RE: Time sync
Lol, how many times do you need 64 vCPUs or 4TB of guest Ram versus needing to extend a disk? From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Friday, January 04, 2013 8:50 PM To: NT System Admin Issues Subject: RE: Time sync Can ESX support 64 vCPUs or 4TB RAM per guest yet? Or 64 hosts per cluster? Seems like there are all sorts of corner cases where one product has functionality the other doesn't yet. For 99% of things they are feature compatible. It's all about the management and operations tools now. Hypervisors are almost commoditised, and will be within the next version or two. Cheers Ken From: Ken Cornetet [mailto:ken.corne...@kimball.com] Sent: Saturday, 5 January 2013 6:26 AM To: NT System Admin Issues Subject: RE: Time sync Cost. HyperV give something that VMWare doesn't? I laughed so hard I think I peed myself a little... Sheesh, you can't even extend disks on a running virtual under HyperV. From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Friday, January 04, 2013 11:43 AM To: NT System Admin Issues Subject: RE: Time sync I was thinking the same thing. Actually IMHO VM still does more than Hyper-V does... Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Replacement for SteadyState
We teach classes and let the students make any and all changes to the desktop environment. Here's one example. Student comes in and sets the desktop wallpaper to his favorite pinup gal. Next student doesn't like it, but is a beginner and doesn't know how to change it to something else. Reboot and the pin up gal is gone. Also, I've seen some programs/apps that can now be installed without admin rights, Google Chrome for example. Not a problem with Deep Freeze. I'm sure there are other ways to do this, but DeepFreeze works great in our environment. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Sunday, January 06, 2013 4:36 PM To: NT System Admin Issues Subject: RE: Replacement for SteadyState I've worked at a lot of customers that use DeepFreeze and similar products and I'm not a huge fan of the concept in general. It makes the overall lifecycle maintenance of a desktop environment a heck of a lot more complicated. The question I always pose (and usually don't get much of a response to), is what problems/issues is DeepFreeze protecting you from that running as a local user wouldn't solve? Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Friday, January 4, 2013 11:33 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState Not free, but we could not function at the school without DeepFreeze. From: Bambi J Saastad [mailto:bambi.j.saas...@seagate.com] Sent: Friday, January 04, 2013 11:36 AM To: NT System Admin Issues Subject: Replacement for SteadyState Hello I was wondering if any of you could suggest a replacement for SteadyState. I have a roomful of pc's that the factory users use for browsing etc that I am replacing with Windows 7 Pro that need to be locked down. Can anyone suggest a product that does the same thing, wipe out any changes on reboot? TIA B ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Replacement for SteadyState
Word. Domain-joined system but they auto-login as a local user that belongs to the guest group in Vista, with a few other lockdowns that mimic Steadystate. Public machines are a completely different can of worms, and even the above isn't perfect but I can go several months at a time (been almost a year I think at this point) before getting a call for support on them. Dave From: Crawford, Scott [mailto:crawfo...@evangel.edu] Sent: Sunday, January 06, 2013 7:39 PM To: NT System Admin Issues Subject: RE: Replacement for SteadyState I'm glad someone asked. I always assumed I was missing something. We've got lab computers for a couple thousand students and have any issues to speak of. Sent from my Windows Phone From: Brian Desmond Sent: 1/6/2013 3:36 PM To: NT System Admin Issues Subject: RE: Replacement for SteadyState I've worked at a lot of customers that use DeepFreeze and similar products and I'm not a huge fan of the concept in general. It makes the overall lifecycle maintenance of a desktop environment a heck of a lot more complicated. The question I always pose (and usually don't get much of a response to), is what problems/issues is DeepFreeze protecting you from that running as a local user wouldn't solve? Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Friday, January 4, 2013 11:33 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState Not free, but we could not function at the school without DeepFreeze. From: Bambi J Saastad [mailto:bambi.j.saas...@seagate.com] Sent: Friday, January 04, 2013 11:36 AM To: NT System Admin Issues Subject: Replacement for SteadyState Hello I was wondering if any of you could suggest a replacement for SteadyState. I have a roomful of pc's that the factory users use for browsing etc that I am replacing with Windows 7 Pro that need to be locked down. Can anyone suggest a product that does the same thing, wipe out any changes on reboot? TIA B ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Occasional local admin needed
Thanks for everyone's replies on this! Dave From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Friday, January 04, 2013 7:53 AM To: NT System Admin Issues Subject: RE: Occasional local admin needed Do a domain account as you describe and set the account to expire tomorrow. When they need it you re-enable it and set it to expire again the next day. Still manual intervention on your part but the automatic expire solves the ongoing access issue. From: David Lum [mailto:david@nwea.org] Sent: Friday, January 04, 2013 10:41 AM To: NT System Admin Issues Subject: Occasional local admin needed How would you guys handle this? I have a server that the developers use that they occasionally (once a month or so) need local admin access for to install/upgrade an app or feature they use. This is a new-ish server that previously I have just added a user (it's the same one each time) to the local admin group then a week later took them out, but that's cumbersome and I become the single point of failure on remembering to back them out. I could 1. create a special AD account for this user to be local admin, or 2. create an AD group, put this person in it, then GPO that group into local admins on that server. Suggestions? David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Replacement for SteadyState
You could achieve much the same end with Citrix Provisioning Services, except you'd have the options of personal vDisk as well. I have to admit I'm not a fan of the DeepFreeze/SteadyState approaches - some threats don't need to be persistent beyond a reboot to wreak havoc. I'm more inclined towards good GPOs and app management coupled with maybe PVS and StrataApps. Cheers, JR Sent from my Blackberry, which may be an antique but delivers email RELIABLY -Original Message- From: Glen Johnson gjohn...@vhcc.edu Date: Mon, 7 Jan 2013 13:42:08 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com Reply-To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.comSubject: RE: Replacement for SteadyState We teach classes and let the students make any and all changes to the desktop environment. Here's one example. Student comes in and sets the desktop wallpaper to his favorite pinup gal. Next student doesn't like it, but is a beginner and doesn't know how to change it to something else. Reboot and the pin up gal is gone. Also, I've seen some programs/apps that can now be installed without admin rights, Google Chrome for example. Not a problem with Deep Freeze. I'm sure there are other ways to do this, but DeepFreeze works great in our environment. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Sunday, January 06, 2013 4:36 PM To: NT System Admin Issues Subject: RE: Replacement for SteadyState I've worked at a lot of customers that use DeepFreeze and similar products and I'm not a huge fan of the concept in general. It makes the overall lifecycle maintenance of a desktop environment a heck of a lot more complicated. The question I always pose (and usually don't get much of a response to), is what problems/issues is DeepFreeze protecting you from that running as a local user wouldn't solve? Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Friday, January 4, 2013 11:33 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState Not free, but we could not function at the school without DeepFreeze. From: Bambi J Saastad [mailto:bambi.j.saas...@seagate.com] Sent: Friday, January 04, 2013 11:36 AM To: NT System Admin Issues Subject: Replacement for SteadyState Hello I was wondering if any of you could suggest a replacement for SteadyState. I have a roomful of pc's that the factory users use for browsing etc that I am replacing with Windows 7 Pro that need to be locked down. Can anyone suggest a product that does the same thing, wipe out any changes on reboot? TIA B ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Time sync
On Mon, Jan 7, 2013 at 8:31 AM, Ken Cornetet ken.corne...@kimball.com wrote: Lol, how many times do you need 64 vCPUs or 4TB of guest Ram versus needing to extend a disk? I run VMware ESXi 5.0, and I know I have had to extend a disk any number of times. And Win2008 makes extending the boot disk so much easier, too. My largest VM has 16G of RAM, and I was even leery of that. And I have 6 hosts with 512G RAM each ... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Replacement for SteadyState
No on the student login. We use a generic account per classroom. We've talked about moving to a individual student login, but I'm not sure we need or want that. For others that have gone that route, how do you handle situations where students don't logout before they leave. You either have a locked computer, logged on as said student or if not locked, then student 2 has access to student 1's account. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Monday, January 07, 2013 9:32 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState Sure so scenarios where you're teaching classes that require changes to the OS to accomplish the class makes good sense and I'd not argue against a solution like DeepFreeze in that case. In the case of things like wallpaper and user profile stuff, are you not using named user accounts for your students? That solves a bunch of this on the spot. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, January 7, 2013 7:42 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState We teach classes and let the students make any and all changes to the desktop environment. Here's one example. Student comes in and sets the desktop wallpaper to his favorite pinup gal. Next student doesn't like it, but is a beginner and doesn't know how to change it to something else. Reboot and the pin up gal is gone. Also, I've seen some programs/apps that can now be installed without admin rights, Google Chrome for example. Not a problem with Deep Freeze. I'm sure there are other ways to do this, but DeepFreeze works great in our environment. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Sunday, January 06, 2013 4:36 PM To: NT System Admin Issues Subject: RE: Replacement for SteadyState I've worked at a lot of customers that use DeepFreeze and similar products and I'm not a huge fan of the concept in general. It makes the overall lifecycle maintenance of a desktop environment a heck of a lot more complicated. The question I always pose (and usually don't get much of a response to), is what problems/issues is DeepFreeze protecting you from that running as a local user wouldn't solve? Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Friday, January 4, 2013 11:33 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState Not free, but we could not function at the school without DeepFreeze. From: Bambi J Saastad [mailto:bambi.j.saas...@seagate.com] Sent: Friday, January 04, 2013 11:36 AM To: NT System Admin Issues Subject: Replacement for SteadyState Hello I was wondering if any of you could suggest a replacement for SteadyState. I have a roomful of pc's that the factory users use for browsing etc that I am replacing with Windows 7 Pro that need to be locked down. Can anyone suggest a product that does the same thing, wipe out any changes on reboot? TIA B ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security
RE: Replacement for SteadyState
And that's why there are choices. I could achieve the same with Citrix... but that's another expense, learning and such. Not saying it's good or bad, just that what we are using works well for us, so no plans to change at the moment. From: kz2...@googlemail.com [mailto:kz2...@googlemail.com] Sent: Monday, January 07, 2013 9:40 AM To: NT System Admin Issues Subject: Re: Replacement for SteadyState You could achieve much the same end with Citrix Provisioning Services, except you'd have the options of personal vDisk as well. I have to admit I'm not a fan of the DeepFreeze/SteadyState approaches - some threats don't need to be persistent beyond a reboot to wreak havoc. I'm more inclined towards good GPOs and app management coupled with maybe PVS and StrataApps. Cheers, JR Sent from my Blackberry, which may be an antique but delivers email RELIABLY From: Glen Johnson gjohn...@vhcc.edumailto:gjohn...@vhcc.edu Date: Mon, 7 Jan 2013 13:42:08 + To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com ReplyTo: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Subject: RE: Replacement for SteadyState We teach classes and let the students make any and all changes to the desktop environment. Here's one example. Student comes in and sets the desktop wallpaper to his favorite pinup gal. Next student doesn't like it, but is a beginner and doesn't know how to change it to something else. Reboot and the pin up gal is gone. Also, I've seen some programs/apps that can now be installed without admin rights, Google Chrome for example. Not a problem with Deep Freeze. I'm sure there are other ways to do this, but DeepFreeze works great in our environment. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Sunday, January 06, 2013 4:36 PM To: NT System Admin Issues Subject: RE: Replacement for SteadyState I've worked at a lot of customers that use DeepFreeze and similar products and I'm not a huge fan of the concept in general. It makes the overall lifecycle maintenance of a desktop environment a heck of a lot more complicated. The question I always pose (and usually don't get much of a response to), is what problems/issues is DeepFreeze protecting you from that running as a local user wouldn't solve? Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Friday, January 4, 2013 11:33 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState Not free, but we could not function at the school without DeepFreeze. From: Bambi J Saastad [mailto:bambi.j.saas...@seagate.com] Sent: Friday, January 04, 2013 11:36 AM To: NT System Admin Issues Subject: Replacement for SteadyState Hello I was wondering if any of you could suggest a replacement for SteadyState. I have a roomful of pc's that the factory users use for browsing etc that I am replacing with Windows 7 Pro that need to be locked down. Can anyone suggest a product that does the same thing, wipe out any changes on reboot? TIA B ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com
RE: Time sync
We are running ESX 5. To conserve SAN storage, we provision virtuals with the bare minimum needed disk space because it is so easy to extend disks later (extend the VMDK in VMWare, extend in Windows, done). No down time, and no wasted disk. We don't have to spend a lot of time trying to anticipate how big the disks will get and wasting disk if we guess too high. In HyperV, you can't extend disks without shutting down the virtual - seriously. I can't for the life of me figure out why MS isn't fixing this instead of adding silly features like 4TB of guest RAM. And, I also wonder why HyperV users aren't howling about this. -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Monday, January 07, 2013 9:43 AM To: NT System Admin Issues Subject: Re: Time sync On Mon, Jan 7, 2013 at 8:31 AM, Ken Cornetet ken.corne...@kimball.com wrote: Lol, how many times do you need 64 vCPUs or 4TB of guest Ram versus needing to extend a disk? I run VMware ESXi 5.0, and I know I have had to extend a disk any number of times. And Win2008 makes extending the boot disk so much easier, too. My largest VM has 16G of RAM, and I was even leery of that. And I have 6 hosts with 512G RAM each ... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Replacement for SteadyState
how do you handle situations where students don't logout before they leave.. then student 2 has access to student 1's account. Self-correcting problem. Student 2 deletes all of Students 1's stuff and Student 1 never does it again. With 7,000 students we have very little trouble with this issue actually. Also we set inactivity timeouts so they auto log out. I would not go with generic accounts. There is no accountability, no tracking of what they do From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, January 07, 2013 10:04 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState No on the student login. We use a generic account per classroom. We've talked about moving to a individual student login, but I'm not sure we need or want that. For others that have gone that route, how do you handle situations where students don't logout before they leave. You either have a locked computer, logged on as said student or if not locked, then student 2 has access to student 1's account. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Monday, January 07, 2013 9:32 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState Sure so scenarios where you're teaching classes that require changes to the OS to accomplish the class makes good sense and I'd not argue against a solution like DeepFreeze in that case. In the case of things like wallpaper and user profile stuff, are you not using named user accounts for your students? That solves a bunch of this on the spot. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, January 7, 2013 7:42 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState We teach classes and let the students make any and all changes to the desktop environment. Here's one example. Student comes in and sets the desktop wallpaper to his favorite pinup gal. Next student doesn't like it, but is a beginner and doesn't know how to change it to something else. Reboot and the pin up gal is gone. Also, I've seen some programs/apps that can now be installed without admin rights, Google Chrome for example. Not a problem with Deep Freeze. I'm sure there are other ways to do this, but DeepFreeze works great in our environment. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Sunday, January 06, 2013 4:36 PM To: NT System Admin Issues Subject: RE: Replacement for SteadyState I've worked at a lot of customers that use DeepFreeze and similar products and I'm not a huge fan of the concept in general. It makes the overall lifecycle maintenance of a desktop environment a heck of a lot more complicated. The question I always pose (and usually don't get much of a response to), is what problems/issues is DeepFreeze protecting you from that running as a local user wouldn't solve? Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Friday, January 4, 2013 11:33 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState Not free, but we could not function at the school without DeepFreeze. From: Bambi J Saastad [mailto:bambi.j.saas...@seagate.com] Sent: Friday, January 04, 2013 11:36 AM To: NT System Admin Issues Subject: Replacement for SteadyState Hello I was wondering if any of you could suggest a replacement for SteadyState. I have a roomful of pc's that the factory users use for browsing etc that I am replacing with Windows 7 Pro that need to be locked down. Can anyone suggest a product that does the same thing, wipe out any changes on reboot? TIA B ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Replacement for SteadyState
If they leave the computer locked, power it off and on. If they lose work - then learn not to leave it locked. Sent from my Blackberry, which may be an antique but delivers email RELIABLY -Original Message- From: Glen Johnson gjohn...@vhcc.edu Date: Mon, 7 Jan 2013 14:57:13 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com Reply-To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.comSubject: RE: Replacement for SteadyState No on the student login. We use a generic account per classroom. We've talked about moving to a individual student login, but I'm not sure we need or want that. For others that have gone that route, how do you handle situations where students don't logout before they leave. You either have a locked computer, logged on as said student or if not locked, then student 2 has access to student 1's account. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Monday, January 07, 2013 9:32 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState Sure so scenarios where you're teaching classes that require changes to the OS to accomplish the class makes good sense and I'd not argue against a solution like DeepFreeze in that case. In the case of things like wallpaper and user profile stuff, are you not using named user accounts for your students? That solves a bunch of this on the spot. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, January 7, 2013 7:42 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState We teach classes and let the students make any and all changes to the desktop environment. Here's one example. Student comes in and sets the desktop wallpaper to his favorite pinup gal. Next student doesn't like it, but is a beginner and doesn't know how to change it to something else. Reboot and the pin up gal is gone. Also, I've seen some programs/apps that can now be installed without admin rights, Google Chrome for example. Not a problem with Deep Freeze. I'm sure there are other ways to do this, but DeepFreeze works great in our environment. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Sunday, January 06, 2013 4:36 PM To: NT System Admin Issues Subject: RE: Replacement for SteadyState I've worked at a lot of customers that use DeepFreeze and similar products and I'm not a huge fan of the concept in general. It makes the overall lifecycle maintenance of a desktop environment a heck of a lot more complicated. The question I always pose (and usually don't get much of a response to), is what problems/issues is DeepFreeze protecting you from that running as a local user wouldn't solve? Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Friday, January 4, 2013 11:33 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState Not free, but we could not function at the school without DeepFreeze. From: Bambi J Saastad [mailto:bambi.j.saas...@seagate.com] Sent: Friday, January 04, 2013 11:36 AM To: NT System Admin Issues Subject: Replacement for SteadyState Hello I was wondering if any of you could suggest a replacement for SteadyState. I have a roomful of pc's that the factory users use for browsing etc that I am replacing with Windows 7 Pro that need to be locked down. Can anyone suggest a product that does the same thing, wipe out any changes on reboot? TIA B ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to
RE: DC server 2003 Time service
From my PC: (Looks like I have everything working except the first one. It is an old 2003 DC.) Why is it being so difficult? All the other 2008 DC's and 2003 DC's are behaving except it? Where can I look? C:\windows\system32w32tm /monitor 030405MF663P44.IMCU.local[10.0.10.5:123]: ICMP: 6ms delay NTP: +0.0225576s offset from 081012210GL255.IMCU.local RefID: tick.usno.navy.mil [192.5.41.40] Stratum: 2 0304090304zu55.IMCU.local[10.0.50.205:123]: ICMP: 0ms delay NTP: +0.0127904s offset from 081012210GL255.IMCU.local RefID: 081012210GL255.IMCU.local [10.0.50.2] Stratum: 4 0302040304zu77.IMCU.local[10.0.90.205:123]: ICMP: 13ms delay NTP: +0.0002909s offset from 081012210GL255.IMCU.local RefID: 081012210GL255.IMCU.local [10.0.50.2] Stratum: 4 0810123404XB44.IMCU.local[10.0.10.2:123]: ICMP: 9ms delay NTP: +0.0136959s offset from 081012210GL255.IMCU.local RefID: 081012210GL255.IMCU.local [10.0.50.2] Stratum: 4 081012210GL255.IMCU.local *** PDC ***[10.0.50.2:123]: ICMP: 0ms delay NTP: +0.000s offset from 081012210GL255.IMCU.local RefID: white.web-ster.com [65.182.224.39] Stratum: 3 08101223061O77.IMCU.local[10.0.90.2:123]: ICMP: 10ms delay NTP: +0.0069312s offset from 081012210GL255.IMCU.local RefID: 081012210GL255.IMCU.local [10.0.50.2] Stratum: 4 From: Ken Schaefer [mailto:k...@adopenstatic.com] Posted At: Friday, January 4, 2013 12:05 AM Posted To: itli...@imcu.com Conversation: DC server 2003 Time service Subject: RE: DC server 2003 Time service You need to read this: http://technet.microsoft.com/en-us/library/cc773013(v=ws.10).aspx Cheers Ken From: itli...@imcu.com [mailto:itli...@imcu.com] Sent: Friday, 4 January 2013 3:33 AM To: NT System Admin Issues Subject: DC server 2003 Time service I am bringing 2008 R2 servers on line to take the FSMO jobs. I have set one of them as a W32time server but my pc's are still getting time from the old 2003 DC SNTP server??? Any ideas on how to correct this? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Time sync
Because the overhead associated with dynamic disks in Hyper-V v3 is in the very low single digits. We don't spend any time on this process, thin provisioning still works seamlessly, and we get on with our lives. :) -Original Message- From: Ken Cornetet [mailto:ken.corne...@kimball.com] Sent: Monday, January 7, 2013 10:06 AM To: NT System Admin Issues Subject: RE: Time sync We are running ESX 5. To conserve SAN storage, we provision virtuals with the bare minimum needed disk space because it is so easy to extend disks later (extend the VMDK in VMWare, extend in Windows, done). No down time, and no wasted disk. We don't have to spend a lot of time trying to anticipate how big the disks will get and wasting disk if we guess too high. In HyperV, you can't extend disks without shutting down the virtual - seriously. I can't for the life of me figure out why MS isn't fixing this instead of adding silly features like 4TB of guest RAM. And, I also wonder why HyperV users aren't howling about this. -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Monday, January 07, 2013 9:43 AM To: NT System Admin Issues Subject: Re: Time sync On Mon, Jan 7, 2013 at 8:31 AM, Ken Cornetet ken.corne...@kimball.com wrote: Lol, how many times do you need 64 vCPUs or 4TB of guest Ram versus needing to extend a disk? I run VMware ESXi 5.0, and I know I have had to extend a disk any number of times. And Win2008 makes extending the boot disk so much easier, too. My largest VM has 16G of RAM, and I was even leery of that. And I have 6 hosts with 512G RAM each ... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Replacement for SteadyState
Yeah ... For all the universities I've worked at and had this discussion, this perceived problem has never morphed into an actual issue. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Monday, January 7, 2013 9:09 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState how do you handle situations where students don't logout before they leave.. then student 2 has access to student 1's account. Self-correcting problem. Student 2 deletes all of Students 1's stuff and Student 1 never does it again. With 7,000 students we have very little trouble with this issue actually. Also we set inactivity timeouts so they auto log out. I would not go with generic accounts. There is no accountability, no tracking of what they do From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, January 07, 2013 10:04 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState No on the student login. We use a generic account per classroom. We've talked about moving to a individual student login, but I'm not sure we need or want that. For others that have gone that route, how do you handle situations where students don't logout before they leave. You either have a locked computer, logged on as said student or if not locked, then student 2 has access to student 1's account. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Monday, January 07, 2013 9:32 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState Sure so scenarios where you're teaching classes that require changes to the OS to accomplish the class makes good sense and I'd not argue against a solution like DeepFreeze in that case. In the case of things like wallpaper and user profile stuff, are you not using named user accounts for your students? That solves a bunch of this on the spot. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, January 7, 2013 7:42 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState We teach classes and let the students make any and all changes to the desktop environment. Here's one example. Student comes in and sets the desktop wallpaper to his favorite pinup gal. Next student doesn't like it, but is a beginner and doesn't know how to change it to something else. Reboot and the pin up gal is gone. Also, I've seen some programs/apps that can now be installed without admin rights, Google Chrome for example. Not a problem with Deep Freeze. I'm sure there are other ways to do this, but DeepFreeze works great in our environment. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Sunday, January 06, 2013 4:36 PM To: NT System Admin Issues Subject: RE: Replacement for SteadyState I've worked at a lot of customers that use DeepFreeze and similar products and I'm not a huge fan of the concept in general. It makes the overall lifecycle maintenance of a desktop environment a heck of a lot more complicated. The question I always pose (and usually don't get much of a response to), is what problems/issues is DeepFreeze protecting you from that running as a local user wouldn't solve? Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Friday, January 4, 2013 11:33 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState Not free, but we could not function at the school without DeepFreeze. From: Bambi J Saastad [mailto:bambi.j.saas...@seagate.com] Sent: Friday, January 04, 2013 11:36 AM To: NT System Admin Issues Subject: Replacement for SteadyState Hello I was wondering if any of you could suggest a replacement for SteadyState. I have a roomful of pc's that the factory users use for browsing etc that I am replacing with Windows 7 Pro that need to be locked down. Can anyone suggest a product that does the same thing, wipe out any changes on reboot? TIA B ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
RE: 'Dementia' Wipes Out Attacker Footprints In Memory - Dark Reading
Seen it already... its another tool in the anti-forensics suite... Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Monday, January 07, 2013 10:05 AM To: NT System Admin Issues Subject: 'Dementia' Wipes Out Attacker Footprints In Memory - Dark Reading http://www.darkreading.com/advanced-threats/167901091/security/attacks-b reaches/240145524/dementia-wipes-out-attacker-footprints-in-memory.html You have to be sure to use more than one method of data extraction in live forensics, to ensure that you're not dealing with an anti-forensics mechanism... ASB http://XeeMe.com/AndrewBaker http://xeeme.com/AndrewBaker Providing Expert Technology Consulting Services for the SMB market... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Time sync
You do know you can thin provision in both VMWare and HyperV, right? Thus, you can stipulate that a disk have a max size of 200GB, but if you're only using 50GB, it will only be 50GB in size. Thus, no reason for Windows users to howl. Plus, Windows doesn't mind extending non-boot disks, but it's not all that happy about having its boot disk extended, no matter what the underlying hypervisor. *ASB **http://XeeMe.com/AndrewBaker* http://xeeme.com/AndrewBaker* **Providing Virtual CIO Services (IT Operations Information Security) for the SMB market…*** On Mon, Jan 7, 2013 at 10:05 AM, Ken Cornetet ken.corne...@kimball.comwrote: We are running ESX 5. To conserve SAN storage, we provision virtuals with the bare minimum needed disk space because it is so easy to extend disks later (extend the VMDK in VMWare, extend in Windows, done). No down time, and no wasted disk. We don't have to spend a lot of time trying to anticipate how big the disks will get and wasting disk if we guess too high. In HyperV, you can't extend disks without shutting down the virtual - seriously. I can't for the life of me figure out why MS isn't fixing this instead of adding silly features like 4TB of guest RAM. And, I also wonder why HyperV users aren't howling about this. -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Monday, January 07, 2013 9:43 AM To: NT System Admin Issues Subject: Re: Time sync On Mon, Jan 7, 2013 at 8:31 AM, Ken Cornetet ken.corne...@kimball.com wrote: Lol, how many times do you need 64 vCPUs or 4TB of guest Ram versus needing to extend a disk? I run VMware ESXi 5.0, and I know I have had to extend a disk any number of times. And Win2008 makes extending the boot disk so much easier, too. My largest VM has 16G of RAM, and I was even leery of that. And I have 6 hosts with 512G RAM each ... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin *ASB* *http://XeeMe.com/AndrewBaker* http://xeeme.com/AndrewBaker** *Providing Expert Technology Consulting Services for the SMB market…* ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Replacement for SteadyState
+1. Requires mindset change and buy-in of powers-that-be, which sometimes can be a hurdle... From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Monday, January 07, 2013 7:09 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState how do you handle situations where students don't logout before they leave.. then student 2 has access to student 1's account. Self-correcting problem. Student 2 deletes all of Students 1's stuff and Student 1 never does it again. With 7,000 students we have very little trouble with this issue actually. Also we set inactivity timeouts so they auto log out. I would not go with generic accounts. There is no accountability, no tracking of what they do From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, January 07, 2013 10:04 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState No on the student login. We use a generic account per classroom. We've talked about moving to a individual student login, but I'm not sure we need or want that. For others that have gone that route, how do you handle situations where students don't logout before they leave. You either have a locked computer, logged on as said student or if not locked, then student 2 has access to student 1's account. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Monday, January 07, 2013 9:32 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState Sure so scenarios where you're teaching classes that require changes to the OS to accomplish the class makes good sense and I'd not argue against a solution like DeepFreeze in that case. In the case of things like wallpaper and user profile stuff, are you not using named user accounts for your students? That solves a bunch of this on the spot. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, January 7, 2013 7:42 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState We teach classes and let the students make any and all changes to the desktop environment. Here's one example. Student comes in and sets the desktop wallpaper to his favorite pinup gal. Next student doesn't like it, but is a beginner and doesn't know how to change it to something else. Reboot and the pin up gal is gone. Also, I've seen some programs/apps that can now be installed without admin rights, Google Chrome for example. Not a problem with Deep Freeze. I'm sure there are other ways to do this, but DeepFreeze works great in our environment. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Sunday, January 06, 2013 4:36 PM To: NT System Admin Issues Subject: RE: Replacement for SteadyState I've worked at a lot of customers that use DeepFreeze and similar products and I'm not a huge fan of the concept in general. It makes the overall lifecycle maintenance of a desktop environment a heck of a lot more complicated. The question I always pose (and usually don't get much of a response to), is what problems/issues is DeepFreeze protecting you from that running as a local user wouldn't solve? Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Friday, January 4, 2013 11:33 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState Not free, but we could not function at the school without DeepFreeze. From: Bambi J Saastad [mailto:bambi.j.saas...@seagate.com] Sent: Friday, January 04, 2013 11:36 AM To: NT System Admin Issues Subject: Replacement for SteadyState Hello I was wondering if any of you could suggest a replacement for SteadyState. I have a roomful of pc's that the factory users use for browsing etc that I am replacing with Windows 7 Pro that need to be locked down. Can anyone suggest a product that does the same thing, wipe out any changes on reboot? TIA B ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an
RE: Replacement for SteadyState
Yes, and after 10 times, the computer is corrupted and has to be reloaded, 10 calls to the helpdesk and wasted time. Not an issue with DeepFreeze. Power it off 100 times and still no corruption From: kz2...@googlemail.com [mailto:kz2...@googlemail.com] Sent: Monday, January 07, 2013 10:15 AM To: NT System Admin Issues Subject: Re: Replacement for SteadyState If they leave the computer locked, power it off and on. If they lose work - then learn not to leave it locked. Sent from my Blackberry, which may be an antique but delivers email RELIABLY From: Glen Johnson gjohn...@vhcc.edumailto:gjohn...@vhcc.edu Date: Mon, 7 Jan 2013 14:57:13 + To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com ReplyTo: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Subject: RE: Replacement for SteadyState No on the student login. We use a generic account per classroom. We've talked about moving to a individual student login, but I'm not sure we need or want that. For others that have gone that route, how do you handle situations where students don't logout before they leave. You either have a locked computer, logged on as said student or if not locked, then student 2 has access to student 1's account. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Monday, January 07, 2013 9:32 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState Sure so scenarios where you're teaching classes that require changes to the OS to accomplish the class makes good sense and I'd not argue against a solution like DeepFreeze in that case. In the case of things like wallpaper and user profile stuff, are you not using named user accounts for your students? That solves a bunch of this on the spot. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, January 7, 2013 7:42 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState We teach classes and let the students make any and all changes to the desktop environment. Here's one example. Student comes in and sets the desktop wallpaper to his favorite pinup gal. Next student doesn't like it, but is a beginner and doesn't know how to change it to something else. Reboot and the pin up gal is gone. Also, I've seen some programs/apps that can now be installed without admin rights, Google Chrome for example. Not a problem with Deep Freeze. I'm sure there are other ways to do this, but DeepFreeze works great in our environment. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Sunday, January 06, 2013 4:36 PM To: NT System Admin Issues Subject: RE: Replacement for SteadyState I've worked at a lot of customers that use DeepFreeze and similar products and I'm not a huge fan of the concept in general. It makes the overall lifecycle maintenance of a desktop environment a heck of a lot more complicated. The question I always pose (and usually don't get much of a response to), is what problems/issues is DeepFreeze protecting you from that running as a local user wouldn't solve? Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Friday, January 4, 2013 11:33 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState Not free, but we could not function at the school without DeepFreeze. From: Bambi J Saastad [mailto:bambi.j.saas...@seagate.com] Sent: Friday, January 04, 2013 11:36 AM To: NT System Admin Issues Subject: Replacement for SteadyState Hello I was wondering if any of you could suggest a replacement for SteadyState. I have a roomful of pc's that the factory users use for browsing etc that I am replacing with Windows 7 Pro that need to be locked down. Can anyone suggest a product that does the same thing, wipe out any changes on reboot? TIA B ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here:
Re: Replacement for SteadyState
If they lose work - then learn not to leave it locked. This exactly! As we use DeepFreeze in the labs, this is also how our students remember to not save to the desktop. On Mon, Jan 7, 2013 at 9:15 AM, kz2...@googlemail.com wrote: If they leave the computer locked, power it off and on. If they lose work - then learn not to leave it locked. Sent from my Blackberry, which may be an antique but delivers email RELIABLY -- *From: * Glen Johnson gjohn...@vhcc.edu *Date: *Mon, 7 Jan 2013 14:57:13 + *To: *NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com *ReplyTo: * NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com *Subject: *RE: Replacement for SteadyState No on the student login. We use a generic account per classroom. We’ve talked about moving to a individual student login, but I’m not sure we need or want that. For others that have gone that route, how do you handle situations where students don’t logout before they leave. You either have a locked computer, logged on as said student or if not locked, then student 2 has access to student 1’s account. ** ** *From:* Brian Desmond [mailto:br...@briandesmond.com] *Sent:* Monday, January 07, 2013 9:32 AM *To:* NT System Admin Issues *Subject:* RE: Replacement for SteadyState ** ** *Sure so scenarios where you’re teaching classes that require changes to the OS to accomplish the class makes good sense and I’d not argue against a solution like DeepFreeze in that case.* * * *In the case of things like wallpaper and user profile stuff, are you not using named user accounts for your students? That solves a bunch of this on the spot. * * * *Thanks,* *Brian Desmond* *br...@briandesmond.com* * * *w – 312.625.1438 | c – 312.731.3132* * * *From:* Glen Johnson [mailto:gjohn...@vhcc.edu gjohn...@vhcc.edu] *Sent:* Monday, January 7, 2013 7:42 AM *To:* NT System Admin Issues *Subject:* RE: Replacement for SteadyState ** ** We teach classes and let the students make any and all changes to the desktop environment. Here’s one example. Student comes in and sets the desktop wallpaper to his favorite pinup gal. Next student doesn’t like it, but is a beginner and doesn’t know how to change it to something else. Reboot and the pin up gal is gone. Also, I’ve seen some programs/apps that can now be installed without admin rights, Google Chrome for example. Not a problem with Deep Freeze. ** ** I’m sure there are other ways to do this, but DeepFreeze works great in our environment. ** ** *From:* Brian Desmond [mailto:br...@briandesmond.combr...@briandesmond.com] *Sent:* Sunday, January 06, 2013 4:36 PM *To:* NT System Admin Issues *Subject:* RE: Replacement for SteadyState ** ** *I’ve worked at a lot of customers that use DeepFreeze and similar products and I’m not a huge fan of the concept in general. It makes the overall lifecycle maintenance of a desktop environment a heck of a lot more complicated.* * * *The question I always pose (and usually don’t get much of a response to), is “what problems/issues is DeepFreeze protecting you from that running as a local user wouldn’t solve?”* * * *Thanks,* *Brian Desmond* *br...@briandesmond.com* * * *w – 312.625.1438 | c – 312.731.3132* * * *From:* Glen Johnson [mailto:gjohn...@vhcc.edu gjohn...@vhcc.edu] *Sent:* Friday, January 4, 2013 11:33 AM *To:* NT System Admin Issues *Subject:* RE: Replacement for SteadyState ** ** Not free, but we could not function at the school without DeepFreeze. ** ** *From:* Bambi J Saastad [mailto:bambi.j.saas...@seagate.combambi.j.saas...@seagate.com] *Sent:* Friday, January 04, 2013 11:36 AM *To:* NT System Admin Issues *Subject:* Replacement for SteadyState ** ** Hello I was wondering if any of you could suggest a replacement for SteadyState. I have a roomful of pc's that the factory users use for browsing etc that I am replacing with Windows 7 Pro that need to be locked down. ** ** Can anyone suggest a product that does the same thing, wipe out any changes on reboot? TIA B ** ** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
Re: Replacement for SteadyState
Universities are a much different beast than primary and secondary schools. 1) Logging out was part of the Acceptable Use Policy, meaning it is the student's responsibility to log out. 2) Teachers were taught to double check that students logged out. 3) Teachers in labs, put it on their syllabus, and those who used labs regularly but were not actually in a lab, did so, as well, to remind students that not logging off could result in a loss of work. 4) Make sure that you give teachers some mechanism for resetting student passwords to some default password, and unlocking the account. This became a huge problem in the school I worked at previously. I had to roll my own solution at the time. Having a solution for this in place before you switch over will make life so much easier. 5) Disable locking of the computer for student accounts. I'm probably missing something, but it's been 7 years since I left that job. On Mon, Jan 7, 2013 at 10:31 AM, Brian Desmond br...@briandesmond.comwrote: *Yeah ... For all the universities I’ve worked at and had this discussion, this perceived problem has never morphed into an actual issue. * * * *Thanks,* *Brian Desmond* *br...@briandesmond.com* * * *w – 312.625.1438 | c – 312.731.3132* * * *From:* Kennedy, Jim [mailto:kennedy...@elyriaschools.org] *Sent:* Monday, January 7, 2013 9:09 AM *To:* NT System Admin Issues *Subject:* RE: Replacement for SteadyState ** ** ** ** “…….. how do you handle situations where students don’t logout before they leave…… then student 2 has access to student 1’s account.” ** ** Self-correcting problem. Student 2 deletes all of Students 1’s stuff and Student 1 never does it again. With 7,000 students we have very little trouble with this issue actually. ** ** Also we set inactivity timeouts so they auto log out. ** ** I would not go with generic accounts. There is no accountability, no tracking of what they do…. ** ** ** ** *From:* Glen Johnson [mailto:gjohn...@vhcc.edu gjohn...@vhcc.edu] *Sent:* Monday, January 07, 2013 10:04 AM *To:* NT System Admin Issues *Subject:* RE: Replacement for SteadyState ** ** No on the student login. We use a generic account per classroom. We’ve talked about moving to a individual student login, but I’m not sure we need or want that. For others that have gone that route, how do you handle situations where students don’t logout before they leave. You either have a locked computer, logged on as said student or if not locked, then student 2 has access to student 1’s account. ** ** *From:* Brian Desmond [mailto:br...@briandesmond.combr...@briandesmond.com] *Sent:* Monday, January 07, 2013 9:32 AM *To:* NT System Admin Issues *Subject:* RE: Replacement for SteadyState ** ** *Sure so scenarios where you’re teaching classes that require changes to the OS to accomplish the class makes good sense and I’d not argue against a solution like DeepFreeze in that case.* * * *In the case of things like wallpaper and user profile stuff, are you not using named user accounts for your students? That solves a bunch of this on the spot. * * * *Thanks,* *Brian Desmond* *br...@briandesmond.com* * * *w – 312.625.1438 | c – 312.731.3132* * * *From:* Glen Johnson [mailto:gjohn...@vhcc.edu gjohn...@vhcc.edu] *Sent:* Monday, January 7, 2013 7:42 AM *To:* NT System Admin Issues *Subject:* RE: Replacement for SteadyState ** ** We teach classes and let the students make any and all changes to the desktop environment. Here’s one example. Student comes in and sets the desktop wallpaper to his favorite pinup gal. Next student doesn’t like it, but is a beginner and doesn’t know how to change it to something else. Reboot and the pin up gal is gone. Also, I’ve seen some programs/apps that can now be installed without admin rights, Google Chrome for example. Not a problem with Deep Freeze. ** ** I’m sure there are other ways to do this, but DeepFreeze works great in our environment. ** ** *From:* Brian Desmond [mailto:br...@briandesmond.combr...@briandesmond.com] *Sent:* Sunday, January 06, 2013 4:36 PM *To:* NT System Admin Issues *Subject:* RE: Replacement for SteadyState ** ** *I’ve worked at a lot of customers that use DeepFreeze and similar products and I’m not a huge fan of the concept in general. It makes the overall lifecycle maintenance of a desktop environment a heck of a lot more complicated.* * * *The question I always pose (and usually don’t get much of a response to), is “what problems/issues is DeepFreeze protecting you from that running as a local user wouldn’t solve?”* * * *Thanks,* *Brian Desmond* *br...@briandesmond.com* * * *w – 312.625.1438 | c – 312.731.3132* * * *From:* Glen Johnson [mailto:gjohn...@vhcc.edu gjohn...@vhcc.edu] *Sent:* Friday, January 4, 2013 11:33 AM *To:* NT
RE: DC server 2003 Time service
On the old 2003 DC, check HKLM\System\CurrentControlSet\Services\W32Time\Parameters\Type. It should be NT5D5. If it shows NTP, then the DC is synchronizing time with an external time source. It was probably the forest root PDCe in the past, but if it no longer is then on that DC run Net stop w32time W32tm /unregister W32tm /register Net start w32time That will clear out the old time configuration and reset it to a domain hierarchy configuration. From: itli...@imcu.com [mailto:itli...@imcu.com] Sent: Monday, January 7, 2013 8:22 AM To: NT System Admin Issues Subject: RE: DC server 2003 Time service From my PC: (Looks like I have everything working except the first one. It is an old 2003 DC.) Why is it being so difficult? All the other 2008 DC's and 2003 DC's are behaving except it? Where can I look? C:\windows\system32w32tm /monitor 030405MF663P44.IMCU.local[10.0.10.5:123]: ICMP: 6ms delay NTP: +0.0225576s offset from 081012210GL255.IMCU.local RefID: tick.usno.navy.mil [192.5.41.40] Stratum: 2 0304090304zu55.IMCU.local[10.0.50.205:123]: ICMP: 0ms delay NTP: +0.0127904s offset from 081012210GL255.IMCU.local RefID: 081012210GL255.IMCU.local [10.0.50.2] Stratum: 4 0302040304zu77.IMCU.local[10.0.90.205:123]: ICMP: 13ms delay NTP: +0.0002909s offset from 081012210GL255.IMCU.local RefID: 081012210GL255.IMCU.local [10.0.50.2] Stratum: 4 0810123404XB44.IMCU.local[10.0.10.2:123]: ICMP: 9ms delay NTP: +0.0136959s offset from 081012210GL255.IMCU.local RefID: 081012210GL255.IMCU.local [10.0.50.2] Stratum: 4 081012210GL255.IMCU.local *** PDC ***[10.0.50.2:123]: ICMP: 0ms delay NTP: +0.000s offset from 081012210GL255.IMCU.local RefID: white.web-ster.com [65.182.224.39] Stratum: 3 08101223061O77.IMCU.local[10.0.90.2:123]: ICMP: 10ms delay NTP: +0.0069312s offset from 081012210GL255.IMCU.local RefID: 081012210GL255.IMCU.local [10.0.50.2] Stratum: 4 From: Ken Schaefer [mailto:k...@adopenstatic.com] Posted At: Friday, January 4, 2013 12:05 AM Posted To: itli...@imcu.commailto:itli...@imcu.com Conversation: DC server 2003 Time service Subject: RE: DC server 2003 Time service You need to read this: http://technet.microsoft.com/en-us/library/cc773013(v=ws.10).aspx Cheers Ken From: itli...@imcu.commailto:itli...@imcu.com [mailto:itli...@imcu.com] Sent: Friday, 4 January 2013 3:33 AM To: NT System Admin Issues Subject: DC server 2003 Time service I am bringing 2008 R2 servers on line to take the FSMO jobs. I have set one of them as a W32time server but my pc's are still getting time from the old 2003 DC SNTP server??? Any ideas on how to correct this? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Time sync
Thin provisioning seems risky to me. Seems like you are always in danger of non-critical virtuals deciding to use more disk space thus exhausting physical space which would cause critical VMs to pause if they happen to need more space. We tried thin provisioning back in the old VirtualServer days, and I ran into this problem a few times. -Original Message- From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Monday, January 07, 2013 10:28 AM To: NT System Admin Issues Subject: RE: Time sync Because the overhead associated with dynamic disks in Hyper-V v3 is in the very low single digits. We don't spend any time on this process, thin provisioning still works seamlessly, and we get on with our lives. :) -Original Message- From: Ken Cornetet [mailto:ken.corne...@kimball.com] Sent: Monday, January 7, 2013 10:06 AM To: NT System Admin Issues Subject: RE: Time sync We are running ESX 5. To conserve SAN storage, we provision virtuals with the bare minimum needed disk space because it is so easy to extend disks later (extend the VMDK in VMWare, extend in Windows, done). No down time, and no wasted disk. We don't have to spend a lot of time trying to anticipate how big the disks will get and wasting disk if we guess too high. In HyperV, you can't extend disks without shutting down the virtual - seriously. I can't for the life of me figure out why MS isn't fixing this instead of adding silly features like 4TB of guest RAM. And, I also wonder why HyperV users aren't howling about this. -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Monday, January 07, 2013 9:43 AM To: NT System Admin Issues Subject: Re: Time sync On Mon, Jan 7, 2013 at 8:31 AM, Ken Cornetet ken.corne...@kimball.com wrote: Lol, how many times do you need 64 vCPUs or 4TB of guest Ram versus needing to extend a disk? I run VMware ESXi 5.0, and I know I have had to extend a disk any number of times. And Win2008 makes extending the boot disk so much easier, too. My largest VM has 16G of RAM, and I was even leery of that. And I have 6 hosts with 512G RAM each ... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Time sync
On Mon, Jan 7, 2013 at 10:33 AM, Andrew S. Baker asbz...@gmail.com wrote: You do know you can thin provision in both VMWare and HyperV, right? Thus, you can stipulate that a disk have a max size of 200GB, but if you're only using 50GB, it will only be 50GB in size. I never use think disks, personally. Not for production use - possibly for a test VM. I'd be afraid of what would happen if the disk needed to expand, and there wasn't enough available disk space. With (hopefully) sensibly sized thick disks, you know the running machines will continue to run, up to the assigned disk maximum. And with an alerting system that notifies you of free disk left, you can deal with the situation ahead of time (usually). If a production server needs space in the middle of the night, and there's not enough room on that datastore, that can be bad altho I guess storage profiles (for VMware) might be able to help with that. I guess Hyper-V has a similar feature, to move VMs between datastores based on pre-defined profiles. Thus, no reason for Windows users to howl. Plus, Windows doesn't mind extending non-boot disks, but it's not all that happy about having its boot disk extended, no matter what the underlying hypervisor. True. But it's a lot better and easier with Win2008, and I imagine at least as easy with 2012. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Replacement for SteadyState
When I worked for a K-12 (~450K students), we issued accounts to all students at any school that was using our central AD. I've seen the same practice at the other K-12 districts I've worked at. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Monday, January 7, 2013 10:12 AM To: NT System Admin Issues Subject: Re: Replacement for SteadyState Universities are a much different beast than primary and secondary schools. 1) Logging out was part of the Acceptable Use Policy, meaning it is the student's responsibility to log out. 2) Teachers were taught to double check that students logged out. 3) Teachers in labs, put it on their syllabus, and those who used labs regularly but were not actually in a lab, did so, as well, to remind students that not logging off could result in a loss of work. 4) Make sure that you give teachers some mechanism for resetting student passwords to some default password, and unlocking the account. This became a huge problem in the school I worked at previously. I had to roll my own solution at the time. Having a solution for this in place before you switch over will make life so much easier. 5) Disable locking of the computer for student accounts. I'm probably missing something, but it's been 7 years since I left that job. On Mon, Jan 7, 2013 at 10:31 AM, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com wrote: Yeah ... For all the universities I've worked at and had this discussion, this perceived problem has never morphed into an actual issue. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438tel:312.625.1438 | c - 312.731.3132tel:312.731.3132 From: Kennedy, Jim [mailto:kennedy...@elyriaschools.orgmailto:kennedy...@elyriaschools.org] Sent: Monday, January 7, 2013 9:09 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState how do you handle situations where students don't logout before they leave.. then student 2 has access to student 1's account. Self-correcting problem. Student 2 deletes all of Students 1's stuff and Student 1 never does it again. With 7,000 students we have very little trouble with this issue actually. Also we set inactivity timeouts so they auto log out. I would not go with generic accounts. There is no accountability, no tracking of what they do From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, January 07, 2013 10:04 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState No on the student login. We use a generic account per classroom. We've talked about moving to a individual student login, but I'm not sure we need or want that. For others that have gone that route, how do you handle situations where students don't logout before they leave. You either have a locked computer, logged on as said student or if not locked, then student 2 has access to student 1's account. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Monday, January 07, 2013 9:32 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState Sure so scenarios where you're teaching classes that require changes to the OS to accomplish the class makes good sense and I'd not argue against a solution like DeepFreeze in that case. In the case of things like wallpaper and user profile stuff, are you not using named user accounts for your students? That solves a bunch of this on the spot. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438tel:312.625.1438 | c - 312.731.3132tel:312.731.3132 From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, January 7, 2013 7:42 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState We teach classes and let the students make any and all changes to the desktop environment. Here's one example. Student comes in and sets the desktop wallpaper to his favorite pinup gal. Next student doesn't like it, but is a beginner and doesn't know how to change it to something else. Reboot and the pin up gal is gone. Also, I've seen some programs/apps that can now be installed without admin rights, Google Chrome for example. Not a problem with Deep Freeze. I'm sure there are other ways to do this, but DeepFreeze works great in our environment. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Sunday, January 06, 2013 4:36 PM To: NT System Admin Issues Subject: RE: Replacement for SteadyState I've worked at a lot of customers that use DeepFreeze and similar products and I'm not a huge fan of the concept in general. It makes the overall lifecycle maintenance of a desktop environment a heck of a lot more complicated. The question I always pose (and usually don't get much of a response to), is what problems/issues is DeepFreeze protecting you from that running as a local user wouldn't solve? Thanks,
Re: Time sync
Yes, over subscribing can be an issue if you don't manage your capacity properly. It hasn't proved to be an issue in any of the environments where I have been. *ASB **http://XeeMe.com/AndrewBaker* http://xeeme.com/AndrewBaker* **Providing Virtual CIO Services (IT Operations Information Security) for the SMB market…*** On Mon, Jan 7, 2013 at 11:35 AM, Ken Cornetet ken.corne...@kimball.comwrote: Thin provisioning seems risky to me. Seems like you are always in danger of non-critical virtuals deciding to use more disk space thus exhausting physical space which would cause critical VMs to pause if they happen to need more space. We tried thin provisioning back in the old VirtualServer days, and I ran into this problem a few times. -Original Message- From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Monday, January 07, 2013 10:28 AM To: NT System Admin Issues Subject: RE: Time sync Because the overhead associated with dynamic disks in Hyper-V v3 is in the very low single digits. We don't spend any time on this process, thin provisioning still works seamlessly, and we get on with our lives. :) -Original Message- From: Ken Cornetet [mailto:ken.corne...@kimball.com] Sent: Monday, January 7, 2013 10:06 AM To: NT System Admin Issues Subject: RE: Time sync We are running ESX 5. To conserve SAN storage, we provision virtuals with the bare minimum needed disk space because it is so easy to extend disks later (extend the VMDK in VMWare, extend in Windows, done). No down time, and no wasted disk. We don't have to spend a lot of time trying to anticipate how big the disks will get and wasting disk if we guess too high. In HyperV, you can't extend disks without shutting down the virtual - seriously. I can't for the life of me figure out why MS isn't fixing this instead of adding silly features like 4TB of guest RAM. And, I also wonder why HyperV users aren't howling about this. -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Monday, January 07, 2013 9:43 AM To: NT System Admin Issues Subject: Re: Time sync On Mon, Jan 7, 2013 at 8:31 AM, Ken Cornetet ken.corne...@kimball.com wrote: Lol, how many times do you need 64 vCPUs or 4TB of guest Ram versus needing to extend a disk? I run VMware ESXi 5.0, and I know I have had to extend a disk any number of times. And Win2008 makes extending the boot disk so much easier, too. My largest VM has 16G of RAM, and I was even leery of that. And I have 6 hosts with 512G RAM each ... *ASB* *http://XeeMe.com/AndrewBaker* http://xeeme.com/AndrewBaker** *Providing Expert Technology Consulting Services for the SMB market…* ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Replacement for SteadyState
Good to know. Now, the other biggie for use, user account management. We don't yet have an automated way to create/delete the accounts. Richmond is working on a system for that, but the vendor they contracted wants mega bucks to set up our server to sync with their domain. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Monday, January 07, 2013 10:32 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState Yeah ... For all the universities I've worked at and had this discussion, this perceived problem has never morphed into an actual issue. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Monday, January 7, 2013 9:09 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState how do you handle situations where students don't logout before they leave.. then student 2 has access to student 1's account. Self-correcting problem. Student 2 deletes all of Students 1's stuff and Student 1 never does it again. With 7,000 students we have very little trouble with this issue actually. Also we set inactivity timeouts so they auto log out. I would not go with generic accounts. There is no accountability, no tracking of what they do From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, January 07, 2013 10:04 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState No on the student login. We use a generic account per classroom. We've talked about moving to a individual student login, but I'm not sure we need or want that. For others that have gone that route, how do you handle situations where students don't logout before they leave. You either have a locked computer, logged on as said student or if not locked, then student 2 has access to student 1's account. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Monday, January 07, 2013 9:32 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState Sure so scenarios where you're teaching classes that require changes to the OS to accomplish the class makes good sense and I'd not argue against a solution like DeepFreeze in that case. In the case of things like wallpaper and user profile stuff, are you not using named user accounts for your students? That solves a bunch of this on the spot. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, January 7, 2013 7:42 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState We teach classes and let the students make any and all changes to the desktop environment. Here's one example. Student comes in and sets the desktop wallpaper to his favorite pinup gal. Next student doesn't like it, but is a beginner and doesn't know how to change it to something else. Reboot and the pin up gal is gone. Also, I've seen some programs/apps that can now be installed without admin rights, Google Chrome for example. Not a problem with Deep Freeze. I'm sure there are other ways to do this, but DeepFreeze works great in our environment. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Sunday, January 06, 2013 4:36 PM To: NT System Admin Issues Subject: RE: Replacement for SteadyState I've worked at a lot of customers that use DeepFreeze and similar products and I'm not a huge fan of the concept in general. It makes the overall lifecycle maintenance of a desktop environment a heck of a lot more complicated. The question I always pose (and usually don't get much of a response to), is what problems/issues is DeepFreeze protecting you from that running as a local user wouldn't solve? Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Friday, January 4, 2013 11:33 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState Not free, but we could not function at the school without DeepFreeze. From: Bambi J Saastad [mailto:bambi.j.saas...@seagate.com] Sent: Friday, January 04, 2013 11:36 AM To: NT System Admin Issues Subject: Replacement for SteadyState Hello I was wondering if any of you could suggest a replacement for SteadyState. I have a roomful of pc's that the factory users use for browsing etc that I am replacing with Windows 7 Pro that need to be locked down. Can anyone suggest a product that does the same thing, wipe out any changes on reboot? TIA B ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~
Re: Replacement for SteadyState
Oh, I did it in the school I was in, too. I had a huge amount of resistance that needed to be overcome. On Mon, Jan 7, 2013 at 11:54 AM, Brian Desmond br...@briandesmond.comwrote: *When I worked for a K-12 (~450K students), we issued accounts to all students at any school that was using our central AD. I’ve seen the same practice at the other K-12 districts I’ve worked at. * * * *Thanks,* *Brian Desmond* *br...@briandesmond.com* br...@briandesmond.com** * * *w – 312.625.1438 | c – 312.731.3132* * * *From:* Jonathan Link [mailto:jonathan.l...@gmail.com] *Sent:* Monday, January 7, 2013 10:12 AM *To:* NT System Admin Issues *Subject:* Re: Replacement for SteadyState ** ** Universities are a much different beast than primary and secondary schools. ** ** 1) Logging out was part of the Acceptable Use Policy, meaning it is the student's responsibility to log out. 2) Teachers were taught to double check that students logged out. 3) Teachers in labs, put it on their syllabus, and those who used labs regularly but were not actually in a lab, did so, as well, to remind students that not logging off could result in a loss of work. 4) Make sure that you give teachers some mechanism for resetting student passwords to some default password, and unlocking the account. This became a huge problem in the school I worked at previously. I had to roll my own solution at the time. Having a solution for this in place before you switch over will make life so much easier. 5) Disable locking of the computer for student accounts. ** ** I'm probably missing something, but it's been 7 years since I left that job. ** ** ** ** ** ** ** ** ** ** On Mon, Jan 7, 2013 at 10:31 AM, Brian Desmond br...@briandesmond.com wrote: *Yeah ... For all the universities I’ve worked at and had this discussion, this perceived problem has never morphed into an actual issue. * * * *Thanks,* *Brian Desmond* *br...@briandesmond.com* br...@briandesmond.com * * *w – **312.625.1438* 312.625.1438* | c – **312.731.3132* 312.731.3132* *** * * *From:* Kennedy, Jim [mailto:kennedy...@elyriaschools.org] *Sent:* Monday, January 7, 2013 9:09 AM *To:* NT System Admin Issues *Subject:* RE: Replacement for SteadyState “…….. how do you handle situations where students don’t logout before they leave…… then student 2 has access to student 1’s account.” Self-correcting problem. Student 2 deletes all of Students 1’s stuff and Student 1 never does it again. With 7,000 students we have very little trouble with this issue actually. Also we set inactivity timeouts so they auto log out. I would not go with generic accounts. There is no accountability, no tracking of what they do…. *From:* Glen Johnson [mailto:gjohn...@vhcc.edu gjohn...@vhcc.edu] *Sent:* Monday, January 07, 2013 10:04 AM *To:* NT System Admin Issues *Subject:* RE: Replacement for SteadyState No on the student login. We use a generic account per classroom. We’ve talked about moving to a individual student login, but I’m not sure we need or want that. For others that have gone that route, how do you handle situations where students don’t logout before they leave. You either have a locked computer, logged on as said student or if not locked, then student 2 has access to student 1’s account. *From:* Brian Desmond [mailto:br...@briandesmond.combr...@briandesmond.com] *Sent:* Monday, January 07, 2013 9:32 AM *To:* NT System Admin Issues *Subject:* RE: Replacement for SteadyState *Sure so scenarios where you’re teaching classes that require changes to the OS to accomplish the class makes good sense and I’d not argue against a solution like DeepFreeze in that case.* * * *In the case of things like wallpaper and user profile stuff, are you not using named user accounts for your students? That solves a bunch of this on the spot. * * * *Thanks,* *Brian Desmond* *br...@briandesmond.com* br...@briandesmond.com * * *w – **312.625.1438* 312.625.1438* | c – **312.731.3132* 312.731.3132* *** * * *From:* Glen Johnson [mailto:gjohn...@vhcc.edu gjohn...@vhcc.edu] *Sent:* Monday, January 7, 2013 7:42 AM *To:* NT System Admin Issues *Subject:* RE: Replacement for SteadyState We teach classes and let the students make any and all changes to the desktop environment. Here’s one example. Student comes in and sets the desktop wallpaper to his favorite pinup gal. Next student doesn’t like it, but is a beginner and doesn’t know how to change it to something else. Reboot and the pin up gal is gone. Also, I’ve seen some programs/apps that can now be installed without admin rights, Google Chrome for example. Not a
RE: Replacement for SteadyState
I am K-12 so a different setup probably..but just to get you thinking. Do you have your own student information system? That contains everything you need I would think. Ours lists all the students, grade, school and student ID number. It is maintained in part by the State, our enrollment office and administrative staff. But it is complete and ready to go. We just export that info and powershell create the accounts. During the school year as students transfer in Media Techs (librarians) have a limited ADUC to create new student login accounts. Their home folders self-create. Media Techs can also change passwords, reset lockouts. I transitioned us to this about 4 years ago. It was a non-event and works well. I could take it a step further and do an auto export every night from the student information system and script deletions and new users but for the few we get it is not worth it. At the end of the school year I mass delete and start over fresh. From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, January 07, 2013 12:20 PM To: NT System Admin Issues Subject: RE: Replacement for SteadyState Good to know. Now, the other biggie for use, user account management. We don't yet have an automated way to create/delete the accounts. Richmond is working on a system for that, but the vendor they contracted wants mega bucks to set up our server to sync with their domain. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Monday, January 07, 2013 10:32 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState Yeah ... For all the universities I've worked at and had this discussion, this perceived problem has never morphed into an actual issue. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Monday, January 7, 2013 9:09 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState how do you handle situations where students don't logout before they leave.. then student 2 has access to student 1's account. Self-correcting problem. Student 2 deletes all of Students 1's stuff and Student 1 never does it again. With 7,000 students we have very little trouble with this issue actually. Also we set inactivity timeouts so they auto log out. I would not go with generic accounts. There is no accountability, no tracking of what they do From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, January 07, 2013 10:04 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState No on the student login. We use a generic account per classroom. We've talked about moving to a individual student login, but I'm not sure we need or want that. For others that have gone that route, how do you handle situations where students don't logout before they leave. You either have a locked computer, logged on as said student or if not locked, then student 2 has access to student 1's account. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Monday, January 07, 2013 9:32 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState Sure so scenarios where you're teaching classes that require changes to the OS to accomplish the class makes good sense and I'd not argue against a solution like DeepFreeze in that case. In the case of things like wallpaper and user profile stuff, are you not using named user accounts for your students? That solves a bunch of this on the spot. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, January 7, 2013 7:42 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState We teach classes and let the students make any and all changes to the desktop environment. Here's one example. Student comes in and sets the desktop wallpaper to his favorite pinup gal. Next student doesn't like it, but is a beginner and doesn't know how to change it to something else. Reboot and the pin up gal is gone. Also, I've seen some programs/apps that can now be installed without admin rights, Google Chrome for example. Not a problem with Deep Freeze. I'm sure there are other ways to do this, but DeepFreeze works great in our environment. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Sunday, January 06, 2013 4:36 PM To: NT System Admin Issues Subject: RE: Replacement for SteadyState I've worked at a lot of customers that use DeepFreeze and similar products and I'm not a huge fan of the concept in general. It makes the overall lifecycle maintenance of a desktop environment a heck of a lot more complicated. The question I always pose (and usually don't get much of a response to), is what problems/issues is DeepFreeze protecting you from that running as a local user wouldn't solve? Thanks, Brian Desmond
Re: DC server 2003 Time service
Would not this: w32tm /config /syncfromflags:domhier /update have the same effect, or is it a less reliable option? Kurt On Mon, Jan 7, 2013 at 8:12 AM, Coleman, Hunter hcole...@mt.gov wrote: On the old 2003 DC, check HKLM\System\CurrentControlSet\Services\W32Time\Parameters\Type. It should be “NT5D5”. If it shows “NTP”, then the DC is synchronizing time with an external time source. It was probably the forest root PDCe in the past, but if it no longer is then on that DC run Net stop w32time W32tm /unregister W32tm /register Net start w32time That will clear out the old time configuration and reset it to a domain hierarchy configuration. From: itli...@imcu.com [mailto:itli...@imcu.com] Sent: Monday, January 7, 2013 8:22 AM To: NT System Admin Issues Subject: RE: DC server 2003 Time service From my PC: (Looks like I have everything working except the first one. It is an old 2003 DC.) Why is it being so difficult? All the other 2008 DC’s and 2003 DC’s are behaving except it? Where can I look? C:\windows\system32w32tm /monitor 030405MF663P44.IMCU.local[10.0.10.5:123]: ICMP: 6ms delay NTP: +0.0225576s offset from 081012210GL255.IMCU.local RefID: tick.usno.navy.mil [192.5.41.40] Stratum: 2 0304090304zu55.IMCU.local[10.0.50.205:123]: ICMP: 0ms delay NTP: +0.0127904s offset from 081012210GL255.IMCU.local RefID: 081012210GL255.IMCU.local [10.0.50.2] Stratum: 4 0302040304zu77.IMCU.local[10.0.90.205:123]: ICMP: 13ms delay NTP: +0.0002909s offset from 081012210GL255.IMCU.local RefID: 081012210GL255.IMCU.local [10.0.50.2] Stratum: 4 0810123404XB44.IMCU.local[10.0.10.2:123]: ICMP: 9ms delay NTP: +0.0136959s offset from 081012210GL255.IMCU.local RefID: 081012210GL255.IMCU.local [10.0.50.2] Stratum: 4 081012210GL255.IMCU.local *** PDC ***[10.0.50.2:123]: ICMP: 0ms delay NTP: +0.000s offset from 081012210GL255.IMCU.local RefID: white.web-ster.com [65.182.224.39] Stratum: 3 08101223061O77.IMCU.local[10.0.90.2:123]: ICMP: 10ms delay NTP: +0.0069312s offset from 081012210GL255.IMCU.local RefID: 081012210GL255.IMCU.local [10.0.50.2] Stratum: 4 From: Ken Schaefer [mailto:k...@adopenstatic.com] Posted At: Friday, January 4, 2013 12:05 AM Posted To: itli...@imcu.com Conversation: DC server 2003 Time service Subject: RE: DC server 2003 Time service You need to read this: http://technet.microsoft.com/en-us/library/cc773013(v=ws.10).aspx Cheers Ken From: itli...@imcu.com [mailto:itli...@imcu.com] Sent: Friday, 4 January 2013 3:33 AM To: NT System Admin Issues Subject: DC server 2003 Time service I am bringing 2008 R2 servers on line to take the FSMO jobs. I have set one of them as a W32time server but my pc’s are still getting time from the old 2003 DC SNTP server??? Any ideas on how to correct this? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: DC server 2003 Time service
That would work as well, though you would want to include the /reliable:no flag. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Monday, January 7, 2013 10:54 AM To: NT System Admin Issues Subject: Re: DC server 2003 Time service Would not this: w32tm /config /syncfromflags:domhier /update have the same effect, or is it a less reliable option? Kurt On Mon, Jan 7, 2013 at 8:12 AM, Coleman, Hunter hcole...@mt.gov wrote: On the old 2003 DC, check HKLM\System\CurrentControlSet\Services\W32Time\Parameters\Type. It should be “NT5D5”. If it shows “NTP”, then the DC is synchronizing time with an external time source. It was probably the forest root PDCe in the past, but if it no longer is then on that DC run Net stop w32time W32tm /unregister W32tm /register Net start w32time That will clear out the old time configuration and reset it to a domain hierarchy configuration. From: itli...@imcu.com [mailto:itli...@imcu.com] Sent: Monday, January 7, 2013 8:22 AM To: NT System Admin Issues Subject: RE: DC server 2003 Time service From my PC: (Looks like I have everything working except the first one. It is an old 2003 DC.) Why is it being so difficult? All the other 2008 DC’s and 2003 DC’s are behaving except it? Where can I look? C:\windows\system32w32tm /monitor 030405MF663P44.IMCU.local[10.0.10.5:123]: ICMP: 6ms delay NTP: +0.0225576s offset from 081012210GL255.IMCU.local RefID: tick.usno.navy.mil [192.5.41.40] Stratum: 2 0304090304zu55.IMCU.local[10.0.50.205:123]: ICMP: 0ms delay NTP: +0.0127904s offset from 081012210GL255.IMCU.local RefID: 081012210GL255.IMCU.local [10.0.50.2] Stratum: 4 0302040304zu77.IMCU.local[10.0.90.205:123]: ICMP: 13ms delay NTP: +0.0002909s offset from 081012210GL255.IMCU.local RefID: 081012210GL255.IMCU.local [10.0.50.2] Stratum: 4 0810123404XB44.IMCU.local[10.0.10.2:123]: ICMP: 9ms delay NTP: +0.0136959s offset from 081012210GL255.IMCU.local RefID: 081012210GL255.IMCU.local [10.0.50.2] Stratum: 4 081012210GL255.IMCU.local *** PDC ***[10.0.50.2:123]: ICMP: 0ms delay NTP: +0.000s offset from 081012210GL255.IMCU.local RefID: white.web-ster.com [65.182.224.39] Stratum: 3 08101223061O77.IMCU.local[10.0.90.2:123]: ICMP: 10ms delay NTP: +0.0069312s offset from 081012210GL255.IMCU.local RefID: 081012210GL255.IMCU.local [10.0.50.2] Stratum: 4 From: Ken Schaefer [mailto:k...@adopenstatic.com] Posted At: Friday, January 4, 2013 12:05 AM Posted To: itli...@imcu.com Conversation: DC server 2003 Time service Subject: RE: DC server 2003 Time service You need to read this: http://technet.microsoft.com/en-us/library/cc773013(v=ws.10).aspx Cheers Ken From: itli...@imcu.com [mailto:itli...@imcu.com] Sent: Friday, 4 January 2013 3:33 AM To: NT System Admin Issues Subject: DC server 2003 Time service I am bringing 2008 R2 servers on line to take the FSMO jobs. I have set one of them as a W32time server but my pc’s are still getting time from the old 2003 DC SNTP server??? Any ideas on how to correct this? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: DC server 2003 Time service
A Haa. NTP time software running on that old DC. Uninstalled Rebooted. Did all of the below And w32tm /resync Now w32tm /monitor reads perfectly. Now on the PDC and I point to a local unbuntu server I have added as the first NTP server to try? -Original Message- From: Coleman, Hunter [mailto:hcole...@mt.gov] Posted At: Monday, January 7, 2013 1:40 PM Posted To: itli...@imcu.com Conversation: DC server 2003 Time service Subject: RE: DC server 2003 Time service That would work as well, though you would want to include the /reliable:no flag. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Monday, January 7, 2013 10:54 AM To: NT System Admin Issues Subject: Re: DC server 2003 Time service Would not this: w32tm /config /syncfromflags:domhier /update have the same effect, or is it a less reliable option? Kurt On Mon, Jan 7, 2013 at 8:12 AM, Coleman, Hunter hcole...@mt.gov wrote: On the old 2003 DC, check HKLM\System\CurrentControlSet\Services\W32Time\Parameters\Type. It should be “NT5D5”. If it shows “NTP”, then the DC is synchronizing time with an external time source. It was probably the forest root PDCe in the past, but if it no longer is then on that DC run Net stop w32time W32tm /unregister W32tm /register Net start w32time That will clear out the old time configuration and reset it to a domain hierarchy configuration. From: itli...@imcu.com [mailto:itli...@imcu.com] Sent: Monday, January 7, 2013 8:22 AM To: NT System Admin Issues Subject: RE: DC server 2003 Time service From my PC: (Looks like I have everything working except the first one. It is an old 2003 DC.) Why is it being so difficult? All the other 2008 DC’s and 2003 DC’s are behaving except it? Where can I look? C:\windows\system32w32tm /monitor 030405MF663P44.IMCU.local[10.0.10.5:123]: ICMP: 6ms delay NTP: +0.0225576s offset from 081012210GL255.IMCU.local RefID: tick.usno.navy.mil [192.5.41.40] Stratum: 2 0304090304zu55.IMCU.local[10.0.50.205:123]: ICMP: 0ms delay NTP: +0.0127904s offset from 081012210GL255.IMCU.local RefID: 081012210GL255.IMCU.local [10.0.50.2] Stratum: 4 0302040304zu77.IMCU.local[10.0.90.205:123]: ICMP: 13ms delay NTP: +0.0002909s offset from 081012210GL255.IMCU.local RefID: 081012210GL255.IMCU.local [10.0.50.2] Stratum: 4 0810123404XB44.IMCU.local[10.0.10.2:123]: ICMP: 9ms delay NTP: +0.0136959s offset from 081012210GL255.IMCU.local RefID: 081012210GL255.IMCU.local [10.0.50.2] Stratum: 4 081012210GL255.IMCU.local *** PDC ***[10.0.50.2:123]: ICMP: 0ms delay NTP: +0.000s offset from 081012210GL255.IMCU.local RefID: white.web-ster.com [65.182.224.39] Stratum: 3 08101223061O77.IMCU.local[10.0.90.2:123]: ICMP: 10ms delay NTP: +0.0069312s offset from 081012210GL255.IMCU.local RefID: 081012210GL255.IMCU.local [10.0.50.2] Stratum: 4 From: Ken Schaefer [mailto:k...@adopenstatic.com] Posted At: Friday, January 4, 2013 12:05 AM Posted To: itli...@imcu.com Conversation: DC server 2003 Time service Subject: RE: DC server 2003 Time service You need to read this: http://technet.microsoft.com/en-us/library/cc773013(v=ws.10).aspx Cheers Ken From: itli...@imcu.com [mailto:itli...@imcu.com] Sent: Friday, 4 January 2013 3:33 AM To: NT System Admin Issues Subject: DC server 2003 Time service I am bringing 2008 R2 servers on line to take the FSMO jobs. I have set one of them as a W32time server but my pc’s are still getting time from the old 2003 DC SNTP server??? Any ideas on how to correct this? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to
RE: Time sync
How do you manage your capacity properly? I'm not being facetious - I really want to know since it looks like we are switching to HyperV. Microsoft's recommendation is to create thin disks for more than you ever think you need. Then, when creating the OS, use disk manager to create the file system with the minimum you can get by with. This allows the VHD file to only grow up to the size of the file system it contains. Then, if a virtual's file system runs out of space, you can use storage management to extend the disk into some the free space you allocated in the VHD file. This allows you to have room for expansion, but keeps any one virtual from exhausting free physical disk. For example: Let's say we need a SQL server. We think we can get by with the following disks: C: - 40GB (os) D: - 30GB (logs) E: - 100GB (data) Microsoft is telling us to create thin disks of, say, 1TB each. However, when we install the OS, we create NTFS file systems on each disk with the desired sizes of 40GB, 30GB, and 100GB. We now know that in the current state, this virtual can only grow its thin disks to a total of 170GB. If the E: runs out of space, we can use disk manager to extend the NTFS file system, which will grow the thin disk up to the new NTFS file system size. This gives you the ability to easily grow disks at will, but prevents any one virtual from hogging all the free host disk. This sort of seems reasonable, but it complicates disk management immensely. Now, in order to know the max my virtuals might take, I have to look at each host store, find all of the virtual machines with VHD files on that store, then figure out each virtual's drive letter for that VHD (is that even possible?), then add up all the file system sizes. Seems like a lot of work, even if you script it up. From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Monday, January 07, 2013 12:08 PM To: NT System Admin Issues Subject: Re: Time sync Yes, over subscribing can be an issue if you don't manage your capacity properly. It hasn't proved to be an issue in any of the environments where I have been. ASB http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker Providing Virtual CIO Services (IT Operations Information Security) for the SMB market... On Mon, Jan 7, 2013 at 11:35 AM, Ken Cornetet ken.corne...@kimball.commailto:ken.corne...@kimball.com wrote: Thin provisioning seems risky to me. Seems like you are always in danger of non-critical virtuals deciding to use more disk space thus exhausting physical space which would cause critical VMs to pause if they happen to need more space. We tried thin provisioning back in the old VirtualServer days, and I ran into this problem a few times. -Original Message- From: Michael B. Smith [mailto:mich...@smithcons.commailto:mich...@smithcons.com] Sent: Monday, January 07, 2013 10:28 AM To: NT System Admin Issues Subject: RE: Time sync Because the overhead associated with dynamic disks in Hyper-V v3 is in the very low single digits. We don't spend any time on this process, thin provisioning still works seamlessly, and we get on with our lives. :) -Original Message- From: Ken Cornetet [mailto:ken.corne...@kimball.commailto:ken.corne...@kimball.com] Sent: Monday, January 7, 2013 10:06 AM To: NT System Admin Issues Subject: RE: Time sync We are running ESX 5. To conserve SAN storage, we provision virtuals with the bare minimum needed disk space because it is so easy to extend disks later (extend the VMDK in VMWare, extend in Windows, done). No down time, and no wasted disk. We don't have to spend a lot of time trying to anticipate how big the disks will get and wasting disk if we guess too high. In HyperV, you can't extend disks without shutting down the virtual - seriously. I can't for the life of me figure out why MS isn't fixing this instead of adding silly features like 4TB of guest RAM. And, I also wonder why HyperV users aren't howling about this. -Original Message- From: Michael Leone [mailto:oozerd...@gmail.commailto:oozerd...@gmail.com] Sent: Monday, January 07, 2013 9:43 AM To: NT System Admin Issues Subject: Re: Time sync On Mon, Jan 7, 2013 at 8:31 AM, Ken Cornetet ken.corne...@kimball.commailto:ken.corne...@kimball.com wrote: Lol, how many times do you need 64 vCPUs or 4TB of guest Ram versus needing to extend a disk? I run VMware ESXi 5.0, and I know I have had to extend a disk any number of times. And Win2008 makes extending the boot disk so much easier, too. My largest VM has 16G of RAM, and I was even leery of that. And I have 6 hosts with 512G RAM each ... ASB http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker Providing Expert Technology Consulting Services for the SMB market... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here:
RE: Replacement for SteadyState
FIM is dirt cheap for EDU. The services cost of an implementation to simply sync HR and SIS with AD is not a whole lot. If you want to do it quick and dirty, a PowerShell or VB Script that reads a flat file or view off your ERP system each night and syncs it with AD would be straight forward to write. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, January 7, 2013 11:13 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState Good to know. Now, the other biggie for use, user account management. We don't yet have an automated way to create/delete the accounts. Richmond is working on a system for that, but the vendor they contracted wants mega bucks to set up our server to sync with their domain. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Monday, January 07, 2013 10:32 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState Yeah ... For all the universities I've worked at and had this discussion, this perceived problem has never morphed into an actual issue. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Monday, January 7, 2013 9:09 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState how do you handle situations where students don't logout before they leave.. then student 2 has access to student 1's account. Self-correcting problem. Student 2 deletes all of Students 1's stuff and Student 1 never does it again. With 7,000 students we have very little trouble with this issue actually. Also we set inactivity timeouts so they auto log out. I would not go with generic accounts. There is no accountability, no tracking of what they do From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, January 07, 2013 10:04 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState No on the student login. We use a generic account per classroom. We've talked about moving to a individual student login, but I'm not sure we need or want that. For others that have gone that route, how do you handle situations where students don't logout before they leave. You either have a locked computer, logged on as said student or if not locked, then student 2 has access to student 1's account. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Monday, January 07, 2013 9:32 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState Sure so scenarios where you're teaching classes that require changes to the OS to accomplish the class makes good sense and I'd not argue against a solution like DeepFreeze in that case. In the case of things like wallpaper and user profile stuff, are you not using named user accounts for your students? That solves a bunch of this on the spot. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, January 7, 2013 7:42 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState We teach classes and let the students make any and all changes to the desktop environment. Here's one example. Student comes in and sets the desktop wallpaper to his favorite pinup gal. Next student doesn't like it, but is a beginner and doesn't know how to change it to something else. Reboot and the pin up gal is gone. Also, I've seen some programs/apps that can now be installed without admin rights, Google Chrome for example. Not a problem with Deep Freeze. I'm sure there are other ways to do this, but DeepFreeze works great in our environment. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Sunday, January 06, 2013 4:36 PM To: NT System Admin Issues Subject: RE: Replacement for SteadyState I've worked at a lot of customers that use DeepFreeze and similar products and I'm not a huge fan of the concept in general. It makes the overall lifecycle maintenance of a desktop environment a heck of a lot more complicated. The question I always pose (and usually don't get much of a response to), is what problems/issues is DeepFreeze protecting you from that running as a local user wouldn't solve? Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Friday, January 4, 2013 11:33 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState Not free, but we could not function at the school without DeepFreeze. From: Bambi J Saastad [mailto:bambi.j.saas...@seagate.com] Sent: Friday, January 04, 2013 11:36 AM To: NT System Admin Issues Subject: Replacement for SteadyState Hello I was wondering if any of you could suggest a replacement for SteadyState. I have a roomful of pc's that the
RE: DC server 2003 Time service
Use this as a basis for configuring your current PDC: http://technet.microsoft.com/en-us/library/cc794937(v=WS.10).aspx -Original Message- From: itli...@imcu.com [mailto:itli...@imcu.com] Sent: Monday, January 7, 2013 12:36 PM To: NT System Admin Issues Subject: RE: DC server 2003 Time service A Haa. NTP time software running on that old DC. Uninstalled Rebooted. Did all of the below And w32tm /resync Now w32tm /monitor reads perfectly. Now on the PDC and I point to a local unbuntu server I have added as the first NTP server to try? -Original Message- From: Coleman, Hunter [mailto:hcole...@mt.gov] Posted At: Monday, January 7, 2013 1:40 PM Posted To: itli...@imcu.com Conversation: DC server 2003 Time service Subject: RE: DC server 2003 Time service That would work as well, though you would want to include the /reliable:no flag. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Monday, January 7, 2013 10:54 AM To: NT System Admin Issues Subject: Re: DC server 2003 Time service Would not this: w32tm /config /syncfromflags:domhier /update have the same effect, or is it a less reliable option? Kurt On Mon, Jan 7, 2013 at 8:12 AM, Coleman, Hunter hcole...@mt.gov wrote: On the old 2003 DC, check HKLM\System\CurrentControlSet\Services\W32Time\Parameters\Type. It should be “NT5D5”. If it shows “NTP”, then the DC is synchronizing time with an external time source. It was probably the forest root PDCe in the past, but if it no longer is then on that DC run Net stop w32time W32tm /unregister W32tm /register Net start w32time That will clear out the old time configuration and reset it to a domain hierarchy configuration. From: itli...@imcu.com [mailto:itli...@imcu.com] Sent: Monday, January 7, 2013 8:22 AM To: NT System Admin Issues Subject: RE: DC server 2003 Time service From my PC: (Looks like I have everything working except the first one. It is an old 2003 DC.) Why is it being so difficult? All the other 2008 DC’s and 2003 DC’s are behaving except it? Where can I look? C:\windows\system32w32tm /monitor 030405MF663P44.IMCU.local[10.0.10.5:123]: ICMP: 6ms delay NTP: +0.0225576s offset from 081012210GL255.IMCU.local RefID: tick.usno.navy.mil [192.5.41.40] Stratum: 2 0304090304zu55.IMCU.local[10.0.50.205:123]: ICMP: 0ms delay NTP: +0.0127904s offset from 081012210GL255.IMCU.local RefID: 081012210GL255.IMCU.local [10.0.50.2] Stratum: 4 0302040304zu77.IMCU.local[10.0.90.205:123]: ICMP: 13ms delay NTP: +0.0002909s offset from 081012210GL255.IMCU.local RefID: 081012210GL255.IMCU.local [10.0.50.2] Stratum: 4 0810123404XB44.IMCU.local[10.0.10.2:123]: ICMP: 9ms delay NTP: +0.0136959s offset from 081012210GL255.IMCU.local RefID: 081012210GL255.IMCU.local [10.0.50.2] Stratum: 4 081012210GL255.IMCU.local *** PDC ***[10.0.50.2:123]: ICMP: 0ms delay NTP: +0.000s offset from 081012210GL255.IMCU.local RefID: white.web-ster.com [65.182.224.39] Stratum: 3 08101223061O77.IMCU.local[10.0.90.2:123]: ICMP: 10ms delay NTP: +0.0069312s offset from 081012210GL255.IMCU.local RefID: 081012210GL255.IMCU.local [10.0.50.2] Stratum: 4 From: Ken Schaefer [mailto:k...@adopenstatic.com] Posted At: Friday, January 4, 2013 12:05 AM Posted To: itli...@imcu.com Conversation: DC server 2003 Time service Subject: RE: DC server 2003 Time service You need to read this: http://technet.microsoft.com/en-us/library/cc773013(v=ws.10).aspx Cheers Ken From: itli...@imcu.com [mailto:itli...@imcu.com] Sent: Friday, 4 January 2013 3:33 AM To: NT System Admin Issues Subject: DC server 2003 Time service I am bringing 2008 R2 servers on line to take the FSMO jobs. I have set one of them as a W32time server but my pc’s are still getting time from the old 2003 DC SNTP server??? Any ideas on how to correct this? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to
RE: Replacement for SteadyState
I could take it a step further and do an auto export every night from the student information system and script deletions and new users but for the few we get it is not worth it. At the end of the school year I mass delete and start over fresh. If you added that nightly sync, you wouldn't have to do the mass cleanup. A student's identity could persist throughout their relationship with your district. As long as you have the SIS primary key in AD (e.g. the student/empl ID), that sync should be really easy. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Monday, January 7, 2013 11:33 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState I am K-12 so a different setup probably..but just to get you thinking. Do you have your own student information system? That contains everything you need I would think. Ours lists all the students, grade, school and student ID number. It is maintained in part by the State, our enrollment office and administrative staff. But it is complete and ready to go. We just export that info and powershell create the accounts. During the school year as students transfer in Media Techs (librarians) have a limited ADUC to create new student login accounts. Their home folders self-create. Media Techs can also change passwords, reset lockouts. I transitioned us to this about 4 years ago. It was a non-event and works well. I could take it a step further and do an auto export every night from the student information system and script deletions and new users but for the few we get it is not worth it. At the end of the school year I mass delete and start over fresh. From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, January 07, 2013 12:20 PM To: NT System Admin Issues Subject: RE: Replacement for SteadyState Good to know. Now, the other biggie for use, user account management. We don't yet have an automated way to create/delete the accounts. Richmond is working on a system for that, but the vendor they contracted wants mega bucks to set up our server to sync with their domain. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Monday, January 07, 2013 10:32 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState Yeah ... For all the universities I've worked at and had this discussion, this perceived problem has never morphed into an actual issue. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Monday, January 7, 2013 9:09 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState how do you handle situations where students don't logout before they leave.. then student 2 has access to student 1's account. Self-correcting problem. Student 2 deletes all of Students 1's stuff and Student 1 never does it again. With 7,000 students we have very little trouble with this issue actually. Also we set inactivity timeouts so they auto log out. I would not go with generic accounts. There is no accountability, no tracking of what they do From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, January 07, 2013 10:04 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState No on the student login. We use a generic account per classroom. We've talked about moving to a individual student login, but I'm not sure we need or want that. For others that have gone that route, how do you handle situations where students don't logout before they leave. You either have a locked computer, logged on as said student or if not locked, then student 2 has access to student 1's account. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Monday, January 07, 2013 9:32 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState Sure so scenarios where you're teaching classes that require changes to the OS to accomplish the class makes good sense and I'd not argue against a solution like DeepFreeze in that case. In the case of things like wallpaper and user profile stuff, are you not using named user accounts for your students? That solves a bunch of this on the spot. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, January 7, 2013 7:42 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState We teach classes and let the students make any and all changes to the desktop environment. Here's one example. Student comes in and sets the desktop wallpaper to his favorite pinup gal. Next student doesn't like it, but is a beginner and doesn't know how to change it to something else. Reboot and the pin up gal is gone. Also, I've seen some programs/apps that can now be installed
Re: Lumension Intelligent Whitelisting
Don't think it works with the latest versions of XenApp, although it is a good six months or so since I came across this issue and may have been updated Sent from my Blackberry, which may be an antique but delivers email RELIABLY -Original Message- From: Richard Stovall rich...@gmail.com Date: Mon, 7 Jan 2013 16:18:44 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com Reply-To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.comSubject: Lumension Intelligent Whitelisting Anyone out there using Lumension products? I'm particularly interested in the Intelligent Whitelisting bundle that includes patching, A/V and application whitelisting. Any experiences or thoughts you wouldn't mind sharing? Thanks, RS ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Time sync
http://technet.microsoft.com/en-us/systemcenter/hh278293Well, I wouldn't use a 1TB as the range, but let's use your example and say we doubled all of our expected minimums. Then you have all the flexibility that you pointed out before. *Now, in order to know the max my virtuals might take, I have to look at each host store, find all of the virtual machines with VHD files on that store, then figure out each virtual’s drive letter for that VHD (is that even possible?), then add up all the file system sizes. * Why do you have to do that? I'd expect that you'd be using something like System Center VM Managerhttp://technet.microsoft.com/en-us/systemcenter/hh278293to manage your virtual hosts and give you a comprehensive view of storage consumption, utilization, etc. Right? *ASB **http://XeeMe.com/AndrewBaker* http://xeeme.com/AndrewBaker* **Providing Virtual CIO Services (IT Operations Information Security) for the SMB market…*** On Mon, Jan 7, 2013 at 3:33 PM, Ken Cornetet ken.corne...@kimball.comwrote: How do you “manage your capacity properly”? I’m not being facetious – I really want to know since it looks like we are switching to HyperV. ** ** Microsoft’s recommendation is to create thin disks for more than you ever think you need. Then, when creating the OS, use disk manager to create the file system with the minimum you can get by with. This allows the VHD file to only grow up to the size of the file system it contains. ** ** Then, if a virtual’s file system runs out of space, you can use storage management to extend the disk into some the free space you allocated in the VHD file. This allows you to have room for expansion, but keeps any one virtual from exhausting free physical disk. ** ** For example: Let’s say we need a SQL server. We think we can get by with the following disks: C: - 40GB (os) D: - 30GB (logs) E: - 100GB (data) ** ** Microsoft is telling us to create thin disks of, say, 1TB each. However, when we install the OS, we create NTFS file systems on each disk with the desired sizes of 40GB, 30GB, and 100GB. We now know that in the current state, this virtual can only grow its thin disks to a total of 170GB. If the E: runs out of space, we can use disk manager to extend the NTFS file system, which will grow the thin disk up to the new NTFS file system size. This gives you the ability to easily grow disks at will, but prevents any one virtual from hogging all the free host disk. ** ** This sort of seems reasonable, but it complicates disk management immensely. Now, in order to know the max my virtuals might take, I have to look at each host store, find all of the virtual machines with VHD files on that store, then figure out each virtual’s drive letter for that VHD (is that even possible?), then add up all the file system sizes. Seems like a lot of work, even if you script it up. ** ** *From:* Andrew S. Baker [mailto:asbz...@gmail.com] *Sent:* Monday, January 07, 2013 12:08 PM *To:* NT System Admin Issues *Subject:* Re: Time sync ** ** Yes, over subscribing can be an issue if you don't manage your capacity properly. ** ** It hasn't proved to be an issue in any of the environments where I have been. *ASB **http://XeeMe.com/AndrewBaker* http://xeeme.com/AndrewBaker* **Providing Virtual CIO Services (IT Operations Information Security) for the SMB market…* ** ** On Mon, Jan 7, 2013 at 11:35 AM, Ken Cornetet ken.corne...@kimball.com wrote: Thin provisioning seems risky to me. Seems like you are always in danger of non-critical virtuals deciding to use more disk space thus exhausting physical space which would cause critical VMs to pause if they happen to need more space. We tried thin provisioning back in the old VirtualServer days, and I ran into this problem a few times. -Original Message- From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Monday, January 07, 2013 10:28 AM To: NT System Admin Issues Subject: RE: Time sync Because the overhead associated with dynamic disks in Hyper-V v3 is in the very low single digits. We don't spend any time on this process, thin provisioning still works seamlessly, and we get on with our lives. :) -Original Message- From: Ken Cornetet [mailto:ken.corne...@kimball.com] Sent: Monday, January 7, 2013 10:06 AM To: NT System Admin Issues Subject: RE: Time sync We are running ESX 5. To conserve SAN storage, we provision virtuals with the bare minimum needed disk space because it is so easy to extend disks later (extend the VMDK in VMWare, extend in Windows, done). No down time, and no wasted disk. We don't have to spend a lot of time trying to anticipate how big the disks will get and wasting disk if we guess too high. In HyperV, you can't extend disks without shutting down the virtual - seriously. I
RE: Time sync
You might not want them - but other people might. Personally I've never had to extend a VM disk outside a maintenance window, so it's never really been an issue for me. Hyper-V supports shared-nothing migration as well - does VMWare do that? Actually, the statement was that Hyper-V has nothing that VMWare doesn't have. That statement is patently untrue. That was the point I was trying to make. Cheers Ken From: Ken Cornetet [mailto:ken.corne...@kimball.com] Sent: Tuesday, 8 January 2013 12:31 AM To: NT System Admin Issues Subject: RE: Time sync Lol, how many times do you need 64 vCPUs or 4TB of guest Ram versus needing to extend a disk? From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Friday, January 04, 2013 8:50 PM To: NT System Admin Issues Subject: RE: Time sync Can ESX support 64 vCPUs or 4TB RAM per guest yet? Or 64 hosts per cluster? Seems like there are all sorts of corner cases where one product has functionality the other doesn't yet. For 99% of things they are feature compatible. It's all about the management and operations tools now. Hypervisors are almost commoditised, and will be within the next version or two. Cheers Ken From: Ken Cornetet [mailto:ken.corne...@kimball.com] Sent: Saturday, 5 January 2013 6:26 AM To: NT System Admin Issues Subject: RE: Time sync Cost. HyperV give something that VMWare doesn't? I laughed so hard I think I peed myself a little... Sheesh, you can't even extend disks on a running virtual under HyperV. From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Friday, January 04, 2013 11:43 AM To: NT System Admin Issues Subject: RE: Time sync I was thinking the same thing. Actually IMHO VM still does more than Hyper-V does... Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Time sync
Seriously? Are you an ITIL shop? Do you not have capacity management plans and systems/tools in place? Or do you just fly by the seat of your pants? Everything should be monitored, and you're getting nice trending graphs. Sure, sometimes things go unexpectedly wrong - but that can happen for all sorts of reasons and is a fact of IT - you need a proper incident system and recovery to handle it. This whole cloud thing you hear about is making sure you have resilient services Cheers Ken From: Ken Cornetet [mailto:ken.corne...@kimball.com] Sent: Tuesday, 8 January 2013 7:33 AM To: NT System Admin Issues Subject: RE: Time sync How do you manage your capacity properly? I'm not being facetious - I really want to know since it looks like we are switching to HyperV. Microsoft's recommendation is to create thin disks for more than you ever think you need. Then, when creating the OS, use disk manager to create the file system with the minimum you can get by with. This allows the VHD file to only grow up to the size of the file system it contains. Then, if a virtual's file system runs out of space, you can use storage management to extend the disk into some the free space you allocated in the VHD file. This allows you to have room for expansion, but keeps any one virtual from exhausting free physical disk. For example: Let's say we need a SQL server. We think we can get by with the following disks: C: - 40GB (os) D: - 30GB (logs) E: - 100GB (data) Microsoft is telling us to create thin disks of, say, 1TB each. However, when we install the OS, we create NTFS file systems on each disk with the desired sizes of 40GB, 30GB, and 100GB. We now know that in the current state, this virtual can only grow its thin disks to a total of 170GB. If the E: runs out of space, we can use disk manager to extend the NTFS file system, which will grow the thin disk up to the new NTFS file system size. This gives you the ability to easily grow disks at will, but prevents any one virtual from hogging all the free host disk. This sort of seems reasonable, but it complicates disk management immensely. Now, in order to know the max my virtuals might take, I have to look at each host store, find all of the virtual machines with VHD files on that store, then figure out each virtual's drive letter for that VHD (is that even possible?), then add up all the file system sizes. Seems like a lot of work, even if you script it up. From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Monday, January 07, 2013 12:08 PM To: NT System Admin Issues Subject: Re: Time sync Yes, over subscribing can be an issue if you don't manage your capacity properly. It hasn't proved to be an issue in any of the environments where I have been. ASB http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker Providing Virtual CIO Services (IT Operations Information Security) for the SMB market... On Mon, Jan 7, 2013 at 11:35 AM, Ken Cornetet ken.corne...@kimball.commailto:ken.corne...@kimball.com wrote: Thin provisioning seems risky to me. Seems like you are always in danger of non-critical virtuals deciding to use more disk space thus exhausting physical space which would cause critical VMs to pause if they happen to need more space. We tried thin provisioning back in the old VirtualServer days, and I ran into this problem a few times. -Original Message- From: Michael B. Smith [mailto:mich...@smithcons.commailto:mich...@smithcons.com] Sent: Monday, January 07, 2013 10:28 AM To: NT System Admin Issues Subject: RE: Time sync Because the overhead associated with dynamic disks in Hyper-V v3 is in the very low single digits. We don't spend any time on this process, thin provisioning still works seamlessly, and we get on with our lives. :) -Original Message- From: Ken Cornetet [mailto:ken.corne...@kimball.commailto:ken.corne...@kimball.com] Sent: Monday, January 7, 2013 10:06 AM To: NT System Admin Issues Subject: RE: Time sync We are running ESX 5. To conserve SAN storage, we provision virtuals with the bare minimum needed disk space because it is so easy to extend disks later (extend the VMDK in VMWare, extend in Windows, done). No down time, and no wasted disk. We don't have to spend a lot of time trying to anticipate how big the disks will get and wasting disk if we guess too high. In HyperV, you can't extend disks without shutting down the virtual - seriously. I can't for the life of me figure out why MS isn't fixing this instead of adding silly features like 4TB of guest RAM. And, I also wonder why HyperV users aren't howling about this. -Original Message- From: Michael Leone [mailto:oozerd...@gmail.commailto:oozerd...@gmail.com] Sent: Monday, January 07, 2013 9:43 AM To: NT System Admin Issues Subject: Re: Time sync On Mon, Jan 7, 2013 at 8:31 AM, Ken Cornetet ken.corne...@kimball.commailto:ken.corne...@kimball.com wrote: Lol, how many times do you need 64 vCPUs or 4TB
