly hard for some IT shops to accept, but it's reality, says Hinchcliffe. IT depts are being disintermediated in a relentless way, and so quickly they can't even react to it. There are millions of apps in these app stores, they're disposable and free, they're easy to throw away if you want to. He continues, We're all consumers. That's the whole point of consumerization. We're all smart enough, we have tools, we can select and acquire software in minutes, try a whole bunch of things, and find the perfect thing for the task at hand. That cycle cant be supported by bureaucracy. Full article here: http://www.citeworld.com/consumerization/20680/dion-hinchcliffe-everyone-IT?utm_source=feedburnerutm_medium=feedutm_campaign=Feed%3A+citeworld%2Frss+%28CITEworld%29 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Everyone is the IT department
:) I started writing 'Business Reports' in the mid-90's...I'm still writing them despite all of the advances in Business Intelligence tools. At the end of the day, *somebody* needs to understand the schema in order to extract the data so it makes sense. Some IT roles will never go away. As the bar lowers for certain tasks/activities, the bar raises for others. -Jeff Steward On Thu, Sep 27, 2012 at 5:04 PM, Webster webs...@carlwebster.com wrote: Just like back in the mid to late 80s with Alpha5, RBase, Paradox, dBase and Visual BASIC – application design and programming was going to be so simple there would no longer be a need for programmers. Well, except for the programmers to develop the programs that would do away with the need for programmers. ** ** ** ** Carl Webster Consultant and Citrix Technology Professional http://www.CarlWebster.com http://www.carlwebster.com/ ** ** *From:* Michael B. Smith [mailto:mich...@smithcons.com] *Subject:* RE: Everyone is the IT department ** ** A lot of people believe that the ultimate destination of “the consumerization of IT” is that there is no more IT. ** ** I believe that they are wrong. ** ** *From:* David Lum [mailto:david@nwea.org] *Subject:* Everyone is the IT department ** ** I disagree with this guy, but maybe because I’m so oldschool.. ** ** “Dion Hinchcliffe, an analyst at the Dachis Group and a frequent blogger on the changing enterprise, says it's time for IT to acknowledge they can't control users. Everyone in an organization is the IT department. There's really no gatekeeper anymore. ** ** Hinchcliffe, who's delivering a keynote at the CITE One-Day Forum in New York City on October 10, says that users are driving technology adoption in two critical areas: communciations, and self-service IT -- particularly in the form of mobile apps delivered through public app stores. ** ** The latter is particularly hard for some IT shops to accept, but it's reality, says Hinchcliffe. IT depts are being disintermediated in a relentless way, and so quickly they can't even react to it. There are millions of apps in these app stores, they're disposable and free, they're easy to throw away if you want to. He continues, We're all consumers. That's the whole point of consumerization. We're all smart enough, we have tools, we can select and acquire software in minutes, try a whole bunch of things, and find the perfect thing for the task at hand. That cycle cant be supported by bureaucracy. ** ** Full article here: ** ** http://www.citeworld.com/consumerization/20680/dion-hinchcliffe-everyone-IT?utm_source=feedburnerutm_medium=feedutm_campaign=Feed%3A+citeworld%2Frss+%28CITEworld%29 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: IIS7 User Credential Injection
From the description below, I'm still not really sure what/how you need this to work. If /CommonContent should be available to all websites, then you could add it as a virtual directory to each site. Configure authorization as required. Cheers Ken From: John Bonner [mailto:john.bon...@bmgi.com] Sent: Friday, 28 September 2012 2:04 AM To: NT System Admin Issues Subject: IIS7 User Credential Injection Hello, I'm not sure if what I am thinking is doable but here is my problem and proposed solution. Problem: Legacy system that IS being replaced. I emphasize is because it really is. We have committed/spent money on hardware and software...but as a global company these things take time. So we have an old web based system(third party) that provided clients with access to material we created etc. Each client gets their own site *BUT* the content material we create is duplicated for each site even though it is exactly the same regardless of the client. Moving forward we can no longer do it this way...which is fine with everyone. No need to preach to the choir on this one. We would like to move the content to a central repository and then update the sites to point to the same location for a file. We of course need it to be secured so it can't be spidered / crawled / or url spoofed. There are a lot of people who would like to get our intellectual property for nothing. Solution: Create a folder CommonContent (whatever) on the web server. Create a new web in IIS for that content. Turn off anonymous access and turn on Basic, Windows, or URL authorization. URL Authorization seems just what the doctor ordered as long as it can't be seen clear text. Now all the content is secured. How do I get the existing web sites to access the single web repository? I mean I can update their link url's. What I am really asking is how do I get the existing sites to pass credentials? So I am off to Google and learn about IIS URL authorization but any input or other ideas would be greatly appreciated. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: One pooch, screwed Adobe style
Wouldn't that be ironic if the compromised build server was compromised by an infected PDF file? …Tim -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Thursday, September 27, 2012 3:57 PM To: NT System Admin Issues Subject: One pooch, screwed Adobe style http://blogs.adobe.com/asset/2012/09/inappropriate-use-of-adobe-code-signing-certificate.html ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: One pooch, screwed Adobe style
From the article it appears the server was compromised by another machine being hacked. Sounds like the hacker had inside info to me. How else could they have found what sounds like a rare server not built correctly with access to code signing certificates. Jon From: tev...@sparling.com To: ntsysadmin@lyris.sunbelt-software.com Date: Thu, 27 Sep 2012 20:24:19 -0700 Subject: RE: One pooch, screwed Adobe style Wouldn't that be ironic if the compromised build server was compromised by an infected PDF file? …Tim -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Thursday, September 27, 2012 3:57 PM To: NT System Admin Issues Subject: One pooch, screwed Adobe style http://blogs.adobe.com/asset/2012/09/inappropriate-use-of-adobe-code-signing-certificate.html ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin