date:20121130

RE: SQL account management

2012-11-30 Thread Ken Schaefer

The application owners (typically business people) shouldn't have any 
permissions to do anything of the sort...

DBAs would make the changes, and this should be caught in Dev/Test prior to Prod

Cheers
Ken

From: David Lum [mailto:david@nwea.org]
Sent: Saturday, 1 December 2012 1:14 AM
To: NT System Admin Issues
Subject: RE: SQL account management

Thanks guys! What drove this question is the app owner deleted a SQL account 
that they had realized had other dependencies on it, but this checks and 
balances if operating both ways would have caught it.

From: Ziots, Edward [mailto:ezi...@lifespan.org]
Sent: Friday, November 30, 2012 5:51 AM
To: NT System Admin Issues
Subject: RE: SQL account management

I agree with this approach,

Usually this is a default build where service accounts are created and the SQL 
services are installed with the dedicated windows accounts running the services.

As for SQL server accounts, I would recommend if possible do it by Global 
Groups, instead of regular SQL accounts, but if you had too the approach given 
by Brian is definitely on par.

Data/Bussiness process owners specify the permissions that need to be granted 
to users and the DBA's (Data Custodians) implement them.

Z

Edward E. Ziots, CISSP, Security +, Network +
Security Engineer
Lifespan Organization
ezi...@lifespan.org

From: Brian Desmond [mailto:br...@briandesmond.com]
Sent: Thursday, November 29, 2012 6:33 PM
To: NT System Admin Issues
Subject: RE: SQL account management

I'd expect a checks and balances type process here - app owner (business) 
approves access changes implemented by DBAs (IT).

Thanks,
Brian Desmond
br...@briandesmond.com

w - 312.625.1438 | c - 312.731.3132

From: David Lum [mailto:david@nwea.org]
Sent: Thursday, November 29, 2012 4:35 PM
To: NT System Admin Issues
Subject: SQL account management

For those of you with sizable environments, who manages SQL server accounts? 
DBA's, or the application owners whose application uses the SQL account?
David Lum
Sr. Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: OT: IE Sucks!

2012-11-30 Thread Richard McClary

The music is distracting!  I keep imagining Bugs Bunny giving Elmer Fudd a 
shave.

From: Steven Peck [mailto:sep...@gmail.com]
Sent: Friday, November 30, 2012 2:37 PM
To: NT System Admin Issues
Subject: Re: OT: IE Sucks!

http://browseryoulovedtohate.com/post/36807433541/do-you-know-this-guy
I send people here ^^

Several fun ones there.
On Fri, Nov 30, 2012 at 11:27 AM, Roger Wright 
mailto:rhw...@gmail.com>> wrote:
http://www.youtube.com/watch?v=lD9FAOPBiDk&feature=player_embedded

Roger Wright
___
We never really grow up, we only learn how to act in public.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

The information contained in this e-mail, and any attachments hereto, is from 
The American Society for the Prevention of Cruelty to AnimalsÂ® (ASPCAÂ®) and 
is intended only for use by the addressee(s) named herein and may contain 
legally privileged and/or confidential information. If you are not the intended 
recipient of this e-mail, you are hereby notified that any dissemination, 
distribution, copying or use of the contents of this e-mail, and any 
attachments hereto, is strictly prohibited. If you have received this e-mail in 
error, please immediately notify me by reply email and permanently delete the 
original and any copy of this e-mail and any printout thereof.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: GPO confused

2012-11-30 Thread Bruckner, Ian

Gpedit.msc on the local computer is the local group policy. GPOs from the 
domain do not change this policy... with the exception of disabling it if 
that's set to happen in a domain GPO.

If you see the settings when looking at cmd gpresult (from the endpoint) or 
GPMC group policy results (from the server/computer with GPMC, checking the 
loopback setting if so needed), then you're all set.

From: Ken Schaefer [mailto:k...@adopenstatic.com]
Sent: Friday, November 23, 2012 17:58
To: NT System Admin Issues
Subject: RE: GPO confused

When you run gpedit.msc on the target PC, what's the text on the first line in 
the left-hand panel?

What do you get if you run rsop.msc instead?

Cheers
Ken

From: itli...@imcu.com 
[mailto:itli...@imcu.com]
Sent: Saturday, 24 November 2012 7:21 AM
To: NT System Admin Issues
Subject: GPO confused

I have a 2003 Active Directory.
I want to apply some Windows 7 admx's
I have extended the schema using adprep from a server 2008 r2 disc.
I have GPMC installed on my Windows 7 machine.
I have created a GP using the Windows 7 machine.
I have ran GPupdate on the DC.
I have ran GPupdate /force on the PC.
I have ran GPResult /R on the PC and seed the policy created above.
I run GPedit.msc on the PC and I do not see the policy settings???
WTF and I doing wrong?
(The settings are ScreenSaver settings.)
User/Administrative/Control Panel/Personalization/ ...settings
I am done for today but if anyone has some clues to look for thanks
David

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Exchange 2010 - manage mobile phone

2012-11-30 Thread Free, Bob

I totally agree with you that the behavior is less then optimal by a long shot.

My thinking comes from an environment where we have always had separate 
AdminIDs, even pre-windows domains. We have never used the normal user IDs for 
administrative work or vice versa. My problems with adminsdholder back in the 
day were from a lot of grandfathered AdminIDs from the multiple collapsed NT 
Resource Domains that comprised our original AD so my view of the issue is 
extremely myopic compared to your client example.

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Friday, November 30, 2012 9:09 AM
To: NT System Admin Issues
Subject: RE: Exchange 2010 - manage mobile phone

The real problem, IMO, is that even after accounts are moved out of protected 
groups, inheritance is not automatically restored and adminCount set to zero.

You can't set up an EAS device with a protected account. You can setup a MAPI 
connection and there is a lot of history behind that. The team wanted to remove 
that, but the complaints were huge.

I worked with a health care client that had almost 100 accounts in domain 
admins, and a total of 300 accounts in protected groups. Some reasons were 
good, most weren't.  But even after cleaning those up and delegating properly, 
this still had to be dealt with...

And (shame face) fixing adminCount is trivial, but fixing up the ACLs (in a 
script) was beyond me. :( I don't speak really good SDDL.

From: Free, Bob [mailto:r...@pge.com]
Sent: Friday, November 30, 2012 11:47 AM
To: NT System Admin Issues
Subject: RE: Exchange 2010 - manage mobile phone

Kind of makes me wonder about the security model if you have email enabled 
accounts using mobile devices that are victims of adminsdholder.

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Friday, November 30, 2012 8:22 AM
To: NT System Admin Issues
Subject: RE: Exchange 2010 - manage mobile phone

This is most common:

http://theessentialexchange.com/blogs/michael/archive/2008/10/22/admincount-adminsdholder-sdprop-and-you.aspx

From: N Parr [mailto:npar...@mortonind.com]
Sent: Friday, November 30, 2012 11:04 AM
To: NT System Admin Issues
Subject: RE: Exchange 2010 - manage mobile phone

Thanks from me also.  I had a user that replaced his Droid 4 with a new one and 
his couldn't set up his email again on the new phone.  I have no clue how 
inheritance gets turned off.


From: David Lum [mailto:david@nwea.org]
Sent: Thursday, November 29, 2012 12:56 PM
To: NT System Admin Issues
Subject: RE: Exchange 2010 - manage mobile phone
Thanks, fixed, and we have a winner!

Because you're here and I am not on the Exchange list anymore. :)

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Thursday, November 29, 2012 10:39 AM
To: NT System Admin Issues
Subject: RE: Exchange 2010 - manage mobile phone

Check out permission inheritance on the user object.

And why are you asking this question here, instead of the Exchange list? :P

From: David Lum [mailto:david@nwea.org]
Sent: Thursday, November 29, 2012 1:05 PM
To: NT System Admin Issues
Subject: RE: Exchange 2010 - manage mobile phone

Whoa...it showed 4 devices.

1.   Deleted these

2.   Reassociated their user acct to my iPhone

3.   Verification works (asks to accept a cert, I say yes, although it 
doesn't ask for the server name until after e-mail/domain/username/password)

4.   2nd phase of verification works (check boxes on each row)

5.   Click Done to get out of iPhone mail settings

6.   Open Exchange mailbox in iPhone mail app and I still get "The 
connection to the server failed"

7.   Change the user's settings to use *my* ID instead but leave other 
server settings alone (same Exchange server, etc), it works as I can 
send/receive from my phone

8.   Out of curiosity I tried changing right back to problem users 
settings, it still fails.

I've looked at this users' mailbox settings and compared them to a user who can 
get mail via iPhone and nothing jumps out at me.

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Thursday, November 29, 2012 8:47 AM
To: NT System Admin Issues
Subject: RE: Exchange 2010 - manage mobile phone

Sign in using OWA Lite.  Go and clean Device Associations. Re-associate.

From: David Lum [mailto:david@nwea.org]
Sent: Thursday, November 29, 2012 11:16 AM
To: NT System Admin Issues
Subject: Exchange 2010 - manage mobile phone

I have two Exchange 2010 users that can't get  their accounts to work with an 
iPhone and I'm pretty sure it's specific to their account. I can get my account 
to work on their iPhone (and mine), but I can't get their accounts to work. It 
does go through the verify process OK, but when opening the mail app it stops 
at the inbox saying it cannot connect.

Looking in the E2K10 console for the users with this issue (and it's only two 
users, it works for most others) if I go to recipient configuration/Mailbox the 
option to mana

RE: Exchange 2010 - manage mobile phone

2012-11-30 Thread Michael B. Smith

The real problem, IMO, is that even after accounts are moved out of protected 
groups, inheritance is not automatically restored and adminCount set to zero.

You can't set up an EAS device with a protected account. You can setup a MAPI 
connection and there is a lot of history behind that. The team wanted to remove 
that, but the complaints were huge.

I worked with a health care client that had almost 100 accounts in domain 
admins, and a total of 300 accounts in protected groups. Some reasons were 
good, most weren't.  But even after cleaning those up and delegating properly, 
this still had to be dealt with...

And (shame face) fixing adminCount is trivial, but fixing up the ACLs (in a 
script) was beyond me. :( I don't speak really good SDDL.

From: Free, Bob [mailto:r...@pge.com]
Sent: Friday, November 30, 2012 11:47 AM
To: NT System Admin Issues
Subject: RE: Exchange 2010 - manage mobile phone

Kind of makes me wonder about the security model if you have email enabled 
accounts using mobile devices that are victims of adminsdholder.

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Friday, November 30, 2012 8:22 AM
To: NT System Admin Issues
Subject: RE: Exchange 2010 - manage mobile phone

This is most common:

http://theessentialexchange.com/blogs/michael/archive/2008/10/22/admincount-adminsdholder-sdprop-and-you.aspx

From: N Parr [mailto:npar...@mortonind.com]
Sent: Friday, November 30, 2012 11:04 AM
To: NT System Admin Issues
Subject: RE: Exchange 2010 - manage mobile phone

Thanks from me also.  I had a user that replaced his Droid 4 with a new one and 
his couldn't set up his email again on the new phone.  I have no clue how 
inheritance gets turned off.


From: David Lum [mailto:david@nwea.org]
Sent: Thursday, November 29, 2012 12:56 PM
To: NT System Admin Issues
Subject: RE: Exchange 2010 - manage mobile phone
Thanks, fixed, and we have a winner!

Because you're here and I am not on the Exchange list anymore. :)

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Thursday, November 29, 2012 10:39 AM
To: NT System Admin Issues
Subject: RE: Exchange 2010 - manage mobile phone

Check out permission inheritance on the user object.

And why are you asking this question here, instead of the Exchange list? :P

From: David Lum [mailto:david@nwea.org]
Sent: Thursday, November 29, 2012 1:05 PM
To: NT System Admin Issues
Subject: RE: Exchange 2010 - manage mobile phone

Whoa...it showed 4 devices.

1.   Deleted these

2.   Reassociated their user acct to my iPhone

3.   Verification works (asks to accept a cert, I say yes, although it 
doesn't ask for the server name until after e-mail/domain/username/password)

4.   2nd phase of verification works (check boxes on each row)

5.   Click Done to get out of iPhone mail settings

6.   Open Exchange mailbox in iPhone mail app and I still get "The 
connection to the server failed"

7.   Change the user's settings to use *my* ID instead but leave other 
server settings alone (same Exchange server, etc), it works as I can 
send/receive from my phone

8.   Out of curiosity I tried changing right back to problem users 
settings, it still fails.

I've looked at this users' mailbox settings and compared them to a user who can 
get mail via iPhone and nothing jumps out at me.

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Thursday, November 29, 2012 8:47 AM
To: NT System Admin Issues
Subject: RE: Exchange 2010 - manage mobile phone

Sign in using OWA Lite.  Go and clean Device Associations. Re-associate.

From: David Lum [mailto:david@nwea.org]
Sent: Thursday, November 29, 2012 11:16 AM
To: NT System Admin Issues
Subject: Exchange 2010 - manage mobile phone

I have two Exchange 2010 users that can't get  their accounts to work with an 
iPhone and I'm pretty sure it's specific to their account. I can get my account 
to work on their iPhone (and mine), but I can't get their accounts to work. It 
does go through the verify process OK, but when opening the mail app it stops 
at the inbox saying it cannot connect.

Looking in the E2K10 console for the users with this issue (and it's only two 
users, it works for most others) if I go to recipient configuration/Mailbox the 
option to manage mobile phone is there but when choosing that option there's no 
device listed. (Other users the option lists the device, or the "manage mobile 
phone is not listed as an option). It's as if a mobile device gets partially 
associated with their account.

Ideas anyone? Maybe PowerShell is needed to strip some partial association?
David Lum
Sr. Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@ly

RE: Exchange 2010 - manage mobile phone

2012-11-30 Thread Free, Bob

Kind of makes me wonder about the security model if you have email enabled 
accounts using mobile devices that are victims of adminsdholder.

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Friday, November 30, 2012 8:22 AM
To: NT System Admin Issues
Subject: RE: Exchange 2010 - manage mobile phone

This is most common:

http://theessentialexchange.com/blogs/michael/archive/2008/10/22/admincount-adminsdholder-sdprop-and-you.aspx

From: N Parr [mailto:npar...@mortonind.com]
Sent: Friday, November 30, 2012 11:04 AM
To: NT System Admin Issues
Subject: RE: Exchange 2010 - manage mobile phone

Thanks from me also.  I had a user that replaced his Droid 4 with a new one and 
his couldn't set up his email again on the new phone.  I have no clue how 
inheritance gets turned off.

From: David Lum [mailto:david@nwea.org]
Sent: Thursday, November 29, 2012 12:56 PM
To: NT System Admin Issues
Subject: RE: Exchange 2010 - manage mobile phone
Thanks, fixed, and we have a winner!

Because you're here and I am not on the Exchange list anymore. :)

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Thursday, November 29, 2012 10:39 AM
To: NT System Admin Issues
Subject: RE: Exchange 2010 - manage mobile phone

Check out permission inheritance on the user object.

And why are you asking this question here, instead of the Exchange list? :P

From: David Lum [mailto:david@nwea.org]
Sent: Thursday, November 29, 2012 1:05 PM
To: NT System Admin Issues
Subject: RE: Exchange 2010 - manage mobile phone

Whoa...it showed 4 devices.

1.   Deleted these

2.   Reassociated their user acct to my iPhone

3.   Verification works (asks to accept a cert, I say yes, although it 
doesn't ask for the server name until after e-mail/domain/username/password)

4.   2nd phase of verification works (check boxes on each row)

5.   Click Done to get out of iPhone mail settings

6.   Open Exchange mailbox in iPhone mail app and I still get "The 
connection to the server failed"

7.   Change the user's settings to use *my* ID instead but leave other 
server settings alone (same Exchange server, etc), it works as I can 
send/receive from my phone

8.   Out of curiosity I tried changing right back to problem users 
settings, it still fails.

I've looked at this users' mailbox settings and compared them to a user who can 
get mail via iPhone and nothing jumps out at me.

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Thursday, November 29, 2012 8:47 AM
To: NT System Admin Issues
Subject: RE: Exchange 2010 - manage mobile phone

Sign in using OWA Lite.  Go and clean Device Associations. Re-associate.

From: David Lum [mailto:david@nwea.org]
Sent: Thursday, November 29, 2012 11:16 AM
To: NT System Admin Issues
Subject: Exchange 2010 - manage mobile phone

I have two Exchange 2010 users that can't get  their accounts to work with an 
iPhone and I'm pretty sure it's specific to their account. I can get my account 
to work on their iPhone (and mine), but I can't get their accounts to work. It 
does go through the verify process OK, but when opening the mail app it stops 
at the inbox saying it cannot connect.

Looking in the E2K10 console for the users with this issue (and it's only two 
users, it works for most others) if I go to recipient configuration/Mailbox the 
option to manage mobile phone is there but when choosing that option there's no 
device listed. (Other users the option lists the device, or the "manage mobile 
phone is not listed as an option). It's as if a mobile device gets partially 
associated with their account.

Ideas anyone? Maybe PowerShell is needed to strip some partial association?
David Lum
Sr. Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~

RE: Exchange 2010 - manage mobile phone

2012-11-30 Thread N Parr

Then it may be due to the fact I tried to delegate control to this user in the 
past.  Very familiar with the issues around BB enterprise server but this user 
has never had a BB on our BES.
Thanks again.

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Friday, November 30, 2012 10:22 AM
To: NT System Admin Issues
Subject: RE: Exchange 2010 - manage mobile phone

This is most common:

http://theessentialexchange.com/blogs/michael/archive/2008/10/22/admincount-adminsdholder-sdprop-and-you.aspx

From: N Parr [mailto:npar...@mortonind.com]
Sent: Friday, November 30, 2012 11:04 AM
To: NT System Admin Issues
Subject: RE: Exchange 2010 - manage mobile phone

Thanks from me also.  I had a user that replaced his Droid 4 with a new one and 
his couldn't set up his email again on the new phone.  I have no clue how 
inheritance gets turned off.

From: David Lum [mailto:david@nwea.org]
Sent: Thursday, November 29, 2012 12:56 PM
To: NT System Admin Issues
Subject: RE: Exchange 2010 - manage mobile phone
Thanks, fixed, and we have a winner!

Because you're here and I am not on the Exchange list anymore. :)

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Thursday, November 29, 2012 10:39 AM
To: NT System Admin Issues
Subject: RE: Exchange 2010 - manage mobile phone

Check out permission inheritance on the user object.

And why are you asking this question here, instead of the Exchange list? :P

From: David Lum [mailto:david@nwea.org]
Sent: Thursday, November 29, 2012 1:05 PM
To: NT System Admin Issues
Subject: RE: Exchange 2010 - manage mobile phone

Whoa...it showed 4 devices.

1.   Deleted these

2.   Reassociated their user acct to my iPhone

3.   Verification works (asks to accept a cert, I say yes, although it 
doesn't ask for the server name until after e-mail/domain/username/password)

4.   2nd phase of verification works (check boxes on each row)

5.   Click Done to get out of iPhone mail settings

6.   Open Exchange mailbox in iPhone mail app and I still get "The 
connection to the server failed"

7.   Change the user's settings to use *my* ID instead but leave other 
server settings alone (same Exchange server, etc), it works as I can 
send/receive from my phone

8.   Out of curiosity I tried changing right back to problem users 
settings, it still fails.

I've looked at this users' mailbox settings and compared them to a user who can 
get mail via iPhone and nothing jumps out at me.

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Thursday, November 29, 2012 8:47 AM
To: NT System Admin Issues
Subject: RE: Exchange 2010 - manage mobile phone

Sign in using OWA Lite.  Go and clean Device Associations. Re-associate.

From: David Lum [mailto:david@nwea.org]
Sent: Thursday, November 29, 2012 11:16 AM
To: NT System Admin Issues
Subject: Exchange 2010 - manage mobile phone

I have two Exchange 2010 users that can't get  their accounts to work with an 
iPhone and I'm pretty sure it's specific to their account. I can get my account 
to work on their iPhone (and mine), but I can't get their accounts to work. It 
does go through the verify process OK, but when opening the mail app it stops 
at the inbox saying it cannot connect.

Looking in the E2K10 console for the users with this issue (and it's only two 
users, it works for most others) if I go to recipient configuration/Mailbox the 
option to manage mobile phone is there but when choosing that option there's no 
device listed. (Other users the option lists the device, or the "manage mobile 
phone is not listed as an option). It's as if a mobile device gets partially 
associated with their account.

Ideas anyone? Maybe PowerShell is needed to strip some partial association?
David Lum
Sr. Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the b

RE: Exchange 2010 - manage mobile phone

2012-11-30 Thread Mayo, Bill

My first suspect would be the nefarious AdminCount attribute.  
http://support.microsoft.com/?id=318180

From: N Parr [mailto:npar...@mortonind.com]
Sent: Friday, November 30, 2012 11:04 AM
To: NT System Admin Issues
Subject: RE: Exchange 2010 - manage mobile phone

Thanks from me also.  I had a user that replaced his Droid 4 with a new one and 
his couldn't set up his email again on the new phone.  I have no clue how 
inheritance gets turned off.

From: David Lum [mailto:david@nwea.org]
Sent: Thursday, November 29, 2012 12:56 PM
To: NT System Admin Issues
Subject: RE: Exchange 2010 - manage mobile phone
Thanks, fixed, and we have a winner!

Because you're here and I am not on the Exchange list anymore. :)

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Thursday, November 29, 2012 10:39 AM
To: NT System Admin Issues
Subject: RE: Exchange 2010 - manage mobile phone

Check out permission inheritance on the user object.

And why are you asking this question here, instead of the Exchange list? :P

From: David Lum [mailto:david@nwea.org]
Sent: Thursday, November 29, 2012 1:05 PM
To: NT System Admin Issues
Subject: RE: Exchange 2010 - manage mobile phone

Whoa...it showed 4 devices.

1.   Deleted these

2.   Reassociated their user acct to my iPhone

3.   Verification works (asks to accept a cert, I say yes, although it 
doesn't ask for the server name until after e-mail/domain/username/password)

4.   2nd phase of verification works (check boxes on each row)

5.   Click Done to get out of iPhone mail settings

6.   Open Exchange mailbox in iPhone mail app and I still get "The 
connection to the server failed"

7.   Change the user's settings to use *my* ID instead but leave other 
server settings alone (same Exchange server, etc), it works as I can 
send/receive from my phone

8.   Out of curiosity I tried changing right back to problem users 
settings, it still fails.

I've looked at this users' mailbox settings and compared them to a user who can 
get mail via iPhone and nothing jumps out at me.

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Thursday, November 29, 2012 8:47 AM
To: NT System Admin Issues
Subject: RE: Exchange 2010 - manage mobile phone

Sign in using OWA Lite.  Go and clean Device Associations. Re-associate.

From: David Lum [mailto:david@nwea.org]
Sent: Thursday, November 29, 2012 11:16 AM
To: NT System Admin Issues
Subject: Exchange 2010 - manage mobile phone

I have two Exchange 2010 users that can't get  their accounts to work with an 
iPhone and I'm pretty sure it's specific to their account. I can get my account 
to work on their iPhone (and mine), but I can't get their accounts to work. It 
does go through the verify process OK, but when opening the mail app it stops 
at the inbox saying it cannot connect.

