Re: Software deployment ?

2013-01-11 Thread kz20fl
Check whether the uninstall this app when out of scope of management box is 
ticked or not for your install GPOs.

Sent from my Blackberry, which may be an antique but delivers email RELIABLY

-Original Message-
From: Glen Johnson gjohn...@vhcc.edu
Date: Fri, 11 Jan 2013 14:11:57 
To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com
Reply-To: NT System Admin Issues 
ntsysadmin@lyris.sunbelt-software.comSubject: Software deployment ?

We are migrating away from group policy software deployments to a Dell/KACE 
system.
How do I decommission the group policy software deployments for programs like 
Java, Adobe and such.
If I just remove the GPO, will it remove the software from the users computers 
at the next policy processing cycle?
I'd just like to disable the policy so no new installs run, but not remove the 
existing installs.
Thanks.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


RE: Software deployment ?

2013-01-11 Thread Dan Bartley
When you delete each software policy (the individual for the software to
install under Software in the GPO) you will have the option to leave it
on installed computers or remove it.

 

Best Regards,

Dan Bartley




 

From: Glen Johnson [mailto:gjohn...@vhcc.edu] 
Sent: Friday, January 11, 2013 09:12
To: NT System Admin Issues
Subject: Software deployment ?

 

We are migrating away from group policy software deployments to a
Dell/KACE system.

How do I decommission the group policy software deployments for programs
like Java, Adobe and such.

If I just remove the GPO, will it remove the software from the users
computers at the next policy processing cycle?

I'd just like to disable the policy so no new installs run, but not
remove the existing installs.

Thanks.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


CONFIDENTIALITY NOTICE***The information contained in this message may be 
privileged, confidential, and protected from disclosure. If the reader of 
this message is not the intended recipient, or any employee or agent 
responsible for delivering this message to the intended recipient, you are 
hereby notified that any dissemination, distribution, or copying of this 
communication is strictly prohibited. If you have received this 
communication in error, please notify us immediately by replying to the 
message and deleting it from your computer. Thank you.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: FoxIT reader vulnerability

2013-01-11 Thread Matthew W. Ross
I still have to recommend Evince. Small, Fast, Open source, and MSI installer 
for Windows.

http://projects.gnome.org/evince/



--Matt Ross
Ephrata School District


- Original Message -
From: Richard McClary
[mailto:richard.mccl...@aspca.org]
To: NT System Admin Issues
[mailto:ntsysadmin@lyris.sunbelt-software.com]
Sent: Fri, 11 Jan 2013
07:50:40 -0800
Subject: FoxIT reader vulnerability


 Greetings!
 
 http://www.theregister.co.uk/2013/01/11/foxit_pdf_plugin_vuln/
 
 Just now checked the FoxIT web site.  The currently offered version is
 5.4.4.1128, which the article mentions as being vulnerable (as are older
 versions).
 
 May end up having to use Adobe anyway...
 --
 richard
 
 
 
 The information contained in this e-mail, and any attachments hereto, is
 from The American Society for the Prevention of Cruelty to Animals®
 (ASPCA®) and is intended only for use by the addressee(s) named herein
 and may contain legally privileged and/or confidential information. If you
 are not the intended recipient of this e-mail, you are hereby notified that
 any dissemination, distribution, copying or use of the contents of this
 e-mail, and any attachments hereto, is strictly prohibited. If you have
 received this e-mail in error, please immediately notify me by reply email
 and permanently delete the original and any copy of this e-mail and any
 printout thereof.
 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~
 
 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



RE: Java 7 0day actively exploited in the wild | BeyondTrust

2013-01-11 Thread Kennedy, Jim


http://www.zdnet.com/homeland-security-warns-to-disable-java-amid-zero-day-flaw-709713/


From: Mark Boeck [netadmin...@gmail.com]
Sent: Friday, January 11, 2013 12:15 PM
To: NT System Admin Issues
Subject: Re: Java 7 0day actively exploited in the wild | BeyondTrust

lol - a friend of mine, a microsoft security mvp, starts her blog off like this:
how to uninstall java!
http://securitygarden.blogspot.com/2013/01/java-zero-day-again-time-to.html
only after that does she post some links about the threat

-

-


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin










~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



GPP drive mapping 'reconnect'

2013-01-11 Thread Elijah Buck
Hello,

I'm working on using Group Policy Preferences for drive mapping, and
am a little confused about the reconnect option.

http://social.technet.microsoft.com/wiki/contents/articles/12221.troubleshooting-the-drive-maps-preference-extension-in-group-policy-replace-mode-only-maps-the-drive-every-other-logon.aspx
is pretty much exactly the scenario I'm curious about (reconnect not
set). It says:

-
Expected Result: Drive Z: is mapped to \\CONTOSO-DC\netlogon every
time the user logs on to their computer.

Actual Result: Drive Z: is only mapped to \\CONTOSO-DC\netlogon every
other time the user logs on.