Looking in the E2K10 console for the users with this issue (and it's only two 
users, it works for most others) if I go to recipient configuration/Mailbox the 
option to manage mobile phone is there but when choosing that option there's no 
device listed. (Other users the option lists the device, or the "manage mobile 
phone is not listed as an option). It's as if a mobile device gets partially 
associated with their account.

Ideas anyone? Maybe PowerShell is needed to strip some partial association?
David Lum
Sr. Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security tha

RE: Exchange 2010 - manage mobile phone

2012-11-30 Thread Michael B. Smith

This is most common:

http://theessentialexchange.com/blogs/michael/archive/2008/10/22/admincount-adminsdholder-sdprop-and-you.aspx

From: N Parr [mailto:npar...@mortonind.com]
Sent: Friday, November 30, 2012 11:04 AM
To: NT System Admin Issues
Subject: RE: Exchange 2010 - manage mobile phone

Thanks from me also.  I had a user that replaced his Droid 4 with a new one and 
his couldn't set up his email again on the new phone.  I have no clue how 
inheritance gets turned off.

From: David Lum [mailto:david@nwea.org]
Sent: Thursday, November 29, 2012 12:56 PM
To: NT System Admin Issues
Subject: RE: Exchange 2010 - manage mobile phone
Thanks, fixed, and we have a winner!

Because you're here and I am not on the Exchange list anymore. :)

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Thursday, November 29, 2012 10:39 AM
To: NT System Admin Issues
Subject: RE: Exchange 2010 - manage mobile phone

Check out permission inheritance on the user object.

And why are you asking this question here, instead of the Exchange list? :P

From: David Lum [mailto:david@nwea.org]
Sent: Thursday, November 29, 2012 1:05 PM
To: NT System Admin Issues
Subject: RE: Exchange 2010 - manage mobile phone

Whoa...it showed 4 devices.

1.   Deleted these

2.   Reassociated their user acct to my iPhone

3.   Verification works (asks to accept a cert, I say yes, although it 
doesn't ask for the server name until after e-mail/domain/username/password)

4.   2nd phase of verification works (check boxes on each row)

5.   Click Done to get out of iPhone mail settings

6.   Open Exchange mailbox in iPhone mail app and I still get "The 
connection to the server failed"

7.   Change the user's settings to use *my* ID instead but leave other 
server settings alone (same Exchange server, etc), it works as I can 
send/receive from my phone

8.   Out of curiosity I tried changing right back to problem users 
settings, it still fails.

I've looked at this users' mailbox settings and compared them to a user who can 
get mail via iPhone and nothing jumps out at me.

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Thursday, November 29, 2012 8:47 AM
To: NT System Admin Issues
Subject: RE: Exchange 2010 - manage mobile phone

Sign in using OWA Lite.  Go and clean Device Associations. Re-associate.

From: David Lum [mailto:david@nwea.org]
Sent: Thursday, November 29, 2012 11:16 AM
To: NT System Admin Issues
Subject: Exchange 2010 - manage mobile phone

I have two Exchange 2010 users that can't get  their accounts to work with an 
iPhone and I'm pretty sure it's specific to their account. I can get my account 
to work on their iPhone (and mine), but I can't get their accounts to work. It 
does go through the verify process OK, but when opening the mail app it stops 
at the inbox saying it cannot connect.

Looking in the E2K10 console for the users with this issue (and it's only two 
users, it works for most others) if I go to recipient configuration/Mailbox the 
option to manage mobile phone is there but when choosing that option there's no 
device listed. (Other users the option lists the device, or the "manage mobile 
phone is not listed as an option). It's as if a mobile device gets partially 
associated with their account.

Ideas anyone? Maybe PowerShell is needed to strip some partial association?
David Lum
Sr. Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, pow

RE: Exchange 2010 - manage mobile phone

2012-11-30 Thread N Parr

Thanks from me also.  I had a user that replaced his Droid 4 with a new one and 
his couldn't set up his email again on the new phone.  I have no clue how 
inheritance gets turned off.

From: David Lum [mailto:david@nwea.org]
Sent: Thursday, November 29, 2012 12:56 PM
To: NT System Admin Issues
Subject: RE: Exchange 2010 - manage mobile phone

Thanks, fixed, and we have a winner!

Because you're here and I am not on the Exchange list anymore. :)

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Thursday, November 29, 2012 10:39 AM
To: NT System Admin Issues
Subject: RE: Exchange 2010 - manage mobile phone

Check out permission inheritance on the user object.

And why are you asking this question here, instead of the Exchange list? :P

From: David Lum [mailto:david@nwea.org]
Sent: Thursday, November 29, 2012 1:05 PM
To: NT System Admin Issues
Subject: RE: Exchange 2010 - manage mobile phone

Whoa...it showed 4 devices.

1.   Deleted these

2.   Reassociated their user acct to my iPhone

3.   Verification works (asks to accept a cert, I say yes, although it 
doesn't ask for the server name until after e-mail/domain/username/password)

4.   2nd phase of verification works (check boxes on each row)

5.   Click Done to get out of iPhone mail settings

6.   Open Exchange mailbox in iPhone mail app and I still get "The 
connection to the server failed"

7.   Change the user's settings to use *my* ID instead but leave other 
server settings alone (same Exchange server, etc), it works as I can 
send/receive from my phone

8.   Out of curiosity I tried changing right back to problem users 
settings, it still fails.

I've looked at this users' mailbox settings and compared them to a user who can 
get mail via iPhone and nothing jumps out at me.

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Thursday, November 29, 2012 8:47 AM
To: NT System Admin Issues
Subject: RE: Exchange 2010 - manage mobile phone

Sign in using OWA Lite.  Go and clean Device Associations. Re-associate.

From: David Lum [mailto:david@nwea.org]
Sent: Thursday, November 29, 2012 11:16 AM
To: NT System Admin Issues
Subject: Exchange 2010 - manage mobile phone

I have two Exchange 2010 users that can't get  their accounts to work with an 
iPhone and I'm pretty sure it's specific to their account. I can get my account 
to work on their iPhone (and mine), but I can't get their accounts to work. It 
does go through the verify process OK, but when opening the mail app it stops 
at the inbox saying it cannot connect.

Looking in the E2K10 console for the users with this issue (and it's only two 
users, it works for most others) if I go to recipient configuration/Mailbox the 
option to manage mobile phone is there but when choosing that option there's no 
device listed. (Other users the option lists the device, or the "manage mobile 
phone is not listed as an option). It's as if a mobile device gets partially 
associated with their account.

Ideas anyone? Maybe PowerShell is needed to strip some partial association?
David Lum
Sr. Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com

RE: SQL account management

2012-11-30 Thread Ziots, Edward

I agree with this approach, 

 

Usually this is a default build where service accounts are created and
the SQL services are installed with the dedicated windows accounts
running the services. 

 

As for SQL server accounts, I would recommend if possible do it by
Global Groups, instead of regular SQL accounts, but if you had too the
approach given by Brian is definitely on par. 

 

Data/Bussiness process owners specify the permissions that need to be
granted to users and the DBA's (Data Custodians) implement them. 

 

Z

 

Edward E. Ziots, CISSP, Security +, Network +

Security Engineer

Lifespan Organization

ezi...@lifespan.org

 

From: Brian Desmond [mailto:br...@briandesmond.com] 
Sent: Thursday, November 29, 2012 6:33 PM
To: NT System Admin Issues
Subject: RE: SQL account management

 

I'd expect a checks and balances type process here - app owner
(business) approves access changes implemented by DBAs (IT). 

 

Thanks,

Brian Desmond

br...@briandesmond.com  

 

w - 312.625.1438 | c - 312.731.3132

 

From: David Lum [mailto:david@nwea.org] 
Sent: Thursday, November 29, 2012 4:35 PM
To: NT System Admin Issues
Subject: SQL account management

 

For those of you with sizable environments, who manages SQL server
accounts? DBA's, or the application owners whose application uses the
SQL account?

David Lum 
Sr. Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: OT?: Moving an old VMWare set

2012-11-30 Thread Richard McClary

Six is for a MAJOR expansion

From: Paul Hutchings [mailto:paul.hutchi...@mira.co.uk]
Sent: Friday, November 30, 2012 4:40 AM
To: NT System Admin Issues
Subject: RE: OT?: Moving an old VMWare set

Just curiosity at work here but six hosts seems disproportionately high for 30 
VM's if those 30 VM's already run on a pair of ageing ESX 3.5 boxes?

From: Richard McClary [richard.mccl...@aspca.org]
Sent: 29 November 2012 4:30 PM
To: NT System Admin Issues
Subject: OT?: Moving an old VMWare set
Greetings!  I know I really need to investigate VMWare support (shall do so), 
but in case anyone else has encountered this...

We are about to retire an old VMWare system and replace it with newer hardware.

Current system:

IBM x3650s (two), ESX 3.5, 3 ethernet ports (two for LAN, 1 for management), 
two fiber channel HBAs to datastore
IBM DS3400 SAN; 4 HBAs (2 to each ESX server)

The plan is to replace this completely with six IBM x3650M4s running ESXi 5, 
and iSCSI connections to a NetApp datastore.

The problem:  we have about 30 VMs on the DS3400, several of which are 
mission-critical (domain controllers, time clocks, etc).

I thought it would be possible to add additional NICs to the current servers, 
use those for an iSCSI connection to the NetAPP, configure a datastore on the 
NetApp, and then have the VMWare software copy of move the VM files from the 
old datastore to the new one.

It was pointed out to me, though, that the DS3400 is on a fiber channel 
equivalent of one VLAN, and the NetApp would be on another VLAN.  StorageMotion 
would not work.

Anyone out there ever encounter (and solve) this?

Thanks...
--
richard

The information contained in this e-mail, and any attachments hereto, is from 
The American Society for the Prevention of Cruelty to Animals(r) (ASPCA(r)) and 
is intended only for use by the addressee(s) named herein and may contain 
legally privileged and/or confidential information. If you are not the intended 
recipient of this e-mail, you are hereby notified that any dissemination, 
distribution, copying or use of the contents of this e-mail, and any 
attachments hereto, is strictly prohibited. If you have received this e-mail in 
error, please immediately notify me by reply email and permanently delete the 
original and any copy of this e-mail and any printout thereof.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

MIRA Ltd

Watling Street, Nuneaton, Warwickshire, CV10 0TU, England
Registered in England and Wales No. 402570
VAT Registration  GB 100 1464 84

The contents of this e-mail are confidential and are solely for the use of the 
intended recipient.  If you receive this e-mail in error, please delete it and 
notify us either by e-mail, telephone or fax.  You should not copy, forward or 
otherwise disclose the content of the e-mail as this is prohibited.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

The information contained in this e-mail, and any attachments hereto, is from 
The American Society for the Prevention of Cruelty to AnimalsÂ® (ASPCAÂ®) and 
is intended only for use by the addressee(s) named herein and may contain 
legally privileged and/or confidential information. If you are not the intended 
recipient of this e-mail, you are hereby notified that any dissemination, 
distribution, copying or use of the contents of this e-mail, and any 
attachments hereto, is strictly prohibited. If you have received this e-mail in 
error, please immediately notify me by reply email and permanently delete the 
original and any copy of this e-mail and any printout thereof.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: OT?: Moving an old VMWare set

2012-11-30 Thread Paul Hutchings

Just curiosity at work here but six hosts seems disproportionately high for 30 
VM's if those 30 VM's already run on a pair of ageing ESX 3.5 boxes?

From: Richard McClary [richard.mccl...@aspca.org]
Sent: 29 November 2012 4:30 PM
To: NT System Admin Issues
Subject: OT?: Moving an old VMWare set

Greetings!  I know I really need to investigate VMWare support (shall do so), 
but in case anyone else has encountered this…

We are about to retire an old VMWare system and replace it with newer hardware.

Current system:

IBM x3650s (two), ESX 3.5, 3 ethernet ports (two for LAN, 1 for management), 
two fiber channel HBAs to datastore
IBM DS3400 SAN; 4 HBAs (2 to each ESX server)

The plan is to replace this completely with six IBM x3650M4s running ESXi 5, 
and iSCSI connections to a NetApp datastore.

The problem:  we have about 30 VMs on the DS3400, several of which are 
mission-critical (domain controllers, time clocks, etc).

I thought it would be possible to add additional NICs to the current servers, 
use those for an iSCSI connection to the NetAPP, configure a datastore on the 
NetApp, and then have the VMWare software copy of move the VM files from the 
old datastore to the new one.

It was pointed out to me, though, that the DS3400 is on a fiber channel 
equivalent of one VLAN, and the NetApp would be on another VLAN.  StorageMotion 
would not work.

Anyone out there ever encounter (and solve) this?

Thanks…
--
richard

The information contained in this e-mail, and any attachments hereto, is from 
The American Society for the Prevention of Cruelty to Animals® (ASPCA®) and is 
intended only for use by the addressee(s) named herein and may contain legally 
privileged and/or confidential information. If you are not the intended 
recipient of this e-mail, you are hereby notified that any dissemination, 
distribution, copying or use of the contents of this e-mail, and any 
attachments hereto, is strictly prohibited. If you have received this e-mail in 
error, please immediately notify me by reply email and permanently delete the 
original and any copy of this e-mail and any printout thereof.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

--
MIRA Ltd

Watling Street, Nuneaton, Warwickshire, CV10 0TU, England
Registered in England and Wales No. 402570
VAT Registration  GB 100 1464 84

The contents of this e-mail are confidential and are solely for the use of the 
intended recipient.  If you receive this e-mail in error, please delete it and 
notify us either by e-mail, telephone or fax.  You should not copy, forward or 
otherwise disclose the content of the e-mail as this is prohibited.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: SQL account management

RE: OT: IE Sucks!

RE: GPO confused

RE: Exchange 2010 - manage mobile phone

RE: Exchange 2010 - manage mobile phone

RE: Exchange 2010 - manage mobile phone

RE: Exchange 2010 - manage mobile phone

RE: Exchange 2010 - manage mobile phone

RE: Exchange 2010 - manage mobile phone

RE: Exchange 2010 - manage mobile phone

RE: SQL account management

RE: OT?: Moving an old VMWare set

RE: OT?: Moving an old VMWare set

13 matches

Site Navigation

Mail list logo

Footer information