Note: This difference in when Drive Z is mapped will only be
noticeable if either the administrator first deletes all mapped drives
at the start of processing Group Policy or the user has changed Drive
Z during their previous session.
-

I am confused about that Note. It seems to imply that the Z drive will
be mapped correctly on subsequent logons (assuming no one has changed
or deleted Drive Z), even though the drive maps preference extension
doesn't apply preferences on every logon (because some logons process
GP asynchronously).

Is it the case that if the user does not modify the drive mappings,
the drive mapping will be 'correct' on next logon? This implies there
is some sort of caching of drive mappings other than the caching that
would occur if 'reconnect' were set. Is that correct?

Those of you that use GPP for drive mappings, do you have the
'reconnect' option set or not? Why?

Thanks,
Elijah Buck

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


Fwd: US-CERT Alert TA13-010A - Oracle Java 7 Security Manager Bypass Vulnerability

2013-01-11 Thread Kurt Buff
Not a lot new here, but there is just a bit more information

Kurt


-- Forwarded message --
From: US-CERT Alerts technical-ale...@us-cert.gov
Date: Thu, Jan 10, 2013 at 3:07 PM
Subject: US-CERT Alert TA13-010A - Oracle Java 7 Security Manager
Bypass Vulnerability
To: technical-ale...@us-cert.gov



-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

National Cyber Awareness System

US-CERT Alert TA13-010A
Oracle Java 7 Security Manager Bypass Vulnerability

Original release date: January 10, 2013
Last revised: --

Systems Affected

 Any system using Oracle Java 7 (1.7, 1.7.0) including

 * Java Platform Standard Edition 7 (Java SE 7)
 * Java SE Development Kit (JDK 7)
 * Java SE Runtime Environment (JRE 7)

 All versions of Java 7 through update 10 are affected.  Web
 browsers using the Java 7 plug-in are at high risk.


Overview

   A vulnerability in the way Java 7 restricts the permissions of Java
   applets could allow an attacker to execute arbitrary commands on a
   vulnerable system.


Description

   A vulnerability in the Java Security Manager allows a Java applet
   to grant itself permission to execute arbitrary code. An attacker
   could use social engineering techniques to entice a user to visit a
   link to a website hosting a malicious Java applet. An attacker
   could also compromise a legitimate web site and upload a malicious
   Java applet (a drive-by download attack).

   Any web browser using the Java 7 plug-in is affected. The Java
   Deployment Toolkit plug-in and Java Web Start can also be used as
   attack vectors.

   Reports indicate this vulnerability is being actively exploited,
   and exploit code is publicly available.

   Further technical details are available in Vulnerability Note
   VU#625617.


Impact

   By convincing a user to load a malicious Java applet or Java
   Network Launching Protocol (JNLP) file, an attacker could execute
   arbitrary code on a vulnerable system with the privileges of the
   Java plug-in process.


Solution

   Disable Java in web browsers

   This and previous Java vulnerabilities have been widely targeted by
   attackers, and new Java vulnerabilities are likely to be
   discovered. To defend against this and future Java vulnerabilities,
   disable Java in web browsers.

   Starting with Java 7 Update 10, it is possible to disable Java
   content in web browsers through the Java control panel applet. From
   Setting the Security Level of the Java Client:

   For installations where the highest level of security is required,
   it is possible to entirely prevent any Java apps (signed or
   unsigned) from running in a browser by de-selecting Enable Java
   content in the browser in the Java Control Panel under the Security
   tab.

   If you are unable to update to Java 7 Update 10 please see the
   solution section of Vulnerability Note VU#636312 for instructions
   on how to disable Java on a per browser basis.


References

 * Vulnerability Note VU#625617
   http://www.kb.cert.org/vuls/id/625617

 * Setting the Security Level of the Java Client
   
http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/client-security.html

 * The Security Manager
   http://docs.oracle.com/javase/tutorial/essential/environment/security.html

 * How to disable the Java web plug-in in Safari
   https://support.apple.com/kb/HT5241

 * How to turn off Java applets
   https://support.mozilla.org/en-US/kb/How%20to%20turn%20off%20Java%20applets

 * NoScript
   http://noscript.net/

 * Securing Your Web Browser
   https://www.us-cert.gov/reading_room/securing_browser/#Safari

 * Vulnerability Note VU#636312
   http://www.kb.cert.org/vuls/id/636312#solution


Revision History

  January 10, 2013: Initial release

 

   Feedback can be directed to US-CERT Technical Staff. Please send
   email to c...@cert.org with TA13-010A Feedback VU#625617 in
   the subject.
 

   Produced by US-CERT, a government organization.
 

This product is provided subject to this Notification:
http://www.us-cert.gov/privacy/notification.html

Privacy  Use policy:
http://www.us-cert.gov/privacy/

This document can also be found at
http://www.us-cert.gov/cas/techalerts/TA13-010A.html

For instructions on subscribing to or unsubscribing from this
mailing list, visit http://www.us-cert.gov/cas/signup.html
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBUO83IXdnhE8Qi3ZhAQLdxQf6A2LhLrArDieg41fxTuIViOXbgH6fZrDt
6bODaZIeTcvQfMMURbUb8MnTQEe7ogNbytb+XQaEzXE6A0YMdWp+93TxFy80wUI0
VpF0lBDwNyeAlwtzicLSQa5oa5Me0k5KPVUn9/mFJZh5Ff0cYjW1dt8dfXJUbH9/
OZ6ZJsnJchymJFlVax3Y87yZh9fPQC4n6dJ86CdLXqC9GaBihgBd1DUpborfWYoR
njvrtbcX+7iy+J8fS2C8/JtnQ5M+uilvqxrdU/Z9SdmebIF5HQjafLae9OmwH7Te
nxUcwwmuNqIA1Y9aN2DrStv+HnTi121DIxyaVgNOKjPnO/t5mDPKlw==
=xi3d

Re: Looking for affordable load balancing solution

2013-01-11 Thread kz20fl
NetScalers kick ass...if you know someone who can work them :-)

Sent from my Blackberry, which may be an antique but delivers email RELIABLY

-Original Message-
From: Michael B. Smith mich...@smithcons.com
Date: Fri, 11 Jan 2013 20:53:53 
To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com
Reply-To: NT System Admin Issues 
ntsysadmin@lyris.sunbelt-software.comSubject: RE: Looking for affordable load 
balancing solution

If you have NetScalers, then use them.

If you are looking for a nice low-cost but good function solution, take a look 
at Coyote Point and at Kemp Technologies.

From: Tom Miller [mailto:tmil...@sfgtrust.com]
Sent: Friday, January 11, 2013 3:50 PM
To: NT System Admin Issues
Subject: Looking for affordable load balancing solution

We currently use Windows Network Load Balancing for our Exchange 2010 
environment.  It's okay, but not great.  There was a hiccup yesterday in NLB 
and it caused our system to disconnect all users at once.  Looking to avoid 
this in the future, anyone have any suggestions for alternatives?  Appliance or 
software solution - either is fine.  I've used Citrix Netscalers in the past 
for XenApp, but I know they can also do load balancing.

Thanks,
Tom


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


Re: Looking for affordable load balancing solution

2013-01-11 Thread kz20fl
Some idiot wrote a half-decent blog post on using them to load-balance AppSense 
servers too :-o

Sent from my Blackberry, which may be an antique but delivers email RELIABLY

-Original Message-
From: Webster webs...@carlwebster.com
Date: Fri, 11 Jan 2013 20:53:44 
To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com
Reply-To: NT System Admin Issues 
ntsysadmin@lyris.sunbelt-software.comSubject: RE: Looking for affordable load 
balancing solution

NetScalers have built-in stuff for Exchange (and SQL and SharePoint and...)

Thanks


Webster

From: Tom Miller [mailto:tmil...@sfgtrust.com]
Sent: Friday, January 11, 2013 2:50 PM
To: NT System Admin Issues
Subject: Looking for affordable load balancing solution

We currently use Windows Network Load Balancing for our Exchange 2010 
environment.  It's okay, but not great.  There was a hiccup yesterday in NLB 
and it caused our system to disconnect all users at once.  Looking to avoid 
this in the future, anyone have any suggestions for alternatives?  Appliance or 
software solution - either is fine.  I've used Citrix Netscalers in the past 
for XenApp, but I know they can also do load balancing.

Thanks,
Tom


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


RE: Looking for affordable load balancing solution

2013-01-11 Thread Walker, Michael
Revised:

We were cheap (No Budget) and bought two Kemp LM-2200 with 7x24 support for 
around $4K.  They were very easy to set up and have been solid for the last 18 
months.

Michael Walker
Senior Network Engineer
Citrus Valley Health Partners
140 W. College Street, Covina, CA  91723
Phone/Fax/Pager: (888) 299-6882
mwal...@mail.cvhp.orgmailto:mwal...@mail.cvhp.org

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Friday, January 11, 2013 12:54 PM
To: NT System Admin Issues
Subject: RE: Looking for affordable load balancing solution

If you have NetScalers, then use them.

If you are looking for a nice low-cost but good function solution, take a look 
at Coyote Point and at Kemp Technologies.

From: Tom Miller [mailto:tmil...@sfgtrust.com]
Sent: Friday, January 11, 2013 3:50 PM
To: NT System Admin Issues
Subject: Looking for affordable load balancing solution

We currently use Windows Network Load Balancing for our Exchange 2010 
environment.  It's okay, but not great.  There was a hiccup yesterday in NLB 
and it caused our system to disconnect all users at once.  Looking to avoid 
this in the future, anyone have any suggestions for alternatives?  Appliance or 
software solution - either is fine.  I've used Citrix Netscalers in the past 
for XenApp, but I know they can also do load balancing.

Thanks,
Tom


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin